ControlOne now provides more accurate portal navigation, clearer firewall rule management, and updated bridge security. These improvements reduce confusion during day-to-day portal use while keeping bridge deployments current with DNS security patches.

What's New

• Bridge DNS security has been updated with patches for recently disclosed vulnerabilities, helping keep ControlOne bridge deployments current with security best practices.
• Inactive devices now display correctly when partners select "View device details" from a reporting or audit event, without requiring partners to manually change the inactive device filter.
• Deleting the last firewall rule for a company no longer shows a misleading read-only mode warning in the portal.
• Delinquent companies now appear in the company picker, so partners can navigate to those accounts as expected.
• Configuration backup cleanup now runs correctly, preventing outdated backup records from creating unnecessary database storage growth.
• Support account views now show the correct portal experience when reviewing partner account configurations.

How to Access It

These updates are live now in ControlOne and are automatically applied where supported. No action is required.

ControlOne now gives partners clearer site configuration visibility, more flexible record review, and a smoother Teleport search experience. The Zones page identifies site zones assigned to bridges, admin columns can be resized to show more detail, and Teleport search now filters reliably as partners type.

What's New

• The Zones page now displays a visual indicator for site zones assigned to bridges, making active zone assignments easier to identify even when devices are not connected.
• Admin section columns in the ControlOne portal are now resizable, allowing partners to adjust table views and review device or user details without opening each record individually.
• The Teleport page search field now retains input as partners type, restoring live filtering and making zone searches more reliable.

Why You'll Love It

Partners managing multiple sites can now identify bridge zone assignments at a glance rather than cross-referencing configuration records. Resizable admin columns reduce repetitive navigation by showing more detail directly in table views, while the Teleport search improvement removes a daily friction point from zone lookups.

How to Access It

These updates are live now in ControlOne and are automatically applied where supported. No action is required.

ControlOne now gives partners clearer license consumption details directly on the Users page, making it easier to understand agent license usage without leaving the portal. A portal access improvement also ensures users see the right experience based on their permission level.

What's New

• License usage counts are now displayed on the Users page, showing how many users are consuming agent licenses.
• Partners can now review agent license consumption directly in the portal, making it easier to manage allocations and identify overprovisioning.
• Users without partner tenant admin permissions now see the correct portal views for their access level rather than being redirected incorrectly.

Why You'll Love It

License visibility on the Users page removes guesswork from agent license management, helping partners stay on top of consumption and optimize allocations. The portal access improvement also gives each team member the appropriate experience when they log in, regardless of permission level.

How to Access It

These updates are live now in ControlOne and are automatically enabled. No action is required.

ControlOne now gives partners more flexibility in how bridges respond to connectivity disruptions, with configurable fail open sensitivity settings, preset recovery options, and advanced health check controls. Portal UI improvements, clearer gateway capacity displays, and corrected tunnel encryption labels also make configuration easier to review and manage.

What's New

• Fail open sensitivity settings can now be configured at the bridge and tenant levels using preset options for 30 seconds, 2 minutes, or 5 minutes.
• Fail open presets automatically apply the appropriate health check intervals and thresholds, making recovery behavior easier to understand and configure.
• Custom health check endpoints and detailed probe parameters can now be configured at the bridge or tenant level for more granular tuning.
• Advanced fail open settings include probe intervals, probe counts, timeouts, and recovery thresholds.
• Site zones can now be disabled during failover, giving partners tighter management of traffic behavior during network events.
• Legacy portal pages have been updated with the current ControlOne theme and modern table components for a more consistent portal experience.
• Gateway usage displays for Unity Platform partners now show total allowed gateways rather than a separate minimum gateway count, making capacity easier to read at a glance.
• Tunnel encryption settings now display correctly on the VPN connector configuration page when GCM encryption is in use, preventing misinterpretation during setup.

Why You'll Love It

Configurable fail open sensitivity helps partners match recovery behavior to each site's uptime and traffic requirements rather than relying on fixed defaults. Preset options keep setup simple, while advanced health check controls provide flexibility for more specific environments. Clearer gateway displays, modernized portal pages, and corrected tunnel encryption labels also make day-to-day configuration easier and reduce the risk of misinterpretation.

How to Access It

These updates are live now in the ControlOne portal and are automatically applied where supported. Updated portal pages and corrected tunnel encryption labels require no action. Fail open settings and site zone failover controls are available at the bridge and tenant levels in the ControlOne portal.

ControlOne now validates IPsec network address translation (NAT) settings more accurately, making VPN tunnel setup smoother for configurations with non-overlapping pre-NAT sources. Partners can complete valid tunnel configurations without false overlap errors or unnecessary workarounds.

What's New

• IPsec NAT validation now correctly handles configurations where the original IP source does not overlap with local tunnel selectors.
• Valid IPsec configurations with non-overlapping pre-NAT sources are now accepted instead of being rejected with a false overlap error.
• Tunnel setup now reflects the intended NAT behavior, reducing troubleshooting during VPN configuration.

How to Access It

These updates are live now in ControlOne and are automatically applied where supported. No action is required.

Routing policy naming is now more flexible, and directory sync status messaging now gives partners clearer, more accurate guidance during sync activity. These updates help keep the ControlOne portal easier to manage while reducing uncertainty during identity provider syncs.

What's New

• Rename routing policies in the ControlOne portal to better match naming conventions across your environments. Cytracom-managed policies remain protected and cannot be renamed.
• Identity provider directory sync messaging now reflects more accurate status throughout the sync process. Status updates reflect realistic timing and clearly indicate that it is safe to navigate away while a sync continues.

Why You'll Love It

Routing policy renaming makes it easier to keep environments organized as they grow and evolve rather than working around fixed policy names. Clearer sync messaging reduces guesswork during directory syncs, so partners can move on with confidence rather than wondering whether a sync is still progressing normally.

How to Access It

These updates are live now in the ControlOne portal and are automatically enabled. No action is required.

ControlOne now gives partners direct influence over fail-open behavior, helping MSPs tune resiliency settings to match each site's connectivity and uptime needs. Hardware node visibility in the admin portal makes it easier to identify shared infrastructure issues when multiple agents degrade at the same time. A refreshed interface across key reporting and admin pages rounds out the release with a cleaner, more consistent portal experience.

What's New

• Fail-open settings are now configurable at the bridge and tenant levels. Partners can set probe intervals, failure thresholds, success thresholds, probe timeout, and a hold-down timer that prevents fail-back until full health is confirmed.
• A custom HTTP health check endpoint can also be configured for sites with non-standard connectivity requirements, giving partners additional flexibility in how health is verified.
• The admin portal now shows which hardware node each agent gateway and aggregator is running on. Shared hardware issues are easier to spot when multiple agents show degraded or retrying states at the same time.
• Reporting and admin pages now use the modern ControlOne theme and table component. The Events, Sessions, and Bridge Inventory pages, along with additional admin and reporting pages, have been updated to match the current portal design.

Why You'll Love It

Configurable fail-open settings make it easier to tune ControlOne's resiliency behavior to match the uptime requirements of each site rather than relying on fixed system defaults. The hold-down timer helps prevent connections from oscillating during marginal connectivity, so clients stay on a stable path rather than repeatedly switching states. Hardware node visibility removes a manual correlation step during outages, helping partners and support teams get to the root cause faster. The refreshed portal pages reduce visual friction during routine work, making it easier to move through reports and admin tasks without the context shifts caused by mixed UI generations.

How to Access It

These features are live now and are automatically enabled. No configuration is required to see hardware node identifiers in the admin portal or to access the updated portal pages. Fail-open configuration settings are available at the bridge and tenant levels in the ControlOne admin portal.

Configurable fail-open triggers give partners more control over how bridges respond to service disruptions, with customizable health checks and recovery settings that can be tailored to each client environment.

What's New

• Configure fail-open behavior with customizable probe intervals, failure thresholds, recovery thresholds, probe timeouts, and hold-down timers.
• Define custom HTTP health-check endpoints to check service availability using a specific web address. Probes follow redirects automatically and count the destination as healthy only when it returns a successful 2xx response, such as 200 OK.
• Apply fail-open settings at the bridge level for granular control or at the tenant level for more consistent behavior across environments.

Why You'll Love It

• Adjust fail-open behavior to match each client environment rather than relying on fixed defaults.
• Reduce unnecessary switching between fail-open and normal operation with more controlled recovery behavior.
• Get more precise visibility into service availability with targeted health checks.

How to Access It

• Fail-open settings. Open the ControlOne Portal and select a bridge or tenant to configure fail-open settings, including probe intervals, thresholds, and custom endpoints. This feature is currently available in Early Access. Contact your Cytracom representative to request access.

ControlOne now helps you stay ahead of issues with proactive alerts for offline connectors and sites, self-service executive reports you can generate on demand, and more flexible static routing for complex network environments.

What's New

• Global Alerts for connectors and sites are now available. Receive automatic email notifications when a connector or site stays offline beyond your configured threshold, and another notification when it comes back online.
• Global Alerts batches multiple connector state changes into a single email to reduce noise.
• A centralized Global Alerts Settings page lets you configure recipients, thresholds, and notification behavior in one place.
• Executive Reports are now self-service. You can generate, download, and share professional PDF reports for network security posture and endpoint inventory directly from a dedicated page in the ControlOne portal.
• Static routing now supports /32 host routes and overlapping destination networks. Existing routes remain unchanged.
• Executive Reports includes usability improvements such as clearer descriptive text, knowledge base links, bold table headers, and a date picker limited to the last two years.
• Global Alerts includes clearer labels, contextual descriptions for each alert type, and a "Learn more" link to the knowledge base.
• A new "Learn more" link next to the Early Access opt-in section makes it easier to explore upcoming features and understand how to participate.

Why You'll Love It

Global Alerts helps you respond faster by notifying you when connectivity issues occur, rather than relying on someone to notice a dashboard change. Executive Reports makes it easier to generate polished documentation for customer reviews, compliance conversations, and internal reporting without waiting on another team. More flexible routing support also removes previous limitations for overlapping subnets and complex multi-site environments, so you can manage traffic paths with greater precision.

How to Access It

Most features are available now and are automatically enabled.

• Executive Reports. Open the Executive Reports page in the ControlOne portal to generate and download reports.
• Global Alerts. Open the Global Alerts Settings page to add recipients, enable Site Alerts and Connector Alerts, and set offline thresholds.
• Static routing enhancements. Available now in static route configuration. Existing routes are preserved.
• Early Access features. Use the "Learn more" link in the portal's Early Access section for details on participation.

1:1 outbound NAT for IPSec connectors expands deployment flexibility for more complex network environments. Global Status accuracy improvements make outage conditions easier to trust at a glance, and Global Alert Settings provide a centralized way to manage alerting behavior across environments. Admins also gain per-agent release channel overrides, plus bug fixes that improve responsiveness and reporting clarity.

What’s New

• IPSec connectors now support 1:1 outbound NAT, enabling more predictable source mapping for customer environments that require outbound address translation.
• Global Alert Settings add a centralized way to configure alerting behavior across your environment, improving consistency for operational notifications.
• Per-agent release channel overrides allow admins to assign a specific release channel to an individual agent when targeted testing or staged rollouts are needed.
• Global Status data quality improvements better align Global Status page results with real-time outage conditions, improving confidence in what the page reports.
• Bridge assignment views now respond more reliably, improving usability when reviewing or updating assignments.
• Device posture check failure summaries now display clearer failure reasons in reporting, improving troubleshooting and audit readiness.

Why You’ll Love It

Expanded NAT options reduce networking workarounds when deploying IPSec in environments that need strict outbound mapping. Centralized alert settings and improved Global Status accuracy make it easier to monitor service health and respond quickly when issues occur. Release channel overrides support more controlled rollouts, and the UI and reporting fixes reduce time spent waiting on pages to load or digging for the real reason a device failed posture requirements.

How to Access It

• 1:1 outbound NAT for IPSec connectors, Global Alert Settings, Global Status improvements, and per-agent release channel overrides are available now.
• The bridge assignment responsiveness and reporting failure summary fixes are included in this release.