Release Notes

Report resources have been updated within Nipper 2.13.6 to provide customers with the most up to date reports possible. This is available for both Windows and Ubuntu customers.

Nipper 2.13.6 kill date is set to February 6, 2026.

A Linux only build of Nipper to allow continued use of Nipper (v2) for users accessing via a Linux operating system. There are no feature changes in this build from Nipper 2.13.2.

As part of undertaking essential maintenance on our Nipper platform we have updated our license server end point. Upgrading will ensure you continue to receive all automatic update notifications and core Nipper functionality will be maintained moving forward.

If you chose not to upgrade, after August 7 previous versions of Nipper will no longer be able to:

• Automatically receive update notifications.

• Automatically update Nipper.

• Update license information through the client.

• Perform activity report on device usage.

You may also notice a slight increase in delay when starting the application. There will be no effect on reports produced by Nipper if you do not upgrade.

Please note this release impacts the Windows Platform version of Nipperonly. If there are any issues, please contact Support.

• Resolved a bug in the Juniper ScreenOS where multiple services were defined on one rule.

• Resolved a bug in the CIS Report where the hostname was not correctly detected.

We have updated to Qt 5.15 and Openssl 1.1.1t which include a number of security and bug fixes (please see openssl.org for more details).

Please note this release impacts the Windows Platform version of Nipper only. If there are any issues, please contact Support.

Fixed NIST 800-171 XML save generating invalid XML.

Resolved a serious error caused by some Palo Alto PanOS 10 devices.

Improved device detection for differentiating between Cisco IOS and IOS-XE devices.

Please note that the NVD CVEs in this release are from December 2022. Nipper can be manually updated with the latest resources and instructions on how to do this can be found online or for Cisco devices our CISCO PSIRT Manual guide can be foundNipper – Cisco PSIRT Audit . If there are any issues, please contact Support.

Resolved an issue regarding rule lists containing no rules on STIG reports.

Removed sensitive data being displayed on Cisco Firepower configurations.

Please note that the NVD CVEs in this release are from December 2022. Nipper can be manually updated with the latest resources and instructions on how to do this can be found online or for Cisco devices our CISCO PSIRT Manual guide is here. If there are any issues, please contact Support.

Cisco Firepower via FMC

The latest release of Nipper contains support for Cisco Firepower devices that are managed by a Cisco Firewall Management Centre (FMC) in the following configuration sections -

• Administration Settings

• Network Filtering

• Network Protocols and Interfaces

• Network Services

• Routing

• Simple Network Management Protocol Settings (SNMP)

PanOS 10

The latest release of Nipper also contains support for PanOS 10 devices across all configuration sections -

• Network Services

• Authentication Settings

• Administration Settings

• Logon Banner Messages

• SNMP Settings

• Message Logging

• Name Resolution Settings

• Dynamic Host Configuration Protocol (DHCP) Settings

• Network Protocols

• Routing

• Network Filtering

• Remote Access Settings

• Time and Date Settings

• A new remote connection method "10 (PANO-OS API)" has been added under "Palo Alto Firewall". This allows Nipper to perform remote connections to your PanOS 10 device and retrieve all the configuration information needed to produce accurate reports.

Cisco ASA

Fixed an issue causing a serious error when passive interfaces were default.

Cisco IOS

Routers Fixed an issue causing Nipper to not correctly report where default passwords were used.

Cisco IOS XE

Switches Virtual Router Redundancy Protocol (VRRP) V3 configuration settings will now be reported on.

Cisco XR

Fixed an issue causing Cisco Type 7 passwords to not be correctly decrypted in the report.

FortiOS 6

Fixed an issue causing Nipper to not recognize the use of default Community strings.

Fixed an issue causing Nipper to only display the first configured SNMPv3 user.

Fixed an issue causing Nipper to not correctly report on wireless interfaces.

Fixed an issue causing Nipper to not correctly report on interfaces configured with filtering.

PanOS

HTTP and HTTPS is now reported as being enabled by default.

Fixed an issue causing Address Objects configured on a filter rule destination to not appear correctly in the report

Fixed an issue causing source and destinations on filter rules not being correctly treated as "any" rules when configured as such

PanOS 9

Fixed an issue causing source/ destination ports on filter rules to report as "any" when configured with a service

Risk and recommendation information in NIST 800-171

Risk ratings and a recommendations section have been added to Security Requirement 3.1.9 in the NIST 800-171 report.

Made improvements to the logic for matching a configured Blacklist of hosts for NSA-FLTR-009

Fixed an issue causing XML saves to fail due to a duplicate heading

Fixed an issue causing Security Audit findings' tables to not be written to JSON logs

Fixed an issue causing Nipper to incorrectly report overlapping rules in the Filtering Complexity report

Fixed an issue causing NSA-SNMP-005 to report the wrong community with dictionary based traps

Fixed an issue when causing the audit to continue when cancelling from the License Usage dialog

Fixed an issue causing the Raw Change Tracking report to be removed when regenerating a report

Fixed an issue causing the global CVSSv2 Environmental Metric settings to not effect the Vulnerability report

Fixed an issue causing the first Security Audit finding to not be included in non-streamed JSON logs

Fixed an issue causing filter rules with HIP Profiles configured to not appear correctly in the report

Fixed an outdated link in the license agreement

Improved the speed of Filtering Complexity report generation for devices with large numbers of rules

CMMC and NIST 800-171 reports now display correctly when Nipper is installed over version 2.12.0 or earlier.

Issues running certain reports through the command-line interface have been resolved

The latest release of Nipper contains continued improvements to Cisco IOS XR device support.

Cisco IOS XR device auditing has been improved in the following areas:

• Network Time Protocol (NTP)

• Simple Network Management Protocol (SNMP)

• Address Resolution Protocol (ARP)

• Domain Name System (DNS)

• Dynamic Host Configuration Protocol (DHCP)

• Layer Two Tunneling Protocol (L2TP)

• Logging Services

• User Groups

• Border Gateway Protocol (BGP) Redistributed Routing Protocols

Auditing certain Cisco ASA configurations no longer causes a serious error

Security Audit findings:

Cisco IOS

• Resolved an Network Time Protocol (NTP) issue causing Security Audit issue NSA-TIME-004 to always trigger

• Resolved an Hypertext Transfer Protocol (HTTP) ciphers issue causing Security Audit issue NSA-ADMIN-019 to always trigger

• A VLAN Trunking Protocol (VTP) issue was resolved that caused Security Audit issues NSA-PRTCL-022 and NSA-PRTCL-024 to trigger incorrectly

• An issue with configuration auto-loading has been resolved that was causing NSA-CNFG-001 to trigger incorrectly

Panorama PanOS 9

• Resolved a Border Gateway Protocol (BGP) dampening issue causing Security Audit issue NSA-ROUT-005 to always trigger

• Resolved a filter rule issue causing Security Audit issues NSA-FLTR-015 and NSA-FLTR-017 to always trigger

• Resolved an RSA key issue causing Security Audit issue NSA-ADMIN-019 to always trigger

Command Line Interface:

• Running a PCI audit with Nipper's CLI no longer causes a serious error

• CLI help text for the settings for CMMC and NIST 800-171 report types has been added

• Adding a license via CLI no longer returns a duplicate error message

• Adding a new resource via CLI no longer returns an unknown command error

• Having the support debug mode enabled no longer prints unreadable characters to the console

• Saving reports to PDF now creates a valid report file

• IP scoping now correctly filters filter rules

• Certain incorrect CVEs are no longer triggered for Fortinet FortiOS devices

• Cisco Catalyst devices are no longer detected by Nipper as Cisco IOS Routers

• Secure wireless SSID keys are no longer reported as insecure

Audit Scheduling:

• Devices requiring a privilege password can now be audited via Audit Scheduling

• Adding a remote device via Audit Scheduling now has a default port and schedule date pre-populated

• CMMC report practice IA.1.077 table now displays correct password information

• Access Control List (ACL) rule tables on SonicWall devices are now correctly named after the zone

• Static Link Monitor Exempt (a proprietary Fortinet feature) is no longer displayed when auditing Cisco devices

Two new demo configuration files have been added allowing critical findings within Nipper to be accurately demonstrated.

The latest release of Nipper contains updates to the risk based security audit, including the findings ratings, including the following:

• Made clear the use of the Risk Profile table in the Security Audit Summary - added a sentence explaining what the table plots, as well as updated the row headings to highlight this.

• Updated wording in various locations to be consistent with the Audit Style setting:

  • CMMC Pre-assessment Additional Information links to Security Audit findings not present in the report

  • Exclude Security Issues dialog

  • Save as Filtering Baseline dialog

  • Filtering Differences report

  • Device specific report text

Changes to several Security Audit finding ratings have been made to increase their overall rating to critical -

NSA-ADMIN-023

NSA-ADMIN-046

NSA-AUTH-005

NSA-AUTH-031

NSA-SNMP-002

NSA-FLTR-001

NSA-FLTR-007

NSA-ROUT-021

NSA-ROUT-023

A new setting has been added to the CMMC plugin - Include Not Analyzed Objectives (default - Off) -

This setting allows the user to choose whether to display objectives that Nipper has performed no analysis for in the CMMC Security Assessment Objective Summary Table - these objectives will still be shown in the Practice sections regardless of the setting value.

Settings affecting the scope of the CMMC Security Assessment have been moved to their own group in settings - these can be found under the "Coverage" tab in the "Scope" group.

The latest release of Nipper contains enhanced support for Cisco IOS XR devices.

The scope of auditing Cisco IOS XR devices has improved in the following areas:

• Static Routing

• Routing Information Protocol (RIP) Routing

• Intermediate System to Intermediate System (IS-IS)

• Virtual Router Redundancy Protocol (VRRP)

• Hot Standby Router Protocol (HSRP)

• System Aliases

• Syslog Interfaces

• Open Shortest Path First (OSPF) Version 3

• Routing Redistribution

• Hypertext Transfer Protocol Secure (HTTPS) Ciphers

NSA-ROUT-023 will now be triggered when a routing-key is configured without a password.

Fixed an issue causing some tables in JSON logs to have the wrong table headings associated with the relevant data.

Fixed an issue causing NSA-FLTR-009 to not be triggerable on PanOS 9 devices.

Fixed an issue causing NSA-FLTR-009 to not be triggered when the defined Host and Service Black List contains the default route.

Fixed an issue causing Line passwords to be reported in User Password findings

Fixed an issue causing HTTP(S) ciphers to not be reported as configured on Cisco IOS devices.

Fixed an issue causing tables detailing affected interfaces in NSA-INTFC-003 to not be displayed.

Fixed an issue causing the NIST 800-171 Pre-assessment setting to always be on.

Fixed an issue causing no vulnerabilities to be reported in the Vulnerability Audit for Cisco WLAN AIR devices.

Assigned a finding ID to the Security Audit finding "SNMP Access To The Authentication MIB".

Fixed an issue causing reports to not be generated on Linux when auditing both a NETGEAR Switch and NETGEAR Firewall via CLI.

Border Gateway Protocol (BGP) passwords are now encrypted when "Show Passwords in Report" is deselected in Nipper's settings for Cisco IOS XR devices

Fixed an issue causing certain Enhanced Interior Gateway Routing Protocol (EIGRP) Interfaces to not appear in the Configuration Report for Cisco IOS XR devices

Fixed an issue causing empty Enhanced Interior Gateway Routing Protocol (EIGRP) groups preventing other EIGRP groups from appearing in the Configuration Report for Cisco IOS XR devices

The latest release of Nipper contains enhanced support for Cisco IOS XR devices. The scope of auditing Cisco IOS XR devices has improved in the following areas:

• Open Shortest Path First (OSPF) Interfaces

• Enhanced Interior Gateway Routing Protocol (EIGRP) Interfaces

• Global Syslog Interfaces

• EIGRP Routing

• Routing Information Protocol (RIP) Routing

• Static Routing

• Routing Keys

• Password Policies

• Border Gateway Protocol (BGP) Dampening

Nipper 2.11.1 also includes changes to the style settings and fixes several bugs across the software delivering enhanced accuracy in reports, as well as improving the overall stability and usability of the software.

Security Audit Style Setting

Changes to the Security Audit report to highlight Nipper's applicability to risk management

A new Security Audit Setting "Audit Style" is available for use within Nipper where"Risk Based" Security Audit style (default) will highlight applicability to risk management. "Classic" Security Audit style will revert to how Nipper has previously reported the Security Audit.

Risk Based Style Changes

Minor text changes - Replaced "issue(s)" with "finding(s)" where applicable across the Security Audit report.

Replaced "severity" with "risk" where applicable across the Security Audit report.

Updated titles of Security Audit Summary diagrams

Replaced "Severity Classification" with "Risk Classification".

Replaced "Issue Classification" with "Finding Classification"

Addition of new diagram to the Security Audit Summary

A new "Risk Profile" diagram plots impact of security findings on your network against the ease for malicious actors to exploit said security finding.

Addition of new table to the Security Audit main body

Appearing after the Security Audit Introduction, the Findings Summary provides an overview of each finding ID that applies to a device in the audit scope, the title of the finding, the risk the finding presents and the applicable section.

A new standalone report plugin for NIST 800-171 has been added. This feature is not licensed by default - speak to your solutions advisor for further information.

Cisco IOS Wireless LAN devices will now correctly report the configured SSID protocol.

The --disable-interactive-audit CLI setting will no longer be ignored on CentOS 7 installs.

Improved reporting of administrative interface line settings in the Configuration Report.

"NTP Control Queries were Permitted" security finding will no longer be present if the device has an Access Control List (ACL) configured.

SonicWall SonicOS 6.5 devices will no longer have the "LAN to WAN" Configuration Report table incorrectly labelled with the name of a configured ACL.

Fixed an issue when turning on the "CMMC Pre-Assessment" setting from the "New Report" dialog that would cause the Security Audit and Configuration Report to not be included in the report if not already selected.

Fixed an issue causing section links throughout the Security Audit to no longer function

The latest release of Nipper expands and simplifies support for the CMMC (Cybersecurity Maturity Model Certification) framework.

A new dedicated CMMC Module provides evidence for 24 of the Level 1-3 CMMC practices for firewalls, switches and routers, automating the assessment of 18 and providing evidential information for 6 practices. The evidence/information is provided in a report format that meets Certified Assessor requirements.

Reports include:

• Introduction, explaining the CMMC domains and levels applicable to the report

• Findings overview

• Individual sections for each CMMC practice that Nipper has assessed, with information as to any issues found and any applicable evidence

• Exact technical fixes and remediation recommendations

The CMMC Module requires activation; if you would like to use this module please speak to your account manager or contact us.

Cisco IOS XR

• The scope and accuracy of auditing Cisco IOS XR devices have been improved in the following areas of the device:

• Administration

• Banner Settings

• Border Gateway Protocol (BGP) Settings

• Filter Rules

• Network Time Protocol (NTP) Settings

• Open Shortest Path First (OSPF) Settings

• Simple Network Management Protocol (SNMP) Settings

Nipper 2.11.0 corrects the following bugs across the software:

Reporting

• The filtering differences report no longer fails during the report generation step when run with certain Cisco Router devices.

• JSON log output has been sanitized to prevent the inclusion of non-html markup in table data.

• Cisco ASA devices now correctly report as supporting outbound ACLs.

• SNMP within the Security Audit no longer generates a false positive for Cisco IOS 15.1 devices.

• No Session Timeout within the Security Audit no longer generates a false positive for Juniper JunOS 15 devices.

• Syslog Logging Not Enabled within the Security Audit no longer generates a false positive for Juniper JunOS 15 devices.

• Clear Text HTTP Service Enabled within the Security Audit no longer generates a false positive for Palo Alto Networks PanOS 9 devices.

• Weak Minimum Password Length within the Security Audit no longer generates a false positive for Cisco IOS 15 devices.

• Reporting on STP BPDU Guard no longer generates a false positive for Cisco Router devices.

• HTML reports generated via the Nipper CLI are no longer missing certain icons.

Juniper

• Certain Juniper SRX device configurations no longer crash when run in conjunction with the Security Audit report plugin.

• Juniper SRX devices running JunOS 12.4R2.7 now correctly display security policies in the Security Audit report plugin.

Fortigate

• Fortigate devices running FortiOS 6 are now correctly identified as such when adding manual configuration files prior to the report generation step.

Stability

• Improved the stability of Nipper installations on Windows systems by preventing a potential vulnerability surrounding the Windows registry.

The latest release of Nipper expands our support for Palo Alto devices running operating systems up to and including PAN-OS 9.1, as well as enabling remote auditing of Panorama devices. Tech support files remotely retrieved from Panorama devices are now correctly unzipped, allowing Panorama devices to be remotely audited.

The existing Palo Alto Firewall Plugin has been extended to support HIP profiles and objects; with reports displaying a range of information about each, as well as a link to the security policy rule(s) that they are applied to.

The latest release of Nipper improves the interactivity for Cisco PSIRT audits via Nipper's CLI. When multiple devices are audited through Nipper's CLI, if any of the devices are detected to be auditable by PSIRT the user will be prompted to enter their exact device OS versions to enable an accurate PSIRT report.

Nipper 2.10.2 also fixes several bugs across the software delivering enhanced accuracy in reports, as well as improving the overall stability and usability of the software:

Cisco

• Cisco ISR 4331 devices are now correctly identified as such, not as Cisco Catalyst

• Not having a privileged password set on Cisco IOS 15 devices will no longer cause CIS audits to hang during report generation

• Auditing local Cisco configuration files via Nipper's CLI on CentOS 7 now generates a report as expected

• Accuracy in a number of findings across multiple report types for Cisco devices has been enhanced:

  • Not setting an auxiliary password on Cisco Catalyst devices will now raise an associated Security Audit finding

  • Not fully configuring SNMP on Cisco devices is now flagged as a Security Audit finding

  • Unicast RPF verification on tunnel interfaces is no longer flagged as a Security Audit finding as it is not configurable by a user o Router OSPF interfaces that are set to passive are now displayed as such

  • "Any to Any" rules on Cisco ASA devices are now correctly reported in the Security Audit

  • ACL rules managing SNMP access no longer raises STIG check V-3021 o Switch port security is now correctly identified on Cisco Nexus devices, and noted in reports as expected

  • VPNs configured with aggressive mode enabled on Cisco IOS devices are now correctly identified in reports

Check Point

• Unknown passwords in Check Point configurations are now correctly referenced in reports

• Manually setting your Check Point R80 version number will now correctly report on all related NVD vulnerabilities

• Having hidden passwords in Check Point R80 configurations now sets STIG check NET0240 as a manual check to be assessed by the user

Fortinet

• The help text displayed in Nipper's CLI now combines FortiOS 6 with the rest of the FortiOS versions

• Remotely auditing FortiOS devices with Nipper's CLI no longer incorrectly states that you are missing command parameters

• Some Security Audit checks for Fortinet UTM devices now have improved accuracy to help prevent false negatives

• SSH is now correctly detected on all FortiOS 6 devices

Juniper

• The device OS version for Juniper Pulse devices is now correctly identified and noted in reports.

Palo Alto

• Increased clarity in how DHCP clients are displayed for PAN-OS 9 devices

• Error messages displayed while auditing Panorama devices now have device passwords redacted

• Not setting an NTP no longer causes Virtual Systems to be skipped on Panorama 8 devices

SonicWall

• The Filtering Differences report no longer detects changes between identical rules on SonicWall devices

Stability

• Importing a settings profile that contains an email server password no longer causes a serious error

• Resolved error that occurred when running a report against specific FortiOS 6 and Check Point R80 configurations

Usability

• Disabling interactive mode on Nipper's CLI now disables all interactive user prompts

• Amended spelling in the Filtering Complexity check's title

• Help text in Nipper's CLI now informs when specific command ordering is required in some remote device connections

• Nipper's internal NVD processor now looks past the initial CPE match in each CPE list, therefore correctly identifying when multiple CPEs are found to match.

For versions up to and including PAN-OS® 9.1

All the following improvements/enhancements will be visible within the configuration report and in turn, directly affect Nipper’s other report types when auditing a Palo Alto device up to and including version 9.1.

General Improvements

The following issues when parsing the configuration have been identified and improved upon:

• BGP Routing

• Server Profiles

• Minor issues and improvements have been identified within the Network Objects and improvements have been made.

Added Support

Each of the following features represents an improvement or the creation of the capability of Nipperto report against the specified item in the device, these include:

• Basic Information

• Network Services

• General Configuration Information

• Authentication

• Password Profiles

• Administration

• Logon Banner Message

• Simple Network Management Protocol (SNMP) Settings

• Message Logging

• Name Resolution Settings

• Dynamic Host Configuration Protocol (DHCP) Settings

• Network Protocols

• Network Interfaces

• Network Address Translation (NAT)/Port Address Translation (PAT) Configuration

• Routing Configuration

• Network Filtering

• Intrusion Protection System (IPS) Settings

• Time and Date

• Virtual Systems (VSys)

• Remote Access (VPN Settings)

The benefit for these features includes:

1. The Configuration report will include the detail of each of these device functions and capabilities meaning that Nipper’s report will be richer.

2. The Security, STIG and other reports will include findings relating to the features, increasing the Titania coverage of the device features.

3. The increased coverage of the features and the analysis delivers a more detailed and accurate security report for Palo Alto devices running on PAN-OS 9 and 9.1 ensuring a more complete security posture picture.

4. Support for PAN-OS 9.1, the version that is used most in deployment.

To further improve Nipper’s accuracy and stability, we have implemented fixes for the following issues:

• Fixed an issue in the Filtering Differences report when auditing SonicWall devices where some rules' labels were missing, and some rules were being duplicated.

• Fixed a dependency issue causing installation of Nipper on CentOS to present an error stating "libtitania-classes.so cannot be found".

A REST API connector has been implemented to allow for a more robust method of connection between Nipper and Palo Alto devices running on PAN-OS 8 and above. This will allow for full version parsing, meaning that better and more accurate reporting will be available.

Fixed an issue with the "auto update" feature, enabling Nipper users to now make use of auto updates without requiring a manual download of the latest version.

Following customer feedback, we’ve enhanced the PSIRT plugin to provide more valuable data for Cisco ASA and PIX devices based on its version. By running additional checks Nipper now produces a more accurate list of vulnerabilities associated with the device.

The latest release of Nipper focuses on accuracy, stability, and usability improvements across the following device manufacturers and report plugins:

FortiOS

• Included a FortiOS 6 demo config for evaluation users

• Fixed false positive on Fortinet/FortiGate devices with Filtering Differences

• Improved administrative services detection for FortiGate

• Improved filter rule detection for devices running FortiOS 6.2

• Improved stability when comparing FortiGate device configs

• Fixed issue with some FortiGate configs using ipv6 failing to generate a report

Cisco

• Fixed false positive for OSPF LSA thresholds on Cisco ASA

• Improved JunOS vulnerability audit detection for certain versions

• Resolved issue of SSH incorrectly reported as disabled on some Cisco configurations

• Fixed a false positive on Cisco devices with NTP control queries

Check Point

• Fixed R80 rulebases sometimes being incorrectly audited

• Resolved an R77 dependency issue

Improved stability related to:

• System-wide licensing

• Filtering differences when auditing some SonicWall devices

• Changing email logging settings

• Adding remote devices in Audit Scheduling

Usability

• Excluding vulnerabilities now removes them from the ‘Conclusion’ table

• Resolved issue on filtering differences when the baseline was created on a different OS

• Changed default remote connections to Palo Alto to use HTTPS

Other

• Updated copyright information across reports to 2021

• Updated vulnerabilities from the National Vulnerability Database

The latest release of Nipper includes support for FortiGate FortiOS 6 devices. This release includes:

The ability to audit FortiOS 5.6, 6.0, 6.2 and 6.4 across Windows 10, CentOS 7 and Ubuntu 18.04

The full support of FortiOS 6 features include:

• VLAN’s over VXLAN’s

• MAC VLAN’s

• Static Routes and VRF’s

• OSPF and VRF’s

• Virtual Wire Pairs

• Internet Services (Application Layer firewall features)

The existing plugin has been extended to support the newer device operating system version. As such, the accuracy and extent of coverage within the audit reports for these devices has been vastly improved.

FortiGate FortiOS 6 devices can be audited both remotely and locally via the use of manual configuration file(s) in much the same way as earlier FortiGate device operating system versions.

Nipper's internal device detection IP has been updated to handle FortiOS 6 devices without the need for a process change for our users.

The latest release also includes updates to the PSIRT plugin for auditing Cisco devices.

Alongside the feature changes outlined above, this release includes many improvements across the software:

Issue resolved where Nipper could produce a False Negative on a Cisco ASA device.

Improved functionality when using the PSIRT Plugin in conjunction with the Audit Scheduling.

Issue resolved when running IOS XE device with any other configuration file.

Detail improvement - Nipper now shows correct CVE's for ASA OS 9.8(4)29.

SonicWall ACL now displays correctly within Raw Change Tracking.

Nipper now detects Juniper SRX Security Policies.

An issue with the Filtering Differences report when auditing FortiGate devices has been resolved.

An issue identified with scanning extremely large configuration files has been resolved.

A bug with Audit Scheduling schedule times has been fixed.

A bug with the Audit Scheduling Daemon has been fixed.

Device Coverage for the Vulnerability Audit has been extended.

An issue causing a software crash with Cisco IOS XE devices has been resolved.

An issue with logging setting access via the CLI has been resolved.

The latest release of Nipper 2.8.0 contains a new plugin providing support for Check Point R80 devices which covers:

Remote auditing of Check Point R80 devices

The same scope of device information covered in the older Check Point Legacy audit which includes:

• Basic device information

• Network filtering

• Authentication

• IDS & IPS settings

• Address translation settings

• Services

• Network addresses

Functionality to select version R80 or Legacy by the user for a Check Point Nipper audit

Support for Check Point R80 clusters and devices with multiple gateways

Support for adding a Check Point R80 configuration as a manual file

Our Nipper 2.8.0 update includes a new help guide on how to retrieve a manual configuration for a Check Point R80 device. The guide outlines how the configuration file must be generated from the responses to a series of API requests against the device. It also directs the user to tools that have been made available for generating the configuration file automatically, and to a detailed user guide for generating the configuration file manually.

Fixed a false positive in the Security Report for Fortinet devices: Source, Destination, and Port rules found to be set to Any

Fixed a false positive in the Security Report for Fortinet devices: "Weak SSL / early TLS ciphers supported"

Fixed users being unable to exclude the "Weak SSL / early TLS ciphers supported" rule from the Security Report

Cisco PSIRT plugin can use full Cisco OS Version numbers to determine vulnerabilities

Cisco IOS will now be more accurate in reporting Vulnerabilities when using the Cisco PSIRT Plugin over the Vulnerability Plugin

Cisco IOS XE will now be more accurate when reporting Vulnerabilities when using the Cisco PSIRT Plugin over the Vulnerability Plugin

Cisco PIX will now be more accurate when reporting Vulnerabilities when using the Cisco PSIRT Plugin over the Vulnerability Plugin

Cisco Nexus will now be more accurate when reporting Vulnerabilities when using the Cisco PSIRT plugin over the Vulnerability Plugin

PSIRT Vulnerabilities can be reported on by exact OS version match, or by a partial OS version match

PSIRT Vulnerabilities can have all affected OS versions displayed for each finding

Our 2.7.0 update includes a new help guide detailing two methods of retrieving updated PSIRT files, that can be uploaded into Nipper’s Resource Manager

Nipperwill now show single Password Policy Violations within a table

New Finding IDs have been added to the Security Report. These can now be used to help order the report further.

Dell SonicWall devices are now shown as "SonicWall"

Fixed an issue where OSPF table names would show their name as "PROCNAME" rather than "Virtual Routers"

When adding a license through the CLI application, Nipper will now prompt the user to add their serial or activation key, if the respective CLI arguments are blank or missing

Nipper now supports the auditing of Watchguard XTMv devices through the CLI

Fixed an issue that occurred when importing a CSV file containing a Palo Alto device, causing a prompt to appear and subsequent report failure

Fixed a hyperlink within the License Agreement, that redirected the user to an incorrect web page

Running an audit against Fortigate FG100D Firewalls no longer produces a "Serious Error Has Occurred" message

Fixed an issue where users attempting to export an XML file of a Vulnerability audit (performed against a Juniper SRX device) would cause an error

Fixed an issue where enabling the "Send email as attachment" setting would fail to attach a log file to the email being sent

Fixed an issue where enabling the "Order by CVE Reference" setting would cause some Vulnerabilities to not be ordered correctly

URLs have been updated

Redundant PCI Report Settings have been removed from the CLI help guide