File:		NEUES.TXT
Product: 	NCP Secure Entry Client
Version: 	Version 9.20
Producer: 	NCP Engineering GmbH

-------------------------------------------------------------------------------
Latest information on the NCP Secure Entry Client for Windows XP/ Vista/ 7
-------------------------------------------------------------------------------
New features of version 9.20 in comparison to version 9.10
-------------------------------------------------------------------------------

1. Windows 7 Support
-------------------------------------------------------------------------------

Full support is provided for the new Microsoft operating system Windows 7 from 
version 9.2 onwards. The following Windows desktop operating systems are 
supported: 
Windows XP (32/64 Bit), Windows Vista (32/64 Bit), and Windows 7 (32/64 Bit) 

Additionally, the Entry Client supports the new Intel Wi-Fi drivers, starting 
from version 12.4.0.21, and it is compatible to the mobile broadband support in 
Windows 7.

Important note: 
- Installation of the NCP Secure Entry Client under Windows 7 demands a license 
key of version 9.20.
- In case of an update from Windows Vista to Windows 7, the monitor of a Client 
version 9.2 , licensed with a license key 9.1, can only be started in order to 
enter a license key of version 9.2.
- The support for Windows 2000 has been discontinued, starting with NCP Secure 
Entry Client version 9.2.
  


2. New Features of the Monitor Interface
-------------------------------------------------------------------------------

Connection switch

In the line for profile selection, a single connect/ disconnect switch replaces 
the two former buttons. A mouse click is sufficient to establish a connection - 
the red 0 symbol of the connect/ disconnect switch switches to the green 1 
symbol. A second mouse click on the connect/ disconnect switch disconnects the 
connection. 


Tip of the day

With each start of the monitor, a new tip appears next to the corporate logo. 
This is the place where in versions < 9.2 the connect and disconnect buttons 
were located. 

Clicking on the tip opens the affiliated HTML page in the default browser. (The 
order to the tips of the day (daytip-1_en.html to daytip-1_en.html) is set in 
the daytips_en.ini in the installation directory \tips.)

The tips can also be hidden via the view menu of the Client Monitor. 


Language selection

You can select the monitor interface language in the language menu item of the 
view menu. The following languages are available: English, German, French, 
Polish, and Dutch. English, German, French and Polish are available as setup 
languages.


World map in the graphical interface

In the graphical interface of the monitor a world map depending on the time zone 
is displayed. Depending on the time zone configured on the PC the corresponding 
section of the world map is displayed: Europe, America or Asia/ Australia.

Depending on the time of day, the border between day and night is displayed, 
too. The position is being refreshed every ten minutes. 


Log window
 
After clicking on any message, the content does not move out of the window but 
is complemented internally. By scrolling, the user can view the current content. 
Highlighted areas and lines can be copied to a different application via [CTRL] 
+ [C].


Split Tunneling

In the menu item "Profile Settings", the parameter folder "VPN IP Networks" has 
been renamed "Split Tunneling". The number of configurable remote VPN Networks 
has been augmented to 250. 


3. State Display During Wi-Fi Scans and Connection Set Up
-------------------------------------------------------------------------------

If  "Wi-Fi" is activated, a periodical scan for Wi-Fi networks is run. During 
scanning the respective icon is animated. Connection set up to an access point 
is displayed with a blinking yellow ball on the left hand side of the selected 
SSID of the Wi-Fi network. A green ball indicates the established connection to 
a Wi-Fi access point. If several Wi-Fi access points use the same SSID, a small 
red triangle is displayed next to the SSID. 


4. Wi-Fi GUI with Tray Icon
-------------------------------------------------------------------------------

If "Wi-Fi" has been activated, the affiliated tray icon appears in the taskbar. 
This icon shows the current connection state, the field strength and the mode of 
encryption. Clicking on the tray icon, all available Wi-Fi networks are 
displayed. Selecting one of the Wi-Fi networks either starts connection set up 
or the Wi-Fi profile wizard, if no Wi-Fi profile has been configured for this 
Wi-Fi network. The Wi-Fi profile wizard shortens profile configuration and 
automates connection set up to a new Wi-Fi network. The encryption mode (WEP, 
WPA...) is now automatically detected.  


5. Wi-Fi Roaming
-------------------------------------------------------------------------------

If the laptop is moved within the range of several access points with the same 
SSID, the system automatically switches to an access point with higher field 
strength in the case of low Wi-Fi reception. Applications communicating via this 
VPN tunnel are usually not affected by the change of access point. This allows 
the user to move across the corporate campus (e.g. with a laptop), without the 
need to set up new Wi-Fi connections. 


6. VPN Path Finder incl. Proxy Support
-------------------------------------------------------------------------------

As soon as default IPsec via port 500 or UDP Encapsulation via a freely 
configurable port is not possible, the VPN Path Finder automatically switches to 
an alternative connection protocol - TCP encapsulation with SSL header via port 
443. 

This is especially important if the client only has access to HTTPS Port 443 and 
a pure IPsec connection is not possible. This can be the case in hotels or at 
hotspots. 

Configuration is carried out in the configuration menu item of the monitor under 
profile settings in "Advanced IPsec Options".

The VPN Path Finder requests a NCP gateway as remote station (>= V. 8). An 
alternative port has to be configured in the VPN / IPsec settings of the local 
system of the gateway. 

If a VPN Path Finder is used and a proxy server has to be placed ahead of the 
internet connection, the user can either select the Windows proxy server of the 
Internet Explorer or enter a corporate proxy server. This configuration is made 
in the configuration menu of the monitor under "Proxy for VPN Path Finder". 


7. RWSCMD Option: rwscmd /firewalloff [Timeout] [Password]
-------------------------------------------------------------------------------

The firewall can be temporarily deactivated by entering the command "rwscmd 
/firewalloff" in the command line. A maximum timeout as well as a necessary 
password can be configured in the client configuration under "Firewall / Options 
/ Commands". 
This feature offers network administrators the possibility to temporarily 
deactivate the firewall for Wireshark Traces or similar applications. For this, 
administrator rights for the NCP Client are not imperative. 


8. RWSCMD Option: rwscmd /logonhotspot [Timeout] [Password]
-------------------------------------------------------------------------------

The firewall can be temporarily opened by entering the command "rwscmd 
/logonhotspot" in the command line.
The configuration of timeout, password and possibly other ports than 80 and 443 
is carried out in the configuration menu item of the monitor under "Firewall / 
Options / Commands".


9. Profile Export and Import
-------------------------------------------------------------------------------

The profile settings offer the feature to export the selected profile and to 
import it to another Entry Client. 

Through this feature the same VPN profile can be easily transferred from one 
computer to another. Certificates, however, have to be imported separately.
 In the profile settings, the button "Add" has been renamed "Add / Import". 
After clicking this button a wizard is started which helps you to either 
configure a new profile or import an already existing one. 

For import, the NCP Entry Client supports the following file types: 
*.ini, *.pcf, *.wgx, *wge and *.spd.

Profile settings can be created by the respective remote station or they can be 
edited manually. The sample files IMPORT_D.txt and IMPORT_E.txt are stored in 
the installation directory. Syntax and parameter values are also described in 
the sample files.   


10. Revised 3G Configuration
-------------------------------------------------------------------------------

In the profile settings, a new parameter folder has been introduced for the 
communication medium GPRS / 3G. 

Three modes of 3G configuration are available: 
* Provider list (default setting): By selecting the provider, the APN and the 
dial-up number is being suggested. 
* APN from SIM card: The APN is read out of the SIM card. (This only works if an 
APN is configured on the SIM card.) 
* User-defined: The user is free to configure all dial-up parameters manually.
The provider list can be expanded via the file APN.ini in the installation 
directory. 


11. Budget Manager History for the Previous Twelve Months
-------------------------------------------------------------------------------

The "Budget Manager History" in the connection menu item records and displays 
either as tabulation or as chart the data volume over a maximum time span of the 
previous twelve months (provided line management is activated). 


12. FND Server Allocation via DHCP
-------------------------------------------------------------------------------

The destination address of the FND server can be transmitted to the Entry Client 
via a DHCP option (159) at the DHCP server. This means that the client is in the 
LAN as well as in the friendly network assigned to him. (Addresses of FND 
servers in the firewall configuration of the client are not used as long as the 
client is assigned its FND addresses via DHCP.)


13. Integration of the Firewall State in the Windows Security Center / Action 
Center
-------------------------------------------------------------------------------

The Windows Security Center/ Action Center display the availability of the NCP 
firewall. Since Microsoft has not yet implemented the affiliated API for Windows 
7, this service is not available at the moment.


14. Vodafone Web Sessions Support
-------------------------------------------------------------------------------

After setting up a VPN tunnel by clicking on "Connect", the user can log on to 
Vodafone web sessions and establish a VPN tunnel.


15. Configuration Extension
-------------------------------------------------------------------------------

WISPr provider list and SSID

The WISPr configuration menu in the Wi-Fi settings of the NCP client can be 
expanded via an INI file. The file hotspot.ini is stored in the installation 
directory of the client. New WISPr provider and new SSIDs can be entered into 
this file. 


Profile filtergroups

Setting up a new profile configuration triggers a prompt into which group the 
configuration is to be saved. It is possible to assign the profile to several 
groups. 


IPsec configuration

DH group 14 with 2048Bit encryption is additionally available for the PFS group 
(IKE) and the IPsec settings as well as for the IPsec editor and the IKE and the 
IPsec guidelines. 

-------------------------------------------------------------------------------
For further information please refer to our web site: www.ncp-e.com
-------------------------------------------------------------------------------
NCP engineering GmbH
11 / 17 / 2009

