Secure Edge: Release June 30, 2025

Secure Edge Appliance firmware release 7.0.21
Secure Edge Windows Client 2.0.11
Secure Edge MacOS Client 2.0.2
Secure Edge IOS Client 1.1
Secure Edge Android Client 1.1

New Features

Multi-Site Secure Edge Fabric:
- This feature allows more than one Site to Site IPSEC tunnel to be configured.
- Multiple IP Subnets per configured tunnel.
- Remote Gateway can be configured as a hostname.
- Offers the tunnel connection types: Responder Only or Initiate Connection.
- Secure Edge can to use multiple on-site DNS servers with different forwarding domains by using Conditional DNS Forwarding. Secure Edge Windows 2.0.11, MacOS 2.0.2, Android 1.1 and IOS 1.1 are required for Conditional DNS forwarding.
NOTE If you previously configured the Corporate Tunnel settings, this configuration will be migrated to Secure Edge / Fabric page and named Corporate Tunnel.
Secure Edge IOS client: The Secure Edge IOS Client is out of Beta and now fully released. Uninstall the Beta version and install the fully released version from the IOS App Store
Secure Edge Android client: The Secure Edge IOS Client is out of Beta and now fully released. Uninstall the Beta version and install the fully released version from the IOS App Store
SafeCheck for Secure Edge and SaaS Alerts: Secure Edge and SaaS Alerts are now integrated to streamline Microsoft Security recommendations for Secure Edge users. Secure Edge when configured, will share the Gateway IP address and the email addresses of the Secure Edge Users. The SaaS Alerts Fortify module will allow IT admins to provision the Microsoft 365 Conditional IP Access policy for these Secure Edge users. Once provisioned, the Secure Edge Users will need to be connected to the Secure Edge Gateway, and if not they will be denied access to Microsoft 365.
BCDR One-Deploy DR Integration: A Datto BCDR integration, where a Site-to-Site IPSEC tunnel can be configured to the Secure Edge gateway with a minimal number of steps during Cloud DR recovery.
New set of input validation for tunnel settings, syslog address, and service setting fields.

Bug Fixes

MacOS non-admin users can no longer disable the VPN settings option found under MacOS System Settings when configured for Always-On Connectivity.
Resolved the problem where MacOS client displays “VPN disconnected. You have been disconnected unexpectedly. Please reconnect to ensure your connection is secure or contact your organization’s admin if the issue persists” after waking up from MacOS sleep.
Text alignment on Connection Status panel of MacOS client.
After a month's usage, the IOS client’s security key will no longer require disabling and re-enabling the IOS VPN Settings to get the IOS client back connected.
No longer seeing “The operation couldn’t be completed. (org.oopenid.appauth.general error –3)” error when canceling login on IOS client.
Hostname for IOS client is no longer delayed by up to 5 minutes after initial connection. The hostname will show up immediately.
Resolved problem where IOS client does not return to the input Organizational Code screen when associated Subscriber is removed.
Notification text has been corrected when VPN setting is disabled on IOS client.
Session notification is no longer duplicated when the session has expired.
IOS client no longer gets into infinite loop when 3 other Secure Edge client is already connected.
No longer getting unexpected error “missing one or more required headers“ when entering the Organization code on the IOS client.
The IOS client will no longer get stuck in the pending state after the client is approved.
Connected an issue where false Corporate Tunnel Down alerts were being sent.

Known Problems

New orders of DSE421 appliances are not visible inside of Network Manager.

Workaround: Contact Datto Networking support for them to manually assign the DSE421 to your account. Please have the MAC address of the new appliance ready as this will be required.
While “Drop Web Ads & Tracking” is disabled, these events are showing up in the blocked events.
The client hostname field will be blank when approving a new client.

Workaround: Wait 5 minutes as this field will be updated the next time the client checks in.

	Need troubleshooting help? Open the Kaseya Helpdesk.
	Want to talk about it? Head on over to the Community!
	Have an idea for a new feature? Want to learn about upcoming enhancements? Visit the Ideas forum!
	Provide feedback for the Documentation team.