Introducing VMware Unified Access Gateway 2.9

What's New in This Release

VMware Unified Access Gateway™ 2.9 provides the following new features and enhancements.

  • Horizon BEAT Support

    Supports BEAT (Blast Extreme Adaptive Transport) for Digital Workspace. Supports the UDP-based transport part of the Blast protocol specially designed for low bandwidth, high latency, and high packet loss networks, based on latency and loss on the network's ability to choose between hybrid and UDP-only mode on the Unified Access Gateway.


    Separate OVA for FIPS-140-2 mode. This is restricted to PCoIP in this release.

  • Admin UI

    Enhancements to the Admin UI, including:

    • New health status for edge services and back end resources, making deployment and troubleshooting easier to perform
    • Ability to change log levels to facilitate debugging
  • Access to on-premise legacy apps

    Supports Web Reverse Proxy to on-premise legacy apps using headers and Kerberos-based authentication. The Unified Access Gateway acts as an identity bridge to convert SAML to Kerberos or headers for back end resource access.

  • Security Enhancements

    Updates to SUSE Linux Enterprise Server (SLES), openssl and Java



The Unified Access Gateway user interface, online help, and product documentation are available in Japanese, French, German, Spanish, Brazilian Portuguese, simplified Chinese, traditional Chinese, and Korean. For the documentation, see the Documentation Center for VMware Unified Access Gateway 2.9.


Compatibility Notes

For more information about the VMware Product Interoperability Matrix, see


Known Issues

  • Smart card authentication does not work while connecting to the Unified Access Gateway server if the alternate subject name has the email address for the certificate mapped with the domain account.
    Workaround: In the wizard for creating a certificate template for the smart card user, on the Subject Name tab, deselect the checkbox "Include this information in alternate subject name:".
  • Unified Access Gateway session timeout does not disconnect the Blast Connection.
  • Swagger UI version 2.1.8 has an XSS vulnerability.
    Workaround: The Swagger UI is a low level management interface on TCP port 9443 that is intended to be used only by developers and system integrators to make direct use of the REST API. It is recommended that any internet-facing firewall block port 9443 so that it is not exposed to internet users.
  • Client login fails after Unified Access Gateway session timeout.
    • If this occurs when logging in to the Horizon Client, relaunch the client.
    • This also occurs if a tunnel is disabled on the Unified Access Gateway. In this case, first disconnect from the Unified Access Gateway server, then reconnect and launch the desktop before the session timeout occurs.
Have more questions? Submit a request


Article is closed for comments.