Fix: Fixes an issue related to Websockets Proxy where a duplicate host header would be added to the backend connection. In general, this is not an issue as the RFC states that multiple (and duplicate) host headers are allowed. But there are some application frameworks that do not accept multiple host headers. Ngnix as an application server is one of those systems. When Nginx receives HTTP traffic with multiple host headers, it will reject the session and respond back with a 400 Bad Request.
Fix: Moved the TLS renegotiation configuration to a Valtix-configurable setting. Changed the renegotiation back to a default state of enabled due to potential issues with older clients that rely on renegotiation. To disable renegotiation, please contact Valtix Support.
Fix: Fixes an issue where DLP and IDS/IPS Profiles that were created prior to IDS/IPS and WAF Custom Rule support might not operate as expected unless the Profile was modified and saved
Fix: Fixes an Ingress Gateway issue related to large-volume bursty TLS traffic where the Gateway could issue an incorrect certificate to the client. This scenario is rare and is a downstream issue that could occur in Gateway releases 22.12-03 and earlier. This fix addresses the downstream issue by ensuring it is never reached and is a safeguard to ensure the issue never occurs.
Fix: Disabled TLS renegotiation to address vulnerability related to CVE-2009-3555
Fix: Fixes an issue where the FQDN Filtering Events would show reversed source/destination IP/Port information
Fix: Fixes an Ingress Gateway issue related to upstream connection where the connection being null could result in a datapath self heal
Fix: Fixes a stability issue in WAF related to large POST commands with chunked encoding enabled
Fix: Fixes an issue with Reverse Proxy to ensure the backend connection remains active when the response is delayed by more than 60 seconds. The response delay timeout for the proxy has been increased to 180 seconds.
Fix: Enhances Gateway stability for all use cases to eliminate any potential session pool exhaustion
Fix: Fixes an session pool exhaustion issue related to HTTP Keepalives where frontend (Client to Gateway) has KA enabled and backend (Gateway to Server) has KA disabled
Fix: Fixes an issue with Forward Proxy to ensure the backend connection remains active when the response is delayed by more than 60 seconds. The response delay timeout for the proxy has been increased to 180 seconds.
Fix: Enhances Gateway stability by fixing various issues for Egress Gateways deployed in all CSPs
Enhancement: Adds support for protecting traffic in an AWS environment where the VPCs have overlapping CIDRs. This architecture can only be accommodated using AWS GWLB and use of Dynamic VPC Address Objects.
Enhancement: Adds support for Azure DS_V5 instance types (2-core, 4-core and 8-core)
Enhancement: Adds support for specifying a custom HTTP message as a response to a deny of a URL Filtering Profile
Fix: Corrects a policy change issue where the Anti-Malware security profile was being applied to a small form factor (2-core and 4-core) instance types where Anti-Malware is only available in large form factor (8-core) instance types
Fix: Fixes an issue where Traffic Summary Log shows Allow action for an FQDN that is denied by FQDN Filtering Profile
Fix: Fixes an issue where an incorrectly configured L7DOS profile applied to a Gateway could result in a restart cycle
Fix: Fixes an issue where a Gateway restart would result in a potential to bypass the URL Filtering Profile
Fix: Fixes an issue where an L7DOS Profile would not operate properly on POST commands
Fix: Fixes an issue where a Packet Capture (PCAP) generated by the Gateway for a decrypted session was not generating a decrypted packet capture
Fix: Fixes an issue where packets received by the Gateway with checksum errors would cause traffic processing issues
Fix: Improves the stability of the Gateway for all use-cases across all CSPs