Gateway Release: 2.11¶
2.11-10 - July 25, 2022¶
- Fix: Fixes an issue where packets received by the Gateway with checksum errors would cause traffic processing issues
- Fix: Fixes a stability issue in Nginx related to Egress Forward Proxy
- Fix: Fixes an issue where traffic processed by a UDP Forwarding rule with SNAT enabled does not show Gateway to Server information in Traffic Summary -> Logs
- Fix: Fixes an issue where the FQDNFILTER Event would show a reversal of Src and Dest IP and Port information for traffic processed by a Forwarding Rule
- Fix: Fixes an issue where the FQDN Filtering profile would allow FQDNs that should be denied
- Fix: Fixes various Gateway stability issues in high-load stress scenarios
- Fix: Fixes a stability issue in an Egress Gateway related to the Snort engine for TCP stream data
- Fix: Fixes and issue where an IDS/IPS (DPI) Event would show a scrambled URI value
- Fix: Fixes an issue where Network Stats was showing incorrect connection rate values
- Fix: Fixes an issue where FQDN Filtering Event was showing reversed IP addresses for Client and Server fields
2.11-08 - April 20, 2022¶
- Fix: Provides patch to vulnerability defined by CVE-2022-0778
- Fix: Enhances throughput performance for Egress/EW Gateway in Azure operating in Forward Proxy mode
- Fix: Fixes a stability issue in an Egress Gateway related to OpenSSL
2.11-07 - April 4, 2022¶
- Fix: Fixes an Egress Gateway stability issue resulting in datapath self-heal
- Fix: Fixes an issue with incorrect processing of large and chunked client requests
2.11-06 - March 11, 2022¶
- Fix: Fixes a set of stability issues related to traffic processed through an Egress Forward Proxy Rule
2.11-05 - February 28, 2022¶
- Fix: Fixes an issue where Nginx proxy was not parsing SNI values properly causing repeated datapath restarts
- Fix: Fixes an issue with parsing the Malicious IP dataset obtained from Trustwave when the dataset is significantly large
- Fix: Fixes an issue where the session ID might change after the L4 processing stage
2.11-04 - February 7, 2022¶
- Fix: Fixes an issue where SNI was not being passed from frontend (unprotected) connection to backend (protected) connection for a ReverseProxy Ingress use-case
- Fix: Fixes an issue where Azure Redis Cloud Service was not being detected by Application ID
2.11-03 - January 28, 2022¶
- Fix: Fixes an issue where Azure Cosmos and Blob Storage were not recognized by the Application ID engine
- Fix: Fixes an issue where UDP stream protocols through a ReverseProxy were not handled properly
- Fix: Fixes an issue where a DPI shows incorrect port number
- Fix: Fixes an issue where an IDS/IPS Profile Action set to Rule Default would not honor the Rule action guidance. IMPORTANT: This could change the observed behavior of IDS/IPS threat protection by dropping traffic for a high severity threat that was previously only detected.
- Fix: Gateway stability improvements for all use-cases
2.11-02 - January 13, 2022¶
- Fix: Fixes an issue where the use of a CIDR in Rule Suppression of a WAF Profile would result in a 403 response code
2.11-01 - December 30, 2021¶
- Enhancement: Added support for viewing the Gateway status after applying a policy change to a Policy Ruleset or any of its resource dependencies
- Enhancement: Enhances the Rule Suppression configuration to permit Allow Log, Allow No Log, Deny Log and Deny No Log Action configuration settings
- Enhancement: Enhances FQDN Filtering resource creation by allowing more than 8 items per row. The limit per row has increased to 64 items.
- Enhancement: Added support for forwarding ICMP traffic through an Egress/East-West Gateway
- Enhancement: Added support for SSH tunnel detection to ensure security can be applied to allow or deny traffic
-
Enhancement: Added SNI support for TLS proxy
-
Fix: Fixes an issue where an operations race condition could result in a datapath restart cycle
- Fix: Fixes an issue where Application ID detection is classifying HTTP traffic incorrectly as ICMP
- Fix: Fixes an issue where a user-defined Address Group with 0.0.0.0/0 membership and applied to an Egress Gateway causes the Gateway to not pass traffic
- Fix: Fixes a Gateway crash and self heal when a URL Filtering Profile attempts a match on a URL Category that does not exist
- Fix: Fixes an issue where a Rule Suppression configuration did not require an Action, but an Action is required, resulting in an unsupported behavior
- Fix: Fixes an issue where an IDS/IPS threat is detected when Application ID is enabled, but no IDS/IPS profile is configured
- Fix: Fixes an issue where HTTP Header Transfer-Encoding: Chunked was not being passed by the Gateway
- Fix: Fixes an issue to correct a discrepancy with logging for FQDN Filtering events
- Fix: Fixes an issue where certain traffic operated on by an IDS/IPS Profile could result in a high number false positives
- Fix: Fixes an issue where TLS proxy configured in a Service Object applied to an Ingress Gateway causes a datapath self-heal under certain traffic scenarios
- Fix: Fixes an issue where a WAF Profile was recording a Web Protection event with incorrect Action type
- Fix: Fixes and issue where the URL Filtering engine does not properly return some configured status codes
- Fix: Fixes an issue with the HTTP header presented by the Gateway to remove any reference to Valtix
- Fix: Fixes an issue where AWS Services traffic processed by a Forwarding rule is not classified by the Application ID engine as a Cloud Service category
- Fix: Fixes an issue where an advanced WAF rule configured in drop mode can operate as detect when the rule is tripped
- Fix: Various permanence and memory improvements to enhance efficiency
- Fix: Various stability improvements in mixed-mode, high-traffic stress scenarios for all use-cases