Skip to content

Gateway Release: 2.11

2.11-10 - July 25, 2022

  • Fix: Fixes an issue where packets received by the Gateway with checksum errors would cause traffic processing issues
  • Fix: Fixes a stability issue in Nginx related to Egress Forward Proxy
  • Fix: Fixes an issue where traffic processed by a UDP Forwarding rule with SNAT enabled does not show Gateway to Server information in Traffic Summary -> Logs
  • Fix: Fixes an issue where the FQDNFILTER Event would show a reversal of Src and Dest IP and Port information for traffic processed by a Forwarding Rule
  • Fix: Fixes an issue where the FQDN Filtering profile would allow FQDNs that should be denied
  • Fix: Fixes various Gateway stability issues in high-load stress scenarios
  • Fix: Fixes a stability issue in an Egress Gateway related to the Snort engine for TCP stream data
  • Fix: Fixes and issue where an IDS/IPS (DPI) Event would show a scrambled URI value
  • Fix: Fixes an issue where Network Stats was showing incorrect connection rate values
  • Fix: Fixes an issue where FQDN Filtering Event was showing reversed IP addresses for Client and Server fields

2.11-08 - April 20, 2022

  • Fix: Provides patch to vulnerability defined by CVE-2022-0778
  • Fix: Enhances throughput performance for Egress/EW Gateway in Azure operating in Forward Proxy mode
  • Fix: Fixes a stability issue in an Egress Gateway related to OpenSSL

2.11-07 - April 4, 2022

  • Fix: Fixes an Egress Gateway stability issue resulting in datapath self-heal
  • Fix: Fixes an issue with incorrect processing of large and chunked client requests

2.11-06 - March 11, 2022

  • Fix: Fixes a set of stability issues related to traffic processed through an Egress Forward Proxy Rule

2.11-05 - February 28, 2022

  • Fix: Fixes an issue where Nginx proxy was not parsing SNI values properly causing repeated datapath restarts
  • Fix: Fixes an issue with parsing the Malicious IP dataset obtained from Trustwave when the dataset is significantly large
  • Fix: Fixes an issue where the session ID might change after the L4 processing stage

2.11-04 - February 7, 2022

  • Fix: Fixes an issue where SNI was not being passed from frontend (unprotected) connection to backend (protected) connection for a ReverseProxy Ingress use-case
  • Fix: Fixes an issue where Azure Redis Cloud Service was not being detected by Application ID

2.11-03 - January 28, 2022

  • Fix: Fixes an issue where Azure Cosmos and Blob Storage were not recognized by the Application ID engine
  • Fix: Fixes an issue where UDP stream protocols through a ReverseProxy were not handled properly
  • Fix: Fixes an issue where a DPI shows incorrect port number
  • Fix: Fixes an issue where an IDS/IPS Profile Action set to Rule Default would not honor the Rule action guidance. IMPORTANT: This could change the observed behavior of IDS/IPS threat protection by dropping traffic for a high severity threat that was previously only detected.
  • Fix: Gateway stability improvements for all use-cases

2.11-02 - January 13, 2022

  • Fix: Fixes an issue where the use of a CIDR in Rule Suppression of a WAF Profile would result in a 403 response code

2.11-01 - December 30, 2021

  • Enhancement: Added support for viewing the Gateway status after applying a policy change to a Policy Ruleset or any of its resource dependencies
  • Enhancement: Enhances the Rule Suppression configuration to permit Allow Log, Allow No Log, Deny Log and Deny No Log Action configuration settings
  • Enhancement: Enhances FQDN Filtering resource creation by allowing more than 8 items per row. The limit per row has increased to 64 items.
  • Enhancement: Added support for forwarding ICMP traffic through an Egress/East-West Gateway
  • Enhancement: Added support for SSH tunnel detection to ensure security can be applied to allow or deny traffic

  • Enhancement: Added SNI support for TLS proxy

  • Fix: Fixes an issue where an operations race condition could result in a datapath restart cycle

  • Fix: Fixes an issue where Application ID detection is classifying HTTP traffic incorrectly as ICMP
  • Fix: Fixes an issue where a user-defined Address Group with 0.0.0.0/0 membership and applied to an Egress Gateway causes the Gateway to not pass traffic
  • Fix: Fixes a Gateway crash and self heal when a URL Filtering Profile attempts a match on a URL Category that does not exist
  • Fix: Fixes an issue where a Rule Suppression configuration did not require an Action, but an Action is required, resulting in an unsupported behavior
  • Fix: Fixes an issue where an IDS/IPS threat is detected when Application ID is enabled, but no IDS/IPS profile is configured
  • Fix: Fixes an issue where HTTP Header Transfer-Encoding: Chunked was not being passed by the Gateway
  • Fix: Fixes an issue to correct a discrepancy with logging for FQDN Filtering events
  • Fix: Fixes an issue where certain traffic operated on by an IDS/IPS Profile could result in a high number false positives
  • Fix: Fixes an issue where TLS proxy configured in a Service Object applied to an Ingress Gateway causes a datapath self-heal under certain traffic scenarios
  • Fix: Fixes an issue where a WAF Profile was recording a Web Protection event with incorrect Action type
  • Fix: Fixes and issue where the URL Filtering engine does not properly return some configured status codes
  • Fix: Fixes an issue with the HTTP header presented by the Gateway to remove any reference to Valtix
  • Fix: Fixes an issue where AWS Services traffic processed by a Forwarding rule is not classified by the Application ID engine as a Cloud Service category
  • Fix: Fixes an issue where an advanced WAF rule configured in drop mode can operate as detect when the rule is tripped
  • Fix: Various permanence and memory improvements to enhance efficiency
  • Fix: Various stability improvements in mixed-mode, high-traffic stress scenarios for all use-cases