Gateway Release: 22.04¶
22.04-07 - September 3, 2022¶
- Fix: Updated Mellanox DPDK driver to address vulnerability related to CVE-2022-28199
22.04-04 - July 24, 2022¶
- Fix: Fixes an issue where packets received by the Gateway with checksum errors would cause traffic processing issues
- Fix: Fixes a stability issue related to TLS traffic that would cause Gateway auto-scaling
- Fix: Fixes an issue where no System Log message was being recorded for Gateway auto-scale in events
- Fix: Fixes a stability issue in Nginx related to Egress Forward Proxy
- Fix: Fixes an issue where a Gateway deployment would not become ACTIVE when deployed in an orchestrated NAT Gateway-enabled AWS Service VPC
22.04-02 - June 9, 2022¶
- Fix: Fixes an issue to ensure the default Action of the Uncategorized row of an FQDN Filtering Profile matches the Action of the ANY row. Since this is a newly introduced field, setting the Uncategorized Action to the same as ANY Action ensures that the FQDN Filtering Profile has no change in behavior.
- Fix: Fixes a Gateway stability issue when using large-sized FQDN Filtering Profiles
- Fix: Fixes an issue where traffic processed by a UDP Forwarding rule with SNAT enabled does not show Gateway to Server information in Traffic Summary -> Logs
- Fix: Fixes an issue where traffic processed by a SNAT disabled Rule that follows a SNAT enabled Rule that uses "internet" Address Object would incorrectly apply SNAT
- Fix: Fixes an issue where the FQDNFILTER Event would show a reversal of Src and Dest IP and Port information for traffic processed by a Forwarding Rule
- Fix: Fixes an issue where the FQDN Filtering profile would allow FQDNs that should be denied
- Fix: Fixes various Gateway stability issues in high-load stress scenarios
22.04-01 - May 5, 2022¶
- Enhancement: Enhances Geo IP and Malicious IP Security Profiles to apply policy based on XFF header IP information
- Enhancement: Enhances the auto-scaling logging to provide metric information used to trigger the need to auto-scale
- Enhancement: Enhances the Forward Proxy data path processing to ensure that if the IP resolved via DNS to establish the backend connection does not match the destination address object, then the Action should be to deny the session.
-
Enhancement: Enhances the Egress segmentation policy definition by allowing use of a pre-defined Internet Address Object
-
Fix: Fixes a stability issue in an AWS Egress/EW Gateway related to X509 processing
- Fix: Addresses an issue related to AWS SDK due to the Valtix Gateway adding the following two response headers: Strict-transport-security, X-content-type-options. The fix is for the Valtix Gateway to not add these two response headers and rely on the application for issuing the response headers and their directives.
- Fix: Provided more actionable information within the System Log message when a private key, stored in the provider, cannot be accessed by the Gateway
- Fix: Fixes an issue where an invalid configuration pushed to the Gateway would result in the Gateway not sending back heartbeat telemetry
- Fix: Fixes an issue where the IP address for the destination in a Forward proxy front-end connection was showing the Gateway IP. The fix is to show the destination IP address from the incoming packet.
- Fix: Fixes a stability issue related auto-scaling that could result in a datapath self heal
- Fix: Provides patch to address the vulnerability defined by CVE-2022-0778
- Fix: Improves efficiency when processing encrypted traffic and matching URL/URI information to defined Categories for evaluation
- Fix: Enhances throughput performance for Azure Egress/EW Gateway operating in Forward Proxy mode
- Fix: Fixes an issue where successful DNS resolutions performed by the Gateway were being logged unnecessarily
- Fix: Fixes a stability issue in an Egress Gateway related to the Snort engine for TCP stream data
- Fix: Fixes an issue where a Gateway could be in a constant restart state when a CA decryption profile is unintentionally specified in a Service Object
- Fix: Addresses an inefficiency issue where the datapath was sending redundant updates unnecessarily
- Fix: Fixes a proxy issue where the application could be passed to the wrong backend due to a mismatch in the Ngnix configuration vs. the SNI contained within the TLS message
- Fix: Fixes an Egress Gateway stability issue resulting in datapath self-heal
- Fix: Fixes an issue to improve the efficiency of FQDN-based category matching to accommodate millions of FQDNs. This also helps eliminate any FQDN-based bypassing that could occur with inefficient processing.
- Fix: Fixes an issue where a constant datapath restart could occur when using an important KMS certificate as a Client CA Profile
- Fix: Fixes an issue with incorrect processing of large and chunked client requests
- Fix: Provides performance and behavioral improvements for Gateway auto-scaling
- Fix: Fixes a stability issue in an Egress Gateway related to OpenSSL
- Fix: Improves performance of configuration updates to ensure concurrent updates are handled properly by the datapath
- Fix: Fixes various stability issues related to datapath self-heal caused by mixed-traffic, high-load scenarios