Fix: Fixes an Ingress Gateway session pool exhaustion issue related to HTTP Keepalives where frontend (Client to Gateway) has KA enabled and backend (Gateway to Server) has KA disabled
Fix: Fixes an issue with Forward Proxy to ensure the backend connection remains active when the response is delayed by more than 60 seconds. The response delay timeout for the proxy has been increased to 180 seconds.
Fix: Corrects a policy change issue where the Anti-Malware security profile was being applied to a small form factor (2-core and 4-core) instance types where Anti-Malware is only available in large form factor (8-core) instance types
Fix: Fixes an issue where an incorrectly configured L7DOS profile applied to a Gateway could result in a restart cycle
Fix: Enhances Gateway stability by fixing various issues for Egress Gateways deployed in all CSPs
Fix: Fixes an issue related to TLS caching where the datapath would generate a TLS error with SNI is Empty when traffic contained a TLS Hello with valid SNI
Fix: Fixes an issue with L7 DOS Profile that would cause the datapath to restart when a URI was longer than 64 characters
Enhancement: Provides support for limiting TLS to a minimum version. IMPORTANT: The same minimum version must be used consistently throughout the Policy Rules associated with a Policy Ruleset (Standalone or Group). Otherwise the minimum version applied cannot be predetermined.
Enhancement: Enhances the TLS_ERROR messaging to be clear and actionable
Enhancement: Adds TCP Reset on Deny support for all Security Profiles applicable to Forwarding Rules
Enhancement: Enhances the FQDN Filtering Event text to show which FQDN is matched in an FQDN
Fix: Fixes an issue where the Anti-malware detection would not detect Malware for an unencrypted HTTP session
Fix: Updated Mellanox DPDK driver to address vulnerability related to CVE-2022-28199
Fix: Fixes an issue where certain traffic that doesn't have an SNI that should be denied was processed as allow
Fix: Fixes an issue where backend TLS_LOG events where showing a reversed source and destination IP/Port information
Fix: Removes not used samba-common-libs from the Gateway
Fix: Fixes memory pressure issues related to small form factor Ingress Gateway deployed in Azure
Fix: Fixes an issue where return path UDP traffic that was processed by a SNAT rule would not be handled properly by the Gateway
Fix: Fixes an issue with Forward Proxy to ensure the backend connection remains active when the response is delayed by more than 10 seconds. The response delay timeout for the proxy has been increased to 30 seconds.
Fix: Fixes an issue where VALTIX_INTERNAL event types were not being correlated with related events
Fix: Fixes an issue where an attempt to import a CA certificate for use in a Forward Proxy would throw an error
Fix: Fixes an issue where Egress Gateways deployed in AWS into a NAT Gateway-enabled Service VPC would not initialize
Fix: Fixes an issue where very large policies pushed to the Gateway would take longer than expected
Fix: Removes duplicate Events that were commonly recorded for Ingress traffic session processing
Fix: Fixes a stability issue related to TLS traffic that would cause Gateway auto-scaling
Fix: Fixes an issue where Policy Status update would take longer than expected to complete
Fix: Fixes an issue where incorrect Packet Capture Profile credentials can cause the DP to perform a hitless restart
Fix: Fixes the FQDN and URL Filtering messages when traffic is processed by the default ANY rule
Fix: Fixes an issue in a URL Filtering Profile where a top-level domain containing an end "/" does not match a configuration where the RegEx ends in "/.*" Filtering Profile row
Fix: Fixes and issue where the forward proxy could open an upstream connection using an incorrect destination port
Fix: Fixes an issue with the WAF event where the FQDN obtained from SNI or Host Header was not populated to the FQDN field
Fix: Fixes a stability issue related to ICMP traffic