Skip to content

Gateway Release: 22.08

22.08-05 - January 4, 2023

  • Fix: Fixes an Ingress Gateway session pool exhaustion issue related to HTTP Keepalives where frontend (Client to Gateway) has KA enabled and backend (Gateway to Server) has KA disabled

22.08-04 - December 27, 2022

  • Fix: Fixes an issue with Forward Proxy to ensure the backend connection remains active when the response is delayed by more than 60 seconds. The response delay timeout for the proxy has been increased to 180 seconds.
  • Fix: Corrects a policy change issue where the Anti-Malware security profile was being applied to a small form factor (2-core and 4-core) instance types where Anti-Malware is only available in large form factor (8-core) instance types
  • Fix: Fixes an issue where an incorrectly configured L7DOS profile applied to a Gateway could result in a restart cycle
  • Fix: Enhances Gateway stability by fixing various issues for Egress Gateways deployed in all CSPs

22.08-03 - November 8, 2022

  • Fix: Fixes an issue with IDS/IPS where traffic containing a CSV/Formula injection is not being detected
  • Fix: Fixes an issue where a Packet Capture (PCAP) generated by the Gateway for a decrypted session was not generating a decrypted packet capture
  • Fix: Fixes an issue where URL Filtering Rules might produce incorrect URL matching
  • Fix: Fixes an issue where Antivirus (AV) is not properly detecting malware in an unencrypted HTTP session
  • Fix: Fixes an issue where an AV detection was denying traffic properly, but was not reporting an action of Deny in the traffic summary
  • Fix: Fixes a stability issue specific to Azure Egress / East-West Gateways
  • Fix: Fixes an issue with Data Loss Prevention (DLP) where CC numbers are being detected as SWIFT bank account numbers

22.08-02 - October 17, 2022

  • Fix: Fixes an issue related to TLS 1.3 caching where the datapath would generate a TLS error with SNI is Empty when traffic contained a TLS Hello with valid SNI
  • Fix: Fixes an issue with L7 DOS Profile that would cause the datapath to restart when a URI was longer than 64 characters

22.08-01 - September 7, 2022

  • Enhancement: Provides support for limiting TLS to a minimum version. IMPORTANT: The same minimum version must be used consistently throughout the Policy Rules associated with a Policy Ruleset (Standalone or Group). Otherwise the minimum version applied cannot be predetermined.
  • Enhancement: Enhances the TLS_ERROR messaging to be clear and actionable
  • Enhancement: Adds TCP Reset on Deny support for all Security Profiles applicable to Forwarding Rules
  • Enhancement: Enhances the FQDN Filtering Event text to show which FQDN is matched in an FQDN
  • Fix: Fixes an issue where the Anti-malware detection would not detect Malware for an unencrypted HTTP session
  • Fix: Updated Mellanox DPDK driver to address vulnerability related to CVE-2022-28199
  • Fix: Fixes an issue where certain traffic that doesn't have an SNI that should be denied was processed as allow
  • Fix: Fixes an issue where backend TLS_LOG events where showing a reversed source and destination IP/Port information
  • Fix: Removes not used samba-common-libs from the Gateway
  • Fix: Fixes memory pressure issues related to small form factor Ingress Gateway deployed in Azure
  • Fix: Fixes an issue where return path UDP traffic that was processed by a SNAT rule would not be handled properly by the Gateway
  • Fix: Fixes an issue with Forward Proxy to ensure the backend connection remains active when the response is delayed by more than 10 seconds. The response delay timeout for the proxy has been increased to 30 seconds.
  • Fix: Fixes an issue where VALTIX_INTERNAL event types were not being correlated with related events
  • Fix: Fixes an issue where an attempt to import a CA certificate for use in a Forward Proxy would throw an error
  • Fix: Fixes an issue where Egress Gateways deployed in AWS into a NAT Gateway-enabled Service VPC would not initialize
  • Fix: Fixes an issue where very large policies pushed to the Gateway would take longer than expected
  • Fix: Removes duplicate Events that were commonly recorded for Ingress traffic session processing
  • Fix: Fixes a stability issue related to TLS traffic that would cause Gateway auto-scaling
  • Fix: Fixes an issue where Policy Status update would take longer than expected to complete
  • Fix: Fixes an issue where incorrect Packet Capture Profile credentials can cause the DP to perform a hitless restart
  • Fix: Fixes the FQDN and URL Filtering messages when traffic is processed by the default ANY rule
  • Fix: Fixes an issue in a URL Filtering Profile where a top-level domain containing an end "/" does not match a configuration where the RegEx ends in "/.*" Filtering Profile row
  • Fix: Fixes and issue where the forward proxy could open an upstream connection using an incorrect destination port
  • Fix: Fixes an issue with the WAF event where the FQDN obtained from SNI or Host Header was not populated to the FQDN field
  • Fix: Fixes a stability issue related to ICMP traffic