Skip to content

Gateway Release: 22.10

22.10-10 - March 7, 2023

  • Fix: Fixes an issue where DLP and IDS/IPS Profiles that were created prior to IDS/IPS and WAF Custom Rule support might not operate as expected unless the Profile was modified and saved

22.10-09 - February 20, 2023

  • Fix: Fixes an Ingress Gateway issue related to large-volume bursty TLS traffic where the Gateway could issue an incorrect certificate to the client. This scenario is rare and is a downstream issue that could occur in Gateway releases 22.10-05 and earlier. This fix addresses the downstream issue by ensuring it is never reached and is a safeguard to ensure the issue never occurs.
  • Fix: Disabled TLS renegotiation to address vulnerability related to CVE-2009-3555
  • Fix: Fixes an issue where the FQDN Filtering Events would show reversed source/destination IP/Port information

22.10-08 - January 27, 2023

  • Fix: Fixes an Ingress Gateway issue related to upstream connection where the connection being null could result in a datapath self heal
  • Fix: Fixes a stability issue in WAF related to large POST commands with chunked encoding enabled
  • Fix: Enhances Gateway stability for all use cases to eliminate any potential session pool exhaustion

22.10-07 - January 20, 2023

  • Fix: Fixes an issue with Reverse Proxy to ensure the backend connection remains active when the response is delayed by more than 60 seconds. The response delay timeout for the proxy has been increased to 180 seconds.

22.10-06 - January 8, 2023

  • Fix: Fixes an Ingress Gateway session pool exhaustion issue related to HTTP Keepalives where frontend (Client to Gateway) has KA enabled and backend (Gateway to Server) has KA disabled

22.10-05 - January 3, 2023

  • Fix: Fixes a memory and performance issue related to repeated loads of a WAF ruleset when a policy that includes WAF is applied to a Gateway

22.10-04 - December 26, 2022

  • Fix: Fixes an issue with Forward Proxy to ensure the backend connection remains active when the response is delayed by more than 60 seconds. The response delay timeout for the proxy has been increased to 180 seconds.
  • Fix: Fixes an issue where backend flows in an Egress SNAT scenario were not being properly flushed, which could result in eventual traffic processing issues
  • Fix: Fixes an issue where Traffic Summary Log shows Allow action for an FQDN that is denied by FQDN Filtering Profile
  • Fix: Corrects a policy change issue where the Anti-Malware security profile was being applied to a small form factor (2-core and 4-core) instance types where Anti-Malware is only available in large form factor (8-core) instance types
  • Fix: Fixes an issue where an incorrectly configured L7DOS profile applied to a Gateway could result in a restart cycle
  • Fix: Fixes an issue where a Gateway restart would result in a potential to bypass the URL Filtering Profile
  • Fix: Fixes an issue with L7DOS Profile where a rate limit and burst size setting of 1 would not block HTTP requests with with method of type POST
  • Fix: Enhances Gateway stability by fixing various issues for Egress Gateways deployed in all CSPs

22.10-03 - November 21, 2022

  • Fix: Improves the stability of the Gateway for all use-cases across all CSPs

22.10-02 - November 9, 2022

  • Fix: Fixes an issue with metric calculation that could cause the datapath to self heal

22.10-01 - November 7, 2022

  • Enhancement: Adds support for HTTP Keepalives to accommodate HTTP session reuse and achieve high performance
  • Enhancement: Added an L4 Firewall Security Event showing the FQDN matched when a Policy Ruleset match occurs based on an FQDN-based Address Object
  • Fix: Fixes an issue with IDS/IPS where traffic containing a CSV/Formula injection is not being detected
  • Fix: Fixes an issue related to TLS caching where the datapath would generate a TLS error with SNI is Empty when traffic contained a TLS Hello with valid SNI
  • Fix: Fixes an issue with L7 DOS Profile that would cause the datapath to restart when a URI was longer than 64 characters
  • Fix: Set HTTP Keeaplives as default enabled with a 5s session timeout
  • Fix: Support for using user-defined/imported custom rules in Web Protection (WAF) Profiles
  • Fix: Support for using user-defined/imported custom rules in Network Intrusion (IDS/IPS) Profiles
  • Fix: Fixes stability issues with the Gateway under various traffic and configuration scenarios
  • Fix: Fixes an issue where a Packet Capture (PCAP) generated by the Gateway for a decrypted session was not generating a decrypted packet capture
  • Fix: Fixes an issue where a Packet Capture (PCAP) is not generated when a traffic is passing through a Rule that does not have SNAT enabled or is not a Proxy Rule
  • Fix: Fixes an issue where the Gateway could complete a TLS handshake with a wrong certificate even if upstream session is closed via a TCP Reset
  • Fix: Fixes an issue where a GCP Gateway could crash if the datapath VPC contains a large number of subnets
  • Fix: Fixes an issue where Antivirus (AV) is not properly detecting malware in an unencrypted HTTP session
  • Fix: Fixes an issue where an AV detection was denying traffic properly, but was not reporting an action of Deny in the traffic summary
  • Fix: Fixes a stability issue specific to Azure Egress / East-West Gateways
  • Fix: Fixes an issue where TCP Reset on Deny was taking effect for Policies where Application ID or Malicious IP were denying traffic
  • Fix: Fixes an issue with Data Loss Prevention (DLP) where CC numbers are being detected as SWIFT bank account numbers
  • Fix: Fixes an issue where Reverse Proxy might not pass the SNI to the backend connection
  • Fix: Fixes an issue where datapath would restart twice when a manual restart is triggered
  • Fix: Fixes an issue where the Policy Update Status would show Updated when the update failed due to IAM permission issues