Fix: Fixes an issue related with DNS-based FQDN Address Object resources where enabling DNS caching could result in a race condition between policy change and the DNS resolution interval that would result in the cache for a domain to be reset to a value of 0 (no cache). When this situation occurs, the domain resolution will never be cached and any existing cache values will be flushed as their TTL expire. The end result is the Gateway will eventually not match traffic for that domain. This fix addresses the race condition such that the cache will operate as expected.
Fix: Fixes an issue where traffic would be incorrectly denied by a Forward Proxy Rule configured with an FQDN Match Profile due to delays in certificate validation. The deny will be seen as an FQDNFILTER Security Event even though an FQDN Filtering Profile is not applied.
Fix: Fixes an issue related to dynamic Address Objects where a large number of IPs and a large number of changes to those IPs could result in the datapath not accepting changes, causing matching issues resulting in traffic being processed incorrectly
Fix: Fixes a slow session pool leak related to UDP traffic that would result in the DP detecting the leak and restarting the datapath
Enhancement: Enhances the datapath to generate a session summary event when the Gateway connection and proxy timers are exceeded. This enhancement will help in troubleshooting when a session is closed by the Gateway due to timer settings.
Enhancement: Enhances the Forward Proxy Service Object to support L4 (TCP) and L5 (TLS) proxies
Enhancement: Enhances the Gateway datapath to track session performance
Enhancement: Enhances the Gateway datapath process to generate a TCP reset to actively close the connections during a datapath restart
Fix: Fixes an issue where URL encoded characters of [ and ] in an HTTP object name where decoded by the Gateway, but not re-encoded before sending the request to the server. This results in the server not being able to properly locate the object, returning a 400 response code. This fix properly re-encodes the characters prior to sending the request to the server.
Fix: Fixes an issue where the presence of underscores in an SNI would cause the proxy to not pass traffic. This change enables the proxy configuration to accommodate the use of underscores in domain names.
Fix: Fixes an additional issue with large file transfers related to HTTP commands (e.g., Github repository cloning) where a proxy timeout would result in a 408 status code
Fix: Fixes an issue where traffic is matched to a correct policy, but an incorrect certificate is issued
Fix: Fixes an issue with large file transfers related to HTTP commands (e.g., Github repository cloning) where a proxy timeout would result in a 408 status code
Fix: Fixes an issue where URL Filtering category query timeout expires causing the traffic to be denied
Fix: Fixes a stability issue with the Ingress Gateway where the datapath could self heal due to an issue with the upstream proxy
Fix: Fixes an issue where the Gateway could introduce additional latency when processing certain types of traffic
Fix: Fixes an unnecessary datapath restart that is triggered when enabling memory profiling
Fix: Fixes an issue where the Gateway could intermittently generate a 502 due to a datapath restart triggered by a policy change
Fix: Fixes an issue with CPU-based auto-scale could result in an unnecessary scale out