Skip to content

Gateway Release: 23.08

23.08-09 - November 16, 2023

  • Fix: Fixes an issue related with DNS-based FQDN Address Object resources where enabling DNS caching could result in a race condition between policy change and the DNS resolution interval that would result in the cache for a domain to be reset to a value of 0 (no cache). When this situation occurs, the domain resolution will never be cached and any existing cache values will be flushed as their TTL expire. The end result is the Gateway will eventually not match traffic for that domain. This fix addresses the race condition such that the cache will operate as expected.

23.08-08 - November 8, 2023

  • Fix: Improves Gateway stability for all use-cases

23.08-07 - October 18, 2023

  • Fix: Fixes an issue to ensure Log Forwarding to GCP Logging sends logs as a JSON structure rather than a JSON-encoded string

23.08-06 - October 7, 2023

  • Fix: Fixes an issue related to a Forward Proxy Rule that uses an FQDN Match Object for decryption exception could result in traffic processing issues

23.08-05 - October 3, 2023

  • Fix: Fixes an issue where traffic would be incorrectly denied by a Forward Proxy Rule configured with an FQDN Match Profile due to delays in certificate validation. The deny will be seen as an FQDNFILTER Security Event even though an FQDN Filtering Profile is not applied.

23.08-04 - September 19, 2023

  • Fix: Fixes an issue where a Rule that uses an FQDN Match object would incorrectly process traffic for an uncategorized domain

23.08-03 - September 10, 2023

  • Fix: Fixes an issue related to dynamic Address Objects where a large number of IPs and a large number of changes to those IPs could result in the datapath not accepting changes, causing matching issues resulting in traffic being processed incorrectly
  • Fix: Fixes a slow session pool leak related to UDP traffic that would result in the DP detecting the leak and restarting the datapath

23.08-02 - September 3, 2023

  • Fix: Fixes an issue with Reverse Proxy where sending a HTTP POST with a payload greater than 200KB would cause the traffic to be dropped
  • Fix: Fixes an issue where a DNS-based Address Object that contains static IPs would fail to properly match
  • Fix: Removes the dependency on SNI or Host header for TCP Forward Proxy

23.08-01 - August 25, 2023

  • Enhancement: Enhances the datapath to generate a session summary event when the Gateway connection and proxy timers are exceeded. This enhancement will help in troubleshooting when a session is closed by the Gateway due to timer settings.
  • Enhancement: Enhances the Forward Proxy Service Object to support L4 (TCP) and L5 (TLS) proxies
  • Enhancement: Enhances the Gateway datapath to track session performance
  • Enhancement: Enhances the Gateway datapath process to generate a TCP reset to actively close the connections during a datapath restart
  • Fix: Fixes an issue where URL encoded characters of [ and ] in an HTTP object name where decoded by the Gateway, but not re-encoded before sending the request to the server. This results in the server not being able to properly locate the object, returning a 400 response code. This fix properly re-encodes the characters prior to sending the request to the server.
  • Fix: Fixes an issue where the presence of underscores in an SNI would cause the proxy to not pass traffic. This change enables the proxy configuration to accommodate the use of underscores in domain names.
  • Fix: Fixes an additional issue with large file transfers related to HTTP commands (e.g., Github repository cloning) where a proxy timeout would result in a 408 status code
  • Fix: Fixes an issue where traffic is matched to a correct policy, but an incorrect certificate is issued
  • Fix: Fixes an issue with large file transfers related to HTTP commands (e.g., Github repository cloning) where a proxy timeout would result in a 408 status code
  • Fix: Fixes an issue where URL Filtering category query timeout expires causing the traffic to be denied
  • Fix: Fixes a stability issue with the Ingress Gateway where the datapath could self heal due to an issue with the upstream proxy
  • Fix: Fixes an issue where the Gateway could introduce additional latency when processing certain types of traffic
  • Fix: Fixes an unnecessary datapath restart that is triggered when enabling memory profiling
  • Fix: Fixes an issue where the Gateway could intermittently generate a 502 due to a datapath restart triggered by a policy change
  • Fix: Fixes an issue with CPU-based auto-scale could result in an unnecessary scale out
  • Fix: Fixes a proxy connection leak
  • Fix: Improvements to the stability of the Gateway