Skip to content

Controller / UI Release: 23.10 - October 31, 2023


  • Cloud Provider
    • GCP Folder onboarding
    • AWS Gateway IMDSv2
  • Policy
    • Forward Proxy server certificate validation
  • Metrics
    • Per-instance Metrics (including CPU and memory)
  • Usability
    • Pagination for all Objects and Profiles
    • Filtering and Advanced Search for all Objects and Profiles
    • Enhanced Threat Report
    • Teleport integration for Gateway instance SSH access
  • Miscellaneous
    • Performance improvements
    • Operational improvements
    • Bug fixes and stability improvements


  • Enhancement: Enabled the Rule ID column in Network Intrusion (IDS/IPS) and Application Protection (WAF) Threat Research to enhance usability when searching and viewing Rules based on their ID
  • Enhancement:: Adds support for onboarding GCP Folder hierarchies to accommodate asset and traffic discovery of all Projects that are contained within a Folder hierarchical structure. Onboarding GCP Folders permits asset and traffic discovery, but does not permit full orchestration. Discovery is beneficial and necessary for creating a dynamic policy that adapts in real time to changes made within the GCP Projects. In order to orchestrate within a Project, each Project where orchestration is required should be onboarded individually.
  • Enhancement: Ensures any Gateway deployed in AWS uses IMDSv2 to adhere to recommendations by AWS to configure organizational policies to restrict any deployed instance to use IMDSv2 rather than IMDSv1. When a new Gateway is deployed in AWS, the metadata version is now set to only use IMDSv2.
  • Enhancement: Adds pagination to all Profiles and Objects to ensure fast and efficient display
  • Enhancement: Adds filter and advanced search capabilities to all Objects and Profiles
  • Enhancement: Enhances the Forward Proxy policy to validate the server certificate when negotiating the backend (Gateway to Server) TLS session. The certificate validation is disabled by default, but can be configured in a Decryption Profile for all TLS sessions and in an FQDN Match Object on a per-domain (or set of domains) basis.
  • Enhancement: Redesign of the Threat Report. Generating a Threat Report is available through the Reports tab.
  • Enhancement: Adds the ability to view per-instance statistics for bandwidth, connection rate, active connections and HTTP request rate. Also adds per-instance memory and CPU statistics. Metrics are visible from the Investigate -> Network -> Stats view.
  • Enhancement: Integrates with Teleport to accommodate reverse SSH making it easier to SSH to the Gateway instance management interface especially when the Gateway is orchestrated without public IPs. The requirements to SSH is rare and only necessary for advanced troubleshooting purposes. Inbound communication is inhibited by default using CSP restrictions (Security Groups, Network Security Groups, Firewall Rules).


  • Fix: Fixes and issue where a Gateway in Azure that failed to deploy due to Azure capacity issues would not be deleted by the Controller
  • Fix: Fixes an issue where removing a Zone from a Gateway deployed in user-provided GCP Service VPCs would not remove the instance from the load balancer target pool
  • Fix: Fixes an issue where Azure V5 instances where not being fully deleted during a scale-in operation
  • Fix: Enhances various System Log messages to provide improved error message information
  • Fix: Fixes an issue with evaluating GeoIP information for IP addresses in an X-Forwarded-For header would not functional properly if the X-Forwarded-For header contained multiple IP addresses
  • Fix: Fixes Log Forwarding to GCP Logging to send a true JSON structure rather than a JSON-encoded string
  • Fix: Fixes an issue where upgrading an Azure Gateway where custom tags are applied could result in the new Gateway instances failing to come up due to health check issues from the load balancer
  • Fix: Fixes various issues where adjustments to the time line available in the Logs and Events views would not operate properly
  • Fix: Fixes an issue where a secure proxy configuration could be configured without a decryption profile, which would result in the proxy operating as incorrectly as a non-secure proxy. The fix ensures that the proxy configuration is validated to ensure that a decryption profile is specified when configuring a secure proxy.
  • Fix: Fixes various issues in Rule Sets, Objects and Profiles where the active links to related resources where not represented or working consistently
  • Fix: Fixes Log Forwarding to ensure that all fields show friendly names rather than enum values. This ensures the exported JSON for each log/event will display the same information in the 3rd-party SIEM as is shown in the UI.
  • Fix: Fixes various UI and UI-based workflow nuances to improve usability
  • Fix: Reintroduces the ability to select Local and UTC times from all logs and events views from the Investigate tab
  • Fix: Addresses various usability issues when operating in the advanced search field and specifying search strings