Skip to content

Gateway Release: 2.11-01 - December 30, 2021


  • Enhancement: Added support for viewing the Gateway status after applying a policy change to a Policy Ruleset or any of its resource dependencies
  • Enhancement: Enhances the Rule Suppression configuration to permit Allow Log, Allow No Log, Deny Log and Deny No Log Action configuration settings
  • Enhancement: Enhances FQDN Filtering resource creation by allowing more than 8 items per row. The limit per row has increased to 64 items.
  • Enhancement: Added support for forwarding ICMP traffic through an Egress/East-West Gateway
  • Enhancement: Added support for SSH tunnel detection to ensure security can be applied to allow or deny traffic
  • Enhancement: Added SNI support for TLS proxy


  • Fix: Fixes an issue where an operations race condition could result in a datapath restart cycle
  • Fix: Fixes an issue where Application ID detection is classifying HTTP traffic incorrectly as ICMP
  • Fix: Fixes an issue where a user-defined Address Group with membership and applied to an Egress Gateway causes the Gateway to not pass traffic
  • Fix: Fixes a Gateway crash and self heal when a URL Filtering Profile attempts a match on a URL Category that does not exist
  • Fix: Fixes an issue where a Rule Suppression configuration did not require an Action, but an Action is required, resulting in an unsupported behavior
  • Fix: Fixes an issue where an IDS/IPS threat is detected when Application ID is enabled, but no IDS/IPS profile is configured
  • Fix: Fixes an issue where HTTP Header Transfer-Encoding: Chunked was not being passed by the Gateway
  • Fix: Fixes an issue to correct a discrepancy with logging for FQDN Filtering events
  • Fix: Fixes an issue where certain traffic operated on by an IDS/IPS Profile could result in a high number false positives
  • Fix: Fixes an issue where TLS proxy configured in a Service Object applied to an Ingress Gateway causes a datapath self-heal under certain traffic scenarios
  • Fix: Fixes an issue where a WAF Profile was recording a Web Protection event with incorrect Action type
  • Fix: Fixes and issue where the URL Filtering engine does not properly return some configured status codes
  • Fix: Fixes an issue with the HTTP header presented by the Gateway to remove any reference to Valtix
  • Fix: Fixes an issue where AWS Services traffic processed by a Forwarding rule is not classified by the Application ID engine as a Cloud Service category
  • Fix: Fixes an issue where an advanced WAF rule configured in drop mode can operate as detect when the rule is tripped
  • Fix: Various permanence and memory improvements to enhance efficiency
  • Fix: Various stability improvements in mixed-mode, high-traffic stress scenarios for all use-cases