Enhancement: Enhances Geo IP and Malicious IP Security Profiles to apply policy based on XFF header IP information
Enhancement: Enhances the auto-scaling logging to provide metric information used to trigger the need to auto-scale
Enhancement: Enhances the Forward Proxy data path processing to ensure that if the IP resolved via DNS to establish the backend connection does not match the destination address object, then the Action should be to deny the session.
Enhancement: Enhances the Egress segmentation policy definition by allowing use of a pre-defined Internet Address Object
Fix: Fixes a stability issue in an AWS Egress/EW Gateway related to X509 processing
Fix: Addresses an issue related to AWS SDK due to the Valtix Gateway adding the following two response headers: Strict-transport-security, X-content-type-options. The fix is for the Valtix Gateway to not add these two response headers and rely on the application for issuing the response headers and their directives.
Fix: Provided more actionable information within the System Log message when a private key, stored in the provider, cannot be accessed by the Gateway
Fix: Fixes an issue where an invalid configuration pushed to the Gateway would result in the Gateway not sending back heartbeat telemetry
Fix: Fixes an issue where the IP address for the destination in a Forward proxy front-end connection was showing the Gateway IP. The fix is to show the destination IP address from the incoming packet.
Fix: Fixes a stability issue related auto-scaling that could result in a datapath self heal
Fix: Provides patch to address the vulnerability defined by CVE-2022-0778
Fix: Improves efficiency when processing encrypted traffic and matching URL/URI information to defined Categories for evaluation
Fix: Enhances throughput performance for Azure Egress/EW Gateway operating in Forward Proxy mode
Fix: Fixes an issue where successful DNS resolutions performed by the Gateway were being logged unnecessarily
Fix: Fixes a stability issue in an Egress Gateway related to the Snort engine for TCP stream data
Fix: Fixes an issue where a Gateway could be in a constant restart state when a CA decryption profile is unintentionally specified in a Service Object
Fix: Addresses an inefficiency issue where the datapath was sending redundant updates unnecessarily
Fix: Fixes a proxy issue where the application could be passed to the wrong backend due to a mismatch in the Ngnix configuration vs. the SNI contained within the TLS message
Fix: Fixes an Egress Gateway stability issue resulting in datapath self-heal
Fix: Fixes an issue to improve the efficiency of FQDN-based category matching to accommodate millions of FQDNs. This also helps eliminate any FQDN-based bypassing that could occur with inefficient processing.
Fix: Fixes an issue where a constant datapath restart could occur when using an important KMS certificate as a Client CA Profile
Fix: Fixes an issue with incorrect processing of large and chunked client requests
Fix: Provides performance and behavioral improvements for Gateway auto-scaling
Fix: Fixes a stability issue in an Egress Gateway related to OpenSSL
Fix: Improves performance of configuration updates to ensure concurrent updates are handled properly by the datapath
Fix: Fixes various stability issues related to datapath self-heal caused by mixed-traffic, high-load scenarios