Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 11.2.24 Release Note

  1. Last updated
  2. Save as PDF

New Features in the 11.2.x Release 

Below is a consolidated list of new features available across the different 11.2.x releases. For issues resolved as part of this release please see the Resolved Issue section

NOTE: Secure Web Gateway 11.2 is provided as a main release.

For information about how to install this release, see Upgrading to a new version – Main Release. If you are installing the Secure Web Gateway appliance software for the first time, see Installing Secure Web Gateway for the First Time.

New Properties for Web Policy Rules  

When configuring rules for your web policy, you can use these new items:

  • A new property to expose encrypted archive directory listings.
  • A new property to store the rule and rule set names or IDs that were processed at the end of the request and response filtering cycles.

GTI Data Included in Feedback File  

Data that is collected by the GTI diagnosis script of the operating system is included in the output feedback file.

Support for Rolling TCPdump collection 

Support for rolling TCPdump collection option is now available in the UI. For more details, see Create a packet tracing file. For more details on Performing Packet Tracing in Secure Web Gateway, see Performing Packet Tracing in Secure Web Gateway SWG

More Flexibility for HTTP Proxy Port Configuration  

When configuring an HTTP Proxy Port, you can disable the Enable FTP over HTTP option. The option is enabled by default.

SSL Tap Configuration Enhanced  

 The following enhancements have been added to SSL Tap configuration:

  • The destination port number is not overwritten by default when tapped packets are created.
  • The destination MAC address can be customized when tapped packets are broadcast.
  • SSL tapping now supports HTTP2 on Secure Web Gateway.

Detection of Excel 4 Macros Added  

Excel 4 macros are now detected in media type filtering. 

IP Spoofing Supported for HTTP(S) in Proxy Configuration  

IP spoofing is supported for HTTP(S) when setting up proxies in Explicit Proxy or L2 Transparent mode.

Known Issues and Workaround 

For a list of issues that are currently known, see SWG 11.x.x Known Issues and Workaround

What's New in 11.2.24 Release 

Support Block Page as redirect response on SWG 

Secure Web Gateway now supports additional advanced configuration of Block page templates to display block pages using redirect response. For details, see Modifying a Block Page - Security Best Practices

Resolved issues in update 11.2.24

The list of resolved issues is mentioned below  

JIRA issue numbers are provided in the reference columns.

Reference Description
WP-3149 The audit log no longer shows private keys.
WP-4292 The Network Interfaces page shows up as usual.
WP-6147 SWG Handles ATD server integration from different clusters. 
WP-6231 The rule trace was downloaded successfully when the web gateway was connected to an open network.
WP-6246 SWG core crash has been fixed with the progress page. 
WP-6253 The HA proxy service is now running normally after upgrading to SWG 12.2.8. 

NOTE: Secure Web Gateway 11.2.24  is provided as a main release and archived.

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.

Vulnerabilities Fixed     

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.
The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

Reference CVE  Description
WP-6249 CVE-2024-2398 When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headrs for the push surpasses the maximum allowed limit(1000), libcurl aborts the server push. when aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks. 
WP-6293 CVE-2024-6398 The vulnerability CVE-2024-6398, related to Information disclosure is fixed. After upgrading to 12.2.10 version, it is recommended to review customized block pages and remove any sensitive information. For more details see, Security Bulletin and Modifying a Block Page - Security Best Practices.

For resolved issues on the previous releases and other information, see Secure Web Gateway 11.2.x Release Notes

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.