Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 11.2.0 Release Notes

New Features in the 11.2 Release 

This release provides the following new features. For resolved issues in this release and the update releases, see further below.

NOTE: Secure Web Gateway 11.2 is provided as a main release.

For information about how to install this release, see the Upgrading to a New Version - Controlled Release. If you are installing the Secure Web Gateway appliance software for the first time, see Installing Secure Web Gateway for the First Time.

New Properties for Web Policy Rules  

When configuring rules for your web policy, you can use these new items:

  • A new property to expose encrypted archive directory listings.
  • A new property to store the rule and rule set names or IDs that were processed at the end of the request and response filtering cycles.

GTI Data Included in Feedback File  

Data that is collected by the GTI diagnosis script of the operating system is included in the output feedback file.

Support for Rolling TCPdump collection 

Support for rolling TCPdump collection option is now available in the UI. For more details, see Create a packet tracing file. For more details on Performing Packet Tracing in Secure Web Gateway, see Performing Packet Tracing in Secure Web Gateway SWG

More Flexibility for HTTP Proxy Port Configuration  

When configuring an HTTP Proxy Port, you can disable the Enable FTP over HTTP option. The option is enabled by default.

SSL Tap Configuration Enhanced  

 The following enhancements have been added to SSL Tap configuration:

  • The destination port number is not overwritten by default when tapped packets are created.
  • The destination MAC address can be customized when tapped packets are broadcast.
  • SSL tapping now supports HTTP2 on Secure Web Gateway.

Detection of Excel 4 Macros Added  

Excel 4 macros are now detected in media type filtering. 

IP Spoofing Supported for HTTP(S) in Proxy Configuration  

IP spoofing is supported for HTTP(S) when setting up proxies in Explicit Proxy or L2 Transparent mode.

Known Issues and Workaround

For a list of issues that are currently known, see SWG 11.x.x Known Issues and Workaround

Resolved Issues in the 11.2 Release  

This release resolves known issues.

NOTE: Secure Web Gateway 11.2 is provided as a main release.       

For upgrade information, see the Upgrading to a new version provided as a main release section of the Secure Web Gateway Installation Guide. 

JIRA issue numbers are provided in the reference columns.

Network communication    

Reference Description
WP-1590 POST commands running while HTTP tunneling is enabled do not lead to a failure of the core process on Secure Web Gateway anymore.
WP-3343 IP spoofing is supported for HTTP(S) when setting up proxies in Explicit Proxy or L2 Transparent mode.
WP-3953 SWG can be configured to retain the destination port number when tapped packets are created.
WP-4145 POST commands running while HTTP tunneling is enabled do not lead to a failure of the core process on Secure Web Gateway anymore.
WP-4370 SSL tapping now supports HTTP2 on Secure Web Gateway.
WP-4396 The destination MAC address can be customized when tapped packets are broadcast.
WP-4443 User can disable the option Enable FTP over HTTP option when configuring an HTTP Proxy Port. This option is enabled by default.
WP-4447 A new property is added to store the rule and rule set names or IDs that were processed at the end of the request and response filtering cycles.
WP-4451 The Bond interface is brought up with the appliance and Static Routes settings are restored correctly after a full restore of Web Gateway.
WP-4541 Processing of cluster messages sent by the Notification plugin that is implementend in the core process has been improved.
WP-4558 When the data threshold of 10 GB is reached on an ICAP connection, the connection is shut down to avoid overload issues.
WP-4559 Memory can be reserved for advance usage while reading messages on Secure Web Gateway, so the length of the response is already known early, which avoids memory reallocation.
WP-4560 Processing of cluster messages sent by the Notification plugin that is implementend in the core process has been improved.
WP-4566 Copying of files has been improved.
WP-4646 An issue with high memory usage that occurred on a Secure Web Gateway for On-Prem appliance has been resolved.
WP-4674 Trigger of execution of the Hybrid policy is working fine.

Other    

Reference Description
WP-2952 User cannot DOWNLOAD and DELETE the files without Troubleshooting rights via REST Interface.
WP-3990 Excel 4 macros are now detected in media type filtering.
WP-4134 A password for an update proxy user is escaped properly again, after this had not worked and caused yum to treat the user name as the name of the proxy server.
WP-4238 The rule in the script filter rule set that removes ActiveX objects from Javascript is working fine now
WP-4245 An admin user can again log onto Web Gateway using NTLM authentication successfully
WP-4285 A new property is added to expose encrypted archive directory listings.
WP-4331 A 502 error that occurred when working with the AWS admin page has been resolved.
WP-4350 A URL path encoding issue that involved subscribed lists has been resolved.
WP-4351 A table without a header is no longer recognized erroneously as application/x-compressed-arc.
WP-4362 The Secure Web Gateway rule set for file scanning scans nested archives files now that caused issues before.
WP-4428 Data that is collected by the GTI diagnosis script of the operating system is included in the output feedback file.
WP-4429 TCP dump options has been enhanced by adding a packet tracing feature.
WP-4440 An admin user can again log onto Web Gateway using NTLM authentication successfully
WP-4444 Files are no longer detected as missing for Web Gateway nodes because of incorrect reference handling.
WP-4450 The mwg-snmp.service unit is available again now after a reboot of Web Gateway.
WP-4459 File scanning now extracts text from PDFs, which had failed before, as the scanning process went into a loop causing CPU consumption to reach 100%.
WP-4518 High memory usage on a Web Gateway appliance does not occur anymore
WP-4556 Coordinator crashes that led to a shutdown on a Secure Web Gateway appliance do not occur anymore.
WP-4567 The SmartCache default size value has been increased from 100 to 1000 MB
WP-4584 Response time for CStorageJob backup and restore activities has been improved.
WP-4650 Random f.txt file downloaded on Chrome\Edge browsers do not occur anymore.

Vulnerabilities Fixed          

Reference Description
WP-4347,
WP-4408,
WP-4416,
WP-4432,
WP-4454,
WP-4547,
WP-4554,
WP-4591,
WP-4598,
WP-4621

This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.

The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2021-41617
  • CVE-2021-4008
  • CVE-2021-4009
  • CVE-2021-4010
  • CVE-2021-4011
  • CVE-2022-23990
  • CVE-2022-23852
  • CVE-2022-45960
  • CVE-2022-22822
  • CVE-2022-22823
  • CVE-2022-22824
  • CVE-2022-22825
  • CVE-2021-46143
  • CVE-2022-22826
  • CVE-2022-22827
  • CVE-2022-25236
  • CVE-2022-25235
  • CVE-2022-25315
  • CVE-2022-1254
  • CVE-2022-24407
  • CVE-2022-0778
  • CVE-2018-25032
  • CVE-2022-1271
  • CVE-2022-1292

For more information about these CVEs and their impact, see the Red Hat CVE portal.

  • Was this article helpful?