Secure Web Gateway 11.2.0 Release Notes
New Features in the 11.2 Release
This release provides the following new features. For resolved issues in this release and the update releases, see further below.
NOTE: Secure Web Gateway 11.2 is provided as a main release.
For information about how to install this release, see the Upgrading to a New Version - Controlled Release. If you are installing the Secure Web Gateway appliance software for the first time, see Installing Secure Web Gateway for the First Time.
New Properties for Web Policy Rules
When configuring rules for your web policy, you can use these new items:
- A new property to expose encrypted archive directory listings.
- A new property to store the rule and rule set names or IDs that were processed at the end of the request and response filtering cycles.
GTI Data Included in Feedback File
Data that is collected by the GTI diagnosis script of the operating system is included in the output feedback file.
Support for Rolling TCPdump collection
Support for rolling TCPdump collection option is now available in the UI. For more details, see Create a packet tracing file. For more details on Performing Packet Tracing in Secure Web Gateway, see Performing Packet Tracing in Secure Web Gateway SWG
More Flexibility for HTTP Proxy Port Configuration
When configuring an HTTP Proxy Port, you can disable the Enable FTP over HTTP option. The option is enabled by default.
SSL Tap Configuration Enhanced
The following enhancements have been added to SSL Tap configuration:
- The destination port number is not overwritten by default when tapped packets are created.
- The destination MAC address can be customized when tapped packets are broadcast.
- SSL tapping now supports HTTP2 on Secure Web Gateway.
Detection of Excel 4 Macros Added
Excel 4 macros are now detected in media type filtering.
IP Spoofing Supported for HTTP(S) in Proxy Configuration
IP spoofing is supported for HTTP(S) when setting up proxies in Explicit Proxy or L2 Transparent mode.
Known Issues and Workaround
For a list of issues that are currently known, see SWG 11.x.x Known Issues and Workaround
Resolved Issues in the 11.2 Release
This release resolves known issues.
NOTE: Secure Web Gateway 11.2 is provided as a main release.
For upgrade information, see the Upgrading to a new version provided as a main release section of the Secure Web Gateway Installation Guide.
JIRA issue numbers are provided in the reference columns.
Network communication
Reference | Description |
---|---|
WP-1590 | POST commands running while HTTP tunneling is enabled do not lead to a failure of the core process on Secure Web Gateway anymore. |
WP-3343 | IP spoofing is supported for HTTP(S) when setting up proxies in Explicit Proxy or L2 Transparent mode. |
WP-3953 | SWG can be configured to retain the destination port number when tapped packets are created. |
WP-4145 | POST commands running while HTTP tunneling is enabled do not lead to a failure of the core process on Secure Web Gateway anymore. |
WP-4370 | SSL tapping now supports HTTP2 on Secure Web Gateway. |
WP-4396 | The destination MAC address can be customized when tapped packets are broadcast. |
WP-4443 | User can disable the option Enable FTP over HTTP option when configuring an HTTP Proxy Port. This option is enabled by default. |
WP-4447 | A new property is added to store the rule and rule set names or IDs that were processed at the end of the request and response filtering cycles. |
WP-4451 | The Bond interface is brought up with the appliance and Static Routes settings are restored correctly after a full restore of Web Gateway. |
WP-4541 | Processing of cluster messages sent by the Notification plugin that is implementend in the core process has been improved. |
WP-4558 | When the data threshold of 10 GB is reached on an ICAP connection, the connection is shut down to avoid overload issues. |
WP-4559 | Memory can be reserved for advance usage while reading messages on Secure Web Gateway, so the length of the response is already known early, which avoids memory reallocation. |
WP-4560 | Processing of cluster messages sent by the Notification plugin that is implementend in the core process has been improved. |
WP-4566 | Copying of files has been improved. |
WP-4646 | An issue with high memory usage that occurred on a Secure Web Gateway for On-Prem appliance has been resolved. |
WP-4674 | Trigger of execution of the Hybrid policy is working fine. |
Other
Reference | Description |
---|---|
WP-2952 | User cannot DOWNLOAD and DELETE the files without Troubleshooting rights via REST Interface. |
WP-3990 | Excel 4 macros are now detected in media type filtering. |
WP-4134 | A password for an update proxy user is escaped properly again, after this had not worked and caused yum to treat the user name as the name of the proxy server. |
WP-4238 | The rule in the script filter rule set that removes ActiveX objects from Javascript is working fine now |
WP-4245 | An admin user can again log onto Web Gateway using NTLM authentication successfully |
WP-4285 | A new property is added to expose encrypted archive directory listings. |
WP-4331 | A 502 error that occurred when working with the AWS admin page has been resolved. |
WP-4350 | A URL path encoding issue that involved subscribed lists has been resolved. |
WP-4351 | A table without a header is no longer recognized erroneously as application/x-compressed-arc. |
WP-4362 | The Secure Web Gateway rule set for file scanning scans nested archives files now that caused issues before. |
WP-4428 | Data that is collected by the GTI diagnosis script of the operating system is included in the output feedback file. |
WP-4429 | TCP dump options has been enhanced by adding a packet tracing feature. |
WP-4440 | An admin user can again log onto Web Gateway using NTLM authentication successfully |
WP-4444 | Files are no longer detected as missing for Web Gateway nodes because of incorrect reference handling. |
WP-4450 | The mwg-snmp.service unit is available again now after a reboot of Web Gateway. |
WP-4459 | File scanning now extracts text from PDFs, which had failed before, as the scanning process went into a loop causing CPU consumption to reach 100%. |
WP-4518 | High memory usage on a Web Gateway appliance does not occur anymore |
WP-4556 | Coordinator crashes that led to a shutdown on a Secure Web Gateway appliance do not occur anymore. |
WP-4567 | The SmartCache default size value has been increased from 100 to 1000 MB |
WP-4584 | Response time for CStorageJob backup and restore activities has been improved. |
WP-4650 | Random f.txt file downloaded on Chrome\Edge browsers do not occur anymore. |
Vulnerabilities Fixed
Reference | Description |
---|---|
WP-4347, WP-4408, WP-4416, WP-4432, WP-4454, WP-4547, WP-4554, WP-4591, WP-4598, WP-4621 |
This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers. The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:
For more information about these CVEs and their impact, see the Red Hat CVE portal. |