Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 11.2.17 Release Notes

New Features in the 11.2 Release 

This release provides the following new features. For resolved issues in this release and the update releases, see further below.

NOTE: Secure Web Gateway 11.2 is provided as a main release.

For information about how to install this release, see the Upgrading to a New Version - Controlled Release. If you are installing the Secure Web Gateway appliance software for the first time, see Installing Secure Web Gateway for the First Time.

New Properties for Web Policy Rules  

When configuring rules for your web policy, you can use these new items:

  • A new property to expose encrypted archive directory listings.
  • A new property to store the rule and rule set names or IDs that were processed at the end of the request and response filtering cycles.

GTI Data Included in Feedback File  

Data that is collected by the GTI diagnosis script of the operating system is included in the output feedback file.

Support for Rolling TCPdump collection 

Support for rolling TCPdump collection option is now available in the UI. For more details, see Create a packet tracing file. For more details on Performing Packet Tracing in Secure Web Gateway, see Performing Packet Tracing in Secure Web Gateway SWG

More Flexibility for HTTP Proxy Port Configuration  

When configuring an HTTP Proxy Port, you can disable the Enable FTP over HTTP option. The option is enabled by default.

SSL Tap Configuration Enhanced  

 The following enhancements have been added to SSL Tap configuration:

  • The destination port number is not overwritten by default when tapped packets are created.
  • The destination MAC address can be customized when tapped packets are broadcast.
  • SSL tapping now supports HTTP2 on Secure Web Gateway.

Detection of Excel 4 Macros Added  

Excel 4 macros are now detected in media type filtering. 

IP Spoofing Supported for HTTP(S) in Proxy Configuration  

IP spoofing is supported for HTTP(S) when setting up proxies in Explicit Proxy or L2 Transparent mode.

Known Issues and Workaround 

For a list of issues that are currently known, see SWG 11.x.x Known Issues and Workaround


Resolved issues in update 11.2.17 

This release resolves known issues.   

NOTE: Secure Web Gateway 11.2.17  is provided as a main release and archived.

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.

JIRA issue numbers are provided in the reference columns.

Reference Description
WP-274 Added Webswing configuration to Java UI
WP-3339 Enable in Cloud information is now showed in the audit.log. 
WP-4869 Webswing login is working as normal for cloud images.
WP-5199 Webswing has been Upgraded from 20.1.16 to 22.1.18 LTS. 
WP-5574 Preview in the template editor displays the updated image on the block page.
WP-5735 The DLP library has been updated to version 2.6.6. 
WP-5810 The robustness of an AV filter has been improved. 
WP-5858 Selected templates are now exported from a user created schema. 

Vulnerabilities Fixed    

Reference Description


This Secure Web Gateway release includes updates addressing publicly disclosed CVEs, regardless of whether a CVE has been shown to impact customers.
The following medium and higher-level CVEs (CVSS 3.0 >= 4) were involved:

  • CVE-2019-15165: sf-pcapng.c in libpcap before 1.9.1 does not properly validate the PHB header length before allocating memory.

Known Issues in the 11.2.17 Release 

This release includes known issues.

JIRA issue numbers are provided in the reference columns.

Reference Description


Issue: The Internal Administrator Account tab may remain hidden due to being overlapped by the Roles tab.

Work Around: Drag the left edge of the Roles tab slightly towards the center area to access the Internal Administrator Account tab.

  • Was this article helpful?