Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Secure Web Gateway 12.2.8 Release Notes

New Features in the 12.2.x Release    

This release provides the following new features. For resolved issues in this release and the update releases, see further below.

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.   

Rebranding to Account for Transition    

Names of products, components, and other items have been rebranded to account for the transition from McAfee to Secure Web Gateway.

Rebranded SNMP SMI and MIB file with updated Org OID for Skyhigh Security    

As part of the rebranding, a new Object Identifier (OID) has been introduced for Org Skyhigh Security. We are updating the SNMP OID from .* to .*. You'll need to update your management software accordingly if they are referring to these OID. For more details, see Configure event monitoring with SNMP.

Trellix VX Integration to SWG   

The SWG 12.2.0 supports integration with Trellix Virtual Execution (VX). For more details, see Trellix Virtual Execution Integration to SWG.

Detection of OneNote files  

New Mediatype detection has been added for OneNote files to detect .one and .onepkg files. 


Insecure NETLOGON channel is blocked by default. To explicitly allow Insecure NETLOGON, a new checkbox is provided in Windows Join Domain Dialogue. For more details, see InsecureNetlogon 

TCP Health Check   

Prior to this features, SWG would send live traffic to Next Hop Proxies to determine its health which resulted in delayed response in case Next Hop Proxy is not healthy. With this feature, SWG will have knowledge of the health of the Next Hop Proxies beforehand. For more details, see TCP Health Check for Next Hop Proxy.

Server Chunk Encoding   

A new check box option is provided in proxy control event settings, which allows to enforce chunk encoding transfer on server requests from SWG. For more details, see Server Side Chunk Encoding

Connect Response Based on HTTP-Protocol  

Connection Established response message always shows HTTP1.0 even if the HTTP Protocol header of the request was HTTP1.1. Now you can configure this under Proxy Control Event, where we can select to send back the Connection Established Response text based on the HTTP Protocol version received.   For more details, see Configure Connection Established Response based on HTTP Protocol Version.

Support to pipelined application/HTTP  

A new media type has been added to media type filtering for detection and Openers for pipelined Application/HTTP. 

New Properties for Multiline Base64  

To support the multiline Base-64, new properties are added in SWG

Support for kdbx-kdb-Filetype  

A new media type has been added to media type filtering to detect files of the kdbx and kdb types.

Client certificate authentication for HTML UI  

Client certificate authentication is now added for the HTML UI, For more details, see Client Certificate Authentication for HTML UI.

Configurable size limit of single XML attributesEdit section 

The configurable size limit of single XML attributes has been increased to reduce errors on startup when having large inline lists.

What's New in 12.2.8 Release

Comment Column added in Ruleset Table

The UI now includes a dedicated comments column for each rule, providing an overview of comments upon selecting view details. For details, see Complete Rules View.

Resolved Issues in the 12.2.8 Release     

This release resolves known issues.

NOTE: Secure Web Gateway 12.2.8 is provided as a main release.    

For information about how to upgrade to this release, see Upgrading to a new version – Main Release.   

JIRA issue numbers are provided in the reference columns.

Reference Description
WP-5768 HAproxy package versions are now upgraded.
WP-6130 Unsecured Netlogon channels are not allowed because the option to Allow insecure Netlogon is not activated.
WP-6148 When you enable the proxy control option on Connect to override the HTTP protocol, it gets deactivated if their policy uses another proxy control event. This issue is now resolved.
WP-6158 When the root object is a big file, the embedded object's timeout value is fixed.
WP-6189 The authentication required for 403 is working fine when the option Check extended key usage is disabled.

For resolved issues on the previous releases and other information, see Secure Web Gateway 12.2.x Release Notes