Secure Web Gateway 9.2.x Release Notes
What's new in the 9.2 release
Releases can introduce new features and enhancements or update platform support.
Rule set to run next-hop proxies for cloud use
A rule set is provided on-premise for running next-hop proxies that can be enabled for cloud use.
For more information, see the Next-hop proxies section in the Supporting functions chapter of the Secure Web Gateway Product Guide.
Rule to allow bypassing for MMCS traffic
A new rule has been added to an on-premise rule set that implements bypassing of HTTPS scanning. The rule applies if a connection originates from a mobile system using Secure Web Gateway Mobile Cloud Security (MMCS) and the site that is involved is whitelisted.
For more information, see the HTTPS scanning section in the Web filtering chapter of the Secure Web Gateway Product Guide.
More media types supported for filtering
To the media types that are detected and can be filtered on Secure Web Gateway have been added:
- application/dns-message
- application/step
For more information on media type filtering, see the Media type filtering section in the Web filtering chapter of the Secure Web Gateway Product Guide.
File opener improved
The file opener on Secure Web Gateway shows an improved behavior now with support for TTF fonts in PDF files.
For more information on file opening, see the File opening section in the Supporting functions chapter of the Secure Web Gateway Product Guide.
Transparent Bridge mode restored
After resolving stability issues that had occurred in previous product versions, the Transparent Bridge mode has been restored as an option for setting up Secure Web Gateway in a local network.
For more information, see the Transparent Proxy ... sections in the Proxies chapter of the Secure Web Gateway Product Guide.
Options for CTD removed from user interface
The Tenant Info settings, which could be used to configure Cloud Threat Detection (CDT) on Secure Web Gateway, have been removed from the user interface.
Number of concurrent client connections increased on WBG-5xxx-D appliances
Secure Web Gateway has been improved to handle an increased number of concurrent connections on one appliance. This adds to the value of the appliance through better scalability.
The increase applies to a standard configuration where the solution known as normal forward proxy runs on Secure Web Gateway. It does not apply when you have set up, for example, a High Availability (HA) proxy solution.
The following increase has been measured:
- WBG-5000-D could handle 10% more client connections, resulting in 55,000 concurrent connections
- WBG-5500-D could handle 101% more client connections, resulting in 100,500 concurrent connections
For more information, see the Advanced settings (for proxies) section in the Proxies chapter of the Secure Web Gateway Product Guide.
New administrator roles for use in troubleshooting
New role options have been implemented for administrators who perform troubleshooting on Secure Web Gateway.
For more information, see the Administrator role settings section in the Administrator accounts chapter of the Secure Web Gateway Product Guide.
Monitoring of response times on GTI server connections
When queries are sent from a Secure Web Gateway appliance to a Secure Web Gateway appliance to a Global Threat Intelligence (GTI) server to retrieve information about URL categories and reputation scores, response times can be monitored.
Log messages are written when response times increase as well as when they return to normal.
For more information, see the URL Filter settings section in the Web filtering chapter of the Secure Web Gateway Product Guide.
More granular monitoring of system resources
Usage of system resources on a Secure Web Gateway appliance can be monitored in a more granular way using the new - S threads-short command when creating core files for tracing the swg-core process.
When this command delivers output, threads are identified by short names, so excessively CPU consuming threads and other that cause problems can be detected more easily.
ENA adapter supported
The Elastic Network Adapter (ENA) is now supported on Secure Web Gateway for AWS instance types that also support it. This means that a particular kernel-crash dump feature is available for troubleshooting when running Secure Web Gateway on those instance types.
To these have been added the C5 and M5 instance types.
What's new in update 9.2.12
Releases can introduce new features and enhancements.
Enhancements have been introduced as follows in this release.
More efficient handling of WebSwing user interface
For users working with the WebSwing version of the user interface, the individual IP addresses of their client systems are recorded in the audit log when requests come in from these clients. The common 127.0.0.1 address is no longer in use here.
This address had been logged for all users due the role as a remote desktop that WebSwing took from the point of view of the Java user interface.
A commercial WebSwing version has also been implemented to overcome some limitations of the open source versions.
What's new in update 9.2.13
This release introduces several enhancements.
Kerberos authentication with improved logging
When the Kerberos authentication method is used, error logging has been improved, for example, by writing client IP addresses in the log.
More Visio media types detected
More media types relating to Microsoft Visio can be detected in media type filtering, for example, files with extension VSDX and content type application/vnd.ms-visio.drawing.main+xm or with extension VSTX and content type application/vnd.ms-visio.template.main+xmlmore.
Handling of HTTP2 statistics improved
HTTP2 statistics, which are also shown on the Secure Web Gateway dashboard, are provided under the Simple Network Management Protocol (SNMP) to be read by an external SNMP manage poll.
Resolved issues in update 9.2.27
This release resolves issues.
For a list of currently unresolved known issues, see Secure Web Gateway 9.x Known Issues (KB92141).
NOTE: Secure Web Gateway 9.2.27 is provided as a main release and archived.
For information about how to upgrade to this release, see Upgrading to a new version – Main Release.
JIRA issue numbers are provided in the reference column.
Reference | Description |
---|---|
WP-4966 | The Opener used for parsing rtf documents does not crash anymore. |