Release Highlights: Web Gateway 7.7.x

Version 2

    Hi Gurus!

     

    With each release new features come with it. For each release I'll try to highlight those new features. As time permits, I'll write up best practices or demos of these features. If you have a great interest in any of these please drop a comment below so I can prioritize it accordingly.

     

    • New Application Control Database
      • New Application Control Database includes coverage for more applications
      • Applications in the new database align with Risk database used in other Intel Security products
      • All legacy applications are covered in the new database
    • Additional Opener Support
      • RPM Opener
      • DMG Opener
    • Automatic Certificate Download
      • MWG will now use the Authority Information Access (AIA) to fill any incomplete chains
      • Used when web servers do not send complete certificate chain, which caused failed certificate verification
    • Syslog over TLS
      • MWG now supports syslog over TLS
    • HTTP 2.0
      • MWG now supports HTTP 2.0 (implemented per RFC 7540)
      • HTTPS de-facto standard for HTTP 2.0 (need SSL Scanner enabled to work with it)
    • Dante SOCKS proxy removed
      • Must use MWG's SOCKS proxy instead of extra Dante SOCKS proxy (for 7.7+)
    • New SSL Scanner Properties
      • Client <-> Proxy new values: SSL.Client.Protocol, SSL.Client.Cipher, SSL.Client.Cipher.KeyExchangeBits
      • Proxy <-> Server new values: SSL.Server.Protocol, SSL.Server.Cipher, SSL.Server.Cipher.KeyExchangeBits
      • List of common names for the issuers that issued the certificate for a web server. SSL.Server.CertificateChain.Issuer.CNs
    • Safenet/Luna HSM support
      • Added support for Gemalto/SafeNet/Luna Network HSM
    • Changed cache settings
      • Internal value changed to allow caching of younger files
      • MWG can now also cache larger files (8 MB max previously)
    • Comments for changes
      • MWG now has a option to add comments when you 'Save Changes'. Written to audit.log.
      • Click the caret next to 'Save Changes' -> 'Save Changes With Comment'
    • Change CA signing from SHA1 to SHA256
      • All new CA's starting with 7.7+ will be signed with SHA256 (due to browsers depreciating weakly signed certs that use SHA1)
    • OS proxy for updates
      • Used to have to set values at CLI for updates through proxy
      • You can do it via the GUI now. (Configuration -> Central Management -> Automatic Engine Updates -> Enable Update Proxies)
    • ICAP FQDN support
      • FQDNs can now be used for ICAP server definitions instead of just IPs.
    • Bandwidth Control Dashboard and now supported in Transparent modes

     

    For a full listing of features and bug fixes, check out the release notes: 7.7.0 Release Notes, 7.7.1 Release Notes

     

    Be sure to review the release process / upgrade guide as it details how you can set your watch for when to expect a release.

     

    See ya out there!

    Jon