cancel
Showing results for 
Search instead for 
Did you mean: 

Release Highlights: Web Gateway 7.7.x

Hi Gurus!

With each release new features come with it. For each release I'll try to highlight those new features. As time permits, I'll write up best practices or demos of these features. If you have a great interest in any of these please drop a comment below so I can prioritize it accordingly.

  • SSL Tap
    • MWG can make decrypted traffic available to monitoring devices (advanced threat or data loss prevention)
    • Example Use-Case:
  • Cloud Threat Detection Integration
    • Cloud-based sandboxing technology from McAfee
    • Managed by ePO Cloud
    • Similar implementation as Advanced Threat Defense, but doesnt require on-premise hardware or virtual machine
    • Integration Guide can be found here:
  • New Application Control Database
    • New Application Control Database includes coverage for more applications
    • Applications in the new database align with Risk database used in other Intel Security products
    • All legacy applications are covered in the new database
  • Additional Opener Support
    • RPM Opener
    • DMG Opener
  • Automatic Certificate Download
    • MWG will now use the Authority Information Access (AIA) to fill any incomplete chains
    • Used when web servers do not send complete certificate chain, which caused failed certificate verification
  • Syslog over TLS
    • MWG now supports syslog over TLS
  • HTTP 2.0
    • MWG now supports HTTP 2.0 (implemented per RFC 7540)
    • HTTPS de-facto standard for HTTP 2.0 (need SSL Scanner enabled to work with it)
  • Dante SOCKS proxy removed
    • Must use MWG's SOCKS proxy instead of extra Dante SOCKS proxy (for 7.7+)
  • New SSL Scanner Properties
    • Client <-> Proxy new values: SSL.Client.Protocol, SSL.Client.Cipher, SSL.Client.Cipher.KeyExchangeBits
    • Proxy <-> Server new values: SSL.Server.Protocol, SSL.Server.Cipher, SSL.Server.Cipher.KeyExchangeBits
    • List of common names for the issuers that issued the certificate for a web server. SSL.Server.CertificateChain.Issuer.CNs
  • Safenet/Luna HSM support
    • Added support for Gemalto/SafeNet/Luna Network HSM
  • Changed cache settings
    • Internal value changed to allow caching of younger files
    • MWG can now also cache larger files (8 MB max previously)
  • Comments for changes
    • MWG now has a option to add comments when you 'Save Changes'. Written to audit.log.
    • Click the caret next to 'Save Changes' -> 'Save Changes With Comment'
  • Change CA signing from SHA1 to SHA256
    • All new CA's starting with 7.7+ will be signed with SHA256 (due to browsers depreciating weakly signed certs that use SHA1)
  • OS proxy for updates
    • Used to have to set values at CLI for updates through proxy
    • You can do it via the GUI now. (Configuration -> Central Management -> Automatic Engine Updates -> Enable Update Proxies)
  • ICAP FQDN support
    • FQDNs can now be used for ICAP server definitions instead of just IPs.
  • Bandwidth Control Dashboard and now supported in Transparent modes
    • Bandwidth Control is now supported in Transparent Bridge, Transparent Router, ProxyHA and WCCP (previously just worked in explicit proxy)

For a full listing of features and bug fixes, check out the release notes: 7.7.0 Release Notes​, 7.7.1 Release Notes

Be sure to review the release process / upgrade guide as it details how you can set your watch for when to expect a release.

See ya out there!

Jon

Comments

Hello ​,

are there some more Infos available for Cloud Threat Defense? How to integrate, how to manage, how to Register (Cloud Threat Defense license and how to integrate MWG into Cloud Threat Defense).

How about the "MATD -. Offline Scanning With Immediate File Availability". Are there any changes with Cloud Threat Defense. At the Moment i´m not able to enable this Feature in a complex MWG ruleset. Any Infos about that?

Cheers

Hi Thorsten,

I'm in process of creating a guide just for you. Thank you for asking

Best Regards,

Jon

Hi Thorsten,

Here you go:

Let me know if there's any thing missing.

Best Regards,

Jon

Version history
Revision #:
1 of 1
Last update:
‎09-26-2016 12:29 PM
Updated by: