SGOS and Advanced Secure Gateway 7.3.16.1 GA

ASG-S200

11 more products

22636

27 September 2023

27 September 2023

September 25, 2023

 

To:         Symantec Secure Web Gateway Customers

From:     The Broadcom SGOS and Advanced Secure Gateway Product Team

Subject:  General Availability Announcement for SGOS and Advanced Secure Gateway

 

On behalf of Broadcom, we appreciate your business and the opportunity to provide you with high-quality, innovative software and services.  As part of our ongoing commitment to customer success, we regularly release updated versions of our products. Today, we are pleased to announce that SGOS and Advanced Secure Gateway 7.3.16.1 is now available. 

 

Event Log Notifications for SNMP

You can now configure event log notifications for SNMP transactions by using the following command: 
#(config event-log notifications) enable snmp [event-id]
To configure the default settings for SNMP notifications, use the following command:
#(config event-log notifications) default snmp level severe|configuration|policy|trace|informational|verbose
SNMP notifications are disabled by default. When you enable them, the default level is severe.
​The new private MIB file BLUECOAT-SG-EVENTLOG-MIB includes an SNMP trap that is triggered when event log messages matching the configured criteria are generated. The existing private MIB file BLUECOAT-SG- DISK-MIB has been updated to include a new value (failed(11)) for the deviceDiskStatus variable.
​​
​Note: Do not enable SNMP notifications for all event logs. Large numbers of notifications can cause slower performance of the appliance and make locating specific notifications difficult. To avoid receiving a large number of notifications, enable notifications for only a few event log IDs. If you must enable notifications for all event logs, disable notifications for logs that have the event ID 430000. The event log ID 430000 indicates that the appliance cannot send an SNMP trap to the destination due to a network error. The following example is an error message with the 430000 ID: 
 
SNMP error [priority 3]: snmpd: send_trap: Failure in sendto (Network is unreachable) "  0 430000:64  sgos_logging.cpp:145
If you do not disable notifications for the ID 430000 when notifications are enabled for all other event logs, the appliance might enter an error cycle. In this error cycle, the appliance would attempt to send an event log trap to a destination that is unreachable. The appliance would then receive the event log notification, causing the appliance to send another event log trap to the unreachable destination, and so on.
More information:

New M5 Instance Types for ProxySG VAs on AWS

With the release of 7.3.16.1, ProxySG VAs on AWS Marketplace can now run on M5 and M6i instance types. These next-generation instance types bring with them significant increases in networking and storage performance. These instance types further enhance the ability of AWS to support ProxySG customers by granting access to a native serial console, and by increasing the regions and availability zones where the VAs can be deployed. For more information, see the AWS documentation on M5 and M6i instance types.
For ProxySG VAs, the following new models are available for AWS Marketplace deployments: 
AWS Instance Type Allowed Number of CPUs EC2 CPU Options Virtual Memory (GiB) Connection Count Number of Virtual Disks Storage Space Per Disk (GiB)
m5.large 2 default values 8 10000 2 100
m5.xlarge 4 default values 16 20000 2 100
m5.2xlarge 8 default values 32 50000 4 100
m5.4xlarge 16 default values 64 100000 8 100
m5.8xlarge 32 default values 128 200000 8 100
m6i.large 2 default values 8 10000 2 100
m6i.xlarge 4 default values 16 20000 2 100
m6i.2xlarge 8 default values 32 50000 4 100
m6i.4xlarge 16 default values 64 100000 8 100
m6i.8xlarge 32 default values 128 200000 8 100

Password Lockout Changes 

Previously, you could only lock out local users if they reached the maximum number of attempts to log in. Now, you can lock out the console user when they reach the maximum number of failed attempts to log in. You must use the default local user list (local_user_database) to lock out the console user. To set the number of attempts users can make to log in before they are locked out, use the following CLI command:
# (config local-user-list local_user_database) max-failed-attempts attempts
The CLI command # (config local-user-list local_user_listpassword-grace number_of_days has changed to # (config local-user-list local_user_listexpiration-lockout number_of_days.
More information:

Support for Additional Format in Syslog

Previously, the ProxySG appliance sent syslog messages in RFC3164 format. In this release, support for the RFC5424 format has been added. This format includes the more detailed RFC3339 timestamp, as well as additional fields before the message (appname, procID, msgID, structureddata).
A new configuration command is available under the event-log command to allow you to select the syslog format:
#(config event-log) syslog format { rfc3164 | rfc5424 }
  • The setting for the syslog format is visible in > show event-log [configuration] and # show configuration.
  • The default setting is rfc3164.
  • The event-log syslog format only affects the format sent using the syslog protocol. It does not affect the format or timestamp of event logs viewed by any other means.
More information:

Access Log Errors for Kafka Logged in the Event Log

To make debugging Kafka-related issues easier, the appliance now reports Kafka send errors in the event log.

CPU Usage Improvements 

These improvements will increase the amount of memory that the appliance uses by as much as 3 GB. Ensure you monitor memory usage before and after you upgrade.
To reduce high and prolonged CPU usage, improvements have been made to the processing performance of the appliance and memory allotments have been increased for the Blue Coat content filtering databases for the following ProxySG models:
All SG-S500 Models
Previous Normal/High Memory Allotment New Increased Normal/High Memory Allotment
350 MB/800 MB 3 GB/6 GB
High-Performance Virtual Appliance Models (Product Codes 59, 68, 70, and 99)
Total Virtual Appliance Memory Previous Normal/High Memory Allotment New Increased Normal/High Memory Allotment
< 8 GB 800 MB/1.7 GB 350 MB/800 MB
< 16 GB 350 MB/800 MB 800 MB/1.7 GB
< 64 GB 350 MB/800 MB 1.7 GB/3 GB
>= 64 GB 350 MB/800 MB 3 GB/6 GB

OCSP Errors Now Contain Hostname Information 

To make troubleshooting easier, error messages for OCSP transactions in the event log now contain information on the hostname of the OCSP responder.

Terminate ICAP Active Sessions 

You can now terminate active sessions for ICAP connections by using the following CLI command:
active-sessions <session_type> terminate <filter>
where <filter> is:
  • icap-method={REQMOD|RESPMOD|any}: Notification method, such as request modification or response modification
  • icap-service=: Unique name for the ICAP service 
  • icap-status={completed|deferred|scanning|transferring|any}: Responses according to status
More information:

Timing Added to Policy Traces

To provide more information on why access logging might be slow, the policy trace now includes the timing for access log transactions. The new entry in the policy trace for the access log timing is access-logging: precompute_fields: number ms, logging: number ms.

Deprecation Notice for IM Policy Values

For the following CPL gestures, the IM-related values aol-immsn-im, and yahoo-im are deprecated:
  • client.protocol=
  • socks.accelerate()
  • socks.accelerated=
Additionally, the IM Proxy-related values aol-im.proxymsn-im.proxy, and yahoo-im.proxy for the transaction.type= condition are deprecated.
In 7.3.x, policy that contains these values compiles with a warning message. To avoid policy errors when you upgrade to 7.4.x, ensure that you remove these values from your policy.

 

To download this release and review Release Notes, visit the Symantec Enterprise Security portal at https://support.broadcom.com/security. A MyBroadcom login is required. See https://knowledge.broadcom.com/external/article/151364/download-the-latest-version-of-symantec.html for details.

If you have any questions or require assistance please contact Broadcom Customer Care online at https://www.broadcom.com/support/software/contact where you can submit an online request using the Customer Care web form: https://ca-broadcom.wolkenservicedesk.com/web-form?_ga=2.205828371.1432263889.1590607313-713014253.1588711301 .  You can also call Broadcom Customer Care at +1-800-225-5224 in North America or see https://www.broadcom.com/support/software/contact for the local number in your country. 


Should you need any assistance, our Broadcom Services experts can help.  For more information on Broadcom Services and how you can leverage our experience, please visit https://www.broadcom.com/support/ca/services-support/ca-services.


Your success is very important to us, and we look forward to continuing our successful partnership with you.

 

To review Broadcom Support lifecycle policies, please review the Broadcom Support Policy and Terms located at: https://support.broadcom.com/.  

 

Thank you again for your business.