ProxySG 6.7 contains new features plus improvements in performance and security. For further information please see the webcast Proxy 6.7 Upgrade Benefits - All You Need to Know and the attached Proxy6.7_Upgrade_Benefits.pdf
which is available from the Download Files section.
Features:
- SSLV Integration with ProxySG/ASG
- Universal policy enabling SG policy movement to WSS
- Client certificate emulation for reverse proxy
- Numerous WAF enhancements for reverse proxy deployments
- Command Injection Engine Version Logging
- WAF Scan Details Logging (x-bluecoatwaf-scan-info)
- SOAP Request Handling
- Cross Site Request Forgery (CSRF) Attack Protection
- Masking Sensitive Data in Access Log Details
- Invalid/Multiple Encoding Details in Access Logs
- Identify Transactions in Exception Pages and Access Logs
- DNS Proxy access logging
- User Email Address Reporting
- Authenticating Outbound SSH Connections
- SCP Upload Client
- Kerberos Constrained Delegation
- Application Groups
- Application Attribute Enhancements
- SGOS on Cisco Cloud Services Platform
- New Reverse Proxy and WAF Licensing
- OpenSSL Upgrade to version 1.0.2
- Skype for Business
- Enhanced CCL Policy
- HTTP Non-Cacheable Debug Log Enhancement
- Data Leak Detected Exception Page for Symantec DLP Violations
- SSL Intercept and DNS Policy Support in Tenant Policies
- VPM Support for Client Certification Validation CCL
- Policy Control of Cookie Persistence in Authentication
New Features in 6.7 (when upgrading from 6.5)
- Intelligence Services (URL Threat Risk Levels, Geo IP)
- CASB Audit Feed: 21K apps, + groups, + attributes in policy and logs
New Features in Advanced Secure Gateway 6.7 (Content Analysis-specific)
- Integration with Symantec Endpoint Protection Manager
- Unified Threat Reporting (new to ASG but an existing feature in ProxySG with standalone CA)
- Symantec Cloud Sandboxing
- Symantec AV vendor
- Symantec Advanced Machine Learning support.
Performance
- ProxySG Performance Gains with SSL Offload
- Network HSM failover
- Pipelining Disabled by Default for Better Network Performance
- Improved ICAP Load Balancing
Security
- Increased Key Sizes for Emulated Server Certificates
- ECDSA support
- Extended Cipher Suites: AES-GCM and SHA384 support (+6 ciphers)
- New TLS and Cipher Defaults
- TLS update including additional ciphers and updated defaults for better security and ECDSA certificate validation