What’s CHANGED in 33.5.10.0
TCP/UDP Protocol per Syslog Destination
In this release, Radware introduces the ability to configure the syslog protocol (UDP, TCP, or TLS) individually for each syslog destination. While the protocol can still be set globally for all destinations, you now have the added flexibility to fine-tune the protocol per destination based on specific requirements.
NFR ID: 240111-000156
Secure Private Key Export
In this release, Radware strengthened the encryption algorithm for SSL keys that were created prior to September 2021. These keys are now exported with AES256 encryption, aligning with the encryption used for keys created after September 2021. Previously, SSL keys created before this date were exported using 3DES encryption.
NFR ID: 231206-000168
IPv6 Prefix Expansion
The IPv6 subnet prefix length supported is now extended to 40-128, if the network class is used for traffic matching (such as source and destination in filters, or the source in virtual servers). If the network class is used for NAT (PIP), the subnet prefix length supported is still 96-128.
NFR ID: 231215-000156
IPv6 Traffic Class (DSCP/ToS) Preservation
When Alteon processes traffic in proxy mode, it already has the option to preserve the IP ToS value received on the client-side connection to the server-side connection for IPv4 traffic:
For traffic processed by Alteon filters, the ability to preserve IP ToS is enabled by default but can be disabled using the /cfg/slb/adv/iptos command.In addition there is the IP::tos AppShape++ command that can be used to preserve the ToS value for traffic processed by Alteon virtual services.Now these capabilities are also supported for IPv6 traffic, enabling you to preserve the IPv6 ToS (Traffic Class) value.
NFR ID: 240627-000167
Integrated AppWall
Safe Replay – Sanitization Enhancement
This version enhances our Safe Replay feature by introducing a Sanitization capability. This new capability ensures that Personally Identifiable Information (PII) and other sensitive data are completely removed from HTTP responses, reducing the risk of data leaks. By eliminating traces of sensitive information, this feature helps prevent potential attackers from identifying and exploiting vulnerabilities within your application.
In this version, we support plain text responses. In upcoming versions, we will extend support to HTML, YAML, XML, and JSON formats.
Brute Force - Enhancements
This version enhances our Brute Force Protection feature, providing greater flexibility and improved detection capabilities:
Flexible Brute Force Profile Parameters: Define custom thresholds for incoming requests and bad replies within specified time frames for each brute force profile, allowing for more precise tuning.Extended Pattern Recognition: Enhance detection by adding support for header scanning, in addition to status code and body scanning. The pattern matching now also supports regular expressions, offering greater flexibility in identifying malicious behavior.IP Address Whitelisting: At the application level, you can now define IP addresses to be ignored by the brute force protection, allowing trusted sources to bypass security checks.JWT Validation – Custom Security Page
This version enhances our JWT Validation feature with the addition of Custom Security Page capabilities, allowing you to deliver precise and tailored security responses to clients.
This new functionality supports the following options:
Upload Your Own Security Page: Personalize the client experience by uploading a custom security page directly to the system.Use an External Security Page: Redirect users to an external security page of your choice.