| Issue | Service Request | Description |
|---|
| 42315 | 1-6150626 | Transparent FTP users whose credentials were already cached would be prompted for proxy authentication. |
| 42555 | NONE | The sc-bytes access log field could contain an abnornally large byte count when an exception page was sent. |
| 42609 | 1-5020299, 1-6644514 | An issue with host affinity existed where the DNS server did not maintain the order of the IP addresses. |
| 42610 | NONE | The HTTP proxy now ignores the Content-Length header with CONNECT request, and forwards all bytes followed by the request header to upstream (the proxy or origin server). Previously, it issued a "400 Bad Request" error when it received a CONNECT request with non-zero content length. |
| 42619 | NONE | Configuration files uploaded through HTTPS failed when an upstream proxy was used. |
| 42622 | NONE | For units upgraded from SGOS 2.x: If the administrative authentication policy used an NTLM realm and an administrator was successfully logged in from an IP address, subsequent administrative challenges to that IP address accepted and event logged the invalid credentials until the IP surrogate credential for the initial administrator expired. |
| 42628 | NONE | When the authentication mode was "auto": After a valid user was in the credential cache, transparent FTP proxy users from the same IP were allowed access until the IP surrogate expired, even when entering invalid proxy credentials. |
| 42631 | NONE | The optional realm display string in authenticate() is deprecated in SGOS 3.2 and will not be supported in SGOS 4.x |
| 42677 | NONE | The number of maxium workers for a 645/6 with 3 disks has been set to be the equivalent of a 625/6. |
| 42763 | NONE | Provide ability for setting or deleting the Host: header from CPL. |
| 42774 | NONE | LDAP "referral following" supported only one level of referrals. |
| 42845 | 1-6564553, 1-6673445, 1-6699938 | Feature: Support IP spoofing on FTP data connections. |
| 42881 | NONE | Patience pages did not operate correctly if both response modification and request modification were used. The ProxySG continuously restarted the download from origin server and did not deliver the requested page. |
| 42883 | NONE | Virus scanning of FTP PUT is now supported |
| 42887 | NONE | Read-only administrators got Java null pointer exceptions when using the Management Console's Configuration>Access Logging>Logs applet. |
| 42894 | NONE | MSN-IM: File transfer occasionally did not complete correctly when using an HTTP Proxy. |
| 42920 | NONE | Netegrity Siteminder agent creation: Event log messages referred to Server 0 instead of "primary agent" and Server 1 instead of "alternate agent". |
| 42922 | NONE | CPL substitutions: next_date() and $(http_date) gave parse errors when the argument contained a colon (':'). This affected only those customers who used this function to implement splash or coaching page policy to establish absolute expiry times that include a specific hour. |
| 42935 | 1-7288380 | The ProxySG did not support the HelixDNAClient on Linux platforms. |
| 42951 | 1-6419806, 1-6442088 | VPM generated incorrect policy for Combined Destination Object. |
| 42958 | NONE | Bridging: You could change the IP address of an interface after it was attached to a bridge. |
| 42964 | NONE | Yahoo-IM: Access log output '%20' instead of spaces in the x-im-chat-room-id field. |
| 42989 | 1-6293491, 1-6614690, 1-6633371, 1-6645024 | URL Path and query strings: If there is a "#" character in the path of a URL received by the ProxySG, the ProxySG doesn't parse the url any further. Instead, the URL is truncated at the "#" before passing it upstream. Otherwise, if the path does not contain "#" but the query string does, the "#" is treated as an ordinary character, and the full URL is passed upstream. |
| 42992 | NONE | Url rewrites were not being performed on embedded ARCHIVE tags. |
| 42995 | 1-6119174, 1-6191551, 1-6295484 | Support HTTP request headers exceeding 8K in size. |
| 43182 | NONE | PAC Files: Even when the Management Console port 8081 is not enabled, you can enable the HTTP proxy on port 80 to allow the browser to get PAC file using <http://<ip>/<pac_file_path>>. You can also download the PAC file over HTTPS. |
| 43207 | NONE | Private keys had the possibility of being insecure when imported through the Management Console.. |
| 43302 | NONE | Support Cerberian content filtering list. |
| 43371 | NONE | Add accesslog field (rs-time-taken) to measure time between request and response (in ms). |
| 43515 | 1-6439395, 1-6575316 | Pagefault in process "Agent-Admin-" in "" at .text+0x0 when using bcaaa (NTLM) agent. |
| 43614 | 1-6517658, 1-6608411, 1-6609411, 1-6610457, 1-6610481, 1-6610822, 1-6611528, 1-6614490, 1-6629601, 1-6632461, 1-6632548, 1-6633627 | Websense incremental downloads could cause high CPU utilization. |
| 43672 | 1-6632566 | You can now spoof proxy-authentication. |
| 43695 | 1-6547721 | Patience Page: If you used the "Always_verify" policy in addition to a patience-page enabled resp-mod service, a download loop occured if the content on the origin server has changed or if the origin server returned HTTP 200 OK. |
| 43716 | 1-7013739, 1-7029884, 1-7215771 | Director: Doing profile execution on the ProxySG from a Director connected via SSH (SSH RSA) could cause the SSH on ProxySG to hang. |
| 43744 | 1-6575193, 1-6629547 | Websense: After initial category load failure, you could not load Websense Off-box categories. |
| 43755 | 1-6575193 | Websense: The ProxySG would not connect to Websense off-box if the initial connection upon system boot/policy installation failed open irrespective of fail close policy. |
| 43870 | NONE | Director: A race condition ocasionally prevented backups from being restored onto the ProxySG from Director. |
| 43893 | 1-6747067 | Websense Reporter: It was possible for Websense Reporter to show malformed log entries as the ProxySG was sending Application Type and Keywords. Reporter no longer requires Application Type and Keywords. |
| 43895 | 1-6227107 | Add support for serving PAC files over HTTPS. |
| 43905 | 1-6638451 | Under some circumstances, the VPM would lose policy layers during installation. |
| 43909 | 1-6713192 | Known Issue: iChat users are unable to transfer files. |
| 43910 | 1-6709821 | IM: page fault: at 0x0 in MSN IM Worker in in "im.dll" at .text+0x2A00A. |
| 43912 | 1-6699601 | The ProxySG was incorrectly removing the host affinity cookie when passing the request to an upstream proxy. |
| 43954 | 1-6686441 | Known Issue Cannot serve the /proxy_pac_file over a VIP. |
| 43961 | 1-6693521, 1-7052431, 1-7177674 | Snapshots appeared to be disabled in the Management Console when they were actually enabled. |
| 43981 | 1-6086239 | WebFTP: For webFTP requests that incorporate user credentials in the URL, no patience page splashes occurre between the initial and final patience page splash, resulting in a download/patience-page loop. |
| 44007 | 1-6759704 | Logging: "Logging disabled per overflow policy" was logged erroneously when log overflow policy was set to delete. |
| 44009 | NONE | VPM policy: It was possible for an installation attempt of policy from the VPM to experience significant slowness. |
| 44036 | 1-6568753, 1-6647279, 1-6869932, 1-7058869, 1-7120180, 1-7188074 | If an HTTP request URL containedan IP address and there was a policy rule on an URL domain/host, the ProxySG did an unnecessary forward DNS lookup. |
| 44048 | 1-6620469 | Users could not authenticate to the HTTPSvirtual authentication host when HTTPS termination was not licensed. |
| 44097 | 1-6545851, 1-6743481 | SNMP trap for CPU utilization will be sent only if the CPU continues to stay up for 32 or more seconds. This is different behavior and needs to be documented |
| 44111 | 1-6782630 | Host affinity did not work when multiple forwarding groups were defined. |
| 44113 | 1-6688689, 1-6783155, 1-6933522, 1-6973210, 1-6988034 | Websense regex handling: Discrepancies for regex handling for Websense content filtering have been resolved. Note that a new database needs to be downloaded (incremental or full) to completely resolve the problem. If your database is current, you can either wait for the next update from Websense, or force a complete full download. |
| 44117 | 1-6804411 | HTTP hex encoded characters were being sent to upstream FTP servers. |
| 44155 | NONE | Resolve a potential restart in ICAP (SWE=0x30 in "Kernel.dll" at .text+0x8693) when scanning infinite objects. |
| 44158 | 1-6885420 | Extended cookie host affinity functionality for SSL connections. |
| 44199 | 1-6986673 | Host affinity state is not set or reset promptly when host affinity was first assigned before the connection was made, or after a successful connection when the affinity needed to be changed. |
| 44205 | 1-6863641 | The ProxySG could not handle DNS requests that contained multiple records. This caused EDNS queries to be mishandled. |
| 44215 | 1-6879773 | Local user database: Page fault at 0x0 in CAG_Worker 0" in "authenticator.dll" at .text+0x1ABF0 when installing a local user database. |
| 44235 | 1-6885595 | The ProxySG was logging empty HTTP requests. |
| 44251 | 1-6810390, 1-7085519 | Websense Off-box: Provide protocol schemes for URLs that arrive schemeless. |
| 44341 | 1-6763029 | The ProxySG returned an HTTP 401 for upstream connection failures when attempting to play HTTP Windows Media streams. |
| 44349 | 1-7022007 | It wasn't possible to import chained certificates through the ProxySG's Management Console. |
| 44351 | 1-6685822 | The ProxySG displayed the bridge config twice if a pass through card was installed. |
| 44380 | 1-6972423 | Blue Coat had a URL categorization mis-match with Websense's testdatabase urls. |
| 44383 | 1-6772491 | Comment characters such as "!" and ";" were not allowed in configurations when using the CLI. |
| 44433 | 1-7061836 | Yahoo IM: There were compatibility issues when using a HTTP Proxy with Version 6.x of the Yahoo IM Client. |
| 44491 | 1-7077321 | Content Filter Database downloads could not be retried after the previous download had timed out. |
| 44586 | 1-7088735, 1-7444404, 1-7501113 | VPM cannot install policy if SG was restarted during prior policy load. |
| 44614 | 1-7108826, 1-7322126 | Transparent cookie authentication did not work for IP hostnames. |
| 44640 | 1-7165691, 1-7403867 | The "disabled" attribute of a policy rule did not propagate with the rule as additional rules were added |
| 44750 | 1-7085416 | The doc errata in the previous release notes incorrectly stated the policy evaluation order. |
| 44798 | 1-7297783 | The ProxySG was incorrectly adding the "Front-end-https: on" for non-HTTPS requests. |
| 44805 | 1-7321967, 1-7347969 | The "policy poll-interval" CLI command did not work properly. |
| 44821 | 1-7200836 | Resolve a page fault in "SMTP_Admin" in "smtp.dll" at .text+0xDE4. |
| 44829 | 1-7149651 | Users were unable to play some MMS streams over HTTP because older versions of the media server performed case sensitive header evalutaions. |
| 44890 | 1-7356077, 1-7465658 | Some Windows 2000 users are unable to authenticate when using telnet proxy. |
| 45004 | 1-7052603, 1-7494573, 1-7628159 | HTTPS Post request that contained more than 128KB of entity data caused the ProxySG to return an "HTTP 500 Internal Error." |
| 45018 | 1-7620945 | SG-ME would sometimes lose RDNS policies when they were pulled from the ProxySG. |
| 43876 | 1-11209136 | Prevent HDW=0x2 SFW=0x19 PF=0x0 "Cache Administrator" in "Kernel.dll" at .text+0xFDC3 |