Cisco
Login
Search
Software Multicloud Defense
Activity Cloud Deployment

Multicloud Defense Gateway Fixes and Enhancements Version 23.08 Version 23.08-10 December 18, 2023

Last updated: May 29, 2025

Version 23.08-10 December 18, 2023

Fixes

The following fixes are included in this release:

  • Changes the timeout for waiting for a SYN ACK after receiving a SYN. The original timeout was 120 seconds. In certain scenarios (e.g., port scanning) where a SYN ACK is never returned, a long timeout will consume an entry in the session pull long that desired. For scenarios where many sessions do not respond with a SYN ACK, the session pool could be exhausted. This is often referred to as a SYN flood. By reducing the timeout, the session will be released sooner in order to free up the session pool for use in processing valid sessions. The timeout has been reduced to 30s and is configurable via a gateway setting.

  • Fixes an issue where the gateway might not successfully build the IP cache when either an active or inactive rule has DNS-based FQDN caching configured. When the cache is not properly built, policy could fail to match traffic. This fix ensures the IP cache is properly built in order for the policy match and process traffic properly.

  • Fixes an issue where a generated gateway diagnostic bundle would be larger than what would be permitted to send to the controller resulting in the inability to analyze gateway logs. This fix addreses the restrictive limit so generated diagnostic bundles will be successfully sent to the controller.

  • Improvements to the stability of the gateway.

Previous topic Version 23.08-11 January 11, 2024 Next topic Version 23.08-09 November 16, 2023