Cisco
Login
Search
Software Multicloud Defense
Activity Cloud Deployment

Legacy Versions Legacy Multicloud Defense Gateway Versions Version 23.06 Version 23.06-02 July 19, 2023

Last updated: May 29, 2025

Version 23.06-02 July 19, 2023

Fixes

The following fixes are included in this upgrade:

  • Fixes an issue where an update to a CIDR-based Address Object is not properly applied to the datapath workers, resulting in incorrect Rule matching.

  • Fixes an issue with a DNS-based FQDN Address Object where a DNS cache is properly established, but not properly applied to the datapath workers, resulting in incorrect Rule matching.

  • Fixes a datapath processing behavior where a Forward Proxy Rule preceded by a Forwarding Rule for the same L3/L4 (IP/port/protocol) matching criteria, but distinct L5 (SNI) matching would result in traffic processed as Forwarding even though proper Rule matching occurs. A similar behavior would be seen if the Forwarding and Forward Proxy Rules order were reversed. The reason this behavior occurs is that in order to accommodate L5 (SNI) matching, the TCP handshake must be fully established to receive the TLS hello message to obtain the SNI. Once the TCP handshake has completed, the traffic has already been processed by the Rule type of the first Rule. Once the session has been established, it is not possible to change the traffic processing from Forwarding to Forward Proxy (or vice versa). If a Policy Rule Set has been configured with this conflict, the datapath will detect the conflict and generate a System Log message. The traffic will be denied as it cannot successfully be processed by the conflicting Rule.

  • Fixes a stability issue with the Ingress Gateway where the datapath could self heal due to an issue with the upstream proxy.

  • Fixes an issue where a datapath restart would result in a spike in CPU that could cause an unnecessary auto-scale.

Previous topic Version 23.06-03 July 21, 2023 Next topic Version 23.06-01 July 6, 2023