We are pleased to announce the release of new versions of CyBlock Appliance, CyBlock Software, and Cyfin. In this release, you will find significant enhancements to the products. For CyBlock, the first enhancement is the addition of a new screen that allows you to install client authentication certificates for the proxy so that it can connect to sites that require a nonstandard client certificate. The second enhancement involves a total revision of the Login Name Caching feature to allow more flexibility in the way user names are cached and cached entries are used. Also for CyBlock, domains that have issues when SSL Inspection is used can now be exempted from inspection.

Other enhancements in this release include the ability to import Active Directory Groups and IDs on a more frequent basis than once every 24 hours, and for Cyfin, we have made numerous changes to log file configurations. We also have a number of corrections in this release. The enhancements are described below.

• SSL Certificates.  This includes the following changes:
  • The ability to install client authentication certificates for the proxy has been added so that the proxy can connect to sites that require a nonstandard client certificate. The proxy uses the installed client certificates when SSL Inspection is enabled to identify clients (Web applications) to Web servers.
  • The Advanced Settings – Proxy Settings – SSL Certificates screen has been added to allow you to add a client certificate. On this screen, you assign domains and groups and/or IDs to the certificate so that the usage of the certificate is secured to only those domains and for those groups and/or IDs. All fields on the screen are required.
  • As certificates are added, they are displayed in a list where you can enable/disable, edit, view, and delete each certificate.
• Login Name Caching.  This includes the following changes:
  • The Advanced Settings – Proxy Settings – Login Name Caching screen has been updated to allow more flexibility in the way user names are cached and cached entries are used. The screen now consists of the following fields:
  • Cache Mode – The following options are available:
    • Primary – In this mode, cache is used when connection requests are made. If a cache entry is not found or is invalid, authentication occurs and user names are added to the cache.
    • Supplemental – This option is the default and replaces the previous Enable option. If authentication fails or an entry in the Authentication Manager Bypassed list is accessed, the cache is used before the user name “bypassed.”
    • Disabled – In this mode, cache is never used, and all connection requests are authenticated. Entries in the Authentication Manager Bypassed list are given the user name “bypassed.”
  • Duration of Valid Entry – This is the time in minutes that the entry will be available in cache before it is cleared. The default is two minutes.
  • Exempt IPs – This box allows you to enter IP addresses that should be excluded from login name caching. Wildcards (e.g., asterisk (*)) in IP addresses are not matched and should not be used.
• SSL Inspection.  This includes the following changes:
  • The Advanced Settings – Proxy Settings – SSL Inspection screen now allows you to specify domains to be tunneled, that is, exempted from inspection.
  • Domains to be tunneled can be added or deleted.
  • The list of domains to be tunneled will include specific entries from the URL List. These sites are known to have issues when SSL Inspection is used, and they cannot be deleted from the domain list.
• Active Directory.  The ability to import Active Directory Groups and IDs on a more frequent basis than once every 24 hours has been added. The Frequency field was added to the Advanced Settings – Groups and IDs – Import – Active Directory – Schedule screen allowing you to schedule the import hourly or at a specific hour.
• Log File Configurations.  This includes the following changes:
  • On the Logfiles – Setup – Select Logfile Type screen, the Type of Logfile drop-down box has been updated as follows:
    • The following log file configurations have been added.
      • EdgeWave iPrism
      • NETGEAR
      • Palo Alto Firewall
      • Trustwave
    • The following log file configurations have been renamed.
      • 8e6 to 8e6 Appliance
      • BorderManager Proxy to BorderManager
      • BorderWare Firewall to BorderWare
      • Cisco Cache Engine to Cisco Content Engine
      • IronPort Appliance to IronPort
      • Nemesis Cache Proxy to SuperLumin Nemesis
      • NetCache Appliance to NetCache
      • Symantec Web Security to Symantec Web Gateway
    • The sort in the drop-down box has been changed to a case-insensitive sort. Previously, entries beginning with a lowercase letter were sorted last in the list, and entries with the first few letters in uppercase were out of order.
    • The following log file configurations have been converted to an XML format and allow the processing and better handling of more records. Previous and new reports may show differences in counts based on the number of records processed.
      • Barracuda Networks
      • Bloxx Proxy
      • Blue Coat Systems (SGOS 3 & 4 & 5)
      • Blue Coat Systems Common Format
      • CyBlock Appliance
      • CyBlock Proxy
      • Cyfin Proxy
      • EdgeWave iPrism
      • IronPort
      • McAfee Web Gateway
      • NETGEAR
      • Palo Alto Firewall
      • Squid Proxy
      • SuperLumin Nemesis
      •  Webwasher Gateway V7

To see the full release notes for your product, visit the Support Forum. You can download the latest release by going to the Administration – Product Update screen in your Cyfin or CyBlock product.

For additional assistance, please contact us.