Axway Gateway 6.17.2 Release Notes


New features and enhancements

This document combines changes relating to versions 6.17.0 and 6.17.2.

Security improvements

Several improvements have been introduced to increase the overall security of Gateway:

  • Audit support: Gateway stores the actions performed by users on the Gateway configuration (global and objects configuration) on a dedicated file, providing visibility of the changes done on the product. This functionality cannot be disabled.
  • Payload integrity: You can enable the payload integrity check to assure that payload haven’t changed between the moment is has been received by Gateway and further actions: routing to Integrator or routing to a third party. The protocols for which the signature is computed in Gateway, for incoming transfers are: SWIFTNet, PeSIT and JMS.
  • Encrypted passwords: the password used for authorizing operations through commands (command line utility, exists, scripts) when access management is enabled is now stored in encrypted form;
  • the passwords exported through secbase or pelbase commands are now encrypted;
  • Certificate chain limit : for the outgoing and incoming exchanges secured with TLS, the certificate chain limit has been increased from 16K to 64K; handshake message fragmentation is implemented as described on rfc5246. OpenSSL based implementations are not compatible with Gateway’s implementation.
  • OpenSSL: cryptographic operations are now relying on the latest OpenSSL version (1.0.2k)

Other enhancements

  • Native support for AIX-64 bit operating systems
    With this release, Gateway includes native 64-bit support for AIX Operating System. Besides the new installation package, a cross-platform migration tool is available to handle the migration from Gateway 6.17.2 AIX 32-bit to Gateway 6.17.2 AIX 64-bit.

  • Upgrade to Perl version 5.24.0
    Perl version 5.24.0 is required to compile the Perl exits or to run the Perl scripts.

  • New signature for transfer user exits ExitXfer* (perl and C)
    To support passing custom user data in subsequent ssh exit calls and to be able to differentiate between ssh and tls context, the transfer exits ExitXfer* (perl and C) have a new signature.

  • Increased maximum length for PeSIT ‘file label‘ transfer parameter
    The limit for transfer parameter ‘file label’ has increased from 80 chars to 256 chars.

Compatibility with other Axway products

This version of Gateway is compatible with:

  • Axway Secure Relay Router Agent 2.6.5
  • Axway Installer 4.10.0 SP1
  • Axway PassPort 4.6 SP12
  • Axway Sentinel 4.2.0 SP3
  • Axway Integrator 3.7.3 SP4

Use Axway Gateway Navigator 6.17.2 to access the Gateway 6.17.2 server.


Upgrade

Upgrade from 6.16 version is supported for this release. The upgrade procedure is described in the Upgrade guide.

Fixed problems

For detailed information about fixed problems, refer to the release_standalone.txt file delivered with Gateway.

Limitations

Known limitations from Axway Gateway V6.16.1:

  • ECDSA in FIPS mode
    Due to a structure mistmatch in OpenSSL, ECDSA ciphers are disabled in FIPS mode
  • ECDHE in FIPS mode (XSR Termination)
    For the moment, ECDHE ciphers will not work with XSR termination.
  • On UNIX only:
    When transferring a file via SFTP, and you are using an ASCII application, if the newline convention set on the Site does not match the transferred file's newline convention, the p_sftp process might enter an infinite loop.
    It is recommended to use the correct line-ending convention when using ASCII applications with SFTP.
    If the file that needs to be downloaded has the Windows newline convention, update the Remote Site's newline convention to Windows.
    When the newline convention on the Site is not set, Gateway will use the system’s newline convention.
  • Number of Gateway objects
    The Gateway server cannot display more than 4000 objects (Sites, log messages, CGates, Models, and so on). This applies to the GUI and Command line.
  • FIPS support on Windows OS
    FIPS support is not available in Gateway on Windows OS.
  • SWIFTNet statistics limitation
    On transferring a small file through SWIFTNet when statistics are active, the information about SwInt:SwiftRequestRef and SwInt:SwiftResponseRef may not be present in the statistics file, due to the fact a FileEvent with the TransferStatus set as final state may be received before the ExchangeFileResponse primitive.
  • Preserve the old behavior with the new Purge command
    To reinstate the old behavior, replace pelpur -parameters with pelpur xferPurge - parameters.
  • Behavior changes related to the new trace rotation mechanism
    The traces generated by third-party libraries (ex: SWIFTNet RA libraries that are required at runtime) are lost after the evolution regarding trace rotation and archiving.
    For performance reasons, the collector task should not be used for the moment to move files to another partition. Use external scripts for this job (triggered by a temporal/file monitoring rule).
    Due to the implementation of trace rotation mechanism, the output of the SWIFTNet user exit is redirected to null device. Since the exit is a java virtual machine, the new tracing mechanism can’t be integrated, so we strongly recommend to use log4j or other logging mechanism in userexit code. A log.properties sample file is provided in the samples directory.
  • Navigator version compatibility
    If you use Navigator 6.16.0 to connect to an older Gateway (e.g. 6.11.4), or reversely, it is not recommended to use the older version of Gateway Navigator (e.g 6.14.1) to connect to the newer Gateway Server (e.g: 6.16.0). Doing so poses a risk that for some operations the Navigator will crash (ex: when you go to Partner Management/Sites/Remote Sites, if you right-click on a SWIFTNet Site and click View/Modify).
  • Resuming an interrupted transfer with FileZilla
    When using FileZilla as client and Gateway as server, after resuming the transfer, the transfer state in Gateway will remain "Interrupted". Only after the file will be completely received the transfer state in Gateway will be updated to "Ended" and the file size will be correctly updated.

Documentation

A new Upgrade guide is provided. It contains information for upgrading from version 6.16 to 6.17, as well as information about upgrades or upgrades for earlier versions, previously contained in the Installation guide.

X.25 and XOT being no longer in use by Gateway customers, references to those protocols has been removed from the documentation.

Axway Gateway is accompanied by a complete set of documentation:

  • Gateway User Guide (online documentation)
  • Gateway Installation Guide
  • Gateway Upgrade Guide
  • Gateway Configuration Guide (UNIX)
  • Gateway Security Guide
  • Axway Supported Platforms
  • Axway Interoperability Matrix

All Axway documentation, including documentation specific to each Axway component, is available from the Sphere Support website: https://support.axway.com.

Support services

The Axway Global Support team provides worldwide 24 x 7 support for customers with active support agreements.

Email support@axway.com or visit Axway Sphere at https://support.axway.com.

Copyright © 2016 Axway. All rights reserved

Related Links