Gateway
Gateway users on Enterprise plans can create HTTP policies with file sandboxing to quarantine previously unseen files downloaded by your users and scan them for malware.
Gateway users on any plan can now use the PDNS threat intelligence feed provided by the UK National Cyber Security Centre (NCSC) in DNS policies.
Gateway users can now select which endpoints to use for a given DNS location. Available endpoints include IPv4, IPv6, DNS over HTTPS (DoH), and DNS over TLS (DoT). Users can protect each configured endpoint by specifying allowed source networks. Additionally, for the DoH endpoint, users can filter traffic based on source networks and/or authenticate user identity tokens.
Gateway now offers the ability to selectively ignore CNAME domain categories in DNS policies via the Ignore CNAME domain categories setting in the policy builder and the ignore_cname_category_matches
setting in the API.
Gateway now offers a more extensive, categorized list of files to control uploads and downloads.