Action Required Service Updates

More secure and faster than ever! Secure Gateway 1.8.0

Share this post:

We’ve been hard at work improving the industry leading IBM Secure Gateway Service with throughput enhancements showing up to 10x improvement! With the release of version 1.8.0 you will also find the capability for weathering server-side service updates with zero downtime and more fine-grained controls over your destination settings .

First time learning about the Secure Gateway Service? Check out this blog.

Already using Secure Gateway and want to learn more about the new features? Keep reading below!

Security Enhancements

Action required: users that are attempting to create TLS or HTTPS connections to destinations configured to use TCP or HTTP may need to update both the Protocol and Resource Authentication of their destination(s) to match the expected communication channel, if their destinations were not already configured that way. As part of our ongoing effort to maintain and improve the security of Secure Gateway, we identified an issue that allowed encrypted traffic to flow across destinations configured to use unencrypted protocols. As part of this update, we now require that customers looking to use TLS and HTTPS connections must configure the security through the Secure Gateway Service as well. This will enhance security, and reduce the possibility of timing errors that some customers experienced when attempting TLS or HTTPS connections that were not configured this way.

Up to 10x Improvement in Data Throughput

With significant modifications to data management flows on both the Secure Gateway servers and the Secure Gateway client, we’ve reached overall data throughput improvements upwards of 10x faster than previous versions. The exact improvement that you see will be largely dependent on the type of workload you are pushing across Secure Gateway; the largest improvements will likely be seen across workloads using persistent, concurrent connections.

Zero Downtime Server Updates

Once you have upgraded to v1.8.0 Secure Gateway Client, you will no longer experience the previous small outages associated with each Secure Gateway server update. This version of the client has the capability to reload in place to take advantage of server-side changes without interrupting any active connections.

Data Compression

Previously, all data passing between the Secure Gateway client and the Secure Gateway servers in Bluemix went through compression, regardless of the compressibility of the data. Using our API, you can set whether or not data transferred for a particular destination should be compressed. By default, each new destinations will be configured to compress its data. To take advantage of this configuration, you can call our API with the following template:

curl -X PUT "<gatewayID>/destinations/<destinationID>" -H "Authorization: Bearer <gatewaySecurityToken>" -H "Content-type:application/json" -d '{"compressData": <boolean>}'


  • <gatewayID> must be replaced with your gateway’s unique ID
  • <destinationID> must be replaced with your destination’s unique ID
  • <gatewaySecurityToken> must be replaced with your gateway’s security token
  • <boolean> must be replaced with true or false depending on whether the data should be compressed

Other Fixes

Other minor fixes included in this version of Secure Gateway include:

  • Previously iptable rules could be added in the wrong order and cause a destination to be unreachable until resetting the rules, now they cannot be added in the wrong order.
  • We repaired an issue where HTTP headers with `host` instead of `Host` wasn’t being correctly updated.
  • The Destination Info panel and the Edit Destination panel now have matched protocols.
  • Gateway security tokens should no longer be generated with invalid characters.
  • We now provide a warning when a user attempts to import a gateway after reaching the gateway limit.


As always, we’re here to help! Please reach out to us in the support forums.

You can also check out additional information on the Secure Gateway Service at our catalog page here: Secure Gateway.

More Action Required Service Updates stories
May 6, 2019

Use IBM Cloud Certificate Manager to Obtain Let’s Encrypt TLS Certificates for Your Public Domains

IBM Cloud Certificate Manager now lets you obtain TLS certificates signed by Let’s Encrypt. Let’s Encrypt is an automated, ACME-protocol-based CA that issues free certificates valid for 90 days.

Continue reading

May 6, 2019

Are You Ready for SAP S/4HANA Running on Cloud?

Our clients tell us SAP applications are central to their success and strategy for cloud, with a deadline to refresh the business processes and move to SAP S/4HANA by 2025. Now is the time to assess, plan and execute the journey to cloud and SAP S/4HANA

Continue reading

May 2, 2019

Video – What is a DDoS Attack?

Ryan Sumner, Chief Networking Architect, gives an overview of DDoS attacks and just how the attacker's botnet can affect the target application and its users.

Continue reading