SMC 3.1 fixes

Authorities and certificates

Subject length in certificates

Support reference 184536CW

Previously, the SMC server would truncate text entered in the Subject (DN) field in certificates when it exceeded 140 characters, causing the deployment of VPN topologies to fail. The SMC server now accepts certificates with subjects that exceed 140 characters.

Updating certificates in command line

Support reference 167610PW

Certificates installed on a firewall can now be updated using the command smc-install-certificate.

Filter and NAT rules

Filtering by user name

Support reference 167465PW

Traffic that filters user names containing apostrophes can now be declared in filter rules.

Warning regarding the analysis of encrypted traffic

Support reference 167465PW

The consistency check no longer raises a warning when a traffic decryption rule is placed before a rule that analyzes the same decrypted traffic.

Updating an SMC server in a version lower than 2.7.0

Support reference 185398CW

SMC servers in versions lower than 2.7.0 could not be updated to a 3.0.0 version if a block filter rule that performed destination NAT with a "network-any" value was defined in the policy. SMC servers containing such a rule can now be updated to a 3.1.0 version.

Object database

Searching for object groups

Support reference 167465PW

In the window to create or edit object groups, the Search field now extends to the IP addresses of objects.

Forced deployment of objects

Support reference 167698PW

When updating the SMC server to version 3.x, objects with forced deployment set on SNS firewalls now keep this parameter when they are migrated.

VPN topologies

IKE fragmentation

Support reference 167619PW

Previously, IKE fragmentation could not be enabled from the SMC server on SNS firewalls in version 3.7.x. It can now be enabled on firewalls in version 3.7.22, and fragment size can be configured.

SNS firewall monitoring

Display error in the firewall monitoring window

Support references 186959CW and 186343CW

In some error cases on SNS firewalls, the monitoring window in the administration console would no longer display. This issue has been fixed.