Authorities and certificates
Subject length in certificates
Support reference 184536CW
Previously, the SMC server would truncate text entered in the Subject (DN) field in certificates when it exceeded 140 characters, causing the deployment of VPN topologies to fail. The SMC server now accepts certificates with subjects that exceed 140 characters.
Updating certificates in command line
Support reference 167610PW
Certificates installed on a firewall can now be updated using the command smc-install-certificate.
Filter and NAT rules
Filtering by user name
Support reference 167465PW
Traffic that filters user names containing apostrophes can now be declared in filter rules.
Warning regarding the analysis of encrypted traffic
Support reference 167465PW
The consistency check no longer raises a warning when a traffic decryption rule is placed before a rule that analyzes the same decrypted traffic.
Updating an SMC server in a version lower than 2.7.0
Support reference 185398CW
SMC servers in versions lower than 2.7.0 could not be updated to a 3.0.0 version if a block filter rule that performed destination NAT with a "network-any" value was defined in the policy. SMC servers containing such a rule can now be updated to a 3.1.0 version.
Object database
Searching for object groups
Support reference 167465PW
In the window to create or edit object groups, the Search field now extends to the IP addresses of objects.
Forced deployment of objects
Support reference 167698PW
When updating the SMC server to version 3.x, objects with forced deployment set on SNS firewalls now keep this parameter when they are migrated.
VPN topologies
IKE fragmentation
Support reference 167619PW
Previously, IKE fragmentation could not be enabled from the SMC server on SNS firewalls in version 3.7.x. It can now be enabled on firewalls in version 3.7.22, and fragment size can be configured.
SNS firewall monitoring
Display error in the firewall monitoring window
Support references 186959CW and 186343CW
In some error cases on SNS firewalls, the monitoring window in the administration console would no longer display. This issue has been fixed.