SMC 3.2.1 fixes

SMC update

Update process

Support reference 84277

During the SMC update process, errors that were not serious and did not affect the update process would appear in command line mode. The server now only shows relevant errors.

Managing administrators

Authentication via OpenLDAP

Support reference 84152

In the LDAP authentication settings of the Administrators menu, the ID field of the connection account was renamed Administrator DN for OpenLDAP servers. The expected ID format for this field is a DN (without the base DN), such as "cn=administrator".

Configuration of SNS firewalls

Naming firewalls

Support reference 84452

The error message and audit log generated during an attempt to create a firewall with the same name as an object found in the database have been improved to indicate that a firewall or an object with the same name already exists.

Configuration deployment

Synchronizing nodes of a cluster

Support reference 84333

When the automatic synchronization of an HA cluster was disabled through the environment variable FWADMIN_HASYNC_ON_DESYNCHRO, deploying the configuration on a cluster would automatically desynchronize nodes. This issue has been fixed.

VPN topologies

Deploying an IKEv2 topology

Support reference 84230

When an IKEv2 VPN topology is deployed from SMC, changing a peer’s settings directly on an SNS firewall no longer causes any serverd errors.

Failed tunnel negotiation

Support reference 84490

The negotiation of a tunnel fails whenever a peer’s certificate contains the firewall’s contact IP address in the certificate’s Subject Alternative Name field. This is because the firewall will use this address as the peer’s Local ID.

To prevent this from happening, the use of the certificate’s Subject field as the peer’s Local ID can be forced by setting the FWADMIN_CERT_SUBJECT_AS_PEER_LOCALID variable to "True". This variable is set to “False” by default.

Reading logs

Audit logs

Support reference 84279

Logs regarding anonymous users were generated in audit logs. As such information is not relevant, these logs are no longer generated.