Object database
Network objects
Support reference 84405
Network objects with a subnet mask in /32 can no longer be used or imported in the firewall configuration. The consistency checker will raise an alarm if such objects are found on SMC.
Router objects
Support reference 84643
Router objects can now be created even when the HTTPS port object does not exist in the SMC object database.
Monitoring SMC with SNMP
Status of the SNMP service after updating SMC
Support reference 84438
When SNMP is enabled on the SMC server, it will now automatically restart after SMC is updated. The service remains enabled after SMC is restarted.
System
service command
Support reference 84381
SMC no longer supports the service command. Since version 3.0, the use of the service --status-all command, which listed the services on the system, would make SMC stop functioning.
Some errors caused SMC to stop
Some errors, which could occur during a configuration deployment for example, caused SMC server to stop. SMC now continues to run correctly even if these errors occur.
Configuration deployment
Use of the same peer in VPN topologies
Support references 84584 and 84647
Whenever the same peer was used twice in a VPN topology, SMC would no longer restart during a deployment. This would make the deployment fail and SMC would display an error message.
Filter rules
Use of the @ character in the comments of a rule
Support reference 84423
The local filter rules on SNS firewalls now display correctly in SMC when the @ character is used in comments.
Display of local filter rules
Support references 84396, 84440 and 84442
The local filter rules on SNS firewalls now display correctly in SMC when:
-
they use a group of regions, a category of public IP address reputations or web services that SMC does not know.
-
they use router objects,
-
they use objects that SNS did not export in SMC,
Configuration of SNS firewalls
Managing network interfaces
Support reference 84529
SMC now no longer deploys the network configuration if it has not retrieved all network interfaces beforehand.
Importing SNS firewalls
Support reference 84644
The #vpn_fw_public_ip_address parameter functions again when importing SNS firewalls from a CSV file.
Consistency check on network interfaces
Support reference 84576
The consistency check no longer fails when it analyzes network interfaces with IP addresses in /32.
Authorities and certificates
Verification of the revocation list
Support reference 84603
SMC now forces SNS firewalls to retrieve the certificate revocation list (CRL) after every time the configuration is deployed. So when a VPN topology is deployed with the CRL verification option enabled, tunnels will be operational immediately. There is no longer any need to wait for the firewalls to retrieve the CRL.
Changes to the CRL
Support reference 84646
SMC now ignores the CRL file CA.crl.pem in the folder ConfigFiles/Global/Certificates/<topo_name>/ of SNS firewalls, so it no longer raises any alerts when this file is modified locally.