SMC 3.8 fixes

Authentication

Support reference 85506

LDAP ID format

The use of the userPrincipalName attribute in a name@domain format instead of the default sAMAccountName (Active Directory) or uid (OpenLDAP) attributes is now correctly supported in user authentication. The SMC_LDAP_FIELD_NAME_LOGIN environment variable in the file /data/config/fwadmin-env.conf.local makes it possible to select this attribute.

Support reference 85928

Accented characters in the LDAP DN

Users' LDAP DNs can now contain accented characters.

Filter and NAT rules

Support reference 85838

Displaying rules

The Expand button in filter and NAT rules now correctly expand the sections that are defined by rule separators.

Support reference 85858

Deploying filter rules

Filter rules that have a combination of the following characteristics are now correctly deployed:

  • Configured with the IDS and Firewall inspection levels,

  • The option Synchronize this connection between firewalls (HA) in the Advanced properties tab in the Action menu is disabled.

Support reference 86026

Editing a rule in a rule set

When a destination port is selected in a rule that belongs to a rule set, it no longer causes a validation error.

Support reference 86068

Changing the order in which rules are executed

Rules can now be correctly dragged and dropped to change their order in a filter policy that contains rules and rule sets, as this no longer disrupts the order of the rules.

Object database

Support reference 85877

Naming host and network objects

If a host object has a prefix Network_ before its name, or if a network object has a prefix Firewall_ before its name, the consistency checker will now show errors, preventing the configuration from being deployed.

Firewall configuration

Support reference 85830

Changes to the file ConfigFiles/sshd-banner

The configuration comparison no longer shows changes made to a firewall's ConfigFiles/sshd-banner file.

Support reference 86019

Fixes to the configuration comparison

The configuration comparison wrongly showed differences in the configuration of filter rules, even though they were identical on firewalls and on SMC, in the following cases:

  • After deployment of a new filter rule,

  • After redeployment of a rule that showed differences on a firewall.

This issue has been fixed.

System

Support reference 85909

SMC server redundancy

The syntax of the command allowing server redundancy to be enabled has been corrected. --secundaryIP has been replaced with --secondary. The command to use is now smc-redundancy --secondary <BACKUP_NODE_IP>.

Public API

Support reference 85905

Order in which rules returned by the API are executed

The order in which rules that are returned by the GET route /papi/v1/firewalls/{uuidOrName}/filter-policy and POST route /papi/v1/firewalls/{uuidOrName}/filter-policy/rules now correspond to the order of the same rules that are shown in the SMC administration interface.