SMC 3.8 fixes
Authentication
Support reference 85506
LDAP ID format
The use of the userPrincipalName attribute in a name@domain format instead of the default sAMAccountName (Active Directory) or uid (OpenLDAP) attributes is now correctly supported in user authentication. The SMC_LDAP_FIELD_NAME_LOGIN environment variable in the file /data/config/fwadmin-env.conf.local makes it possible to select this attribute.
Support reference 85928
Accented characters in the LDAP DN
Users' LDAP DNs can now contain accented characters.
Filter and NAT rules
Support reference 85838
Displaying rules
The Expand button in filter and NAT rules now correctly expand the sections that are defined by rule separators.
Support reference 85858
Deploying filter rules
Filter rules that have a combination of the following characteristics are now correctly deployed:
-
Configured with the IDS and Firewall inspection levels,
-
The option Synchronize this connection between firewalls (HA) in the Advanced properties tab in the Action menu is disabled.
Support reference 86026
Editing a rule in a rule set
When a destination port is selected in a rule that belongs to a rule set, it no longer causes a validation error.
Support reference 86068
Changing the order in which rules are executed
Rules can now be correctly dragged and dropped to change their order in a filter policy that contains rules and rule sets, as this no longer disrupts the order of the rules.
Object database
Support reference 85877
Naming host and network objects
If a host object has a prefix Network_ before its name, or if a network object has a prefix Firewall_ before its name, the consistency checker will now show errors, preventing the configuration from being deployed.
Firewall configuration
Support reference 85830
Changes to the file ConfigFiles/sshd-banner
The configuration comparison no longer shows changes made to a firewall's ConfigFiles/sshd-banner file.
Support reference 86019
Fixes to the configuration comparison
The configuration comparison wrongly showed differences in the configuration of filter rules, even though they were identical on firewalls and on SMC, in the following cases:
-
After deployment of a new filter rule,
-
After redeployment of a rule that showed differences on a firewall.
This issue has been fixed.
System
Support reference 85909
SMC server redundancy
The syntax of the command allowing server redundancy to be enabled has been corrected. --secundaryIP has been replaced with --secondary. The command to use is now smc-redundancy --secondary <BACKUP_NODE_IP>.
Public API
Support reference 85905
Order in which rules returned by the API are executed
The order in which rules that are returned by the GET route /papi/v1/firewalls/{uuidOrName}/filter-policy and POST route /papi/v1/firewalls/{uuidOrName}/filter-policy/rules now correspond to the order of the same rules that are shown in the SMC administration interface.