Filter and NAT rules
Support reference 85834
Moving rule separators
When a separator containing filter or translation rules is moved, the operation no longer causes an error or duplicates rules.
Support reference 86235
Adding and moving rules
In some cases, when new filter or translation rules were added, or when existing rules were copied and pasted or dragged and dropped, the rules in question were not inserted in the desired position in the rule sequence. This issue has been fixed.
Support reference 86188
Using port groups in rules
When a "Port group" object is used in a filter or translation rule, the rule behavior is now as follows:
-
The consistency checker returns an error if none of the ports in the group uses the protocol that was selected in the rule's Port - Protocol menu, or if none of the ports is an "Any" port.
-
The consistency checker returns an error if, for example, UDP was selected for all the ports in the group, but TCP was selected in the rule's Port - Protocol menu. The opposite case also applies.
-
A rule can be deployed if a protocol is selected in the rule's Port - Protocol menu, and if at least one port in the group uses the protocol.
Support reference 86187
Copying a large set of rules
Very large sets of copied filter or translation rules are now better managed. The copying process is faster, and no longer causes errors.
When necessary, the new environment variable SMC_BULK_RULES_OPERATIONS_TIMEOUT_INT can be used to set a timeout after which copied rules expire. For more information, refer to the section Details of SMC_XXX environment variables.
Support reference 86320
Translation rules with an IP protocol
Translation rules in which a type of IP protocol has been selected can now be created and copied.
Active Update server
Support reference 86139
Active Update server certificate format
The format of the certificate that SMC generated for Active Update was not compatible with SNS 4.3.31 LTSB and higher versions of 4.3 QS, 4.8.7 and higher versions of 4.8 LTSB, and 5.0.0 and higher versions.
In order to use Active Update on SMC for all SNS versions, the certificate now contains the following extensions:
-
subjectKeyIdentifier = hash
-
basicConstraints = critical, CA:true
-
keyUsage = critical, digitalSignature, keyCertSign, cRLSign
The Active Update certificate is automatically updated when SMC is updated to version 3.9, unless a customized certificate is used.
Object database
Support reference 85573
Importing objects
When objects fail to be imported through a CSV file, the error message now specifies the names of the firewalls that are causing the issue, instead of their UUIDs.
Support reference 86196
SMC updates canceled when duplicate objects exist
The presence of duplicate objects in the object database may cause errors when SMC is updated. When this occurs, updates will now be canceled, and server logs will report an error listing the objects in question. If the list contains more than 10 objects, the file duplicate_objects.txt, which lists all the objects, will be created in the folder var/log.
If you encounter this issue, begin by deleting duplicates and modifying the configuration, then start the server update process once again.
Administrator authentication
Support reference 86185
Authentication failure
When an administrator's authentication fails, an issue prevented the administrator from reconnecting immediately. This issue has been fixed.
Support reference 86169
LDAP users authenticated over a Radius server
SMC once again supports the authentication of users from an LDAP group over a Radius authentication server.
Support reference 86214
Accented characters and commas in the LDAP DN
LDAP user authentication now supports accented characters and commas in the LDAP DN.
System
Support reference 86177
SMC server redundancy
When the main node encounters an issue and the backup node takes over, configurations can once again be deployed from the backup node.
Support reference 86164
Saturation of the /tmp directory
Temporary files that are created in the /tmp directory after a configuration deployment will now be automatically deleted after the database is restored.
High availability
Support reference 84720
Display of firewall end of maintenance dates
When both nodes in a cluster have different end of maintenance dates, the dates now appear correctly after a switch.