IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
SNS 3.10.3 bug fixes
WARNING
- When a firewall that contains an IKEv1 mobile IPsec policy with certificate authentication is upgraded to version 3.10.3, the IKE negotiation engine may switch from racoon to charon.
When this occurs, the warning message will appear in the IPsec VPN module: “Combining IKEv1 and IKEv2 peers within the same IPsec policy remains experimental.”
IPsec tunnels that have already been configured will remain operational in theory.
If your configuration contains such an IPsec policy, we strongly advise you to read this Stormshield Knowledge Base article before you start the upgrade to SNS 3.10.3. - Firewalls must not be upgraded from SNS in version 3.10.x or higher to a 4.0.x version. This operation is not supported.
For further information, refer to Recommendations.
System
IPsec VPN
Support references 77264 - 77165 - 77274 - 77246
IPsec policies that were modified on firewalls in version SNS 3.10.x would occasionally be corrupted when they were applied and reloaded, or after the firewall was restarted. This issue has been fixed.
Additionally:
- When an IPsec peer is created, a peer ID no longer needs to be specified in the Peer ID field,
- When an IPsec VPN mobile peer with pre-shared key authentication is created, the Pre-shared key that this peer needs to use must be specified if a peer ID has been entered in the Peer ID field.