IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
SNS 3.11.12 LTSB bug fixes
System
IPsec VPN
Support references 83903 - 84062
IPsec VPN tunnels that were set up with certificate authentication would occasionally fail when the private key was protected by the TPM. A "No private key found for <CN>" error would then be logged. This issue has been fixed.
Authentication
Support reference 82856
When multiple authentication requests are submitted on a firewall that handles heavy traffic, this would sometimes consume an excessive amount of CPU and cause packet loss. This issue has been fixed.
Filtering and NAT
Support references 81369 - 83651
When a NAT policy containing many rules is reloaded, network packets may get lost. An optimization mechanism that prevents such packet loss can be enabled using the CLI/Serverd command CONFIG PROTOCOL IP COMMON IPS CONFIG, by adding the natdiff parameter to the existing parameters in the OptimizeRuleMatch option.
Use the following parameters in a default configuration: OptimizeRuleMatch=equal,diff,cache,natdiff.
Any changes must then be confirmed with the command CONFIG PROTOCOL IP ACTIVATE.
Do note that this mechanism is disabled by default.
Support reference 78647
Exporting NAT/filter rules in CSV format would wrongly generate the "Any" value for the "#nat_to_target" field in the export file, in cases where filter rules were not associated with any NAT rules. This anomaly would then prevent such CSV files from being imported into SMC if the filter rules concerned had a “Block” rule.
Intrusion prevention
SSL proxy
Support reference 80792
Since Zoom application traffic is incompatible with the antivirus analysis, its CNs have been added to the CN group proxyssl_bypass.
HTTP
Support reference 83553
The HTTP protocol analysis has been optimized to avoid consuming too much memory and inappropriately overloading the firewall.