IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
New features in SNS 3.11.6 LTSB
Firewalls must not be upgraded from SNS in version 3.10.x or 3.11.x LTSB to a 4.0.x version. This operation is not supported.
For further information, refer to Recommendations.
Option to disable stealth mode
Stealth mode has been enhanced with the possibility of disabling it and allowing responses to ICMP requests. This mode can only be changed through the CLI/Serverd command:
CONFIG PROTOCOL IP COMMON IPS CONFIG Stealth=<On|Off>
CONFIG PROTOCOL IP ACTIVATE
These commands are explained in detail in the CLI SERVERD Commands Reference Guide.
This option allows the firewall to be integrated more easily into existing infrastructures by moderating stealth mode on the firewall, and also prevents packets from being silently ignored. For example, the firewall can adopt the role of a device visible on the network when:
-
A packet exceeds the MTU and has a DF bit set to 1 (dfbit=1): the firewall blocks the packet and sends a response ICMP packet.
-
A packet passes through the firewall correctly: the firewall decrements the TTL ("Time To Live").
The value of this option, defined in the configuration of the IPS engine’s IP protocol processes, replaces the former configuration methods based on the sysctl commands net.inet.ip.icmpreply=1 and net.inet.ip.stealth=0.
Update
The hash algorithm of firmware update files has been changed to comply with the highest standards.