IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
New features in SNS 3.11.7 LTSB
Firewalls must not be upgraded from SNS in version 3.10.x or 3.11.x LTSB to a 4.0.x version. This operation is not supported.
For further information, refer to Recommendations.
System
Path MTU Discovery (PMTUD)
In configurations that involve an IPsec VPN, ICMP 3/4 responses are now fully managed through such tunnels after support for Path MTU Discovery was enabled.
It is disabled by default, but can be managed through the CLI/Serverd command:
CONFIG IPSEC UPDATE slot=<1-10> PMTUD=<0|1|2>
CONFIG IPSEC ACTIVATE
CONFIG IPSEC RELOAD
These commands are explained in detail in the CLI SERVERD Commands Reference Guide.
NOTE
Stealth mode must be disabled so that the PMTUD can function through IPsec.
Find out more
Active Update
Packets in the Active Update module are now signed by a new Stormshield certification authority, which replaces the previous Netasq certification authority.
For clients who use internal mirror sites, you must update the packets hosted on your own servers so that packets signed by the new certification authority are used. This operation is necessary so that the Active Update module can continue to update its databases.
In a Linux environment, a new version of the updater.sh script is available and makes it possible to retrieve all packets signed by the new certification authority.