IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
SNS 3.11.8 LTSB bug fixes
System
Proxies
Support reference 81624
In configurations that use multi-user authentication, the application of "img-src https://*" CSP (content-security-policy) directives would sometimes cause the proxy service to unexpectedly restart. This issue has been fixed.
IPsec VPN
Support references 79713 - 81464
Packets would sometimes get lost whenever the keys of IPsec tunnels were renewed. This issue has been fixed.
Regular CRL retrieval
Support reference 81259
The verification of CRLs through the proxy would occasionally not function because the port to reach the proxy was not correctly applied. This issue has been fixed.
High availability (HA) and IPsec VPN (IKEv2 or IKEv1 + IKEv2)
Support reference 79874
An issue with competing access between the log mechanism on IPsec VPN and the HA cache after the synchronization of the IPsec configuration would sometimes shut down the IPsec VPN service. This issue has been fixed.
SSL proxy
Support reference 77207
The SSL proxy would sometimes restart when all of the following conditions occurred:
- An SSL filter policy applied a “Pass without decrypting” action when a CN could not be categorized,
-
A connection matched this rule (“Pass without decrypting”) because the classification of the CN failed.
- A simultaneous connection to the same website was classified with the action “Block without decrypting”.
This issue has been fixed.
IP address reputation and geolocation service
Support reference 77980
An anomaly relating to the IP address reputation and geolocation service would sometimes result in memory corruption, which would cause the firewall to unexpectedly restart. This issue has been fixed.
External LDAP directory
Support reference 81531
After an external LDAP directory was created and made accessible via a secure connection, enabling the option Check the certificate against a Certification Authority and selecting a trusted CA no longer cause an internal error on the firewall.
Network
Bridge - MAC addresses
Support reference 80652
On interfaces attached to a bridge, when a network device is moved and the network traffic that it generates is no longer linked to the same physical interface, the firewall automatically maps the MAC address of the device to the new interface once a Gratuitous ARP request is received from the new device.
This switch was not correctly applied whenever the MAC address was different after the network device was moved This issue has been fixed.
Multicast routing - Address translation
Support reference 80359
Multicast network traffic packets are no longer duplicated if multicast routing is applied after a destination NAT rule is applied to this traffic.
Virtual machines
Serial numbers of VPAYG firewalls
Support reference 76157
The high availability monitoring mechanism did not recognize serial numbers of VPAYG firewalls (serial number of the firewall, to which an extension such as "-XXXXXXXX” is added). This issue has been fixed.