IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
SNS 3.4.3 bug fixes
IPsec VPN
IPsec IKEv1
Support reference 68294
As part of the deployment of IPsec configurations via Stormshield Management Center, negotiations between SNS firewalls through IKEv1 tunnels using certificate authentication would fail. This issue, which generated the message "No peer found" in the IPsec log file (l_vpn file), has been fixed.
This fix is available only for this version and the following 3.4.x versions. When it is added to a 3.5.x version or a higher version, the relevant version Release Notes will specifically mention it.
System
Quality of Service
Support reference 67879
During the setup of bandwidth reservation or restriction (CBQ), the actual bandwidth would be much lower than the configured bandwidth restriction. This issue has been fixed.
Proxies
Support reference 66653
Whenever the proxy sent packets to an ICAP server through a filter rule in firewall mode, it would cause latency issues during web browsing. This issue has been fixed.
SMTP proxy - SSL proxy
Support reference 68581
During the initialization of the SMTP proxy's logging mechanism, checks for the existence of an active filter policy would cause the SMTP proxy to freeze, and connections through the SSL proxy to slow down. This issue has been fixed.
Intrusion prevention
Fragmented packets
Support references 66850 - 66719
An anomaly in the management of fragmented packets would wrongly cause the first fragment to be blocked. This anomaly has been fixed.
Virtual machines
Microsoft Hyper-V
Support references 66627 - 67132
On a Microsoft Hyper-V platform, virtual machines with several network interfaces could encounter issues enabling their last interfaces after restarting. This issue has been fixed.