IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
SNS 3.5.1 bug fixes
System
Proxies
Support references 54298 - 68753 - 65092
Whenever the Kaspersky antivirus database reloaded, an issue would occur when ongoing analyses are paused, potentially disrupting proxy services (HTTP, SSL, SMTP, POP3 and FTP). This issue has been fixed.
Support references 68254 - 67791
Whenever a website presented certificates containing empty subject fields, this would disrupt the proxy's service. This issue has been fixed.
IPsec IKEv1
Support reference 68294
As part of the deployment of IPsec configurations via Stormshield Management Center, negotiations between SNS firewalls through IKEv1 tunnels using certificate authentication would fail. This issue, which generated the message "No peer found" in the IPsec log file (l_vpn file), has been fixed.
Dashboard
Support references 68866 - 68877
Loading the dashboard would cause excessive memory consumption in the long run. This anomaly has been fixed.
Network
GRETAP interfaces
Support reference 68068
Multicast network packets encapsulated in GRETAP tunnels would wrongly contain a multicast destination MAC address and would not be able to reach their destinations. This issue has been fixed.
Router objects
Support reference 68798
On SN160(W), SN210(W) and SN310 model firewalls, availability tests to the router object that included a main gateway and backup gateway would consider these gateways inactive. This anomaly has been fixed.
Intrusion prevention
IDS / Firewall mode
Support reference 67621
Whenever connections that required packets to be rewritten used a filter rule in IDS or firewall mode, the desychronization of sequence numbers would cause a flood of packets to arrive on the firewall's loopback0 interface, causing it to hang. This issue has been fixed.