IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
SNS 3.6.0 bug fixes
System
Proxies
Support reference 67863
The SSL proxy no longer restarts unexpectedly whenever an HTTP CONNECT method is used through SSL. A page now informs the user of this incompatibility and a log is issued for the administrator.
High availability
Support reference 68680
The high availability system is now more stable as memory leak issues have been fixed.
Support reference 66260
Whenever a high availability cluster is created, MAC addresses will no longer be forced on VLAN interfaces. As such, MAC addresses no longer need to be changed after a VLAN is moved to another parent interface.
SSL VPN
Support references 48232 - 68060
OpenVPN has been upgraded from version 2.2.2 to version 2.4.2.
Certain restrictions affect this new version of OpenVPN. Refer to the section Explanations on usage to find out more.
Support reference 68895
The deployment of an SMC configuration no longer causes all SSL VPN tunnels to shut down.
IPsec VPN
Support reference 67803
Firewall resources are now better managed during denial of service attacks on port 500 when IPsec VPN is used with IKEv2.
SPNEGO SSO authentication
Support reference 68533
Whenever SPNEGO authentication has been configured, the user now directly accesses websites without having to go through the authentication portal, even when the website's URL contains a vertical bar (|).
Notifications
Support references 68105 - 68000
E-mail alerts received due to system events or alarms now indicate the right date.
SNMP agent
Support reference 65557
The OIDs ifSpeed and ifHighSpeed from the IF-MIB MIB now return the right values for 10 Gbps interfaces.
Filter - NAT
Support reference 68255
The firewall would block return packets whenever the NAT rule had the following characteristics:
- Source translated to a virtual IP address that does not physically belong to the firewall,
- Destination translated to an internal (protected) outgoing interface or one that does not belong to a bridge.
This issue, which would generate the alarm Packet for destination on the same interface, has been fixed.
Intrusion prevention
Alarms
Support reference 68466
The occurrence of the alarm 351 Missing mandatory SDP field in RTSP would cause traffic to be blocked even when the inspection profile has been configured to let packets through. This issue has been fixed.
OPC industrial protocol
The UUID ISystemActivator that OPC clients/servers use to open secondary connections is now supported correctly. The OPC client/server operating mode is no longer disrupted.
Virtual machines
Starting/shutting down virtual machines
Since version 3.5, virtual machines could no longer be shut down or restarted through the VM > Power menu in VMware. This issue has been fixed.
VMware Tools alerts
VMware vSphere alerts offering to update VMware Tools on SNS virtual machines no longer appear.
Network
Wi-Fi
Support references 64593 - 65555-66768
A flaw in the Wi-Fi access point driver could cause the firewall to freeze whenever the Wi-Fi network was enabled. This flaw has been fixed.
Support reference 68102
A recurring issue affecting performance and causing traffic to be blocked due to a large number of FQDN objects has been fixed.
Web administration interface
Drag and drop
During drag and drop operations to move up or down rows (e.g., in the filter rule module), the indicator was not in the right position. This issue has been fixed.
Users
Support reference 68133
In the Detailed access tab in the Users > Access privileges menu, the User-User group drop-down list no longer offers the values Any user@voucher_users.local.domain, Any user@sponsored_users.local.domain, and Any user@guest_users.local.domain, which caused invalid domain errors.
Certificates and PKI
Support reference 68688
Certificates created through SMC now appear in the Objects > Certificates and PKI view of a firewall's web administration interface and CRL updates are also retrieved.
Monitoring
Support reference 68787
In the Real-Time tab in the Monitoring > Host monitoring menu, the Incoming bandwidth and Outgoing bandwidth columns would no longer display the maximum throughput but the current throughput instead.