Version 3.7.1 bug fixes

System

Local storage

Support reference 68506

Firewalls with damaged SD cards (and therefore damaged log storage partitions) would restart in loop. This issue has been fixed.

Vulnerability Manager

Support references 58546 - 66338 - 66736 - 68741 - 69083 - 70153

The vulnerability management module no longer functioned on SN150, SN160(W), SN210(W) and SN310 firewall models and could cause the firewall to freeze. This issue has been fixed.

URL filtering - SMC

In configurations that use the URL filter database compiled by the Rectorat de Toulouse (Academy of Toulouse – refer to the article in the Stormshield knowledge base), and whenever the administrator was logged on to the firewall via an SMC server, the Add all predefined categories button (Security policy > URL filtering module) would return an HTTP error message. This anomaly has been fixed.

Captive portal - SSL VPN - Web administration interface

Support reference 70568

Receiving a non-compliant request could cause the authentication portal management mechanism, SSL VPN and the web administration interface to freeze. This issue has been fixed.

Intrusion prevention

TLS protocol

Support reference 70674

The absence of certain encryption suites in the implementation of the TLS 1.3 protocol would raise the "Draft version detected" (ssl:419) alarm, which blocks packets by default. This alarm would prevent connections to websites such as Gmail and Facebook.

The ssl:419 alarm has therefore been modified to detect versions of TLS that the intrusion prevention engine does not manage ("Unsupported version detected") and its default action has been switched to "Pass", except for "High" security inspection profiles.