Version 3.6.0 bug fixes

System

Proxies

Support reference 67863

The SSL proxy no longer restarts unexpectedly whenever an HTTP CONNECT method is used through SSL. A page now informs the user of this incompatibility and a log is issued for the administrator.

High availability

Support reference 68680

The high availability system is now more stable as memory leak issues have been fixed.

Support reference 66260

Whenever a high availability cluster is created, MAC addresses will no longer be forced on VLAN interfaces. As such, MAC addresses no longer need to be changed after a VLAN is moved to another parent interface.

SSL VPN

Support references 48232 - 68060

OpenVPN has been upgraded from version 2.2.2 to version 2.4.2.

Certain restrictions affect this new version of OpenVPN. Refer to the section Explanations on usage to find out more.

Support reference 68895

The deployment of an SMC configuration no longer causes all SSL VPN tunnels to shut down.

IPSec VPN

Support reference 67803

Firewall resources are now better managed during denial of service attacks on port 500 when IPSec VPN is used with IKEv2.

SPNEGO SSO authentication

Support reference 68533

Whenever SPNEGO authentication has been configured, the user now directly accesses websites without having to go through the authentication portal, even when the website's URL contains a vertical bar (|).

Notifications

Support references 68105 - 68000

E-mail alerts received due to system events or alarms now indicate the right date.

SNMP agent

Support reference 65557

The OIDs ifSpeed and ifHighSpeed from the IF-MIB MIB now return the right values for 10 Gbps interfaces.

Filter - NAT

Support reference 68255

The firewall would block return packets whenever the NAT rule had the following characteristics:

  • Source translated to a virtual IP address that does not physically belong to the firewall,
  • Destination translated to an internal (protected) outgoing interface or one that does not belong to a bridge.

This issue, which would generate the alarm Packet for destination on the same interface, has been fixed.

Intrusion prevention

Alarms

Support reference 68466

The occurrence of the alarm 351 Missing mandatory SDP field in RTSP would cause traffic to be blocked even when the inspection profile has been configured to let packets through. This issue has been fixed.

OPC industrial protocol

The UUID ISystemActivator that OPC clients/servers use to open secondary connections is now supported correctly. The OPC client/server operating mode is no longer disrupted.

Virtual machines

Starting/shutting down virtual machines

Since version 3.5, virtual machines could no longer be shut down or restarted through the VM > Power menu in VMware. This issue has been fixed.

VMware Tools alerts

VMware vSphere alerts offering to update VMware Tools on SNS virtual machines no longer appear.

Network

Wi-Fi

Support references 64593 - 65555-66768

A flaw in the Wi-Fi access point driver could cause the firewall to freeze whenever the Wi-Fi network was enabled. This flaw has been fixed.

Support reference 68102

A recurring issue affecting performance and causing traffic to be blocked due to a large number of FQDN objects has been fixed.

Web administration interface

Drag and drop

During drag and drop operations to move up or down rows (e.g., in the filter rule module), the indicator was not in the right position. This issue has been fixed.

Users

Support reference 68133

In the Detailed access tab in the Users > Access privileges menu, the User-User group drop-down list no longer offers the values Any user@voucher_users.local.domain, Any user@sponsored_users.local.domain, and Any user@guest_users.local.domain, which caused invalid domain errors.

Certificates and PKI

Support reference 68688

Certificates created through SMC now appear in the Objects > Certificates and PKI view of a firewall's web administration interface and CRL updates are also retrieved.

Monitoring

Support reference 68787

In the Real-Time tab in the Monitoring > Host monitoring menu, the Incoming bandwidth and Outgoing bandwidth columns would no longer display the maximum throughput but the current throughput instead.