IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
SNS 3.7.11 LTSB bug fixes
System
IPsec VPN
Support references 74551 - 74456
An anomaly in the IPsec function key_dup_keymsg(), which would generate the errorCannot access memory at address and cause the firewall to shut down suddenly, has been fixed.
ANSSI "Diffusion Restreinte” mode
When the ANSSI "Diffusion Restreinte” mode is enabled (System > Configuration > General configuration tab), a mechanism now checks the compatibility of Diffie-Hellmann (DH) groups used in the configuration of IPsec peers with this mode. The list of allowed DH groups has been updated; now only DH 19 and 28 groups must be used.
Proxy
Support reference 74427
When the certification authority of the SSL proxy expired, the firewall would sometimes stop attempting to generate new keys unnecessarily for some events, e.g., when reloading the filter policy or network configuration, or when changing the date on the firewall. This would cause excessive CPU usage.