IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
SNS 3.7.18 LTSB bug fixes
System
Proxies
Support references 78432 - 78929 - 79581 - 80095
Issues with memory leaks in proxies, which would sometimes restart the service unexpectedly, have been fixed.
Support reference 79584
An issue with the management of the SSL context, which could freeze the proxy service, has been fixed.
Support references 79957 - 80108
Configurations that use multi-user authentication would sometimes require several minutes to fully load web pages that embed CSP (content-security-policy) directives. This anomaly has been fixed.
SSO Agent
Support references 79581 - 80095
Running the module that manages communication with the SSO agent would sometimes consume an excessive amount of memory resources. This anomaly has been fixed.
SNMP agent
Support reference 74514
The anomalies observed in table indexing, which reflected the hardware status of cluster members in the HA MIB, have been fixed. Returned OIDs did not match the associated MIB, preventing the use of snmpget requests to reach these OIDs. Such requests now function correctly.
Support references 77226 - 78235
The OID "SNMPv2-MIB::sysObjectID.0", which made it possible to identify the type of device queried, presented the default net-snmp value instead of the Stormshield value. This anomaly has been fixed.
Support references 77779 - 80036
Excessive memory consumption issues that caused the SNMP agent service to unexpectedly shut down have been fixed.
Filtering and NAT
Support references 79533 - 79636 - 80043 - 80412
When a time object was enabled or disabled, the re-evaluation of connections that match the filter rule containing this time object no longer cause the firewall to unexpectedly restart.
Network objects
Support reference 77385
When a global network object linked to a protected interface is created, this object will now be correctly included in the Networks_internals group.
Support reference 76167
When local or global network objects are restored using a backup file (file with a “.na” extension), the firewall's network routes are reloaded to apply changes that may affect network objects involved in routing.
High availability (HA)
The errors that occur when the passive member of the cluster is updated are now correctly reported through high availability.
Support reference 70003
The validity of the license for the Vulnerability manager option is now verified before the configuration is synchronized to avoid unnecessarily generating error messages in logs such as "Target: all From: SNXXXXXXXXXXXXX Command: SYNC FILES failed: Command failed : Command has failed : code 1".
Hardware monitoring
Support reference 77170
On SN2100, SN3100 and SN6100 firewalls, the mechanism that monitors fan rotation speed has been optimized so that it no longer wrongly reports alarms that create doubts about the operational status of fans.
Network
Dynamic routing - Router objects
Support reference 69210
Whenever a firewall's default gateway consisted of a router object with load balancing, the dynamic routes that the Bird engine had learned would not be applied. This anomaly has been fixed.
Intrusion prevention
Quarantine when alarm raised on number of connections
Support reference 75097
When “Place the host under quarantine” is the action set for the alarm “Maximal number of connexions per host reached” (alarm tcpudp:364), the host that triggered this alarm is now correctly added to the blacklist for the quarantine period configured.
DCERPC protocol
Support reference 77417
The DCERPC protocol analyzer would sometimes wrongly create several hundred connection skeletons, causing excessive CPU consumption on the firewall.
This issue, which could prevent the firewall from responding to HA status tracking requests and make the cluster unstable, has been fixed.