IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
New features in SNS 3.7.19 LTSB
System
IPsec VPN
On SN510, SN2000, SN2100, SN3100 and SN6100 models, the IPsec service is now equipped with a mechanism that can optimize the distribution of encryption and decryption operations. Its purpose is to significantly improve IPsec throughput in configurations that contain a single IPsec tunnel.
The optimization mechanism offers three configuration modes and is disabled by default. An automatic mode allows the mechanism to activate only when the active IPsec policy has a single active VPN tunnel.
This mode can be configured only with the following CLI/serverd command:
CONFIG IPSEC UPDATE slot=<n> CryptoLoadBalance=<0|1|auto>
Find out moreActive Update
Packets in the Active Update module are now signed by a new Stormshield certification authority, which replaces the previous Netasq certification authority.
For clients who use internal mirror sites, you must update the packets hosted on your own servers so that packets signed by the new certification authority are used. This operation is necessary so that the Active Update module can continue to update its databases.
In a Linux environment, a new version of the updater.sh script is available and makes it possible to retrieve all packets signed by the new certification authority.