Version 3.7.2 LTSB bug fixes

Network

Interfaces

Support reference 69982

The advanced configuration option Keep VLAN IDs (for interfaces included in a bridge), which instructs the firewall to accept tagged packets on this interface even when the VLANs concerned have not been explicitly declared, no longer functioned on SN 510, 710, 910, 2000, 2100, 3000, 3100, 6000, 6100 and SNi40 models. This issue has been fixed.

System

High availability - Incident icon

Support references 70506 - 70880 - 70707

As the high availability (HA) monitoring mechanism takes into account the status of links to router objects, unreachable router objects would wrongly cause the display of an icon indicating an incident on HA links in the firewall cluster. This anomaly has been fixed.

IPSec VPN

Support reference 70910

In configurations that use virtual IPSec interfaces, an issue with competing access to certain Security Policy parameters would disrupt traffic inside established IPSec tunnels. This issue has been fixed.

Proxies

Support reference 69318

An incident of memory corruption during the use of the SSL proxy would disrupt web access. This issue has been fixed.

Support references 66101 - 64504 - 69005 - 69328

An issue regarding competing access to certain resources used by the OpenSSL module would cause the proxy to freeze. This issue has been fixed.

Filter - NAT

Support references 69146 - 69011

Adding or deleting an inactive filter rule or a rule containing an empty group in front of a rule that uses the proxy (URL filtering, antivirus, sandboxing, etc.) would skew filter rule IDs. This skew would in turn cause web access to malfunction. This issue has been fixed.

LDAP directories

Support reference 69872

During the configuration of a Microsoft Active Directory with secure SSL access, an error message "No LDAP configuration" would appear by mistake. Confirming this message and refreshing the screen would remove the directory concerned from the list of directories. This anomaly has been fixed.

Local storage

Support references 68506 - 71005

Firewalls with damaged SD cards (and therefore damaged log storage partitions) would restart in loop. This issue has been fixed.

Firewall administration

Support reference 71741

In cases where the administrator password of a firewall was forgotten, if both passwords entered during the password retrieval procedure did not match, the configuration of the firewall would be erased. This issue has been fixed.

Alarms on SN3000 firewalls

Support references 71022 - 71051

On SN3000 firewalls, an alarm indicating a power supply failure would appear on the dashboard even though the firewall would be running properly. This anomaly has been fixed.

IPSec VPN (IKEv1 + IKEv2 or IKEv2 only)

Support reference 70250

An anomaly in the management of Security Associations (SA) during the loss of packets within a tunnel would wrongly generate many child SAs and increase the load on the engine that manages IPSec IKEv2 / IKEv1+IKEv2 tunnels. This anomaly has been fixed.

Intrusion prevention

LDAP protocol

Support references 71152 - 69806

The analysis of the LDAP protocol would wrongly raise the alarm ldap_tcp:427 (Bad LDAP protocol) and block connections to the target LDAP directory. This anomaly has been fixed.

Support reference 71192

An issue during the analysis of LDAP packets that authenticate via SASL (Simple Authentication and Security Layer) would cause the firewall to freeze. This issue has been fixed.

Stormshield Management Center

Communication between SNS and SMC

Ever since version 3.6.1 of SNS, the firewall would no longer factor in the fact that a particular network interface has been specified for connections to the SMC server (BindAddr parameter). This issue has been fixed.

Updating SNS firewalls from SMC

Ever since version 3.6 of SNS, firewall updates from SMC would not function, regardless of whether they had been run via an SNS CLI command or by accessing the firewall directly from SMC. The update file would not be downloaded on the firewall. This issue has been fixed.