IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
New features in SNS 3.7.2 LTSB
Intrusion prevention
Protocol whitelist
A whitelist of protocols that do not need to be analyzed by the intrusion prevention engine has been added. This list can only be loaded in command line (System > CLI console module) using the following command:
CONFIG PROTOCOL IP COMMON IPS CONFIG UnanalyzedIpProto="list_of_protocol_numbers"
The protocol numbers are available on the IANA website (Internet Assigned Numbers Authority).
Do note that this list contains VRRP (112) and SCTP (132) protocols by default. To display the content of this whitelist, use the command:
CONFIG PROTOCOL IP COMMON SHOW
For more information on these commands, please refer to the CLI SERVERD Commands Reference Guide.
System
IPsec VPN - IKEv2
Support reference 70250
In order to avoid a multiplication of inactive child SA's causing an excessive load of IKEv2 IPSEc Tunnel Management Engine, a purge mechanism of unused SAs has been implemented.
Please refer to the knowledge base or contact the technical support team for further details.