New feature in version 3.7.2 LTSB

Intrusion prevention

Protocol whitelist

A whitelist of protocols that do not need to be analyzed by the intrusion prevention engine has been added. This list can only be loaded in command line (System > CLI console module) using the following command:

CONFIG PROTOCOL IP COMMON IPS CONFIG UnanalyzedIpProto="list_of_protocol_numbers"

The protocol numbers are available on the IANA website (Internet Assigned Numbers Authority).

Do note that this list contains VRRP (112) and SCTP (132) protocols by default. To display the content of this whitelist, use the command:

CONFIG PROTOCOL IP COMMON SHOW

For more information on these commands, please refer to the CLI SERVERD Commands Reference Guide.

System

IPSec VPN - IKEv2

Support reference 70250

In order to avoid a multiplication of inactive child SA's causing an excessive load of IKEv2 IPSEc Tunnel Management Engine, a purge mechanism of unused SAs has been implemented.

Please refer to the knowledge base or contact the technical support team for further details.