New feature in version 3.7.2 LTSB
A whitelist of protocols that do not need to be analyzed by the intrusion prevention engine has been added. This list can only be loaded in command line (System > CLI console module) using the following command:
CONFIG PROTOCOL IP COMMON IPS CONFIG UnanalyzedIpProto="list_of_protocol_numbers"
The protocol numbers are available on the IANA website (Internet Assigned Numbers Authority).
Do note that this list contains VRRP (112) and SCTP (132) protocols by default. To display the content of this whitelist, use the command:
CONFIG PROTOCOL IP COMMON SHOW
For more information on these commands, please refer to the CLI SERVERD Commands Reference Guide.
IPSec VPN - IKEv2
Support reference 70250
In order to avoid a multiplication of inactive child SA's causing an excessive load of IKEv2 IPSEc Tunnel Management Engine, a purge mechanism of unused SAs has been implemented.
Please refer to the knowledge base or contact the technical support team for further details.