IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
SNS 3.7.23 LTSB bug fixes
System
IPsec VPN
Support reference 82645
In IPsec configurations that use groups containing address ranges, mounted tunnels could be interrupted when such groups were modified, generating TS_UNACCEPTABLE errors as a result. This issue has been fixed.
Support reference 83354
Whenever an IPsec policy contained one or several bypass rules (in which the peer is None and the rule was created to exclude the following rules from the encryption policy), these bypass rules were not applied to networks defined by static routes.
This issue was fixed with the addition of an IPsec bypass option in the step during which the static route is defined.
Captive portal - External LDAP directory
Support reference 82686
Whenever a user referenced in an external LDAP directory connects to the captive portal, the system event “LDAP unreachable” (event 19) is no longer raised.
Intrusion prevention
SIP
Support reference 68971
Some SIP communications would fail after they were put on hold whenever a peer sent INVITE packets containing deprecated "c=IN IP4 0.0.0.0" information which the firewall would reject (block alarm "Invalid SIP protocol (SDP)").
This issue was fixed after a new specific alarm was created ("SIP: Anonymous address in the SDP connection"). Such packets are no longer blocked by default, but the alarm can be configured to block them.
TNS protocol - Oracle
Support reference 77721
Analyses of TNS - Oracle client-server communications that undergo packet fragmentation and address translation (NAT) no longer desynchronize traffic due to packets being rewritten.