Changelog between SNS v4.2 and v4.3

Removed commands

Commands replaced by another one

Commands with the same name that change behavior

CONFIG AUTH SHOW

  • Before:

[radius]
state		: status of this method
host            : radius server hostname
port            : radius port
pencoding	: radius server charset encoding
bhost           : radius backup server hostname
bport           : radius backup port
bencoding	: radius backup server charset encoding
presharedkey : key used for encrypting exchanges between the firewall and the RADIUS server
bpresharedkey : key used for encrypting exchanges between the firewall and the Backup RADIUS server

[...]

[agent]
State          : activate or not the agent
Mscontroler    : object name of the Microsoft domain controller
MsbackupControler : object name of the second Microsoft domain controller
Directory      : name of the LDAP directory to use
MaxLogonTime   : maximum time in seconds for the authentication
Probe          : activate or not the user logout probing
ProbeMethod    : comma separated list of probing methods (arp, icmp, nbstat, registery, ...)
ProbeTimeout   : maximum time in seconds for not responding stations
BindAddr       : the IP address of the source connection
BindPort       : the port of the source connection
AgentAddr      : the IP address of the agent
AgentPort      : the port of the agent
AgentPassword  : the password of the agent
BackupAddr     : the IP address of the backup agent
BackupPort     : the port of the backup agent
BackupPassword : the password of the backup agent
DomainName     : the filter to be applied on logon events
  • After:

[radius]
state		: status of this method
host            : radius server hostname
port            : radius port
pencoding	: radius server charset encoding
bhost           : radius backup server hostname
bport           : radius backup port
bencoding	: radius backup server charset encoding
presharedkey : key used for encrypting exchanges between the firewall and the RADIUS server
bpresharedkey : key used for encrypting exchanges between the firewall and the Backup RADIUS server
timeout : timeout in milliseconds when authenticating on the RADIUS server
btimeout : timeout in milliseconds when authenticating on the backup RADIUS server
retry: number of retries when authenticating on the RADIUS server
bretry: number of retries when authenticating on the backup RADIUS server
VSAusergroup: 1 if user group VSA support if enabled, 0 otherwise

[...]

[agent]
State          : activate or not the agent
Mscontroler    : object name of the Microsoft domain controller
MsbackupControler : object name of the second Microsoft domain controller
Directory      : name of the LDAP directory to use
MaxLogonTime   : maximum time in seconds for the authentication
Probe          : activate or not the user logout probing
ProbeMethod    : comma separated list of probing methods (arp, icmp, nbstat, registery, ...)
ProbeTimeout   : maximum time in seconds for not responding stations
BindAddr       : the IP address of the source connection
AgentAddr      : the IP address of the agent
AgentPort      : the port of the agent
AgentPassword  : the password of the agent
BackupAddr     : the IP address of the backup agent
BackupPort     : the port of the backup agent
BackupPassword : the password of the backup agent
DomainName     : the filter to be applied on logon events

CONFIG NETWORK ROUTE SHOW

  • Before:

[StaticRoutes]
Remote=mynet Address=172.168.100.0/24 Interface=out Gateway=10.2.0.1 Color=000c0a Protected=0 State=0 Comment=""
Remote=192.168.100.0/255.255.255.0 Interface=in Gateway=10.2.2.1 Color=0a0c0a Protected=1 State=1 Comment="test route"
  • After:

[StaticRoutes]
Remote=mynet Address=172.168.100.0/24 Interface=out Gateway=10.2.0.1 Color=000c0a GatewayHasLB=0 Protected=0 State=0 Comment=""
Remote=192.168.100.0/255.255.255.0 Interface=in Gateway=10.2.2.1 Color=0a0c0a GatewayHasLB=0 Protected=1 State=1 Comment="test route"
Remote=mynet Address=10.3.0.0/16 Interface=in Gateway=myrouter Color=0a0c0a GatewayHasLB=1 Protected=1 State=1 Comment=""

CONFIG NETWORK ROUTE ADD

The token interface is now optional if there is value for gateway token.

CONFIG NETWORK ROUTE IPV6 ADD

The token interface is now optional if there is value for gateway token.

MONITOR HEALTH

  • Before:

 [&ltserial>]
 hamode=(none|active|passive)
 cpu=(n/a|unknown|good|minor|major)
 cpu_temp=(n/a|unknown|good|minor|major)
 disk=(n/a|unknown|good|minor|major)
 fans=(n/a|unknown|good|minor|major)
 mem=(n/a|unknown|good|minor|major)
 powerstatus=(n/a|unknown|good|minor|major)
 raid=(n/a|unknown|good|minor|major)
 cert=(n/a|unknown|good|minor|major)
 crl=(n/a|unknown|good|minor|major)
 passwd=(n/a|unknown|good|minor|major)
 [MAIN]
 status=(unknown|good|minor|major)
  • After:

 [&ltserial>]
 hamode=(none|active|passive)
 cpu=(n/a|unknown|good|minor|major)
 cpu_temp=(n/a|unknown|good|minor|major)
 disk=(n/a|unknown|good|minor|major)
 fans=(n/a|unknown|good|minor|major)
 mem=(n/a|unknown|good|minor|major)
 powerstatus=(n/a|unknown|good|minor|major)
 raid=(n/a|unknown|good|minor|major)
 cert=(n/a|unknown|good|minor|major)
 crl=(n/a|unknown|good|minor|major)
 passwd=(n/a|unknown|good|minor|major)
 router=(n/a|unknown|good|minor|major)
 [MAIN]
 status=(unknown|good|minor|major)

CONFIG HA SHOW

  • Before:

[Global]
State=0|1                     : Is HA activated?
Initialized=0|1               : HA initialization
SendARP=0|1                   : SendARP state
SendARPPeriod=             : delay (sec) between 2 ARPs
Secure=0|1					: Crypto state on the HA link
InterfacesFlipFlop=<0-20000> : How long, in milliseconds, non-HA interfaces must go down when the firewall becomes passive (0=disabled)
LACPWhenPassive=1            : Maintain LACP negotiations while being passive
DelayConnUpd=10              : Connections living less than this value (in seconds) won't be synchronized
LACPMembersHaveWeight=1      : Include LACP members in quality computation
  • After:

[Global]
State=0|1                     : Is HA activated?
Initialized=0|1               : HA initialization
SendARP=0|1                   : SendARP state
SendARPPeriod=             : delay (sec) between 2 ARPs
Secure=0|1					: Crypto state on the HA link
InterfacesFlipFlop=<0-20000> : How long, in milliseconds, non-HA interfaces must go down when the firewall becomes passive (0=disabled)
LACPWhenPassive=1            : Maintain LACP negotiations while being passive
DelayConnUpd=10              : Connections living less than this value (in seconds) won't be synchronized
LACPMembersHaveWeight=1      : Include LACP members in quality computation
FailoverMembersHaveWeight=1  : Include Failover members in quality computation

CONFIG OBJECT ROUTER SHOW

  • Before:

[Config]
name=myrouter
comment="nice comment"
gatewaythreshold=1
activateallbackup=0
frequency=15
tries=3
wait=2
loadbalancing=connhash
onfailpolicy=Pass

[PrincipalGateway]
pos=1 host=host1 check=www.google.com comment="First router"
pos=2 host=host2 check=www.google.com comment="Second router"

[BackupGateway]
pos=1 host=host3 check=www.google.com comment=""
  • After:

[Config]
name=myrouter
monitor=TCP_PROBE
port=tcp_service
comment="nice comment"
gatewaythreshold=1
activateallbackup=0
frequency=15
tries=3
triesup=0
wait=2
loadbalancing=connhash
onfailpolicy=Pass
slause=0
slalatency=
slajitter=
slalossrate=
slaunreachablerate=

[PrincipalGateway]
pos=1 host=host1 check=www.google.com comment="First router"
pos=2 host=host2 check=www.google.com comment="Second router"

[BackupGateway]
pos=1 host=host3 check=www.google.com comment=""

CONFIG OBJECT GET

  • Before:

[Object]
[...]
type=router global=0 modify=<0|1> name= comment= gatewaythreshold= activateallbackup=<0|1> frequency= wait= tries= loadbalancing= onfailpolicy=
[...]
  • After:

[Object]
[...]
type=router global=0 modify=<0|1> name= comment= gatewaythreshold= activateallbackup=<0|1> frequency= wait= tries= triesup= loadbalancing= onfailpolicy=
[...]

CONFIG OBJECT LIST

  • Before:

[Object]
[...]
type=router global=0 modify=<0|1> name= comment= gatewaythreshold= activateallbackup=<0|1> frequency= wait= tries= loadbalancing= onfailpolicy= used=<0|1>
[...]
  • After:

[Object]
[...]
type=router global=0 modify=<0|1> name= comment= gatewaythreshold= activateallbackup=<0|1> frequency= wait= tries= triesup= loadbalancing= onfailpolicy= used=<0|1>
[...]

Commands with new mandatory parameters

Commands with new optional parameters

CONFIG AUTH RADIUS

  • timeout (no default value)
  • btimeout (no default value)
  • retry (no default value)
  • bretry (no default value)
  • VSAusergroup (no default value)

CONFIG FILTER RULE UPDATE

  • ackqosid (no default value)

CONFIG NETWORK INTERFACE CREATE

  • Laggmode (default: lacp)
  • LaggFailoverMaster (no default value)

CONFIG NETWORK INTERFACE UPDATE

  • Laggmode (default: lacp)
  • LaggFailoverMaster (no default value)

CONFIG NETWORK INTERFACE AGGREGATE

  • Laggmode (default: lacp)

MONITOR QOS

  • ifname (default: all interfaces will be displayed)

MONITOR CONNECTION

  • ackqidname (default: no default value)
  • rtstate (default: no default value)

MONITOR FLUSH STATE

  • rtstate (default: no default value)

CONFIG HA CREATE

  • FailoverMembersHaveWeight (default: 0)

CONFIG HA UPDATE

  • FailoverMembersHaveWeight (default: 0)

CONFIG SSH UPDATE

  • CLIShell (default: no default value)
  • LogAdmin (default: no default value)

CONFIG OBJECT ROUTER NEW

  • monitor (default: no default value)
  • triesup (default: no default value)
  • slause (default: no default value)
  • slajitter (default: no default value)
  • slalatency (default: no default value)
  • slalossrate (default: no default value)
  • slaunreachablerate (default: no default value)

CONFIG GLOBAL OBJECT ROUTER NEW

  • monitor (default: no default value)
  • triesup (default: no default value)
  • slause (default: no default value)
  • slajitter (default: no default value)
  • slalatency (default: no default value)
  • slalossrate (default: no default value)
  • slaunreachablerate (default: no default value)

CONFIG IPSEC UPDATE

  • UsedInterface (default: no default value)

CONFIG IPSEC PEER NEW

  • mobike (default: no default value)

CONFIG IPSEC PEER UPDATE

  • mobike (default: no default value)

CONFIG OBJECT QOS QID ADD

  • lengthrev (default: 0 if update=1)

CONFIG OBJECT QOS QID LIST

  • useclone (default: 0)

CONFIG PROTOCOL PROFILE ALARM UPDATE

  • ackqid (default: no default value)

CONFIG PROTOCOL SSL COMMON PROXY SSLPROTOCOL

  • TLSv1_3 (default: no default value)

PKI CERTIFICATE CREATE

  • force (default: 0)