SNS 4.2.10 bug fixes

System

IPsec VPN with NAT-T and Path MTU Discovery (PMTUD) enabled

Support reference 83292

When the PMTUD option (CLI/Serverd command CONFIG IPSEC UPDATE slot=<1-10> PMTUD=<0|1>) was enabled for an IPsec tunnel going through NAT-T and using the combination of AES-CBC 256 and SHA2_256 algorithms, packets with an MTU that was too high would occasionally be generated. Such packets would then be blocked by the network devices that they are supposed to pass through.

Proxies

Support reference 79295

The SSL proxy now correctly processes certificates that present both an empty Subject field and a filled in Subjectaltname field.

HTTP proxy

Support reference 83607

Issues with competing access to connection counters, which could cause the proxy to shut down unexpectedly, have been fixed.

URL classification - Extended Web Control (EWC)

Support reference 83619

An anomaly affecting communication with EWC servers would occasionally occur after several unsuccessful attempts to classify a URL. This anomaly has been fixed.

Using an explicit proxy and Extended Web Control (EWC) URL classification database

Support reference 82913

Using an explicit proxy and the EWC URL database at the same time would sometimes make the URL classification engine shut down unexpectedly. This issue has been fixed.

NAT - VLANs

Support reference 79759

In a configuration that supports several VLANs on the same physical interface and which implements address translation with ARP publication on the same VLANs, GARP (Gratuitous ARP) packets would be wrongly sent to only one of these VLANs. This issue has been fixed.

Intrusion prevention

Android WhatsApp and Facebook applications

Support reference 82865

Legitimate packets from Android WhatsApp or Facebook applications would sometimes wrongly trigger the block alarm "Different SSL version" (ssl:117 alarm). This regression, which first appeared in SNS version 4.2.1, has been fixed.

Web administration interface

Dashboard - Virtual Pay As You Go (PAYG) machines

Support reference 83326

The PAYG widget found on virtual machines in Pay As You Go mode no longer show HTML markers by mistake.