Version 4.2.8 bug fixes
Support references 83903 - 84062
IPsec VPN tunnels that were set up with certificate authentication would occasionally fail when the private key was protected by the TPM. A "No private key found for <CN>" error would then be logged. This issue has been fixed.
High availability (HA) - Firewall updates
Whenever the passive firewall in an HA cluster was updated to SNS version 4.2.3 or higher, then switched to active mode, the new passive firewall in SNS version 4.2.3 or higher could not be successfully updated. This issue has been fixed.
Support reference 83411
Whenever an Authentication rule filter rule redirected traffic to the captive portal (authentication portal), Sponsorship could no longer be selected as the authentication method on this captive portal’s page. This anomaly appeared in SNS version 4 and has since been fixed.
Support references 82366 - 83624 - 84201
Bird dynamic routing engine
Despite the static routes declared in the Bird configuration and the dynamic routes that Bird learned, the corresponding networks were not automatically added to the table of protected addresses. This issue has been fixed.
Support reference 80792
Since Zoom application traffic is incompatible with the antivirus analysis, these CNs have been added to the CN group proxyssl_bypass.
Support reference 83660
An issue that caused SMB packets to be blocked was fixed after the SMB/CIFS protocol analysis engine factored in the padding bytes at the end of SMB packets.
The "NTP: KoD denied" (ntp:456) alarm is no longer raised by mistake and in loop when the KoD (Kiss-of-Death) is attributed to the IP address of the NTP server.
Support reference 83553
The HTTP protocol analysis has been optimized to avoid consuming too much memory and inappropriately overloading the firewall.