Version 4.3.9 bug fixes

System

High availability, link aggregation and recovery of ARP requests

Optimizations have been applied to significantly speed up the recovery of ARP requests after a forced switch in a cluster that uses link aggregation.

User enrollment

Support reference 84344

An issue relating to user enrollment via the captive portal, particularly on firewalls that do not have a default certification authority (CA), has been fixed. This regression appeared in SNS version 4.3.0.

IPSec VPN IKEv2 - Mobile peers in config mode

Support reference 84482

Whenever an IPsec IKEv2 tunnel set up with a mobile peer in config mode was abruptly shut down by the remote client, the IP address that was assigned to it would remain locked and unavailable. A parameter has been changed so that users can recover their previous IP address in such scenarios.

PKI CA CHECK CLI/Serverd command

Support reference 84347

The CLI/Serverd command PKI CA CHECK now also checks Autoupdate configuration files.

Intrusion prevention engine

Sending ARP requests while reloading the configuration of interfaces in the intrusion prevention engine

Support reference 84272

An issue with competing access, which would occur when the intrusion prevention engine reloaded the configuration of interfaces while ARP requests were being sent, has been fixed. This issue made the firewall freeze.