SNS 4.5.4 bug fixes

NOTE
The fix added in version 4.5.3 regarding the verification of TLS server certificates (Support reference 84244) has been removed. It will be reviewed and included in a future version.

System

SNMP agent - MIB and traps

Support reference 78102

To keep up to date with the recommendations in RFC2578, and to resolve a compatibility issue with some monitoring applications, all SNMP tables in which the first index was set to 0 have been duplicated to new tables in which the first index is set to 1.

Older SNMP tables (index beginning with 0) will still be used by default, but are tagged as obsolete and will be phased out in a future SNS version.

To activate the new SNMP tables (index beginning with 1) on the firewall, you must:

  1. Connect to the firewall in SSH/Console mode as a super-administrator (admin account),
  2. Edit the section [Config] in the ConfigFiles/snmp configuration file and set the configuration token IndexStartAt1 to "1",
  3. Run the SNMP agent using the command ensnmp.

IPsec tunnel monitoring

The module that monitors the encapsulation of IPsec tunnels in UDP has been fixed and no longer wrongly indicates encapsulation as disabled all the time.

Routing

When tasks are not run in the right sequence during the firewall startup phase, issues may occur when loading certain services such as IPsec or sandboxing. This issue has been fixed.

Intrusion prevention engine

SIP and network address translation (NAT)

Support reference 68822

In a configuration that uses NAT for SIP connections within a rule in firewall mode, when the firewall receives a second INVITE request for a connection that has already been set up, NAT will no longer malfunction and the established SIP connection will no longer shut down unexpectedly.