SNS 4.6.2 bug fixes
System
DMA remapping (DMAR) on SN-M-Series-720 and SN-M-Series-920 firewalls
Support reference 84882
The DMAR mechanism was optimized to improve performance and allow core dump files to be obtained for the purpose of analysis when issues arise on the firewall.
Monitoring power supply modules on SN-M-Series-720 and SN-M-Series-920 firewalls
Support reference 84880
If tasks ran in the wrong sequence while the firewall started up, an alert would sometimes be raised by mistake regarding the operation of power supply modules on SN-M-Series-720 and SN-M-Series-920 firewalls. This issue has been fixed.
Updating firmware on SSD disks
To prevent SSD disks from potentially malfunctioning, a firmware update of such disks is automatically applied when the following firewall models are updated to SNS version 4.6.2:
- SN510, SN710 and SN910 equipped with a 256 GB Innodisk SSD 3TE7,
- SN1100 equipped with a 512 GB Innodisk SSD 3TE7,
- SN3000 with the BIG DATA option (equipped with a 1 TB Innodisk SSD 3TE7).
QoS
The maximum length allowed for the name of a QoS queue that the intrusion prevention engine uses for detections is now the same as for standard QoS queues (31 characters maximum).
Deleting QoS queues
Checks have been added to prevent QoS queues from being deleted when they are used in the firewall configuration.
Network interfaces - SN-M-Series-720 and SN-M-Series-920 models
The speed of network interfaces on SN-M-Series-720 and SN-M-Series-920 firewalls can now be forced to 2.5 Gbit/s.
High availability - SNMPv3
Support reference 84500
SNMP parameters (including AuthoritativeEngineID in SNMPv3) are now automatically synchronized as soon as a cluster is created and every time roles are switched in this cluster. The purpose of this synchronization is to stop causing errors on some SNMP monitoring tools.
Updates - Static routing
Support reference 84716
When an SNS 4.6 version is updated from a configuration that contains a static route based on a nonexistent route, routes will no longer stop being reloaded after this faulty route is processed: the routes that follow will be correctly inserted again in the routing tables.
This regression appeared in SNS version 4.3.
Renaming nested object groups
Support reference 81223
Attempts to rename a group included in a group, which is itself included in another group, would fail and cause the system error "The object is included in one or several group(s)". Since the new name of the group was not applied in the object database, any filter rule using the renamed group would then become invalid. This issue has been fixed.
System report (sysinfo)
Support references 84211 - 84210
Checks to confirm whether verbose mode has been enabled/disabled for BIRD, BIRD6 and the global VPN policy have been added to the system report generator (accessible from Configuration > Maintenance > Configuration tab).
Checks to confirm whether verbose mode has been enabled/disabled for the proxy were wrongly removed, and are now available again in the system report generator. This regression appeared in version 4.5.1.
Intrusion prevention engine
Maximum number of protected hosts
Support reference 84794
An issue with applying the change made in SNS version 4.5.2 regarding the maximum number of protected hosts has been fixed. So when the firewall is updated to SNS version 4.6.2, it will automatically be restarted a second time if the configuration requires it.
Processing of fragmented packets
Support reference 83882
In configurations that handle a high volume of traffic, an issue with buffer management during the processing of fragmented packets has been fixed. This issue caused the firewall to freeze unexpectedly.