SNS 4.6.3 bug fixes

System

High availability (HA) with a backup link

Support reference 84458

In a HA configuration with a main and backup link, whenever the main link was down and became operational again, the cluster would continue to use the backup link by mistake. This anomaly has been fixed.

System monitoring – CPU load

Support reference 66123

The CPU consumption monitor would occasionally report unrealistic values. This anomaly has been fixed.

Firewall updates through a dialup default gateway

Support references 80557 - 84626 - 84768

During attempts to update firewalls connected to a PPPoE modem (dialup), an issue with the order in which services were shut down during the firewall's restart phase would occasionally prevent the firewall from being updated. This issue has been fixed.

Proxies

Support references 84517 - 84824 - 84826 - 84868 - 84877 - 84879

The analysis of a self-signed certificate without a Subject field in traffic that matches an SSL decryption rule will no longer cause the proxy to hang.

Support reference 84909

The presence of the HTTP cache option in a filter rule set up in a version earlier than SNS 4.3.0 no longer prevents the proxy from starting after a firewall update.

Support reference 84991

In a configuration combining sandboxing and advanced antivirus, the management of temporary files generated for analyzes could cause the affected partition to fill abnormally and significantly degrade proxy performance (slower web access). This anomaly has been fixed.

SSL VPN portal

As the signature of the Java applet used for the SSL VPN portal is close to expiry, users will see a warning message after the signature expires. This applet's signature has been renewed and the applet will be automatically updated when the firewall is updated to SNS version 4.6.3.

Intrusion prevention engine

QoS - SN160(W) model firewalls

Support reference 84937

An anomaly in the management of QoS on SN160(W) firewall models, which occasionally caused the firewall to freeze, has been fixed.

Web administration interface

Interfaces - High availability (HA)

Support reference 84863

HA-dedicated interfaces can no longer be edited from the firewall’s web administration interface. This operation, which was allowed by mistake, prevented HA from operating.

High availability (HA) - TPM initialization

Support reference 84530

In HA configurations, initializing the TPM on the active firewall from the web administration interface now correctly launches the initialization of the TPM on the passive firewall.