SNS 4.6.8 bug fixes
System
Authentication - SSO agent
Support reference 85133
In configurations that use SSO agent authentication based on a main external LDAP directory and a backup external LDAP directory, switching from the main directory to the backup directory would cause the authentication engine to unexpectedly shut down. This issue has been fixed.
Storage devices
Support references 84901 - 85018 - 85145
Issues that could result in SN2100 and SN3100 firewalls unexpectedly shutting down have been fixed by updating the firmware of the system storage device.
Interfaces - Object database
Support references 85267 - 85294
When an interface does not have an IP address (such as a dialup that is not yet connected after a firewall is restarted), Firewall_ and Network_ objects linked to this interface will be automatically generated again. This regression, which first appeared in SNS version 4.6.6, would prevent the filter policy from being loaded.
Intrusion prevention engine
SSLProtocol
Even though the alarm "Invalid SSL packet" (ssl alarm:118) is set to pass (alarm that does not block packets), packets that raise this alarm would wrongly stop the SSL protocol analysis. This anomaly has been fixed.
UDP
Support references 84913 - 85142 - 85157
An issue during the analysis of some UDP packets has been resolved to no longer cause the unexpected shutdown of the firewall.
Web administration interface
Certificates and PKI - TPM
Support references 84223 - 84462
On firewalls with TPMs that have not been initialized, the health status of the TPM would indicate a minor alarm, and any attempt to access the Certificates and PKI module would show a message asking the administrator to initialize the TPM. Administrators can now click on the button found in this message to stop reminders and switch off the minor alarm.