SNS 4.6.8 bug fixes

System

Authentication - SSO agent

Support reference 85133

In configurations that use SSO agent authentication based on a main external LDAP directory and a backup external LDAP directory, switching from the main directory to the backup directory would cause the authentication engine to unexpectedly shut down. This issue has been fixed.

Storage devices

Support references 84901 - 85018 - 85145

Issues that could result in SN2100 and SN3100 firewalls unexpectedly shutting down have been fixed by updating the firmware of the system storage device.

Interfaces - Object database

Support references 85267 - 85294

When an interface does not have an IP address (such as a dialup that is not yet connected after a firewall is restarted), Firewall_ and Network_ objects linked to this interface will be automatically generated again. This regression, which first appeared in SNS version 4.6.6, would prevent the filter policy from being loaded.

Intrusion prevention engine

SSLProtocol

Even though the alarm "Invalid SSL packet" (ssl alarm:118) is set to pass (alarm that does not block packets), packets that raise this alarm would wrongly stop the SSL protocol analysis. This anomaly has been fixed.

UDP

Support references 84913 - 85142 - 85157

An issue during the analysis of some UDP packets has been resolved to no longer cause the unexpected shutdown of the firewall.

Web administration interface

Certificates and PKI - TPM

Support references 84223 - 84462

On firewalls with TPMs that have not been initialized, the health status of the TPM would indicate a minor alarm, and any attempt to access the Certificates and PKI module would show a message asking the administrator to initialize the TPM. Administrators can now click on the button found in this message to stop reminders and switch off the minor alarm.