New features and enhancements in SNS 4.6.8

IPsec DR mode compliance

The behavior of the IKE key negotiation engine has been modified to enable its compliance with the requirements of the ANSSI’s IPsec DR guidelines. Changes made will not be noticeable in nominal use cases of SNS products.

High availability and TPM

Support reference 85055

In a high availability configuration such as the following:

• Members of the cluster are equipped with TPMs that have been initialized,
• The health status of TPMs is included in the calculation of the quality factor.

When the TPM on the passive firewall (firewall that was initially passive or which became passive after a switch due to a downgraded quality index) encounters a failure, this firewall will be restarted to recover its TPM in a working condition.