SNS version 4.7.10 bug fixes

System

Proxies

Support references 85568 - 85625 - 85701

Issues in the SSL proxy that could cause the firewall to freeze unexpectedly have been fixed.

POP3 proxy - Antispam and/or antivirus

Support reference 81432

During the antivirus and/or antispam analysis, the POP3 proxy would wrongly detect batch e-mail processing (pipelining) and inappropriately fragment messages. This issue has been fixed.

IPsec VPN

Support reference 85676

High availability configurations that handle a heavy volume of traffic now have better stability. This prevents the IPsec tunnel manager from shutting down unexpectedly.

Support reference 85721

After deploying via SMC an IPsec configuration that:

  • Uses virtual interfaces (VTIs),
  • Has a peer defined in Do not initiate the tunnel (ResponderOnly) mode.

Attempts to set up the tunnel will no longer cause the firewall to unexpectedly freeze.

SN160(W)/SN210(W)/SN310 model firewalls

Support reference 84495 - 84933 - 85038 - 85081 - 85213

Changes have been made to reduce the frequency of disk access to the configuration file ConfigFiles/Openvpn/openvpn, as this would cause SN160(W)/SN210(W)/SN310 model firewalls to unexpectedly restart.

High availability (HA) - CRL

Support reference 85558

CRLs that originate from global CAs are now synchronized every 60 minutes between the active and passive firewalls.

Support reference 85553

CRLs that are retrieved by the active firewall are now immediately synchronized with the passive firewall. Previously, these synchronizations occurred only every 60 minutes. As such, if a switch occurred in the cluster during this time frame, the new active firewall would not necessarily know all the CRLs, and could then prevent IPsec tunnels from being set up, for example.

Audit logs

Support reference 85563

When the firewall is restarted within five minutes after a filter is created in Logs - Audit logs > All logs, the filter will no longer be deleted.

Importing certificates

Support reference 85731

Certificates in .cert and .crt format are now identified as PEM certificates during import. They were previously considered P12 certificates, which subsequently caused errors.

Intrusion prevention engine

Memory

In some cases, the firewall would unexpectedly freeze while processing errors due to memory shortage. This issue has been fixed.

Web administration interface

QoS

Support reference 85458

The list of prohibited characters in QoS queue names is now the same as the list in the section Allowed or prohibited names in the SNS user guide.