New features and enhancements in SNS 4.7.2 EA

Server certificate retrieval mechanism

Support reference 84671

The maximum waiting time for a response to a server certificate retrieval request has been reduced, and can now be configured on each SSL protocol inspection profile. The value of the waiting time can be anywhere between 1 and 10 seconds, and is set to 2 seconds by default.

Do note that this configuration can only be changed and enabled with the following CLI/serverd commands:

CONFIG PROTOCOL SSL PROFILE IPS CONFIG TLSServerCertTimeout=[1-10] index=[0-9]
CONFIG PROTOCOL SSL ACTIVATE

More information on the CONFIG PROTOCOL SSL IPS CONFIG command.

IPsec VPN - Diffusion Restreinte (DR) mode

On firewalls configured in DR mode, ESP traffic encapsulation can now be enabled/disabled in UDP for individual peers. To keep the firewall operating in DR mode during its update to SNS version 4.7.2 and higher, encapsulation is enabled by default.

Sandboxing

The classification of files without extensions and specific MIME types has changed. Such files are no longer systematically analyzed to optimize sandboxing on all other file types.

SD-WAN

Support reference 85253

For SD-WAN configurations that use SLA thresholds and in which the main gateways of a router object present very close SLA scores, the time to wait before changing gateways has been reduced (from a maximum of 25 to 9 seconds).

Support reference 83962

In the routing statistics log file, the value of the last latency measurement made until the present moment has been replaced with:

• Average latency,
• Minimum latency,
• Maximum latency.

This data is calculated over the moving window period in which measurements are saved (15 minutes by default).

More information on:

• Firewall log files,
• SD-WAN SLA thresholds.