SNS 4.7.7 bug fixes

System

IPsec VPN

Support references 84983 - 85253 - 85452

In addition to the fix implemented in version 4.7.1 EA for IPsec VPN, the mechanism that reloads rules in the IPsec VPN policy has been patched, and the firewall's routing engine no longer shuts down unexpectedly when some configurations remain unchanged.

Dynamic objects

Support reference 85397

Enhancements have been made to prevent the proxy from reloading systematically when dynamic objects (FQDNs or hosts) are used in a filter or address translation mechanism on the SNS firewall, as this would slow down connections.

System backup mechanism on the backup partition

Support reference 85390

The system backup mechanism on the backup partition (dumproot) has been enhanced. When a backup is abruptly stopped, the main partition is no longer corrupted, and the firewall no longer restarts for an indefinite number of times. Only the backup partition remains damaged, and a new backup has to be launched to restore the status of both partitions.

Intrusion prevention engine

Connection management

Support reference 85370

An issue in the way connections are managed by the intrusion prevention engine, which could cause the firewall to restart unexpectedly, has been fixed.

Maximum size of COTP packets

Support reference 85353

The maximum value of COTP packets is now 65535 bytes. The previous maximum value was 4096 bytes, and could wrongly raise the block alarm Possible attack on capacity (ip:91).

Web administration interface

Application protection - HTTP protocol

Support reference 85588

The Apply the NAT rule on scanned traffic option is now available again in the HTTP protocol analysis global configuration. This regression appeared in SNS version 4.7.1.