SNS version 4.8.14 LTSB bug fixes

System

Maintenance - Active Update

Support reference 85852

The Active Update menu is now correctly displayed even when all its automatic update mechanisms have been disabled.

SNMP agent

Support reference 86131

The SNMP agent no longer wrongly returns a notification that the firewall is reinitializing (coldStart) when the firewall's SNMP daemon is simply restarting.

Firewall authentication pages

Support reference 85854

The 'frame-ancestors' CSP directive on the firewall's authentication web pages was incorrect, and has been fixed.

RADIUS authentication

Support reference 84385 - 85474

When a client from a group that is assigned by vendor-specific attributes (VSA) attempts to authenticate through RADIUS, the authentication attempt no longer fails, and no longer causes the firewall's authentication management system to unexpectedly shut down.

Authentication - Internal LDAP directory

Support reference 86096

The presence of square brackets "[" or "]" in the configuration of an internal LDAP directory, for example in a password, no longer prevents the directory from loading.

High availability (HA) - Reports

Support references 85511 - 85844

HA synchronization has been modified to no longer raise errors when the partition that contains reports is more than 50% full.

Dynamic multicast routing

Support reference 85819

The minimum value of the TTL (Time To Live) parameter of an interface that is involved in dynamic multicast routing was wrong, and has been fixed. This value is now set to 1.

Support reference 86180

In a configuration that uses an IXL network interface aggregate, when the firewall restarts or the aggregate switches from inactive to active, multicast packets passing through this aggregate will no longer be wrongly blocked.

Intrusion prevention engine

Multiple Spanning Tree Protocol (MSTP)

Support reference 86087

In configurations that use link aggregates (LACP) and MSTP, reloading the filter policy would wrongly generate the system event "STP topology change". This issue has been fixed.

Support reference 86087

Previously, when the MSTP configuration was edited, it would cause a succession of "STP topology change" system events, most of which were false positives. This issue has been fixed, to raise only legitimate system events.

Web administration interface

Web service groups

Support reference 86248

A warning message now appears to indicate that if web service groups created through the CLI command module are not immediately visible in the web administration interface, you need to log out and log back in to the firewall in order to see them.

Audit logs

Support reference 85622

The action Go to the corresponding security rule, which can be accessed by right-clicking on a log line, now functions properly when the name of the filter rule exceeds 35 characters.

Filter - NAT

Support references 86070 - 86193

Enhancements have been made to the filter policy consistency checker to shorten the time it takes to reload the policy, and for the policy to appear in the web administration interface when it contains too many network objects. This also prevents users from being unexpectedly logged out of the administration interface.