New features and enhancements in SNS 4.8.4

Certificates and PKI

In Objects > Certificates and PKI, the Hashes section has been renamed Details, and three new fields have been added: Key type, Key size and Extended Key Usage.

Firewalls now check whether the certificate associated with a CRL is indeed authorized to sign CRLs (presence of the "crlSign” keyUsage value).

Filter - NAT

When a filter rule in the Filter - NAT module is edited, an information icon appears in the Action tab of the editing window, warning the user that a log level other than the standard level may cause log saturation.

Sandboxing

Support reference 85532

Enhancements have been applied to reduce the number of files sent for sandboxing, and to limit the risk of overcrowding the waiting lsit.

Encryption

Enhancements have been applied to the cryptographic function verification binary file (cryptotest). When this utility is run in verbose mode, it now includes a verification of the TPM, if the firewall has one. In the resulting verbose file, the utility shows the name of the user who launched the verification.

Several error messages have also been reworded for clarity.

Monitoring

SNMP alerts (traps) are now generated whenever the following health indicators return to normal operating conditions:

• Fan status,
• Temperatures of processors and their percentage of use,
• Memory consumption,
• Disk status,
• R.A.I.D status,
• Certificate status,
• CRL status,
• TPM status,
• Password status.