SNS version 4.8.5 bug fixes

System

SSL VPN

Users can once again set up their VPN tunnels by authenticating with external services (push mode) when the HostChecking function is enabled. This regression appeared in SNS version 4.8.3.

High availability (HA)

Support reference 85551

The passive firewall no longer attempts to launch CRL retrieval tasks. This is because the active firewall regularly performs this task, and CRLs that are retrieved in this way are immediately synchronized with the passive firewall.

Monitoring Certificate Revocation List (CRL) validity dates

Support reference 85624

The mechanism that monitors CRL validity dates no longer raises minor alerts for CRLs with an initial lifetime that is shorter than 24 hours. Such alarms used to be raised every 3 hours.

Web services

Support reference 85853

When a web service group already contains a web service, using the search bar to add a new web service now no longer deletes the existing web service. This regression appeared in SNS version 4.8.0.

Command-based configuration server (serverd)

Support reference 84546/84672

When Logs - Audit logs modules are opened, the command-based configuration server (serverd) would sometimes unexpectedly close. This issue has been fixed.

Alarms

Support reference 85900

Alarms indicating the recovery of certain health indicators were systematically generated whenever the firewall started, even in the absence of any anomalies. This regression, which first appeared in SNS version 4.8.4, has been fixed.

Backup

On firewalls that are equipped with a TPM, the wording of the error message that appears when the wrong TPM password is entered during a backup has been changed for better clarity.

Intrusion prevention engine

BIRD dynamic routing

Support reference 84579

Only the routes that BIRD sends to the kernel are now retrieved in the table of protected network addresses.

Web administration interface

IPsec VPN

In Monitoring > Monitoring > IPSec VPN tunnels, the values of the Status and Role fields in the Security association section are now correctly translated.

TCP-UDP protocol

In Configuration > Application protection > Protocols > TCP-UDP, the Support section is now correctly translated.

Return routes

Support reference 858111

In Configuration > Network > Routing > IPv4/IPv6 return routes, USB/Ethernet (4G modem) interfaces can no longer be selected in the Interface field of the return route.

Administrator

Support reference 85474

The Domain name field can now be left empty, or none can be entered as a value when creating or changing an administrator.

Time object

Support reference 85805

When a custom time object is created, edited or used, it no longer raises an error. This regression appeared in SNS version 4.8.0.