New features and enhancements in SNS 4.8.5

Zero trust network access (ZTNA) - Verifying the compliance of client workstations

In Configuration > VPN > SSL VPN > Client workstation verification (ZTNA), the option Allow tunnels to be set up for Linux or Mac Stormshield SSL VPN clients was added. If this option is selected, specific Windows criteria will not be applied to client workstations with a Linux or Mac Stormshield SSL VPN client.

Expired Certificate Revocation Lists (CRL)

Support reference 85690

A warning message now appears in the Message widget in the dashboard to warn the user when the configuration allows SSL VPN tunnels to be set up with an expired CRL.

Default NTP key type

When NTP keys are added, the default key type is now SHA256.

IPsec VPN

Support reference 85633

The IkeDeleteDelay configuration token can now be directly configured using the CLI/serverd command:

CONFIG IPSEC UPDATE

This token makes it possible to set an interval (in seconds) between a request to shut down an IKE security association and its actual shutdown during a reauthentication. The token accepts values between 0 and 20.