Recommendations

Before you migrate an existing configuration to version 4 of the firmware, ensure that you have:

  • Carefully read the section Known issues in the Stormshield Knowledge base (use the same login credentials as those for your MyStormshield client area),
  • Read the section Explanations on usage carefully.
  • Backed up the main partition on the backup partition and backed up the configuration

SN Real-Time Monitor

Firewalls in version 4.2 are not compatible with monitoring via SN Real-Time Monitor.

IPSec VPN

Version 4.2 of the firmware no longer supports the following algorithms:

  • Blowfish,
  • DES,
  • CAST128,
  • MD5,
  • HMAC_MD5,
  • NON_AUTH,
  • NULL_ENC.

If the IPSec policy of a firewall that must be updated to version 4.2 uses any of these algorithms, they must be replaced in the firewall's IPSec configuration before performing the update.

PROFINET RT protocol

Support reference 70045

The network controller used on SNi40, SN2000, SN3000, SN6000, SN510, SN710, SN910, SN2100, SN3100 and SN6100 firewalls has been upgraded and now allows VLANs with an ID value of 0. This measure is necessary for the industrial protocol PROFINET-RT.

However, IX network modules (fiber 2x10Gbps and 4x10Gbps equipped with INTEL 82599) and IXL modules (see the list of affected modules) were not upgraded and therefore cannot manage PROFINET-RT.

SN160 and SN210(W) firewall models - Bird dynamic routing

Since version 4.0.1 of the firmware based on a new version of FreeBSD, the internal name for interfaces has changed for SN160 and SN210(W) firewall models. For configurations based on these firewall models and which use Bird dynamic routing, the dynamic routing configuration must be manually changed to indicate the new network interface names.

EVA (Elastic Virtual Appliances)

You are advised to set the memory of an EVA to at least 2 GB if you use the antivirus and sandboxing features frequently.

Microsoft Internet Explorer

The use of Microsoft Internet Explorer browsers, including version 11, may adversely affect user experience. You are therefore strongly advised to use the browsers listed in the Compatibility section.

Updating a cluster with several high availability links

For clusters that implement more than one link dedicated to high availability, ensure that the main link is active before proceeding to upgrade to version 4.