New features in SNS 4.0.3

IMPORTANT

Firewalls must not be upgraded from SNS in version 3.10.x or higher to a 4.0.x version. This operation is not supported.

For further information, refer to Recommendations.

System

WebGUI file signature

A signature has been added for SNS WebGUI files to strengthen SMC communication mechanisms.

Obsolete features and algorithms

Filter - NAT - HTTP cache feature

As the use of the HTTP cache function in filter rules will be phased out in a future version of SNS, a warning message now appears to encourage administrators to modify their configurations.

This message appears under the filter grid in the Checking the policy field.

IPsec VPN - Obsolete authentication and encryption algorithms

As some algorithms are obsolete and will be phased out in a future version of SNS, a warning message now appears to encourage administrators to modify their configurations. The algorithms in question are:

  • Authentication algorithms: md5, hmac_md5 and non_auth,
  • Encryption algorithms: blowfish, des, cast128 and null_enc.

This message appears when these algorithms are used in the profiles of IPsec peers.

IPsec VPN - Backup peers

As the use of backup peers (designated as the “Backup configuration”) is obsolete and will be phased out in a future version of SNS, a warning message now appears to warn administrators and encourage them to modify their configurations. This message appears under the IPsec policy grid in the Checking the policy field.

For this configuration, use virtual IPsec interfaces instead, with router objects or dynamic routing.