SNS 4.2.5 bug fixes
System
IPsec VPN
Support reference 82714
Issues regarding the interruption of IPsec tunnel negotiation or the sudden shutdown of the IPsec tunnel manager have been resolved after updating the tunnel manager and an idle timeout was defined for it. These issues also generated "ignoring IKE SA setup: job load of XXX exceeds limit of YY" entries in IPsec VPN logs.
CRL verification
Support reference 82370
Whenever a CRL contained an object identified by a fully qualified domain name (FQDN), the DNS resolution of this FQDN would function correctly again when the firewall verified the CRL. This regression appeared in SNS version 4.2.1.
SNMP Agent
Support reference 81710
The mechanism that manages the SNMP alarm table has been enhanced to stop OIDs from being duplicated, as this prevented some alarms from being raised.
Support reference 81710
A memory leak issue on SNMP agent has been fixed.
Network link aggregation
Support reference 82211
In configurations that use network link aggregation, if a link was lost in an aggregate, a switch could not be made before a 3-second wait, thereby disrupting traffic for 3 seconds. This issue has been fixed.
Monitoring power supply - SN1100 model firewalls
Power supply could not be monitored on SN1100 model firewalls. This issue has been fixed.
Network
Renewing a DHCP lease
Support references 82238 - 82359
When a UNICAST packet originating from port 67 and going to port 68 attempted to pass through the firewall (especially during a DHCP lease renewal), the firewall would occasionally freeze and fail to transmit the packet if the packet’s source and outgoing interface are not part of a bridge.
This issue can now be fixed by changing the value of the UseAutoFastRoute parameter to Off with the following CLI/Serverd command:
CONFIG PROTOCOL TCPUDP COMMON IPS CONNECTION UseAutoFastRoute=<On|Off>