SNS 4.2.5 bug fixes



Support reference 82714

Issues regarding the interruption of IPsec tunnel negotiation or the sudden shutdown of the IPsec tunnel manager have been resolved after updating the tunnel manager and an idle timeout was defined for it. These issues also generated "ignoring IKE SA setup: job load of XXX exceeds limit of YY" entries in IPsec VPN logs.

CRL verification

Support reference 82370

Whenever a CRL contained an object identified by a fully qualified domain name (FQDN), the DNS resolution of this FQDN would function correctly again when the firewall verified the CRL. This regression appeared in SNS version 4.2.1.

SNMP Agent

Support reference 81710

The mechanism that manages the SNMP alarm table has been enhanced to stop OIDs from being duplicated, as this prevented some alarms from being raised.

Support reference 81710

A memory leak issue on SNMP agent has been fixed.

Network link aggregation

Support reference 82211

In configurations that use network link aggregation, if a link was lost in an aggregate, a switch could not be made before a 3-second wait, thereby disrupting traffic for 3 seconds. This issue has been fixed.

Monitoring power supply - SN1100 model firewalls

Power supply could not be monitored on SN1100 model firewalls. This issue has been fixed.


Renewing a DHCP lease

Support references 82238 - 82359

When a UNICAST packet originating from port 67 and going to port 68 attempted to pass through the firewall (especially during a DHCP lease renewal), the firewall would occasionally freeze and fail to transmit the packet if the packet’s source and outgoing interface are not part of a bridge.

This issue can now be fixed by changing the value of the UseAutoFastRoute parameter to Off with the following CLI/Serverd command:


Find out more