SNS 4.2.7 bug fixes

System

IPsec VPN

Support reference 82645

In IPsec configurations that use groups containing address ranges, mounted tunnels could be interrupted when such groups were modified, generating TS_UNACCEPTABLE errors as a result. This issue has been fixed.

Support reference 83354

Whenever an IPsec policy contained one or several bypass rules (in which the peer is None and the rule was created to exclude the following rules from the encryption policy), these bypass rules were not applied to networks defined by static routes.
This issue was fixed with the addition of an IPsec bypass option in the step during which the static route is defined.

4G USB key

Support reference 82757

Huawei E3372h-320 4G USB keys are now supported, so they no longer cause the host firewall to unexpectedly restart.

Authentication by SSL certificate with TLS v1.3

Support reference 82759

SSL certificate-based authentication would no longer work whenever the firewall used TLS v1.3. This issue has been fixed on the firewall after support for post-handshake authentication was enabled. Do note that the web browser used must also allow post-handshake authentication for the method to work.

Captive portal - External LDAP directory

Support reference 82686

Whenever a user referenced in an external LDAP directory connects to the captive portal, the system event “LDAP unreachable” (event 19) is no longer raised. This regression appeared in SNS version 4.1.4.

Firewalls with TPMs (SNi20, SN3100) connected to an SMC server

Support references 83380 - 83579

Configurations deployed from SMC to an SNi20 or SN3100 model firewall on which the TPM was initialized would sometimes not succeed, and remain stuck in the step of creating the configuration backup. This issue has been fixed.