SNS 4.3.11 bug fixes
High availability - IPsec VPN
Support references 84273 - 84460
An issue regarding the synchronization of Security Associations (SA) during a switch in a cluster, which could cause IPsec VPN tunnels to malfunction, has been fixed.
High availability (HA) - Synchronization
Support reference 84340
The HA synchronization mechanism no longer causes errors when it does not detect the file relating to the backtracking mechanism for configurations deployed via SMC.
The keepalive function on IPsec VPN tunnels in IPv6 has been removed to improve the stability of IPsec tunnels.
IPsec VPN through a dialup default gateway
Support reference 84631
When the default gateway is based on a PPPoE modem (dialup connection), IPsec tunnels set up through this default gateway now recover correctly after the dialup connection goes down temporarily and recovers.
Log management mechanism
Support references 84605 - 84577
Issues regarding memory leaks in the log management mechanism, which could cause it to shut down unexpectedly, have been fixed.
DMA remapping (DMAR) on SN1100 firewalls
The DMAR mechanism was optimized to improve performance and allow core dump files to be obtained for the purpose of analysis when issues arise on the firewall.
Static routing - IPsec VPN
Support reference 84507
When filter rules are reloaded after a static route used by an IPsec tunnel is changed, the firewall's static route engine no longer runs the risk of shutting down unexpectedly.
Bird dynamic routing
Support reference 84337
Networks declared in Bird dynamic routing are once again classified correctly as protected networks in the intrusion prevention engine, and no longer wrongly raise an alarm regarding an IP spoofing attempt. This regression appeared in SNS version 4.3.
Restoration of the SNS firewall configuration or configuration deployment via SMC
Support reference 84630
An issue preventing configurations from being restored on the SNS firewall or new configurations from being deployed on the SNS firewall via the SMC server has been fixed. This issue generated the error "Unable to move restored files to their final location".
8-port RJ45 module
Support reference 82270
When an unexpected freeze on the 8-port RJ45 network module is detected, the firewall will be automatically restarted to allow this module to reconnect to the network.
Web administration interface
HTML tags in log messages
Support reference 84494
When the web administration interface detects HTML tags in error messages associated with certain log entries, it no longer wrongly displays the error message "XSS protection: HTML tag found in following commands".
Certificates and PKI
Support reference 84470
Attempts to generate the CRL of a sub-certification authority no longer wrongly require the root certification authority's private key and no longer causes a system error.
Certificates and PKI - CRL distribution points (CRLDP)
Support reference 84618
When CRDLPs were added (Objects > Certificates and PKI > Certificate profiles tab of the selected CA) the option to Enable regular retrieval of certificate revocation lists (CRL) was no longer offered. This anomaly, which could prevent certificate-based IPsec tunnels from being set up, has been fixed.