New features and enhancements in SNS 4.3.15

Advanced antivirus - New antivirus engine

The advanced antivirus solution, which is accessible as an option on SNS firewalls, is now based on the Bitdefender antivirus engine.

The new antivirus database may take several minutes to download in the following cases:

  • When updating a firewall that uses the advanced antivirus to version SNS 4.3.15,
  • When switching from ClamAV to the advanced antivirus on a firewall in SNS version 4.3.15,
  • When a passive firewall switches to active mode after a software update of a firewall cluster using the advanced antivirus in SNS version 4.3.15.

During this interval, the antivirus analysis will fail, and depending on the configuration of the SNS firewall, traffic may be blocked.

If the firewall is updated to a previous version, it will no longer have an antivirus engine. While the operation required to recover the former antivirus engine exists, it is not supported. You can perform it by following the procedure described in the article After a downgrade from a version using Bitdefender, I cannot enable Kaspersky (authentication required).

Quality of Service (QoS) - Filtering

QoS bypass queues can now be selected for filter rules in security policies.

Quality of Service (QoS) - Traffic shapers

Configuration parameters for traffic shapers have been improved for the application of QoS. Incoming and outgoing throughput can now be configured separately for each interface. Class-based queuing can therefore be set up in LAN/WAN/DMZ and multiple WAN architectures.

SN-M-Series-720 and SN-M-Series-920 firewall support

SNS version 4.3.15 is the first SNS 4.3 version that builds in support for SN-M-Series-720 and SN-M-Series-920 firewalls.

Find out more about SN-M-Series firewalls

Authentication - RADIUS

Support reference 84645

The argument BindMethodExternal was added to the CLI/Serverd command CONFIG AUTH ADVANCED, making it possible to specify which interface on the firewall must be used for sending RADIUS requests.
This configuration can be built by using the CLI/Serverd command sequence:

CONFIG AUTH ADVANCED BindMethodExternal=<interface>
CONFIG AUTH ACTIVATE