SNS 4.3.16 LTSB bug fixes

System

High availability (HA)

Support reference 84843

A connection synchronization in HA (bulk update) would occasionally repeat itself indefinitely when it exceeded 5 seconds. This anomaly has been fixed.

High availability (HA) with a backup link

Support reference 84458

In a HA configuration with a main and backup link, whenever the main link was down and became operational again, in some cases, the cluster would continue to use the backup link. This anomaly has been fixed.

System monitoring – CPU load

Support reference 66123

Anomalies in the CPU consumption mechanism have been fixed to prevent unrealistic values from being reported.

Firewall updates through a dialup default gateway

Support references 80557 - 84626 - 84768

During attempts to update firewalls connected to a PPPoE modem (dialup), an issue with the order in which services were shut down during the firewall's restart phase would occasionally prevent the firewall from being updated. This issue has been fixed.

GRE interfaces

Support reference 84625

In configurations that use GRE interfaces when non-IP packets are present, memory leak issues would sometimes cause some services to shut down unexpectedly, which would then require the firewall to be restarted. This issue has been fixed.

Proxies

Support references 84517 - 84824 - 84826 - 84868 - 84877 - 84879

The analysis of a self-signed certificate without a Subject field in traffic that matches an SSL decryption rule will no longer cause the proxy to hang.

Support reference 84909

The presence of the HTTP cache option in a filter rule set up in a version earlier than SNS 4.3.0 no longer prevents the proxy from starting after a firewall update.

Support reference 84991

In a configuration combining sandboxing and advanced antivirus, the management of temporary files generated for analyzes could cause the affected partition to fill abnormally and significantly degrade proxy performance (slower web access). This anomaly has been fixed.

SSL VPN portal

As the signature of the Java applet used for the SSL VPN portal is close to expiry, users will see a warning message after the signature expires. This applet's signature has been renewed and the applet will be automatically updated when the firewall is updated to SNS version 4.3.16.

Intrusion prevention engine

QoS - SN160(W) model firewalls

Support reference 84937

An anomaly in the management of QoS on SN160(W) firewall models, which occasionally caused the firewall to freeze, has been fixed.

HTTP protocol

Support reference 82824

Following a PUT or POST request sent by the client, and when the HTTP server sends back a response other than the message "100 Continue", the HTTP protocol analysis engine no longer raises the block alarm "Additional data at end of reply" (http:150) by mistake.

GRE tunnels

Support reference 75479

During advanced troubleshooting, packets captured via tcpdump over GRE interfaces were malformed. This issue has been fixed.

Web administration interface

Interfaces - High availability (HA)

Support reference 84863

HA-dedicated interfaces can no longer be edited from the firewall’s web administration interface. This operation, which was allowed by mistake, prevented HA from operating.

High availability (HA) - TPM initialization

Support reference 84530

In HA configurations, initializing the TPM on the active firewall from the web administration interface now correctly launches the initialization of the TPM on the passive firewall.