New features and enhancements in SNS 4.3.23 LTSB

Server certificate retrieval mechanism

Support reference 84671

The maximum waiting time for a response to a server certificate retrieval request has been reduced, and can now be configured on each SSL protocol inspection profile. The value of the waiting time can be anywhere between 1 and 10 seconds, and is set to 2 seconds by default.

Do note that this configuration can only be changed and enabled with the following CLI/serverd commands:

CONFIG PROTOCOL SSL PROFILE IPS CONFIG TLSServerCertTimeout=[1-10] index=[0-9]

For more information on the syntax of these commands, please refer to the CLI SERVERD Commands Reference Guide.

IPsec VPN - Diffusion Restreinte (DR) mode

On firewalls configured in DR mode, ESP traffic encapsulation can now be enabled/disabled in UDP for individual peers. To keep the firewall operating in DR mode during its update to SNS version 4.3.23 LTSB and higher, encapsulation is enabled by default.


The classification of files without extensions and specific MIME types has changed. Such files are no longer systematically analyzed to optimize sandboxing on all other file types.


For SD-WAN configurations that use SLA thresholds and in which the main gateways of a router object present very close SLA scores, the time to wait before changing gateways has been reduced (from a maximum of 25 to 9 seconds).