New features and enhancements in SNS 4.3.24 LTSB

Extended Web Control (EWC) URL classification

The Extended Web Control URL classification now uses the Bitdefender URL database.

To set up a URL/SSL filter policy, you are advised to operate in blacklist mode, i.e., explicitly place the URL categories to be prohibited in URL/SSL filter rules with a block action. These rules must then be placed above the rule that allows all the other categories

While updating a firewall, which uses a whitelisted URL/SSL filter policy, to SNS version 4.3.24 LTSB or higher (filter rules explicitly allow some categories and are placed above the rule that blocks all other categories), we strongly recommend adding a rule that allows the URL categories misc (miscellaneous), unknown, computersandsoftware (software download websites) and hosting (websites hosting) to avoid affecting user experience. This rule must be placed above the rule that blocks all the other categories.

For more information on the migration of URL/SSL filter policies when the firewall is updated to SNS version 4.3.24 LTSB or higher, please refer to the Technical Note Migrating a security policy to the new EWC URL database.

Monitoring

An information message now appears in the Monitoring module and via the CLI/Serverd command MONITOR MISC when custom settings have been implemented on the firewall (presence of customized configuration files in some firewall folders).

More information on the CLI/Serverd command MONITOR MISC.

Synchronization of the object database with DNS servers

It is now possible to indicate the source IP address of DNS requests sent for the automatic synchronization of the object database. The traffic from these queries can then be routed through a VPN tunnel. This new parameter can only be modified through the CLI/Serverd commands:

CONFIG OBJECT SYNC UPDATE bindaddr=<host>
CONFIG OBJECT SYNC ACTIVATE

To reset the configuration to the default settings, use the commands:

CONFIG OBJECT SYNC UPDATE bindaddr=
CONFIG OBJECT SYNC ACTIVATE

More information on the CLI/Serverd command CONFIG OBJECT SYNC UPDATE.