SNS version 4.3.32 LTSB bug fixes

System

Proxies

Support references 85568 - 85625 - 85701

Issues in the SSL proxy, which could cause traffic using the proxy to unexpectedly be blocked, have been fixed.

POP3 proxy - Antispam and/or antivirus

Support reference 81432

During the antivirus and/or antispam analysis, the POP3 proxy would wrongly detect batch e-mail processing (pipelining) and inappropriately fragment messages. This issue has been fixed.

SN160(W)/SN210(W)/SN310 model firewalls

Support reference 84495 - 84933 - 85038 - 85081 - 85213

Changes have been made to reduce the frequency of disk access to the configuration file ConfigFiles/Openvpn/openvpn, as this would cause SN160(W)/SN210(W)/SN310 model firewalls to unexpectedly restart.

Certificates and PKI - TPM

Support reference 85431

When a certificate that was initially protected by the TPM was renewed via EST or SCEP, the TPM protection would not be maintained. It will now be automatically applied after the renewal operation.

High availability (HA) - CRL

Support reference 85558

CRLs that originate from global CAs are now synchronized every 60 minutes between the active and passive firewalls.

Support reference 85553

CRLs that are retrieved by the active firewall are now immediately synchronized with the passive firewall. Previously, these synchronizations occurred only every 60 minutes. As such, if a switch occurred in the cluster during this time frame, the new active firewall would not necessarily know all the CRLs, and could then prevent IPsec tunnels from being set up, for example.

IPsec VPN

Support reference 85676

High availability configurations that handle a heavy volume of traffic now have better stability. This prevents the IPsec tunnel manager from shutting down unexpectedly.

Support reference 85721

After deploying via SMC an IPsec configuration that:

  • Uses virtual interfaces (VTIs),
  • Has a peer defined in Do not initiate the tunnel (ResponderOnly) mode.

Attempts to set up the tunnel will no longer cause the firewall to unexpectedly freeze.

ANSSI Diffusion Restreinte (DR) mode

Support reference 85818

DR mode can once again be enabled by selecting Enable Diffusion Restreinte (DR) 2021 version compliance mode. This regression appeared in SNS version 4.3.30.

Imported certification authority

Support reference 85740

CRLs from imported certification authorities can now be deleted.

Audit logs

Support reference 85563

When the firewall is restarted within five minutes after a filter is created in Logs - Audit logs > All logs, the filter will no longer be deleted.

BIRD dynamic routing - OSPF

Support reference 85271

When the OSPF protocol is used in dynamic routing, the size of the socket buffer has been increased to stop packet loss.

Virtual interfaces

Support reference 85669

In GRE tunnels, whenever the size of a packet exceeded the MTU, the ICMP response packet would not indicate the right MTU value. This issue has been fixed.

Filter - NAT

Support reference 68445 - 70036 - 85660

Filter rules are now fully exported to CSV files, and can then be correctly imported onto an SMC server.

Wi-Fi interfaces

Support reference 84615

The network configuration manager no longer shuts down unexpectedly during startup when the Wi-Fi interface has the country code for Jamaica.

CLI/serverd commands

Support reference 85797

When the CLI/serverd SYSTEM UPDATE UPLOAD command was used without arguments, serverd would shut down unexpectedly, and log the user out of the console. This issue has been fixed.

Intrusion prevention engine

Memory

In some cases, the firewall would unexpectedly freeze while processing errors due to memory shortage. This issue has been fixed.

Web administration interface

QoS

Support reference 85458

The list of prohibited characters in QoS queue names is now the same as the list in the section Allowed or prohibited names in the SNS user guide.