New features and enhancements in SNS 4.3.35 LTSB
IPsec VPN
Support reference 85633
Firewalls can now be forced to remain in responder mode throughout the IPsec VPN tunnel's lifetime, by using the token reauth=2
in the CLI/Serverd commands CONFIG IPSEC PEER NEW
and CONFIG IPSEC PEER UPDATE
.
More information on the commands
CONFIG IPSEC PEER NEW
and CONFIG IPSEC PEER UPDATE
.
Detection of obsolete hash algorithms
When certificates are signed with an obsolete hash algorithm (SHA1 and MD5), or signed by a CA that has been signed with an obsolete hash algorithm, they will now be flagged:
-
By a warning message in the dashboard,
-
By an alert in the certificate in Configuration > Objects > Certificates and PKI.