New features and enhancements in SNS 4.3.35 LTSB

IPsec VPN

Support reference 85633

Firewalls can now be forced to remain in responder mode throughout the IPsec VPN tunnel's lifetime, by using the token reauth=2 in the CLI/Serverd commands CONFIG IPSEC PEER NEW and CONFIG IPSEC PEER UPDATE.

More information on the commands CONFIG IPSEC PEER NEW and CONFIG IPSEC PEER UPDATE.

Detection of obsolete hash algorithms

When certificates are signed with an obsolete hash algorithm (SHA1 and MD5), or signed by a CA that has been signed with an obsolete hash algorithm, they will now be flagged:

  • By a warning message in the dashboard,

  • By an alert in the certificate in Configuration > Objects > Certificates and PKI.