New features and enhancements in SNS version 4.3.41 LTSB

IPsec VPN - Certificates

Support reference 85930

In order to comply with the prescription "Other methods of generating unique numbers are also acceptable" in RFC 5280, SNS firewalls are now able to verify locally retrieved CRLs for certificates that are generated with SubjectKeyIdentifier and AuthorityKeyIdentifier.

IPsec DR - OCSP

In an IPsec DR context, and in line with RFC 4806, peers can now validate the certificate of the remote gateway that is presented when the IKEv2 tunnel is being set up, but without exposing the OCSP server.

This configuration is possible only by using the CLI/Serverd command set: CONFIG IPSEC OCSP.

More information on the CONFIG IPSEC OCSP commands.

CLI/Serverd command - SYSTEM PROPERTY

The CLI/Serverd command SYSTEM PROPERTY now provides the BIOS version with the BIOSVersion configuration token.

SNMP - STORMSHIELD-ALARM-MIB

The OID (Object Identifier).1.3.6.1.4.1.11256.1.19.1.1.13 in the MIB STORMSHIELD-ALARM-MIB now makes it possible to find out the priority of a protocol, ICMP or system alarm:

• Value of 1 for a major alarm,
• Value of 4 for a minor alarm.

SCTP protocol

Support reference 86135

SCTP logs, similarly to TCP and UDP logs, now contain the names and numbers of source and destination ports.