SNS 4.3.7 bug fixes

System

High availability

Support reference 70868

When in a cluster:

• Each member has a unique link aggregate connected to the same network switch,
• This aggregate is used as the first interface in a bridge,
• The option Enable link aggregation when the firewall is passive is enabled,

So when a switch occurs, the MAC address of the bridge is no longer imposed, to the detriment of the aggregate’s MAC address on the new active member.

Link aggregation without IP address

Support reference 83524

When a configuration in SNS version 3.x, which contains a link aggregate without an IP address (inactive aggregate) was migrated to an SNS 4.x version, it wrongly attempted to activate this aggregate, therefore triggering the system error "AggX error: The interface is active but does not have an IP address". This issue has been fixed and the aggregate remains disabled after the migration.

Importing objects via a CSV file

Support reference 84224

Additional controls have been implemented to avoid importing objects via a CSV file that may contain characters that do not conform to the UTF-8 standard (includes comments in objects).

Filter - NAT

Support reference 82567

In some cases, the TCP (c/s) connection threshold set in the Quality of Service (QoS) settings in a filter rule were not applied. This issue has been fixed.

Intrusion prevention

ICMP

As SNS firewalls in factory configuration are in stealth mode by default, disabling stealth mode no longer wrongly raises the alarm “Invalid ICMP message" (alarm icmp:67) when the destination cannot be reached.

Web administration interface

Removing an IPsec encryption profile

During an attempt to remove a local IPsec encryption profile, a window appears to confirm the operation: pressing Esc no longer confirms the removal by mistake but cancels it as requested.