Action required: Apply the fix for SNS firewall disks.
Please follow the procedure described in the How to update my SSD Firmware - Stormshield Knowledge Base article (authentication required).
Version 4.3.7 bug fixes
Support reference 70868
When in a cluster:
- Each member has a unique link aggregate connected to the same network switch,
- This aggregate is used as the first interface in a bridge,
- The option Enable link aggregation when the firewall is passive is enabled,
So when a switch occurs, the MAC address of the bridge is no longer imposed, to the detriment of the aggregate’s MAC address on the new active member.
Link aggregation without IP address
Support reference 83524
When a configuration in SNS version 3.x, which contains a link aggregate without an IP address (inactive aggregate) was migrated to an SNS 4.x version, it wrongly attempted to activate this aggregate, therefore triggering the system error "AggX error: The interface is active but does not have an IP address". This issue has been fixed and the aggregate remains disabled after the migration.
Importing objects via a CSV file
Support reference 84224
Additional controls have been implemented to avoid importing objects via a CSV file that may contain characters that do not conform to the UTF-8 standard (includes comments in objects).
Filter - NAT
Support reference 82567
In some cases, the TCP (c/s) connection threshold set in the Quality of Service (QoS) settings in a filter rule were not applied. This issue has been fixed.
As SNS firewalls in factory configuration are in stealth mode by default, disabling stealth mode no longer wrongly raises the alarm “Invalid ICMP message" (alarm icmp:67) when the destination cannot be reached.
Web administration interface
Removing an IPsec encryption profile
During an attempt to remove a local IPsec encryption profile, a window appears to confirm the operation: pressing Esc no longer confirms the removal by mistake but cancels it as requested.