SNS 4.3.8 bug fixes
System
SSL VPN
Support reference 83972
SSL VPN tunnels no longer fail to set up during the TLS negotiation phase when the authentication of the Stormshield SSL VPN client required too much time (e.g., in two-factor authentication).
Router and link monitoring - Logs
Support reference 84125
An anomaly in tracking the changing statuses of routers and links would cause a “Remote host unreachable” log to be written in the system log file every minute. This anomaly has been fixed.
High availability
Support reference 84100
In a high availability configuration, when a link is lost on the active node of the cluster, the switch from the active to passive node now takes place faster. This allows the passive node to switch more quickly to an active state, therefore minimizing interruption to network traffic.
Refreshing IP addresses of FQDN objects
The IP addresses of FQDN objects are now correctly refreshed in the filter policy. This regression appeared in SNS version 4.3.6.
Viewing URL and SSL filtering groups
The help in the CLI/SSH command tproxyd command no longer wrongly indicates the possibility of viewing information about URL and SSL filtering groups. Ever since SNS version 4.1, such information is returned with the command urlctl -g.
The CLI/SSH command sysinfo displays information about URL and SSL filtering groups once again, as it now refers to the urlctl -g command to retrieve it. This regression appeared in SNS version 4.1.
Regular CRL retrieval
Support reference 84431
When the command PKI CONFIG UPDATE is used, an incorrect value (such as Any) can no longer be entered in the checkcrlbindaddr argument.
Intrusion prevention
Command displaying QoS rules in the console
Several anomalies have been fixed in the system command that displays rules relating to QoS (sfctl -s qos command):
- Filter rules regarding ICMP and which use a QoS queue with a Connection threshold (Action > Quality of service tab) no longer wrongly display the UDP threshold,
- Filter rules that use a QoS queue without a Connection threshold are now displayed.