SNS 4.3.8 bug fixes

System

SSL VPN

Support reference 83972

SSL VPN tunnels no longer fail to set up during the TLS negotiation phase when the authentication of the Stormshield SSL VPN client required too much time (e.g., in two-factor authentication).

Router and link monitoring - Logs

Support reference 84125

An anomaly in tracking the changing statuses of routers and links would cause a “Remote host unreachable” log to be written in the system log file every minute. This anomaly has been fixed.

High availability

Support reference 84100

In a high availability configuration, when a link is lost on the active node of the cluster, the switch from the active to passive node now takes place faster. This allows the passive node to switch more quickly to an active state, therefore minimizing interruption to network traffic.

Refreshing IP addresses of FQDN objects

The IP addresses of FQDN objects are now correctly refreshed in the filter policy. This regression appeared in SNS version 4.3.6.

Viewing URL and SSL filtering groups

The help in the CLI/SSH command tproxyd command no longer wrongly indicates the possibility of viewing information about URL and SSL filtering groups. Ever since SNS version 4.1, such information is returned with the command urlctl -g.

The CLI/SSH command sysinfo displays information about URL and SSL filtering groups once again, as it now refers to the urlctl -g command to retrieve it. This regression appeared in SNS version 4.1.

Regular CRL retrieval

Support reference 84431

When the command PKI CONFIG UPDATE is used, an incorrect value (such as Any) can no longer be entered in the checkcrlbindaddr argument.

Intrusion prevention

Command displaying QoS rules in the console

Several anomalies have been fixed in the system command that displays rules relating to QoS (sfctl -s qos command):

  • Filter rules regarding ICMP and which use a QoS queue with a Connection threshold (Action > Quality of service tab) no longer wrongly display the UDP threshold,
  • Filter rules that use a QoS queue without a Connection threshold are now displayed.