IMPORTANT
Action requise : Appliquez le correctif pour les disques SSD des firewalls SNS.
Merci de suivre la procédure détaillée dans l’article How to update my SSD Firmware - Stormshield Knowledge Base (authentification nécessaire).
Changelog of serverd commands between SNS v4.1 and SNS v4.2
Removed commands
Commands replaced by another one
CONFIG CONSOLE SSH
- Replaced by: CONFIG SSH UPDATE
CONFIG CONSOLE GETHOSTKEY
- Replaced by: CONFIG SSH GETHOSTKEY
CONFIG CONSOLE GETKEY
- Replaced by: CONFIG SSH GETKEY
CONFIG IPSEC PROFILE PHASE1 ADDPROP
- Replaced by: CONFIG IPSEC PROFILE PHASE1 PROPOSALS ADD
CONFIG IPSEC PROFILE PHASE1 REMOVEPROP
- Replaced by: CONFIG IPSEC PROFILE PHASE1 PROPOSALS REMOVE
CONFIG IPSEC PROFILE PHASE1 MOVEPROP
- Replaced by: CONFIG IPSEC PROFILE PHASE1 PROPOSALS MOVE
Commands with the same name that change behavior
MONITOR GETSA
- Before:
101 begin
src=10.2.0.1 dst=10.2.0.2 type="esp" mode="tunnel" spi=6599678 peerspi=106673664 reqid=16385 enc="rijndael-cbc" auth="hmac-sha1" state="mature" lifetime=465 bytes=101552 maxlifetime=600 maxbytes=0
- After:
101 begin
rulename="ba6c3194672da4df9590d7ff827384b4" ikerulename="Site_fw_vm_2" src=192.168.10.1 srcname=Firewall_in dst=192.168.11.1 dstname=fw_vm_2 type="esp" mode="tunnel" encap=0 esn=0 reqid=1 spiout=3439867777 spiin=3485712767 enc=AES_CBC/256 auth=HMAC_SHA2_256_128 state=INSTALLED bytesin=0 bytesout=864 packetsin=0 packetsout=8 lifetime=134 maxlifetime=3601
MONITOR GETSPD
- Before:
101 begin
src=127.0.0.0 srcmask=8 srcname=Network_loopback dst=127.0.0.0 dstmask=8 dstname=Network_loopback dir=in policy=none spid=13 seq=3 pid=56555
- After:
101 begin
rulename="Site_fw_vm_2" src=192.168.74.4 srcmask=32 srcname=vm_base
dst=0.0.0.0 dstmask=0 dstname=any srcgw=192.168.10.1 srcgwname=Firewall_in dstgw=192.168.11.1 dstgwname=fw_vm_2 localid="lid" peerid="pid" ike=2 enc="esp" policy="TUNNEL" maxlifetime=2880
Commands with new mandatory parameters
Commands with new optional parameters
CONFIG WEBADMIN IDLE
- ServerTimeout <60-3600> (no default value)
- ClientMaxTimeout <0-3600> (no default value)
CONFIG IPSEC PROFILE PHASE1 LIST
- useclone (default: off)
CONFIG IPSEC PROFILE PHASE1 SHOW
- useclone (default: off)
CONFIG IPSEC PROFILE PHASE2 LIST
- useclone (default: off)
CONFIG IPSEC PROFILE PHASE2 SHOW
- useclone (default: off)
CONFIG IPSEC POLICY GATEWAY ADD
- rulename
- tfc
CONFIG IPSEC POLICY GATEWAY UPDATE
- tfc
CONFIG IPSEC POLICY MOBILE ADD
- rulename
- tfc
CONFIG IPSEC POLICY MOBILE UPDATE
- tfc
PKI EST QUERY
- force (on|off)
PKI SCEP QUERY
- force (on|off)