New features and enhancements in SNS version 5.0.3 EA

Virtual IPsec interfaces (VTI)

In IPsec policies that are based on virtual IPsec interfaces, with any of the incorrect configurations listed below, a warning message now appears prompting the administrator to edit the configuration:

• Traffic selectors are networks instead of IP addresses,
• Remote and local traffic selectors are not in the same IP sub-network,
• Identical virtual interfaces are used in several rules in the filter policy.

Sandboxing

Support reference 86046

To prevent the saturation of processing queues, the firewall no longer sends the sandboxing infrastructure any e-mails without attachments, or any attachments in a format that is not supported by the sandboxing service.

Monitoring

Support references 85911 - 85935

Messages indicating that a physical component has recovered an "operational" status ("CPU health status recovered" messages) are no longer wrongly generated when the previous status of the component was "minor" and not "critical".

IPsec VPN - Certificates

Support reference 85930

In order to comply with the prescription "Other methods of generating unique numbers are also acceptable" in RFC 5280, SNS firewalls are now able to verify locally retrieved CRLs for certificates that are generated with SubjectKeyIdentifier and AuthorityKeyIdentifier.