SNS version 5.0.5 bug fixes

System

Proxy - Antivirus

Support reference TAC-1257

Antivirus analysis on messages that use specific headers created by some mail clients, such as Fetchmail, now function properly.

IPsec VPN

Support reference TAC-1197

The corrupted ESP packet counter has been fixed, and now shows a correct value.

Support reference TAC-582

VTIs using the system name <ipsec0> can no longer be created through the CLI console in order to prevent name conflicts.

Support reference TAC-1495

A space is no longer wrongly added at the end of the e-mail address associated with a VPN user's certificate issued by the external LDAP directory. This regression, which first appeared in SNS version 5.0.3, prevented the IPsec tunnel from being set up.

In an IPsec policy combining peers that are compatible and incompatible with DR mode, the IPsec configuration that is compatible with DR mode was not assessed, and prevented IPsec tunnels from being set up with certificate authentication from a client that is not compatible with DR mode. This issue has been fixed.

URL classification

Support reference TAC-1356

Shutting down the URL classification engine while URLs are pending classification no longer causes the unexpected disruption of connections that were set up through the proxy.

Logs

Support references TAC-1256 - TAC-1277

Memory corruption issues have been fixed to prevent the log management mechanism from unexpectedly freezing when sending telemetry data.

Active Updates

Support reference TAC-1151

Global objects found on Active Update servers no longer prevent the update mechanism from functioning properly.

Network - Interfaces

Support reference TAC-1320

A DHCP-configured interface that has been disabled no longer appears among the objects derived from the interface Firewall_interface_name, Firewall_all.

SSL VPN - RADIUS authentication

SSL VPN clients authenticating in RADIUS and TOTP modes allow blank password fields once again. This regression appeared in SNS version 5.0.0.

Monitoring

Support reference TAC-1399

The Monitoring module now shows expiry alerts for certificates, CAs and CRLs when they were deployed through SMC.

Support reference TAC-1501

Monitoring on the second power supply module is now operational once again on SN-M-Series firewalls. This regression appeared in SNS version 5.0.1.