SMC update
Update process
Support reference 84277
During the SMC update process, errors that were not serious and did not affect the update process would appear in command line mode. The server now only shows relevant errors.
Managing administrators
Authentication via OpenLDAP
Support reference 84152
In the LDAP authentication settings of the Administrators menu, the ID field of the connection account was renamed Administrator DN for OpenLDAP servers. The expected ID format for this field is a DN (without the base DN), such as "cn=administrator".
Configuration of SNS firewalls
Naming firewalls
Support reference 84452
The error message and audit log generated during an attempt to create a firewall with the same name as an object found in the database have been improved to indicate that a firewall or an object with the same name already exists.
Configuration deployment
Synchronizing nodes of a cluster
Support reference 84333
When the automatic synchronization of an HA cluster was disabled through the environment variable FWADMIN_HASYNC_ON_DESYNCHRO, deploying the configuration on a cluster would automatically desynchronize nodes. This issue has been fixed.
VPN topologies
Deploying an IKEv2 topology
Support reference 84230
When an IKEv2 VPN topology is deployed from SMC, changing a peer’s settings directly on an SNS firewall no longer causes any serverd errors.
Failed tunnel negotiation
Support reference 84490
The negotiation of a tunnel fails whenever a peer’s certificate contains the firewall’s contact IP address in the certificate’s Subject Alternative Name field. This is because the firewall will use this address as the peer’s Local ID.
To prevent this from happening, the use of the certificate’s Subject field as the peer’s Local ID can be forced by setting the FWADMIN_CERT_SUBJECT_AS_PEER_LOCALID variable to "True". This variable is set to “False” by default.
Reading logs
Audit logs
Support reference 84279
Logs regarding anonymous users were generated in audit logs. As such information is not relevant, these logs are no longer generated.