IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
SNS 3.8.1 bug fixes
Network
Wi-Fi
Support reference 71139
WiFi firewall models no longer randomly freeze whenever the Wi-Fi network is enabled.
Protocol
Support reference 71349
If a maximum value is specified for the size of an IP packet (MTU) on a given bridge, and the option Keep initial routing has been enabled, this MTU will apply only to this bridge from now on. The interfaces outside the bridge will keep their own MTU values.
Large-scale sending of requests to external IP addresses
Support reference 72329
Infected hosts behind protected interfaces will no longer cause a drastic drop in performance or the sudden shutdown of the firewall whenever they launch SYN flooding attacks to a large number of external IP addresses.
System
High Availability - switch
Support references 71639 - 71681
Whenever the active firewall in the cluster fails, high availability links that freeze would prevent the passive firewall from responding and taking over. This issue has been fixed.
The switch from one cluster node to the other in a configuration that does not have any proxies enabled will no longer cause the "proxy daemon shutdown" log to be sent every 5 seconds in system events.
High availability - manual commands
There is no longer any latency in a cluster whenever you restart an active node or when you force the switch to the passive node. These actions now have immediate effect.
SN2100 and SN3100 - 1 Gigabit/s interfaces
Support reference 71672
The presence of unconnected 1 Gigabit/s network interfaces would cause the excessive consumption of CPU resources on SN2100 and SN3100 firewall models. This issue has been fixed by updating the driver on these interfaces.
Firewalls with IXL cards
The two fixes below affect firewalls that use IXL cards, in particular:
- Fiber 4x10Gbps and 2x40Gbps network extension modules for SN2100, SN3100 and SN6100 models,
- 4x10GBASE-T modules for SN710, SN910, SN2000, SN2100, SN3000, SN3100 and SN6100.
- Both fiber 10Gbps onboard ports on SN6100 models.
Whenever the active node is lost in a firewall cluster that uses an IXL card, the other node will now take over immediately. Furthermore, after the switch, traffic will no longer be redirected regularly to the passive firewall.
Issues with traffic control that would stop traffic on firewalls with an IXL card have been fixed.
IPsec VPN
Support reference 71942
The IPsec VPN service would wrongly interpret certain X.509 certificate formats on smartcards, and would restart whenever a user attempted to set up a tunnel. This issue has been fixed.
Support reference 72797
During an IPsec VPN authentication, the list of LDAP groups to which a user belongs will no longer be truncated if it exceeds 250 characters. The full list will now be taken into account within a limit of 4096 characters.
SN310 firewall performance
An issue regarding the regression of performance on SN310 firewall models has been fixed.
Virtual machines
After an EVA has been reset to its factory settings (defaultconfig), the right access privileges to the web administration interface will be granted and will no longer prevent the connection.
Support reference 72352
Network packets that can be retrieved via alarms in the web administration interface can now be opened correctly.