IMPORTANT
SNS 3.x versions have reached End of Maintenance since July 1st, 2024.
We recommend that you update your SNS firewalls to a version with maintenance to guarantee the protection of your infrastructure.
SNS 3.7.22 LTSB bug fixes
System
IPsec VPN
Support references 79713 - 81464
Packets would sometimes get lost whenever the keys of IPsec tunnels were renewed. Unlike what was announced in the 3.7.20 LTSB release notes, this issue was finally fixed in version 3.7.22 LTSB.
Support reference 80662
When a change of status is applied to a network route associated with an IPsec Security Policy, the service would sometimes shut down unexpectedly and cause the firewall to freeze. Unlike what was announced in the 3.7.21 LTSB release notes, this issue was finally fixed in version 3.7.22 LTSB.
Support reference 83301
The fragment size set by the FragmentSize parameter is now applied correctly in the configuration of global VPN policies.
ICMP - IPv6
Support reference 82547
In configurations that use IPv6, an issue with competing access could make the firewall freeze whenever it received “destination unreachable” ICMP packets. This issue has been fixed.
SNMP Agent
Support reference 78761
SNMP informRequest messages are now considered valid SNMP requests and no longer raise the blocking alarm “Invalid SNMP protocol" (snmp:388).
Support reference 82661
The correct value is now returned in the OID UCD-SNMP-MIB::memCached.0.
Disk monitoring
Support references 75125 - 75126
An issue with alarms being wrongly raised over the disk status of firewalls has been fixed.
IP address reputation and geolocation service
Support reference 81048
In some cases, the IP address reputation and geolocation service would unexpectedly shut down after competing access that occurs when a configuration is reloaded. Even when it was automatically restarted, service could still be disrupted. This issue has been fixed.
Web administration interface
Administrators
Support reference 82058
Administrator accounts with names that contained special characters would not appear in the list of administrators after being added. This issue has been fixed.
Intrusion prevention
SMB v2 protocol
Support reference 78216
An anomaly in the SMB protocol analysis engine would wrongly raise the "Invalid NBSS/SMB2 protocol" alarm (nb-cifs alarm:157), blocking legitimate SMBv2 traffic as a result. This issue has been fixed.
SIP
Support references 79839 - 79344
Anomalies in the SIP protocol analysis engine, which could cause the firewall to freeze, have been fixed.
Support reference 66573
As certain SIP telephones do not specify the network port number used (Contact field in the REGISTER request), the firewall would not correctly redirect incoming REGISTER requests formed in this manner. This issue has been fixed.
Support reference 68583
The firewall would not take into account the optional fields Record-Route and Route in the headers of SIP packets. The addresses and routes indicated in these fields would therefore not be translated when necessary. This issue has been fixed.