New features and enhancements in SNS 4.8.5

Zero trust network access (ZTNA) - Verifying the compliance of client workstations

In Configuration > VPN > SSL VPN > Client workstation verification (ZTNA), the option Allow tunnels to be set up for Linux or Mac Stormshield SSL VPN clients was added. If this option is selected, specific Windows criteria will not be applied to client workstations with a Linux or Mac Stormshield SSL VPN client (soon available).

Expired Certificate Revocation Lists (CRL)

Support reference 85690

A warning message now appears in the Message widget in the dashboard to warn the user when the configuration allows SSL VPN tunnels to be set up with an expired CRL.

Default NTP key type

When NTP keys are added, the default key type is now SHA256.

IPsec VPN

Support reference 85633

The IkeDeleteDelay configuration token can now be directly configured using the CLI/serverd command:

CONFIG IPSEC UPDATE

This token makes it possible to set an interval (in seconds) between a request to shut down an IKE security association and its actual shutdown during a reauthentication. The token accepts values between 0 and 20.

SSL VPN

Now, if compression is enabled on the firewall, a window appears when you access the SSL VPN module informing you that you are strongly advised to disable compression for security reasons.

You can view and change the compression status (enabled or disabled) using the CLI / serverd commands:

CONFIG OPENVPN SHOW

CONFIG OPENVPN UPDATE compress=<0|1>

More information on CONFIG OPENVPN SHOW and CONFIG OPENVPN UPDATE commands