SNS version 4.3.33 LTSB bug fixes

System

Proxy

Support reference 85644

When a proxy connection ends, it will now be automatically purged after 10 seconds.

SSL VPN – TOTP

Support references 84966 - 84992 - 85846

If the SSL VPN service is configured with a custom certificate and TOTP authentication is used, users who connect via Stormshield SSL VPN clients had to enter two TOTPs at every connection. This issue has been fixed.

High availability (HA)

Support reference 85551

The passive firewall no longer attempts to launch CRL retrieval tasks. This is because the active firewall regularly performs this task, and CRLs that are retrieved in this way are immediately synchronized with the passive firewall.

OpenVPN

Support reference 85690

Previously, when OpenVPN searched for a certification authority (CA) group, it used a temporary path, which could cause an error while restarting. OpenVPN now uses a permanent path.

Monitoring Certificate Revocation List (CRL) validity dates

Support reference 85624

The mechanism that monitors CRL validity dates no longer raises minor alerts for CRLs with an initial lifetime that is shorter than 24 hours. Such alarms used to be raised every 3 hours.

Alarms

Support reference 85900

Alarms indicating the recovery of certain health indicators were systematically generated whenever the firewall started, even in the absence of any anomalies. This regression, which first appeared in SNS 4.3.32, has been fixed.

Intrusion prevention engine

TCP connections

Support reference 85712

Previously in some TCP connections using the proxy, the intrusion prevention system would send ACK packets in loop, regardless of the reply that was received. The configuration now allows a maximum of 10 attempts to prevent packets from being sent in loop.

Web administration interface

Return routes

Support reference 85811

In Configuration > Network > Routing > IPv4/IPv6 return routes, USB/Ethernet (4G modem) interfaces can no longer be selected in the Interface field of the return route.

Administrator

Support reference 85474

The Domain name field can now be left empty, or none can be entered as a value when creating or changing an administrator.