Producent oprogramowania Stormshield udostępnił najnowszą aktualizację dla Management Center o oznaczeniu 3.3.1. Dzięki aktualizacji zostały naprawione podatności dotyczące Node.js wraz z biblioteką Javascript. Ponadto nowsza wersja jest pozbawiona problemów z błędnym wyświetlaniem reguł filtrowania, również po aktualizacji nie będzie można importować ani używać obiektów sieciowych z maską podsieci /32. Od wersji 3.3.1, konsola zarządzania wymusza na zaporach pobieranie listy certyfikatów (CRL), dlatego po wdrożeniu topologii VPN z włączoną opcją weryfikacji listy CRL tunele będą działać natychmiast. Po więcej ciekawych informacji zapraszamy do dalszej części posta.
Rozwiązane problemy:
Object database
| Support reference | Description |
|---|---|
| 84405 | Network objects with a subnet mask in /32 can no longer be used or imported in the firewall configuration. The consistency checker will raise an alarm if such objects are found on SMC. |
| 84643 | Router objects can now be created even when the HTTPS port object does not exist in the SMC object database. |
Monitoring SMC with SNMP
| Support reference | Description |
|---|---|
| 84438 | When SNMP is enabled on the SMC server, it will now automatically restart after SMC is updated. The service remains enabled after SMC is restarted. |
System
| Support reference | Description |
|---|---|
| 84381 | SMC no longer supports the service command. Since version 3.0, the use of the service –status-all command, which listed the services on the system, would make SMC stop functioning. |
| Some errors, which could occur during a configuration deployment for example, caused SMC server to stop. SMC now continues to run correctly even if these errors occur. |
Configuration deployment
| Support reference | Description |
|---|---|
| 84647 | Whenever the same peer was used twice in a VPN topology, SMC would no longer restart during a deployment. This would make the deployment fail and SMC would display an error message. |
Filter rules
| Support reference | Description |
|---|---|
| 84423 | The local filter rules on SNS firewalls now display correctly in SMC when the @ character is used in comments. |
| 84396, 84440 and 84442 | The local filter rules on SNS firewalls now display correctly in SMC when:
|
Configuration of SNS firewalls
| Support reference | Description |
|---|---|
| 84529 | SMC now no longer deploys the network configuration if it has not retrieved all network interfaces beforehand. |
| 84576 | The consistency check no longer fails when it analyzes network interfaces with IP addresses in /32. |
Authorities and certificates
| Support reference | Description |
|---|---|
| 84603 | SMC now forces SMC firewalls to retrieve the certificate revocation list (CRL) after every time the configuration is deployed. So when a VPN topology is deployed with the CRL verification option enabled, tunnels will be operational immediately. There is no longer any need to wait for the firewalls to retrieve the CRL. |
| 84646 |
SMC now ignores the CRL file CA.crl.pem in the folder ConfigFiles/Global/Certificates/<topo_name>/ of SMC firewalls, so it no longer raises any alerts when this file is modified locally. |
Notatki producenta: SMC 3.3.1
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
