Enhancements
This release of the product includes these enhancements.
Enhancements in Security Engine version 7.3.0
| Enhancement | Description |
|---|---|
| AES-GCM-256 support in IKEv2 |
IPsec VPNs can now be configured to use AES-GCM cipher mode also in IKE negotiations. This mode is used in three new predefined VPN profiles: CNSA-GCM-256-ECDH-384, CNSA-GCM-256-DH-3072 and CNSA-GCM-256-DH-4096. |
| Wi-Fi 6 (802.11ax) support |
WLAN interface configuration now supports new 802.11ax wireless mode and WPA3 security that can be used with compatible appliance revisions. |
| CRL prefetching |
Administrator configured certificate revocation lists (CRLs) can now be fetched and cached even before those are needed for certificate validation. |
| Dynamic routing suite upgrade | FRRouting protocol suite for dynamic routing support has been upgraded to 9.1 version. |
| Security Engine kernel update | Security Engine has been updated to 6.6 version. |
| Security Engine OS updates | |
| SHA-256 and AES-256 algorithms support added for SNMPv3 agent | SNMPv3 agent has been enhanced to support SHA-256 and AES-256 algorithms. |
| SNMP trap from disconnected log server | When SNMP Agent is configured for Security Engine and Hardware Alerts SNMP trap is activated, Security Engine now sends an SNMP trap with MIB OID
forcepointNGFWEngineMib.engineObjects.netNodeObjects.nodeHwmonEvent if the log server connection has been unavailable for more than 5 minutes. |
| Extending Layer 2 networks across Layer 3 boundaries (Experimental) | Security Engine with Layer 2 Interfaces using VXLAN (Virtual Extensible LAN) and VTEP (Virtual Tunnel End Point) provides a solution for extending Layer 2 Interfaces across Layer
3 boundaries. For detailed instructions, see Knowledge Base article 11858. |