Hotfixes-1168, 1170 for Release Notes 10.5.0

The following tickets are part of the hotfix HF-1168 for the CloudGen Firewall release notes 10.5.0.

Firewalls using pool licenses now boot reliably after installing or upgrading to 10.5.0, instead of running out of memory during startup. [BNNGF-100772]
Port mappings have been aligned to refer to the correct port labels for the 10G interfaces on an F2000. [BNNGF-100945]

Authentication

A user helper scheme to fetch group information from another authentication scheme has been implemented. [BNNGF-100818]

The IKEv2 'Restart SA on close' option is available again in Barracuda Firewall Admin and can be configured for VPN tunnels on managed firewalls running earlier firmware versions. [BNNGF-100789]

PPPoE connections now reconnect automatically after going down, without requiring a manual configuration change. [BNNGF-100149]
On cloud firewalls, the management interface metric can now be changed via network activation without disrupting connectivity. [BNNGF-100637]

Firmware images no longer include unused example scripts that could be misidentified as malware by antivirus scanners. [BNNGF-100840]

Certificates from the Control Center certificate store can now be assigned to the VPN service and are applied to the VPN configuration as expected. [BNNGF-100766]
The configuration tree in Firewall Admin now loads quickly again on large Control Center deployments, matching the performance of earlier firmware versions. [BNNGF-100994]

The kernel no longer crashes when the URL filter blocked a website accessed through the HTTP proxy, thus no longer causing repeated reboots. [BNNGF-99488]
Custom network applications that use a hostname as the destination now correctly honor the configured protocol (TCP or UDP), so traffic is matched and enforced according to your access policies. [BNNGF-100540]
Forward Error Correction (FEC) can now be used on site-to-site VPN tunnels without causing a system crash. [BNNGF-100706]
Traffic from the source to an App defined as a destination now match SE SNAT rules as expected. [BNNGF-100764]
An SE SNAT rule with a Custom Network Application (=CNA) as source now works as expected. [BNNGF-100768]
A redirect rule for one of the following management IPs, which are 169.254.128.1 or 169.254.128.2, has been added for traffic coming from allowed IPs of the TS Agent configuration on TCP port 5050 to a LAN IP of the SE appliance. [BNNGF-100819]

PAYG licensing now works correctly on UEFI-based cloud instances (such as Azure) that use GPT partitioned disks. [BNNGF-100949]

The compatibility issue to use SHA1 in parallel with AES128 has been fixed. [BNNGF-99936]
Memory leaks no longer occur in KTINA and in the Crypto-API. [BNNGF-100374]

DHCP interfaces in standby/on-demand mode now come up correctly after a configuration sync, so SecureEdge firewalls keep their internet connectivity and continue receiving configuration updates. [BNNGF-100531]
Support for configuring the TS Agent authentication has been implemented. [BNNGF-100817]
SecureEdge firewalls now synchronize their configuration through the WAN hub reliably, without occasionally getting stuck and missing configuration updates. [BNNGF-100975]
SecureEdge firewalls now continue to synchronize their configuration successfully, including when a tunnel-disabling condition such as an invalid license occurs. [BNNGF-100979]
Standalone SecureEdge appliances now recover automatically and resume regular configuration synchronization after a restart or a temporary failure, without requiring manual intervention. [BNNGF-101088]

Cloud firewalls originally deployed on firmware 9.0.x or earlier now retain network connectivity after upgrading to 10.5.x. [BNNGF-101573]