Best Of
Re: SonicPlatform - are you ready?
Late to mid January 2025 and SW had another MSP-centric webinar which included a segment about SonicPlatform.
Thankfully, this MSW replacement is still in BETA mode. It is designed to take the place of all the disparate platforms to present the ultimate SPOG for all SW partners to handle Firewalls, Access Points, Switchs, NSM, CSC, monthly billing, etc.
I spent 30 minutes yesterday evening going through the UI.
My take: It is gonna be another three years before this partner will venture a second look…
Larry
Re: SSLVPN tunnel failed to set DNS
Any updates on this? I have run into the same issue with a few users, but definitely not all users. It also seems to be specific to the latest version of NetExtender (10.3) since it does not happen if I downgrade those users to use version 10.2.x.
BAJohnG
Re: Where's the new 7.1.3 firmware for the CVE emailed LAST NIGHT?
@dslee it's available for at least 2 days now on MySonicWall … you can download it in the Download Center → By Product Line or on the Details page of your Product on the tab Firmware. Even on the "By Version" listing its downloadable now, there was a problem on Jan 8 for that.
If it is not shown directly you might login in Inkognito Mode or hit the refresh button, caching is sometimes an issue on MSW.
—Michael@BWC
BWC
Re: SonicOS - which branch is still supported?
Good Afternoon Michael,
SonicWall is currently running two release trains to support Gen7 firewalls.
SonicOS 7.0 and SonicOS 7.1.
7.1.1 and 7.1.2 are the release versions on the SonicOS 7.1 branch.
We recommend users running software versions SonicOS 7.1.1-7040, 7.1.1-7047, 7.1.1-7058, and 7.1.2-7019 upgrade to SonicOS 7.1.3 if they are impacted by the recent high-severity vulnerability mentioned in the PSIRT advisory here.
Users operating with SonicOS 7.0.1-5161 and below are recommended to upgrade to SonicOS 7.0.1-5165
Vivek
Re: Could you please provide anonymized sample logs of the following log types
@Alvida you can use the following Syslog Messages Reference Document which has the details of each message, including event/message Id, event group, event name etc. There are also several syslog message examples which you may find helpful.
https://www.sonicwall.com/techdocs/pdf/SonicOS-X_7.0.1_LogEvents_ReferenceGuide.pdf
MAK
Re: SonicOS - which branch is still supported?
@Larry for a 7.0.1-5161 appliance it shows "Latest Released Firmware 7.1.3-7015".
For the time being, all of my 7.0.1 appliances will be updated with 7.0.1-5165 instead of 7.1.3 until all the reported issues are sorted out.
—Michael@BWC
BWC
SMA 500v - 10.2.1.12 - Lets Encrypt fails, Appliance struggles
Is there any known issue that requesting a Lets Encrypt Certificate on SMA 500v runing 10.2.1.12 fails and after that the appliance is acting weird? I'am not able to get a TSR because the wait indicator is circling for ever. Even trying to log into the SMA again is failing with endless waiting.
The login fails after 3 minutes, a reboot solves the issue.
That's problematic because all of my SMAs are updated to 10.2.1.12, even those using LE certs with upcoming certificate renewals.
UPDATE: It's related to GeoIP, if I disable GeoIP blocking the cert gets issued. Now I have to figure out which Countries I need to allow, I guess it's US at least, which was on my block list.
—Michael@BWC
BWC
Re: SonicWall NetExtender 10.3.0 Linux client (equivalent --always-trust like 10.2.850 version?)
but I can't add it on the Linux side because I don't know the password to it
You don't need the password - certificates don't have them. Only private key is sometimes protected by password.
The part which should be added to CA store is a public part - the certificate - and is always sent to client in unencrypted channel at the first part of establishing a SSL/TLS connection.
You cant save that cert into file using openssl :
openssl s_client -showcerts -connect server_address:443 -servername server_address </dev/null 2>/dev/null|openssl x509 -outform PEM > server_cert.pem
You can then check downloaded certificate details with openssl too:
openssl x509 -in server_cert.pem -noout -text
In that way you can download certificate sent by any server during SSL/TLS handshake.
Robertus
Re: Can't increase heigth of SonicWall NetExtender 10.3.0 Linux GUI on Ubuntu
OK, I believe I have found the answer for you. Try holding down the SUPER/Windows key and right-clicking the title bar, and choose Resize from the menu (I'm trying this on 24.10, so hope it works for you).
https://askubuntu.com/a/65513
byroniac
Re: Can't access management interface of remote TZ270 via VPN
Is that what it is?
It is then possible to log into the GUI with the VPN client account.
Mariusz