Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".


SMA 500v - losing license information (

BWCBWC Cybersecurity Overlord ✭✭✭


from time to time several customers facing the issues that SMA 500v is losing it's license information and no user can log into the appliance any more. A restart of the SMA 500v fixes the issue, a manual license sync does not.

I couldn't found any pattern, but internet connection and DNS resolver worked without trouble in the time of the outage.

I have syslog logging enabled and found these related log entries.

15 times over a 30 minutes period:
License Manager not responding. Restart may be necessary.

Until restarting the appliance:
License Manager not responding for an extended period. Licenses must be updated.


Around one hour before the license complains I found these log entries which might be related?

Failed to setup detail log chain
Failed to setup IPQ chain
Failed to setup Botnet cache chain
Failed to setup GeoIP chain
Failed to setup Botnet chain
Failed to setup Default Allow chain

Anything we can do to have this working more stable, because SMA outages are not welcome these times.


Category: Secure Mobile Access Appliances


  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭


    I guess I'am alone on this, but further analysis of the logfiles brought me to the conclusion that the internal iptables/netfilter got messed up somehow, which is indicated by the log message shown before.

    It maybe caused by Botnet oder GeoIP filtering which we use to block nearly all countries worldwide and just allow a few.

    Right before the restart of the appliance I can hundreds/thousands messages like that:

    Failed to remove from block list, will try again later 

    Really noone is facing this issue or is it already known at SNWL?


  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭


    one last try because it happened again. Anyone saw this before?

    Unreadable string in the license information. Ignore...

    Which caused this a minute later:

    Unreadable string in the license information. Ignore...

    But TCP connection check to and was successfull at this point.


  • Options
    Halon5Halon5 Enthusiast ✭✭

    @BWC , Released !

    bags you try it first.. LOL.

  • Options
    SimonSimon Moderator
    edited November 2020

    Hi @BWC

    The SMA 500v must access the back end license manager every 5 days or its license expires.

    Here is the KB article that describes this issue:

    If you are seeing many instances of the error log then you need to investigate why the SMA can not talk the either or or on port 443.

    If you are having logs like the following this is a different issue:

    [Wed Jul 22 23:56:32 2020]watchdog: no 'licenseManager' process detected

    In this case there was a bug opened where the license manager process on the SMA would go down and prevent the SMA from accessing the license manager until the SMA was power cycled. SMA-1582, seen in the Hyper-V virtual, was fixed in July and firmware version

    What version are you running @BWC?

  • Options

    @BWC , does a reboot fix it? If so, you can set the box to reboot automatically every night (assuming its not a 24/7 operation)in the diag/internal setting page until you can investigate this further.

  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭

    Hi guys,

    thanks for chime in into this messy situation. If I get you right you don't see any relation to these "chain" messages.

    @Simon, still waiting for the OK to upgrade to from the customer, because of the update messages for the SMAConnectAgent, which raises confussion to the endusers. As mentioned before, TCP connection check to licensemanager and lm2 was working fine in the moment of trouble. I searched in the syslog files but no watchdog related messages, only the above which seem in context.


    Already suggested the auto-reboot to the customer because having no more ideas. As mentioned in the beginning only a restart fixes the situation. Because it's a critical remote access (somewhat 24x7) the customer wasn't very convinced on that "solution".

    Stay safe (and licensed).


  • Options
    BWCBWC Cybersecurity Overlord ✭✭✭
Sign In or Register to comment.