Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SMA 500v - Radius Challenge not working in contemporary mode

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

it's just not ending with the contemporary mode, but today I tried to access a portal which is secured by Radius authentication with Challenge-Response. Running a SMA 500v with 10.2.

Username/password gets accepted, but the challenge (token) in the next step gets the red bar on the top showing an error message "You can't do this authentication api". I never tried this before, because the Radius authentication is usually for NetExtender and this is working without problems, but I guess it's broken since 10.0.

Connecting to the portal in classic mode works without a problem, so it's not a Radius issue, it's the /spog again.

Is this a known problem? If not I would probably open up a ticket.

--Michael@BWC

Category: Secure Mobile Access Appliances
Reply

Best Answer

Answers

  • KaranMKaranM Moderator

    Hi @BWC ,

    I trust you are safe and well!

    This sounds similar to the reported issue (SMA-1087). The Engineering team is working on this and the expected version to incorporate this fix is set to 10.2.1.0.

    Having said that I would recommend opening a web case with the Support team and get it checked by a Support agent.


    Thank You

    Knowledge Management Senior Analyst at SonicWall.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    In 10.2.0.1 this got even worse, the error message about the authentication API got replaced with an Internal server error, all well in classic mode. Waiting for 10.2.1.0 then.

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @DerekYu

    any word when 10.2.0.2, which includes the needed fix, will be released? It's very hard to discuss with the customers why it's not working with this cursed contempory mode and they need to switch to classic first. Not so it-savvy endusers don't get it and causing all kinds of trouble.

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @DerekYu

    one customer reported today a "Internal Server Error" message when trying to login with radius and OTP (C/R). It's all working great in classic mode, but /spog is a mess.

    Are there still problems open which will be addressed in 10.2.1.0 and what's the ETA on that?

    --Michael@BWC

  • SimonSimon Moderator

    Hi @BWC

    SMA-1087 will be fixed in 10.2.0.3. I do not have a date for predicted release. I expect it to be relatively soon.

    If you need a fix immediately, please open a case and ask for the engineering private build of firmware with the fix from SMA-1087.

    10.2.1.0 is predicted to be released in early 2021.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Simon

    thanks for the feedback, it's somewhat sobering that it takes 6+ months to get this addressed properly. Looking forward for the next updates.

    --Michael@BWC

  • SimonSimon Moderator

    Hi @BWC

    I am not sure why it did not make the 10.2.0.2 release - may have been some issue with the fix they tried when it came to the QA testing prior to release. That happens on occasion.

  • SimonSimon Moderator

    Hi @BWC

    To answer, as much as I can: Are there still problems open which will be addressed in 10.2.1.0 and what's the ETA on that?

    It is the nature of software for complex systems that there will be problems fixed in any release. Why else have one? Further 10.2.1.0 is a minor feature release so there are limited function changes in this version as well.

    I do not have a list of issues I can provide. There are very few. They are for the most part in QA testing. To have a clean list pull the release notes when the upgrade is published.

    I can only give an educated guess for when 10.2.1.0 will be released. My guess is late January to mid February 2021. Until all fixes and new features have cleared QA testing it is not at all certain this is correct.

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited November 13

    Just to keep this thread alive in case someone stumbled over it, SMA-1087 does not seem to be related to the Radius/OTP problem after all, because it's marked as fixed in 10.2.0.3 but problem still exists.


Sign In or Register to comment.