Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

2FA Totally crashing anyone else'sTZ570?

ASCChuckASCChuck Newbie ✭

Firmware 7.x on TZ570

Enabled TOTP for SSLVPN and when user enables it for the first time, the network communication freezes briefly. If the user resets it quickly a few times then the ENTIRE network STOPS communicating and the physical firewall device must be unplugged. (Having a HA device does not prevent network failure and the firewall will not respond to IP traffic including admin login.)

That means a user could crash the entire network by accident or intentionally.

Anyone else use TOTP?

Category: SSL VPN
Reply

Best Answers

  • CORRECT ANSWER
    prestonpreston All-Knowing Sage ✭✭✭✭
    Answer ✓

    Hi @ASCChuck , there is a new version of firmware released now 7.0.1-5018-R1709, try that

  • CORRECT ANSWER
    ASCChuckASCChuck Newbie ✭
    Answer ✓

    OMG! The latest firmware, sw_tz_570.7.0.1-5023-R1826-H17127-377.bin.sig, actually works! TOTP works without crashing the entire network! Last weekend, October 23 2021 was the FIRST time the device was fully functional! Do you think we will get a credit for the support time where the device did not work? I have asked this before and their response was "We would not have worked on the issue if you didn't have a support package." I would LOVE to sell that guy a new car that would not run for 11 months and have him pay insurance on it during that time and see if he still feels the same way.

Answers

  • prestonpreston All-Knowing Sage ✭✭✭✭

    Hi @ASCChuck, what firmware are you running?

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    You should specify the sub-version of the firmware when posting. Sonicwall OS 7 has had plenty of issues up to and including the latest (7.1465).

    I use TOTP and do not have this issue on 7.1465.

  • ASCChuckASCChuck Newbie ✭

    I'm using the latest Firmware for the TZ570 (7.0.1-R1456) since the prior firmware has even more issues. Support wont even tell the developers about this issue since they can't replicate it. I will look to see if a newer version is available.

    Just be aware! I will try to get a scenario that causes the total network shutdown.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    I would be willing to try to replicate the issue if you find the trick.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @preston thanks for the hint about the new release, checked all my TZ downloads and it is only available for the TZ 270 at the moment, YMMV.

    This will change in the next hours I guess.

    --Michael@BWC

  • prestonpreston All-Knowing Sage ✭✭✭✭

    @BWC , Hi Michael, they should all be available already I can see all of them, if you search for the model does it show?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @preston I logged off and on again to MSW, TZ 570 download is now available, TZ 670 still missing, nother other Gen7 under control at the moment. Will give it another shot later.

    --Michael@BWC

  • prestonpreston All-Knowing Sage ✭✭✭✭

    I had an issue a while back it showed all of them apart from the TZ570W, if I seached in the search box for TZ 570W it showed the latest

  • BWCBWC Cybersecurity Overlord ✭✭✭

    In the meantime it ascended from the depths of MSW. Maybe it was some kind of caching issue, I left the browser open and after 1 or 2 hours it appeared after hitting the refresh again, all good.

    --Michael@BWC

  • ASCChuckASCChuck Newbie ✭

    Confirmed new firmware available: sw_tz_570_eng.7.0.1-5018-R1709.bin.sig Will have to test tonight or tomorrow!

  • RinconmikeRinconmike Enthusiast ✭✭

    FYI, On my 670 with 5018-R1709 the device kept randomly rebooting. I had downgrade. It is in this post.


  • ASCChuckASCChuck Newbie ✭

    Tested and now using sw_tz_570_eng.7.0.1-5018-R1709.bin.sig and it seems to be good. TOTP Still has issues: If you enter the onetime only code as the first code, you wont have a onetime code and more importantly if you try to reset it, it gives you the SAME QR CODE and a one time code of "0" which doesn't work.

    Scenario: A user saved the QR code and a hacker hacks their PC. The user "resets" their TOTP but its NOT really reset and the hacker can still get in.

    You need to DELETE the user and that clears bookmarks and maybe other saved settings.

    But at least it doesn't crash the whole network! Yea?

  • ASCChuckASCChuck Newbie ✭

    Update.

    Even the new version, sw_tz_570_eng.7.0.1-5018-R1709.bin.sig has MAJOR issues. While SonicWALL was testing, the remote access was blocked. That means that inside users could see outside, but anyone trying to remote in got timed out. The issue is with TOTP. If you are using TOTP with RADIUS, be careful, VERY CAREFUL!

  • LarryLarry All-Knowing Sage ✭✭✭✭

    @ASCChuck - might want to remove the "this question was answered" flag if it is not applicable...

  • A newer version is a better fix... sw_tz_570_eng.7.0.1-5027-R1938.bin.sig. Network has not crashed with this version, yet. YMMV

Sign In or Register to comment.