Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Gen6 - Cloud Backup broken in 6.5.4.9

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

as we already know there is something wrong with Cloud Backup on 6.5.4.9. There might be some changes between 6.5.4.8 and 6.5.4.9 which broke it. Internal settings show at least a different configuration dialog:

A Packet-Monitor shows the DNS queries for wsdl.mysonicwall.com on both versions, but there is no attempted communication with that host on 6.5.4.9, at least I can't see any.

Is this already reported? I would guess so considering the amount of complaints I saw.

--Michael@BWC

Category: Mid Range Firewalls
Reply
«1

Comments

  • LarryLarry Cybersecurity Overlord ✭✭✭
    edited December 2021

    I had an open case on another topic, and because the CSR suggested this update would fix the problem, I installed it.

    I reported that the original problem is still questionable, but this new problem had come up and asked the CSR to open a new case about this yesterday. Of course, she didn't - but it was reported....

    Edited to include:

    @BWC - Michael, case 43850205

  • LarryLarry Cybersecurity Overlord ✭✭✭
    edited December 2021

    Further review of the internal settings shows in 6.5.4.7-83n and 6.5.4.8-89n there are five (5) instances of the phrase "Secure HTTP" and each one is selected (i.e., checked).

    In 6.5.4.9-92n there are no instances of the phrase.

    I suspect there might be other features/functions not operating properly.

    I'll update my ticket with this information.

  • LarryLarry Cybersecurity Overlord ✭✭✭

    An extract of my TSR - to feed the case:

    #System : EXP Cloud Backup_START
    Cloud Backup Enabled               : Yes
    Use MySonicWall Cloud Backup Service: Yes
    Use Secure HTTP to communicate to Service: No
    Server Address Type                : 0
    Service Static IP address          : 0.0.0.0
    Service HTTP Port                  : 0
    Service HTTPS Port                 : 443
    Show Old Settings page             : No
    
    #System : EXP Cloud Backup_END
    

    Sure looks like they turned it off - no wonder you aren't seeing anything.

    A very careful look at the rest of the TSR shows the "Secure HTTP" settings are all enabled. No additional features/functions are affected. Thank goodness!

  • It's stated in 6.5.4.9 release note.

    When the firewall communicates with the cloud on an http connection, the resulting content length header may be big enough to cause a stack overflow on the device. GEN6-2688

    When the firewall communicates with the cloud on an http connection, the resulting session ID header may cause a Buffer Overflow on the device first requesting the connection. GEN6-2687

    They removed it to prevent BOF.

    However the new issue is that cloud backup cant utilize HTTPS and they didn't aware of it.

    FYI. NSM SaaS schedule backup seems working fine.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Well, I guess this issue got analyzed very well (for free) and a fix should be imminent.

    Thanks @Larry @Nat

    --Michael@BWC

  • RobbertRobbert Newbie ✭

    I've Logged a case with Sonicwall for this,

    Spoke to a first line rep from support

    They have mentioned that it has been communicated quite a few times in their ticketing system to the devs.

    Devs have replied to most cases that they are working on the issue but no ETA for a fix yet as of 21st of December 2021.


    will post as soon as i hear an update

  • MaheshKMaheshK Newbie ✭

    Same experience for me after upgrading to 6.5.4.9 on TZ600 device.

  • CTI_HataCTI_Hata Newbie ✭

    I ran into the exact same problem on SOHO250.

    I hope that a solution will be made as soon as possible.


    Create Backup > Cloud Backup execution

    Status: Error: Failed to upload preference backup file. [Cloud service connection failed [-11]]

  • ChojinChojin Newbie ✭

    Does anyone know if there will be a new firmware released soon to solve this?

    I just dont feel good to update to 6.4.5.9 and soon after have to update again to a fixed firmware.

    even if i dont use cloud backup on every sonicwall...

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Chojin some users reported this already to SNWL but no ETA for a fixed version.

    Interestingly zero/nil/null/nothing from the SNWL officials here in the forum who like to chime in sometimes.

    --Michael@BWC

  • ChojinChojin Newbie ✭

    ok thanks for the info maybe i open up a ticket to ask when this is fixed to speed up?

  • LarryLarry Cybersecurity Overlord ✭✭✭
    edited January 7

    Updated my support case the other day requesting the latest hot fix.

    Just received a phone call from Support asking for a remote session!

    Here's a recap:

    I asked why, and was told it was to transfer the file.

    What?

    Yes, the file is very large, so I want to transfer it to you in a remote session.

    How can a hot fix be larger than the standard firmware update, which is only a couple hundred MB? Could you update the case and include a link? I'll download it.

    Oh, I'll see if I can add the file to the case but it is very large - and he then hung up.

    Someone needs to review the skill set of the folks they have purportedly helping us...

  • BWCBWC Cybersecurity Overlord ✭✭✭

    LOL ... just LOL 😥

    --Michael@BWC

  • RobbertRobbert Newbie ✭

    update:

    Greetings from SonicWall!

    As per our engineers, the issue has been resolved. Please check, And update us back.

    looking forward from you!

    i haven't tested this yet so will confirm once tested i'm just passing on information i had

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Robbert what does that mean? Should it been fixed at the backend or did you got a hotfix?

    I'am still running 6.5.4.9-92n and the problem persists.

    --Michael@BWC

  • LarryLarry Cybersecurity Overlord ✭✭✭
    edited January 10

    @BWC - Michael, I installed the hotfix over the weekend and the cloud back-up functionality has been restored. Later today I'm going to compare TSRs to see what else has been corrected.

    However, there was no mention from the CSR as to when the full update will be available. I believe you have to open a Support case to be able to get this fix. I don't want to publish the link I eventually received because I don't recall what the Community rules are about something like that.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Larry I'll wait until it gets officially released, I did not rolled out 6.5.4.9 in masses and don't wanna spread some hotfix which gets replaced shortly thereafter. Time is to precious. I guess @Robbert quoted an email from SNWL when receiving the HF.

    --Michael@BWC

  • fairritefairrite Newbie ✭

    @Larry @BWC


    Were running 6.5.4.8-89n and have been fine up until the new year, with most of ours stopping on 12/29/2021 or 12/30/2021


    Automatic backups are no longer working but manual backups are.


    Have you seen this issue?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @fairrite we need to be careful to not mix the topics (6.5.4.8 vs 6.5.4.9) here, but I can confirm on 6.5.4.8 that it stopped on Dec 29th but only on two TZ appliances I checked, another NSa was saving the config on Jan 1st, 4th and 8th. Another NSa 2650 stopped on Dec 28th, there is something up for sure, but not consistently.

    --Michael@BWC

  • LarryLarry Cybersecurity Overlord ✭✭✭
    edited January 10

    @fairrite thanks for the "heads up." Sure enough, the one TZ have at 89n stopped last year. Good ol' Y2K22...

    I'm going to open a new Support case on this stupidity.

  • RobbertRobbert Newbie ✭

    @BWC @Larry


    This email was indeed an update from sonicwall support

    they have attached a hotfix, i'm not sure if i'm allowed to upload it here,

    but i have currently asked them for all gen6 models as i only got a tz hotfix whereas i will be needed HF for nsa models as wel

    can anyone tell me if i'm allowed to upload the file here because i will just change the extension name to whatever the input is allowing me to do and people will have to change the extension again when they download it

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Robbert AFAIK it's not allowed to re-distribute the Firmware file, every customer has to open a ticket to get the file by itself. In the past I had to open a Ticket for each and every appliance I needed the hotfix for, which bumps the close rate for tickets pretty good, because they are so easy to handle :)

    --Michael@BWC

  • LarryLarry Cybersecurity Overlord ✭✭✭

    This!

    I had to open a Ticket for each and every appliance I needed the hotfix for

  • RobbertRobbert Newbie ✭

    @BWC

    i don't know who came up with that policy but creating a ticket for every hotfix version to me seems like a way of bumping statistics quickly, anyway not my problem i don't work for sonicwall

    but i will need all of the hotfixes anyway so i'm going to push for it and i'm going to refuse to open a ticket for every single model , thats just sillyness and it will take too much time = money on my agenda to even start a conversation over that with the support guys.

    but they "supposedly" have it fixed so i'll ask them in what version the hotfix will be build in and when we can expect that to be on the download page

  • LarryLarry Cybersecurity Overlord ✭✭✭

    @Robbert the reason for the "one ticket per hot-fix" is because the ticket is based on the device's serial number. That's how cases are tracked.

    It would be nice to create one ticket and include all the serial numbers, but I don't think the CSRs are geared to work with such a logical construct...

  • RobbertRobbert Newbie ✭

    sarcastic note: thats way too logical to work like that. fin.


    anyway yes it would be nice if it could. to be fair i've had quite a few engineers who were very helpfull and willing to go the extra mile just for the customer but its very rare because usually these people will get upgraded to other teams fairly quick as they get jobs done quite fast.

  • ThKThK Cybersecurity Overlord ✭✭✭

    On 17.Dezember @BWC started this Issue. Today 23. January i run in to it again.

    Is there anyone at sonicwall interested in picking up our informations and hand-on experience ? We must stand our man on the front line at customer. Can someone here write a list to send this to the management for getting answer what is the goal with that

    Ok i start with these : details in the community

    broken Backup

    brocken Netextender

    brocken VPN

    unstable Gui

    and the latest : Bootloop when updating Patches

    (...)

    We were asked by the local product experts why we don´t upgrade to Gen7.

    Yes Sir : time is money and my time is really not only for sonicwall. No there is the other player called microsoft. But this is an other story.

    WE must earn money with our service and products. And we all want a product to believe on. Then we can praise it to the customer.

    But this bill doesn't seem to add up anymore

    --Thomas

  • CMacCMac Newbie ✭

    Gen6 for us stopped Cloud backups as of 12/30/2021 across the board and is still broken for automatic backups, but manual works without a hot fix.

    Gen7 is broken too in the exact same way so that will not help.

  • cassjzkkn5cassjzkkn5 Newbie ✭

    My issue is the same as listed in this thread. It is across 6.x Versions and 7, I have over 30 firewalls we support and all display the same behavior. I open a case with Sonicwall and we seen that during the Auto backup the event log shoed to many cloud backups and could not create a new backup. The thing that is seen on all these firewalls is that at the end of the year the cloud backups stopped rolling out after 3 files. i had firewalls with as many as 6 Cloud backups all stopping at or around 12/30/21. This was also true on OS7 devices. I Asked the tech to escalate this to there loud backup Eng and a few days later they just closed the case. Bad Support!!! Anyway if you remove all the cloud backups from Year 2021 the cloud backs resume and they seem to be rolling the oldest out after the 3 allowed. I bit of a pain on over 30 firewalls but waiting for them to fix this issue is wasting my time. Anyway Hope this helps.

  • LarryLarry Cybersecurity Overlord ✭✭✭

    Well that is some investigative prowess right there!

    if you remove all the cloud backups from Year 2021 the cloud backs resume and they seem to be rolling the oldest out after the 3 allowed.

    Support only offered limited suggestions - mostly the push to go 92n-hot-fix. I'm going to test this on a specific client device to see what happens. Because I would much rather do this than blindly update firmware across the board!

Sign In or Register to comment.