Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Gen7 - doing a lot of (unnecessary) DNS requests

BWCBWC Cybersecurity Overlord ✭✭✭

While being annoyed about the current reboot loop dilemma on Gen7 I needed a distraction and examined what kind of DNS requests a factory reset Gen7 Appliance is doing when just running idle or only accessed via Management UI.

I know clean coding is not much of a thing these days and SNWL is no exception to that, but it looks we could easily skip a bunch of DNS requests here and there. It's a plain TZ 670 with no current services at the moment. Essential Security got expired.

The good (AFAIK):
licensemanager.sonicwall.com (~every 120 seconds, registration for older firewalls, LOL)
lm2.sonicwall.com (according to KB this is the licensemanager for newer firmware)
sig2.sonicwall.com
software.sonicwall.com (~every 150 seconds)
wsdl.mysonicwall.com
www.mysonicwall.com
www.sonicwall.com (~every 60 seconds, for whatever reason)

This should be updated?
https://www.sonicwall.com/support/knowledge-base/troubleshooting-license-manager-connectivity-issues/170503593981866/
https://www.sonicwall.com/de-de/support/knowledge-base/what-fqdn-s-and-ip-s-are-used-by-sonicwall-products-to-update-their-services/170503941664663/


The bad:
ntp2.sth.netnod.se (is this the internal NTP when not configured?)
software.netvantasecurityportal.com (this is a parked domain, for real?)
www.netvantasecurityportal.com (this is a parked domain, for real?)


The ugly:
antispam.global.sonicwall.com (was licensed, not active, but expired)
betavscan.mcafeeasap.com (never had Endpoint licensed)
captureclient-36.sonicwall.com (~every 90 seconds, never had Endpoint licensed)
captureclient.sonicwall.com (~every 60 seconds, never had Endpoint licensed)
clientmanager.global.sonicwall.com (Client CF not licensed)
csc-report-bucket.s3.amazonaws.com (not documented)
lmstat.sonicwall.com (not documented)
sonicwall.sentinelone.net (~every 60 seconds, never had Endpoint licensed)
virusscanasap.mcafeeasap.com (never had Endpoint licensed)
vs.mcafeeasap.com (never had Endpoint licensed)
www.lassopatch.com (~every 150 seconds, CDP? For real, isn't that EOL for ages)
www.mcafeeasap.com (never had Endpoint licensed)

It's probably just me because I'am somewhat older, but avoiding unnecessary requests always looked like a good thing to me. I would like to see my firewall keeping the own activities to a minimum and keep focus on it's purpose.

Maybe this can be addressed somehow in case anybody cares.

--Michael@BWC

Category: Mid Range Firewalls
Reply

Comments

  • ThKThK Cybersecurity Overlord ✭✭✭
    edited January 23

    @BWC it's not good that you have too much time 🤔

    that's why you get teased with updates and loops and curiosities. don't look into the canned...

    the floor is not yet in sight

    --Thomas

Sign In or Register to comment.