DEAG file changes cause Gen7 devices to lock up
I have a Gen7 TZ570 that has been locking up consistently since it was installed in December. I was told by support that there were a number of host resolution errors on the device which could cause high CPU issues and lock the Sonic.
The hosts are all pulled from a DEAG file that we host. I removed around 80 entries that were identified as causing problems. After this was saved our helpdesk started getting calls from virtually every site that has a GEN7 Sonicwall that references this file. The Sonics were locking up and needed a reboot to resolve the issue. As they check in ever 24 hours it took a day for all of these devices to lock up and reboot.
All of the GEN 6 firewalls that we manage didn't have any problems.
We have a number of GEN7 devices that have been locking up periodically and I wonder if its related to when changes are made to the DEAG file.
Jas anyone had similar experiences?
Hi @EveryoneListens, what are you using the DEAGs for is it to block or allow or something else?
We use the DEAG file so that our helpdesk can update one file that contains sites that we generally want excluded from GAV/IPS.
they mainly contain Microsoft site and other vendors as well as Zoom and some banking sites that have caused issues.
Its worked really well for the last year, but GEN7 devices seem to be a constant irritation.
@EveryoneListens, are you using wildcard FQDNs, Hosts or Networks ?
A mix of all 3. I know wildcards shouldn't be used but they have never caused a problem before.
A bit reluctant to remove the remaining wildcards in case the change locks up the GEN7's again.
@EveryoneListens, if the wildcards are in a separate FQDN list you should be ok, but don't mix and match in the same DEAG list, when I use them I keep them in a separate DEAG list and then group together in the Address Objects group, in the Documentation it does state that Wildcard FQDNS are not supported but when I tested they worked fine. you can also change the Cache Timeout and the Retry threshold in the diag page which shouldn't hopefully put as much load on the CPU.