SSL VPN Pool Exhausted Bug

barkerk_cn

On one of our NSA2650 units we upgraded from 6.5.4.5 to 6.5.4.9 about two weeks ago and now are getting an issue where the SSL VPN IP Pool exhausts and we have to increase it to allow users to connect. There are far more IPs in the pool than there are SSL VPN Licenses. It is almost as if the firewall is not expiring any of the leases to the clients that connect.

Has anyone else seen this behavior? Is this resolved in 6.5.4.10? I could find no mention of it in the release notes.

Michael_Bischof

Some users have found that this was caused by user session timeout setting and that impacted the ssl-vpn engine where users were listed multiple times even after disconnecting from ssl-vpn. This might not even be a bug, but I do not know for sure.

xdmfanboy

Any update on this? We're seeing this on same model, except 6.5.4.10-95n.

barkerk_cnet

https://community.sonicwall.com/technology-and-support/discussion/comment/15683#Comment_15683

Its been assigned Issue ID GEN6-2333 and as of this weeks 6.5.4.11 firmware is still a known issue. Support does have a hotfix but in our case the hotfix broke RDP in the Virtual office portal so we rolled back to 6.5.4.5 which has been rock solid. Hoping this is fixed in the next release now that they are calling it out in the release notes

SonicAdmin80

I'm also seeing this on TZ500 6.5.4.10. Has anyone seen other issues with the hotfix? We are not using Virtual Office portal.

Vivek

Hello @barkerk_cn , @SonicAdmin80 , @xdmfanboy -- Hotfix Firmwares are available for this , Please raise a support ticket and quote the Issue ID GEN6-2333. If you are currently on a exisiting Hotfix firmware, please update that on the case and Sonicwall support will work towards providing a HF that includes fixes from the earlier HF as well as Issue ID GEN6-2333.

SonicAdmin80

I installed the hotfix, so far so good.