1st stupid question for August: How to allow Encrypted Zipped file through GAV in Gen 7?

I tried to download the latest ILO update file from HPE's support site for a client's server this morning.
Got this:
I have to admit: I recall it was relatively easy with Gen 6.5 devices, but somehow it is not with Gen 7.
Anyone willing to walk me through the steps like a noobie?
Thanks!
Larry
Best Answer
-
Larry All-Knowing Sage ✭✭✭✭
A partial answer - which occurred during a 45 minute phone call with SonicWall Support - is to ensure that the GAV Exclusion List Address Group is added to the drop-down list:
The settings for my TZ270W device were migrated from a TZSoho250W.
We looked at a copy of a restored from back-up version of the TSR from the original Gen 6.5 device. There is no indication of this item in the list:
So when I compared Gen 6.5 TSR to the resulting Gen 7 TSR there was no mismatch.
During the call we took an EXP file of an existing TZ500 and migrated it to a TZ270W. I've asked the CSR to see if, in the lab, this field is empty.
If it is, there is a flaw in the migration tool that needs to be fixed. We don't know if it applies only to this model or if it is generic.
Just the same, I can't believe that 5 months after deploying this Gen 7 device, I'm finding a hole in the migration process. That is extremely disconcerting.
0
Answers
Once again, things like this are why I recommend to NOT use the migration tools.
And I agree with you, but only up to a certain (very indistinct) point.
If this missing GAV Exclusions Address Object really is a hole in the migration tool, then SonicWall should step up and fix the flaw. I am extremely curious as to what explanation the back-end engineering team comes back with.
Here's what won't happen: SonicWall issues an alert to partners and customers notifying them about the flaw so they can see if it requires manual intervention on their migrated devices.
But now I have additional steps in my SOP for delivering a replacement unit to client sites to ensure it is covered.
Is anything else missing? I guess I will not know until something else falls down. The old device - and its settings - are long gone...
Maybe @jgrimes has some input?