Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

1st stupid question for August: How to allow Encrypted Zipped file through GAV in Gen 7?

LarryLarry All-Knowing Sage ✭✭✭✭
in Entry Level Firewalls

I tried to download the latest ILO update file from HPE's support site for a client's server this morning.

Got this:

image.png

I have to admit: I recall it was relatively easy with Gen 6.5 devices, but somehow it is not with Gen 7.

Anyone willing to walk me through the steps like a noobie?

Thanks!

Larry

Category: Entry Level Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    LarryLarry All-Knowing Sage ✭✭✭✭
    Answer ✓

    A partial answer - which occurred during a 45 minute phone call with SonicWall Support - is to ensure that the GAV Exclusion List Address Group is added to the drop-down list:

    image.png

    The settings for my TZ270W device were migrated from a TZSoho250W.

    We looked at a copy of a restored from back-up version of the TSR from the original Gen 6.5 device. There is no indication of this item in the list:

    image.png

    So when I compared Gen 6.5 TSR to the resulting Gen 7 TSR there was no mismatch.

    During the call we took an EXP file of an existing TZ500 and migrated it to a TZ270W. I've asked the CSR to see if, in the lab, this field is empty.

    If it is, there is a flaw in the migration tool that needs to be fixed. We don't know if it applies only to this model or if it is generic.

    Just the same, I can't believe that 5 months after deploying this Gen 7 device, I'm finding a hole in the migration process. That is extremely disconcerting.

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Once again, things like this are why I recommend to NOT use the migration tools.

  • LarryLarry All-Knowing Sage ✭✭✭✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/15589#Comment_15589

    And I agree with you, but only up to a certain (very indistinct) point.

    If this missing GAV Exclusions Address Object really is a hole in the migration tool, then SonicWall should step up and fix the flaw. I am extremely curious as to what explanation the back-end engineering team comes back with.

    Here's what won't happen: SonicWall issues an alert to partners and customers notifying them about the flaw so they can see if it requires manual intervention on their migrated devices.

    But now I have additional steps in my SOP for delivering a replacement unit to client sites to ensure it is covered.

    Is anything else missing? I guess I will not know until something else falls down. The old device - and its settings - are long gone...

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Maybe @jgrimes has some input?

  • LarryLarry All-Knowing Sage ✭✭✭✭

    Support team on the ticket has gone an extra step and they are telling me that the information transfers in all test cases. It seems that my migration was one with a hiccup that is not reproducable.

    Sigh...

Sign In or Register to comment.