Menu

Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sign In Register

1st stupid question for August: How to allow Encrypted Zipped file through GAV in Gen 7?

LarryLarry All-Knowing Sage ✭✭✭✭
in Entry Level Firewalls

I tried to download the latest ILO update file from HPE's support site for a client's server this morning.

Got this:

image.png

I have to admit: I recall it was relatively easy with Gen 6.5 devices, but somehow it is not with Gen 7.

Anyone willing to walk me through the steps like a noobie?

Thanks!

Larry

Category: Entry Level Firewalls
Reply
Tagged:

Best Answer

  • CORRECT ANSWER
    LarryLarry All-Knowing Sage ✭✭✭✭
    Answer ✓

    A partial answer - which occurred during a 45 minute phone call with SonicWall Support - is to ensure that the GAV Exclusion List Address Group is added to the drop-down list:

    image.png

    The settings for my TZ270W device were migrated from a TZSoho250W.

    We looked at a copy of a restored from back-up version of the TSR from the original Gen 6.5 device. There is no indication of this item in the list:

    image.png

    So when I compared Gen 6.5 TSR to the resulting Gen 7 TSR there was no mismatch.

    During the call we took an EXP file of an existing TZ500 and migrated it to a TZ270W. I've asked the CSR to see if, in the lab, this field is empty.

    If it is, there is a flaw in the migration tool that needs to be fixed. We don't know if it applies only to this model or if it is generic.

    Just the same, I can't believe that 5 months after deploying this Gen 7 device, I'm finding a hole in the migration process. That is extremely disconcerting.

Answers

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Once again, things like this are why I recommend to NOT use the migration tools.

  • LarryLarry All-Knowing Sage ✭✭✭✭
    https://community.sonicwall.com/technology-and-support/discussion/comment/15589#Comment_15589

    And I agree with you, but only up to a certain (very indistinct) point.

    If this missing GAV Exclusions Address Object really is a hole in the migration tool, then SonicWall should step up and fix the flaw. I am extremely curious as to what explanation the back-end engineering team comes back with.

    Here's what won't happen: SonicWall issues an alert to partners and customers notifying them about the flaw so they can see if it requires manual intervention on their migrated devices.

    But now I have additional steps in my SOP for delivering a replacement unit to client sites to ensure it is covered.

    Is anything else missing? I guess I will not know until something else falls down. The old device - and its settings - are long gone...

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Maybe @jgrimes has some input?

Sign In or Register to comment.