SonicWall firmware 7.0.1-5080 has been released
Larry All-Knowing Sage ✭✭✭✭
New OS firmware released on August 5, 2022
Release note are here:
Lots of things fixed in this one.
Two years after initial release, there's finally some momentum...
Category: Entry Level Firewalls
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
This will be news for those complaining about RDP over VPN disconnects:
GEN7-31660 An UDP session was being enabled for RDP sessions connected through NetExtender, causing severe packets loss and, eventually, disconnection
GEN7-30959 NetExtender may connect slowly and frequently disconnect when there is heavy SSL VPN usage
I am happy to see the fixes coming through. I will update soon and let others know the result.
I'll be waiting reports before taking the plunge. Not much confidence in these updates these days.
Where are you seeing these updates? I've been checking for two days and none of the announced TZ or NSA updates in the download center as usual. did they pull them?
@xdmfanboy you scared me a little, because I deployed some instances last week, no trouble so far.
I can see them for all of my managed appliances in the Download Center. As usual, did you tried a different Browser or Incognite Mode? My bet is on a caching issue, which happens a lot in MSW.
@xdmfanboy - I saw a posting on Reddit in the morning, confirmed in my Download Center, and in the late afternoon received a SonicWall email informing me of not only this, but the Gen 6.5 Version 18.104.22.168-97n - Maintenance Release.
@xdmfanboy The download center has been funky before. If youre not seeing them there try looking under Tenant Products, clicking the serial number of an appropriate device, then click the Firmware tab.
I have tested firmware 7.0.1-5080 on production HA system and find a few bugs.
1) I cannot downgrade 7.0.1-5080 to one back firmware
2) When I want to test "Check Network Settings under the Diagnostic Tools" during the Content filtering step gives an "API" error.
3) Cluster doesn't give correct serial number into the log files. ( When I have send to log to syslog server and check logs files. I saw Primary device serial number every time.( Primary transitioned to Secondary device.)
4) I didn't access to "192.168.168.168/sonicui/7/m/mgmt/settings/diag" DIAG page.
5) under the Syslog server settings / Add syslog page/ "Maximum Events Per Second "gives error. there was no string or number into the label box. I cannot remember error message
6) DP-SSL doesn't show ssl failed web sites like AnyDesk. I caught via Packet Capture.
7) Packet Capture doesn't show correctly informations.
Is it safe to update with this new version? currently using ver 7 0 1 5051 R2624
I have been running this on a standalone TZ570 for almost a week without issue.
In response to MITATONGE:
Seems to me your HA is acting up...
i've posted on reddit as wel,
we've upgraded some of our gen7 devices from 5065 to 5080,
so far there's been 1 issue which we have now seen on :
1 X TZ670 HA STATEFULL Pair
1 X TZ370
To Give a Description
Basically the issue we have seen:
autogenerated ACL's from VPN policies , where in the ACL the subnet was locked down to single ip ( in the policy its set to subnet )
example ACL( these are not the actual subnets we use):
src.zone dst.zone source destination service
LAN VPN addresobjectname type:network) 192.168.1.0/24 addresobjectname type:host) 10.0.0.2 any
after upgrading firmware from 5065 to 5080
we noticed that the traffic from example above 192.168.1.0/24 to 10.0.0.2 was not hitting the ACL at all
a further look into packet monitor showed that traffic was being dropped???? ( the heck? )
visually the ACL is there to ALLOW the traffic. ( i couldn't delete the Default generated rule so i deciced to delete the vpn policy
by chance i did go check if it deleted the lan to vpn rule ( you would expect that right?! ), wrong! it didn't delete the default generated rule )
and now i knew it wasn't a mistake on our side, for some reason the upgrade had corrupted the ACL , and this was the second sonicwall where it has done this.
( yes i know how to delete a corrupt acl rule by going into diag page and enable deletion of default rules, but thats not the point what i'm trying to make here )
what i am saying is that something in the 5080 code causes this to happen.
i will create a support ticket with sonicwall and have them acknowledge this error,
i know how to work around this but i won't accept bugs like this to occur, it creates an absolute ton of work for us if we was to get this at every customer sonicwall.
@BWC can you do me a favor and check if you can create a policy like this with a device running on 5065 and and then upgrade to 5080 to see if you can reproduce this
DM me if you want me to give you more specifics )
We have a similar case. Migrated from Gen 6 to Gen 7 (5065) and then updated to 5080.
All auto-generated VPN ACLs with adapted destination ports are no longer met. These rules can also no longer be deleted if generation is suppressed.
Also the DPISSL exceptions no longer work like it worked before with the CFS exceptions.
Currently awaiting feedback from support
whats your case number you refer to if i may ask,
ours is with engineering at the moment: case number:
44029548 and 44031908