firewall lockup and slow/disconnects sslvpn
We recently got a sonicwall firewall + 2 switches. The firewall has been running for 2 months without any problems. But this morning I got to work and it just crashed. I had an update schedule ready in Azure, which also failed. A firewall shouldn't crash that's the last thing I want to spend my time on. We have these products SONICWALL TZ 370 , SONICWALL SWITCH SWS14-24FPOE, SONICWALL SWITCH SWS14-48. We have a small number of vlan's with default access rules nothing special. I also bought some capture client licenses last week. I installed this on all endpoints, including the servers. Today I uninstalled it again from the servers. (After installing we got lockups with rdp connections in combination with sslvpn) We also suffer from slow sslvpn connections. I've already set dpi to preformance but to say that it makes it much faster NO. All in all, I have not had a good experience with SonicWall at all. I would have been better off buying a simple soho router for a few euros.
Now my question is there a chance that it will really become more stable after a firmware update on the firewall or is that just a waste of time?
Best Answer
-
TKWITS Community Legend ✭✭✭✭✭
Gen 7 Sonicwalls should always be updated before being put into production. The firmwares they are shipped with are terrible. FWIW the 2 month lockup issue was corrected almost a year ago, it was a memory leak.
As for Capture Client (really as with most things) understand what you are implementing before doing it! Start with a subset of devices as a test, iron out issues, then deploy to all.
0
Answers
Thanks for the quick response.
I'm going to update that firmware.
Just a bit strange that you can still buy firewalls with 2/3 year old firmware. SonicWall could have at least recalled those things from the suppliers.
But about that capture client and sslvpn I just bought endpoint protection from the same vendor to avoid this kind of problem. This is the least I can expect for the amounts they charge for those licenses. (just testing whether a remote desktop session works well over an sslvpn if capture client is installed on an rds server) All I expect is a good working product. And I think I can expect that for the prices SonicWall charges.
And btw I'm trying to get a good working baseline before I really tweak the access rules of my vlan segments.
We have already purchased an high availability appliance, but first this setup has to work flawlessly.
I appreciate your quick response I'm just a little annoyed after wasting a long day with this crap.
thx again
Some of us have been on Gen7 from the start and were the ones providing support with feedback. You should feel lucky you don't have to wait months, or years, for actually fixes.
Not to get too philosophical, 'DevOPS' and 'Agile' development are why earlier firmwares were garbage. Deadlines to meet, 'scrums' and 'sprints', all the while basic functions are left behind. Software development ain't what it used to be...