Immediately after running a battery of "Crypto" tests our Nsa 4650 fails
Ian_Cook
Newbie ✭
Just recently our Nsa 4650 started dropping the interfaces after running a battery of crypto tests. It seems to only do it in the morning.
Looking at the logs it shows several crypto tests then it shows all of the interfaces going down then up again.
I recently updated to the most recent firmware for my device this morning, but the problem happened again immediately. Does anyone know what these crypto tests are and why they would be causing the firewall to go down?
Best Answer
-
CORRECT ANSWERArkwright
Community Legend ✭✭✭✭✭
It's random though, script kiddies doing bulk login attempts. Just because it doesn't crash immediately does not mean your device is not vulnerable.
Disabling SSLVPN service on WAN and leaving it for some time is probably best way to be sure.
Issue was resolved in 6.5.4.15:
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
2
Answers
We are experiencing the same issue, started happening sometime late last week.
Hmmm, this also started sometime last week. Have you reached out to sonicwall? I'm currently trying to get my support contract renewed, but we ran into some issues.
Another thing that might be helpful is that just before the error, the logs show this. It appears that DNS isn't resolving? One of my address objects says it can't resolve, then it tries to resolve the CFS server (we aren't licensed for CFS). It then runs the battery of Crypto tests just before it drops all connections.
we have the same problem, all interfaces drops right after Crypto tests (successfully) ran.
anyone got something on this ?
What is uptime on here? These log messages look like your firewall is rebooting.
As far as I can tell, the firewall isn't rebooting, but all of the links are dropping and coming back up. It takes on average just under three minutes. I was able to locate an older firewall but the same version (NSA 4650), and on Friday, I did a backup of the configuration of the firewall and swapped the two out. The switch rebooted itself twice in the same way (as far as I can tell) and then hasn't dropped since. This has baffled me a bit more, because the issue happened twice on the new(old) firewall, but then it stabilized and hasn't done it again since Friday. This makes me happy, of course, but confused. It points to bad hardware. The other bad part is that these firewalls are end of life, so I'm not sure how useful it would be for me to try and get this one going. I'm already in the process of getting another year of support for it, so I might just limp by for another year and find a different firewall later.
Anyway, it does look like it might be some kind of hardware problem.
Funnily enough, yours could be the fourth thread with posts in this month from different gen6 users with rebooting firewalls:
My guess is this SSLVPN vuln that was patched recently.
Fascinating. I'll lave to look through these posts. Thanks.
So, it sounds an awful lot like the same issue that they are having.
The version of firmware that the issue started happening on was 6.5.4.7-83n, then I went in and upgraded the firmware to 6.5.4.13-105n but the problem persisted. As I mentioned earlier, our firewall is not under contract, so I'm waiting for the the license to come through.
While troubleshooting, I swapped out an old firewall (same model) that is currently running 6.5.4.7-83n, and the problem has not happened at all. So, that's a little confusing.
We've been having a very similar issue for 4 days now. The interfaces did not show down/up in the logs but certainly seemed to behave like they were bouncing after several crypto tests. It would take down our whole network for about 2 minutes every few hours. We've just updated to firmware to 6.5.4.15 so I'll report back tomorrow if it cleared this up or not.
Can confirm that the firmware update to to 6.5.4.15 did fix this for us, no more network bounces and the crypto test events have not occurred since. Thank you!