SRA/SMA v8.x Migration
Terri
Administrator
SonicWall PSIRT strongly suggests that organizations still using unsupported 8.x firmware for SMA 100 Series and the older SRA series devices take immediate action to upgrade their firmware or disconnect their appliances. This thread is for discussions about the upgrade process.
More information to follow shortly.
Category: Secure Mobile Access Appliances
VP, Web and Digital Experience, SonicWall. Get my attention by tagging @Terri on the Community.
0
Comments
*POST EDITED BY AUTHOR ON 7/14 FOR FORMATTING CLARITY*
SOURCE: https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/
Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials. The exploitation targets a known vulnerability that has been patched in newer versions of firmware.
SonicWall PSIRT strongly suggests that organizations still using 8.x firmware review the information below and take immediate action.
IMPACT
Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack.
RESOLUTION
Organizations using the following end-of-life SMA and/or SRA devices running firmware 8.x should either update their firmware or disconnect their appliances per guidance below.
While not part of this campaign targeting SRA/SMA firmware 8.x, customers with the following products should also ensure that they’re on the latest version of firmware to mitigate vulnerabilities discovered in early 2021.
IMPORTANT: If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation.
MITIGATION
The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk.
To provide a transition path for customers with end-of-life devices that cannot upgrade to 9.x or 10.x firmware, we’re providing a complimentary virtual SMA 500v until October 31, 2021. This should provide sufficient time to transition to a product that is actively maintained.
As additional mitigation, you should also immediately reset all credentials associated with your SMA or SRA device, as well as any other devices or systems using the same credentials. As always, we strongly recommend enabling multifactor authentication (MFA).
VP, Web and Digital Experience, SonicWall. Get my attention by tagging @Terri on the Community.
@Terri will the complimentary virtual SMA 500v be added to our account or do we need to request it? its currently not listed.
Yossiz - if your account had a EOL SSL VPN product that is on the 8.x code, then the 500v should have been automatically loaded into your mysonicwall account.
We have an active device on 8.x and it was not added. Not sure who can deal with this issue, Sales, Customer service or Tech support. any help would be appreciated.
I would ask for your serial or your username info - but being this is an open forum, I do not particularly wish to expose that info. I will ask the site admin here to pull your record and identify the mysonicwall account. Can you tell me if this particular device is in that account, or if it would be in a different account? Second option- do you have contact or association with one of our sales team members? If so, you can also email them and provide that information - ask them to send that over to Bobby Cornwell
@YossiZ after reviewing your account - what I see is that there is a 500v that is running the 8.x code. That product is eligible to be upgraded to 10.x code and should be as soon as possible. There was an announcement that went out in June for that product line to have it move to version 10. That is why you did not see an additional 500v trial get loaded into your mysonicwall account. Since this appliance was not EOL (End of Life).
I also see you have been with SonicWall for a while by some of the products listed in your account. Thank you for being a part of SonicWall for so long.
Thanks Bobby. really appreciate the extra steps. at this point, as an existing customer, access to this urgent mitigation would be appreciated, while we sort out to current appliance setup and retirement.
@Terri
We finally retired a client's SSL-VPN 2000 today and ordered an SMA 6210 to replace it. We previously had 25 SSL-VPN licenses on their old NSA 3500s as a backup, but it looks like those didn't survive the upgrade to the 4650s. Would it be possible to either get those migrated over, or get a trial license for some on the 4650s until the new box is set up?
@YossiZ
I would add that upgrading a 500v from 8.x to anything newer requires deploying a new OVA. There have been a couple of changes to the underlying virtual machine since 8.1 and the migration of an 8.x config to 10.2 will need some intermediate steps.
You will need a support case for guidance and also for the support engineer to reset the UUID on the back end so the resulting SMA is properly licensed.
I have multiple affected devices in my account but only one Virtual appliance showed up in our list. I need 6 more appliances added to cover our systems until we can get licenses from distribution.
@MGNFCNTBSTRD I would need your serial number info to check. If the 25 licenses on the 3500 were purchased (not given as a default license) and the 4650 was a secure upgrade sku - then I can help you with that process. We typically do not do trials on SSL VPN licenses as they are perpetual.. but if you can work with your SonicWall Sales team, they can put in a request where we can do some trail licenses and manually track them for 30 days (that is the standard time process). If you can contact your sales team and pass that serial number over to me - then we can try and accommodate.
@ITCHRIS We can help you out, but I will need to verify your mysonicwall account through this site admin - then once we review the products in your account, I can have the trials added. We have to change the name, as its not possible to list the same name twice. When we loaded these images into accounts that had product, that was the limitation and the reason for doing a single... plus we are not sure if you have 6 in an account - if they are all active and working or if they may be older equipment that was decommissioned and never removed from the account.
I will work on getting your account info and review and follow up...
Thanks, feel free to email me or call me in order to discuss if needed. I've deleted all old unused devices out of my account earlier. We did have some SRA1200s and a SRA4200 listed but I deleted those about 12pm today. The remaining devices were active.
@Bobby I sent an e-mail to customer service with the serial numbers yesterday morning, ticket 43736761.
Are you able to access that information?