Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

SRA/SMA v8.x Migration

SonicWall PSIRT strongly suggests that organizations still using unsupported 8.x firmware for SMA 100 Series and the older SRA series devices take immediate action to upgrade their firmware or disconnect their appliances. This thread is for discussions about the upgrade process.

More information to follow shortly.

Category: Secure Mobile Access Appliances
Reply

VP, Web and Digital Experience, SonicWall. Get my attention by tagging @Terri on the Community.

Comments

  • TerriTerri Administrator
    edited July 15


    *POST EDITED BY AUTHOR ON 7/14 FOR FORMATTING CLARITY*

    SOURCE: https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/

    Through the course of collaboration with trusted third parties, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials. The exploitation targets a known vulnerability that has been patched in newer versions of firmware.

    SonicWall PSIRT strongly suggests that organizations still using 8.x firmware review the information below and take immediate action.  


    IMPACT

    Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA and SMA 100 series products are at imminent risk of a targeted ransomware attack.


    RESOLUTION

    Organizations using the following end-of-life SMA and/or SRA devices running firmware 8.x should either update their firmware or disconnect their appliances per guidance below.

    • SRA 4600/1600 (EOL 2019)
      • Disconnect immediately 
      • Reset passwords
    • SRA 4200/1200 (EOL 2016)
      • Disconnect immediately
      • Reset passwords
    • SSL-VPN 200/2000/400 (EOL 2013/2014)
      • Disconnect immediately 
    • SMA 400/200 (Still Supported, in Limited Retirement Mode)
      • Update to 10.2.0.7-34 or 9.0.0.10 immediately
      • Reset passwords
      • Enable MFA
      • Reset passwords

    While not part of this campaign targeting SRA/SMA firmware 8.x, customers with the following products should also ensure that they’re on the latest version of firmware to mitigate vulnerabilities discovered in early 2021.

    • SMA 210/410/500v (Actively Supported)
      • Firmware 9.x should immediately update to 9.0.0.10-28sv or later
      • Firmware 10.x should immediately update to 10.2.0.7-34sv or later

    IMPORTANT: If your organization is using a legacy SRA appliance that is past end-of life status and cannot update to 9.x firmware, continued use may result in ransomware exploitation.


    MITIGATION

    The affected end-of-life devices with 8.x firmware are past temporary mitigations. Continued use of this firmware or end-of-life devices is an active security risk.

    To provide a transition path for customers with end-of-life devices that cannot upgrade to 9.x or 10.x firmware, we’re providing a complimentary virtual SMA 500v until October 31, 2021. This should provide sufficient time to transition to a product that is actively maintained. 

    As additional mitigation, you should also immediately reset all credentials associated with your SMA or SRA device, as well as any other devices or systems using the same credentials. As always, we strongly recommend enabling multifactor authentication (MFA).

    VP, Web and Digital Experience, SonicWall. Get my attention by tagging @Terri on the Community.

  • MgnfcntBstrdMgnfcntBstrd Newbie ✭
    • SSL-VPN 200/2000/400 (EOL 2013/2014)
      • Disconnect immediately 
      • Reset passwords
      • Viking Funeral*


  • YossiZYossiZ Newbie ✭

    @Terri will the complimentary virtual SMA 500v be added to our account or do we need to request it? its currently not listed.

  • BobbyBobby SonicWall Employee

    Yossiz - if your account had a EOL SSL VPN product that is on the 8.x code, then the 500v should have been automatically loaded into your mysonicwall account.

  • YossiZYossiZ Newbie ✭

    We have an active device on 8.x and it was not added. Not sure who can deal with this issue, Sales, Customer service or Tech support. any help would be appreciated.

  • BobbyBobby SonicWall Employee

    I would ask for your serial or your username info - but being this is an open forum, I do not particularly wish to expose that info. I will ask the site admin here to pull your record and identify the mysonicwall account. Can you tell me if this particular device is in that account, or if it would be in a different account? Second option- do you have contact or association with one of our sales team members? If so, you can also email them and provide that information - ask them to send that over to Bobby Cornwell

  • BobbyBobby SonicWall Employee

    @YossiZ after reviewing your account - what I see is that there is a 500v that is running the 8.x code. That product is eligible to be upgraded to 10.x code and should be as soon as possible. There was an announcement that went out in June for that product line to have it move to version 10. That is why you did not see an additional 500v trial get loaded into your mysonicwall account. Since this appliance was not EOL (End of Life).

    I also see you have been with SonicWall for a while by some of the products listed in your account. Thank you for being a part of SonicWall for so long.

  • YossiZYossiZ Newbie ✭

    Thanks Bobby. really appreciate the extra steps. at this point, as an existing customer, access to this urgent mitigation would be appreciated, while we sort out to current appliance setup and retirement.

  • MgnfcntBstrdMgnfcntBstrd Newbie ✭

    @Terri

    We finally retired a client's SSL-VPN 2000 today and ordered an SMA 6210 to replace it. We previously had 25 SSL-VPN licenses on their old NSA 3500s as a backup, but it looks like those didn't survive the upgrade to the 4650s. Would it be possible to either get those migrated over, or get a trial license for some on the 4650s until the new box is set up?

  • SimonSimon Moderator
    edited July 15

    @YossiZ

    I would add that upgrading a 500v from 8.x to anything newer requires deploying a new OVA. There have been a couple of changes to the underlying virtual machine since 8.1 and the migration of an 8.x config to 10.2 will need some intermediate steps.

    You will need a support case for guidance and also for the support engineer to reset the UUID on the back end so the resulting SMA is properly licensed.

  • ITChrisITChris Newbie ✭

    I have multiple affected devices in my account but only one Virtual appliance showed up in our list. I need 6 more appliances added to cover our systems until we can get licenses from distribution.

  • BobbyBobby SonicWall Employee

    @MGNFCNTBSTRD I would need your serial number info to check. If the 25 licenses on the 3500 were purchased (not given as a default license) and the 4650 was a secure upgrade sku - then I can help you with that process. We typically do not do trials on SSL VPN licenses as they are perpetual.. but if you can work with your SonicWall Sales team, they can put in a request where we can do some trail licenses and manually track them for 30 days (that is the standard time process). If you can contact your sales team and pass that serial number over to me - then we can try and accommodate.

  • BobbyBobby SonicWall Employee

    @ITCHRIS We can help you out, but I will need to verify your mysonicwall account through this site admin - then once we review the products in your account, I can have the trials added. We have to change the name, as its not possible to list the same name twice. When we loaded these images into accounts that had product, that was the limitation and the reason for doing a single... plus we are not sure if you have 6 in an account - if they are all active and working or if they may be older equipment that was decommissioned and never removed from the account.

    I will work on getting your account info and review and follow up...

  • ITChrisITChris Newbie ✭
    edited July 16

    Thanks, feel free to email me or call me in order to discuss if needed. I've deleted all old unused devices out of my account earlier. We did have some SRA1200s and a SRA4200 listed but I deleted those about 12pm today. The remaining devices were active.

  • MgnfcntBstrdMgnfcntBstrd Newbie ✭

    @Bobby I sent an e-mail to customer service with the serial numbers yesterday morning, ticket 43736761.

    Are you able to access that information?

Sign In or Register to comment.