Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

TZ670 Max DPI-SSL Connections not correct

The specs show the Max DPI SSL Connections on the TZ670 as 75,000. See page 6.

https://www.sonicwall.com/medialibrary/en/datasheet/sonicwall-tz-series-gen-7.pdf

My TZ670 lists only 30,000 under /Policy/DPI-SSL/Client SSL

Why does it not list 75,000?

i saw a youtube video of the 670 and it showed the 75,000


Category: Entry Level Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    prestonpreston All-Knowing Sage ✭✭✭✭
    edited August 2021 Answer ✓

    Hi @Rinconmike, go in via SSH, put them in speech marks as below, you should be able to delete them then

    conf

    dpi-ssl client

    (config-client-dpi-ssl)# no common-name "cloud-fes-us2.acronis.com:44445"


    (config-client-dpi-ssl)# no common-name "cloud-fes-eu1.acronis.com:44445"

    exit

    commit


    F.Y.I. you don't need to add the port numbers after the common name entry

    If you have a support case open regarding this you should add the workaround to it so that support are aware

«1

Answers

  • SaravananSaravanan Moderator

    Hi @RINCONMIKE,

    Thank you for visiting SonicWall Community.

    I tested this scenario on one of my TZ 670's and found that the max DPI-SSL connections are 30000. The same is confirmed from the TSR of my firewall. My firewall runs on 6.5.4.7 latest firmware version. What about yours?

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • RinconmikeRinconmike Enthusiast ✭✭

    I did not think the new Gen 7 ran 6.5.

    My TZ 670 is running the latest release of

    Firmware Version

    SonicOS 7.0.1-R1262

  • SaravananSaravanan Moderator

    Hi @Rinconmike,

    It was my bad. Wrong window. My firewall also runs on version SonicOS 7.0.1-R1262. Apologies once again. The datasheet needs to be corrected I guess, let me have this checked and update this post here.

    Thanks for your patience.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • RinconmikeRinconmike Enthusiast ✭✭

    Maybe it is a firmware bug?

    There is a Youtube video the person confirmed he has a TZ670 and it shows 75000

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi guys,

    this is an interessting discussion, if 30K should be the correct value for a TZ 670, what will be the values for the other Gen7 devices? Even a TZ 370 is already listed with 30K. This would mean only 5K more connections than a Gen6 device? Hmm.

    75K was the official value communicated to the Partners when introducing Gen7, so I guess it's a software limitation?

    --Michael@BWC

  • SaravananSaravanan Moderator

    Hi @Rinconmike & @BWC,

    I'll check this with corresponding resource and update the thread here. Please standby.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • RinconmikeRinconmike Enthusiast ✭✭

    I just updated the firmware to SonicOS 7.0.1-R1456 and the same30,000 connections.

  • RinconmikeRinconmike Enthusiast ✭✭

    Any more info on this?

  • SaravananSaravanan Moderator

    Hi @RINCONMIKE,

    Sorry for the delay in response. I had verified this but forgot to update the post. My Bad!!!

    At this moment, we would need to take help from the back-end team in-order to accommodate the value defined in the datasheet. Please approach our support team for assistance on this request.


    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Saravanan I'am not a native english speaker and get confused all the time, but what does this even mean? Is it 75K or just 30K, which would be wrongful advertising? Why does a simple question end up in a support case?

    --Michael@BWC

  • SaravananSaravanan Moderator

    Hi @BWC,

    Whatever is given in the Datasheet is the right one. The reason I asked to open up a support case is to report this incorrect value and get it corrected from the right resource.

    Hope this clarifies.

    Regards

    Saravanan V

    Technical Support Advisor - Premier Services

    Professional Services

  • RinconmikeRinconmike Enthusiast ✭✭

    I opened the support case weeks ago. So real answer from support. Just that my device and the lab devices show 30,000. I asked support to test lab devices on previous firmware to see if it shows the 75,000. I provided the youtube link form a sonicwall rep demonstrating SSL on a 670 and the screen shows his is 75,000. this was Jan 21 timeframe the video was posted.

  • RinconmikeRinconmike Enthusiast ✭✭

    Still nothing from support on this. I guess sonicwall needs to change what they published in some documents.

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    They should refund all purchases due to false advertising or offer a free upgrade to a unit that can actually support the number of connections advertised in the original datasheets. But you can bet neither will happen.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi all, was this situation ever resolved? Datasheets still showing 35K/50K/75K for TZ470/570/670 but the UI says otherwise 30K for all.

    Will there be an official statement on that?

    --Michael@BWC

  • RinconmikeRinconmike Enthusiast ✭✭

    Case open since around 6/2. Last response from support is "Engineering is investigating on this issue with priority, I will keep you posted the updates as soon as I have more info."

    I have three cases open for different issues. Same response.

  • TIJUTIJU Moderator

    Hi All,

    Our Engineering Team has found the issue which was causing this on the TZ platforms. The plan is to fix this issue in the upcoming release. I will keep everyone posted on the ETA of the new build. Please stay tuned for further updates from our end on this.

    Regards,

    Tiju

  • RinconmikeRinconmike Enthusiast ✭✭

    I updated to

    SonicOS 7.0.1-5018

    Shows the same.

    Also, I still have the issue where I cannot delete certain Custom Common Names I noted in another post.

    No real responses from Sonicwall on any of my cases. Just waiting to hear back from the back end team or engineering.

  • prestonpreston All-Knowing Sage ✭✭✭✭

    Hi @Rinconmike, are these the two you mean below ? I'm on the latest firmware and I can delete them fine, what firmware were you on when you added them?


    cloud-fes-us2.acronis.com:44445

    cloud-fes-eu1.acronis.com:44445

  • RinconmikeRinconmike Enthusiast ✭✭

    It is a bug of how they were added. If I manually add the item by clicking Add you can add and delete.

    However, these were added by clicking show connection failure, these are listed, click on the box to select, the click exclude. Once these were added, no way to delete.

    Now that they are there, if I manually add one, it will list it twice and I can delete the one manually added. But not the other one.

    Error message is

    Command 'no common-name cloud-fes-us2.acronis.com%3A44445 action exclude disable-authenticate-server' does not match


    No resolution after 2 months.

  • RinconmikeRinconmike Enthusiast ✭✭

    I added these around 6/1. Probably was on 7.0.1-R1262.

    Support supposedly tried using my EXP and have the same issue on deleting. I asked them to try different firmware. Not sure of they did.

    I am even ok to default the common name list but that is not an option. I do not want to default the entire device. That would suck!

  • RinconmikeRinconmike Enthusiast ✭✭

    thanks. I am not sure how to do that.

    All I did was click Exclude from the Common Name Failure List. I did not think the system would add something the wrong way!. I learned not to do that anymore

  • prestonpreston All-Knowing Sage ✭✭✭✭
    edited August 2021

    @Rinconmike , enable SSH (TCP 22) on the Interface you are connecting to the SonicWall on, then either use putty or the built-in SSH Bookmark and then login with your admin username and password

    copy the commands from above to notepad or Notepad++ first before importing so the formatting is correct, I don't think you can copy and paste in to the SSH in the Browser, but you can with putty.

    Just to let you know I did replicate your issue first and could see you couldn't delete via th GUI

  • LarryLarry All-Knowing Sage ✭✭✭✭

    I have no "skin in the game" for Gen 7 devices for at least another year or two, but this is an interesting post.

    Engineering found a flaw that was identified by a member of the SonicWall community by way of a Support Case, but highlighted in a public posting.

    I think a key discussion point should be: How did this flaw manage to get by QA testing? More importantly: How is it possible that something this distinctive was not noticed in the year since the model was introduced?

    But I doubt there will be any results of the post-mortem published here...

  • RinconmikeRinconmike Enthusiast ✭✭

    I enabled SSH in the interface. Followed the steps with Putty and it worked.

    Thank you. 2 months with Sonicwall Support and nothing!!

  • RinconmikeRinconmike Enthusiast ✭✭
    edited August 2021

    FYI, if I do not have the port numbers in then Acronis backup fails.

    these are not enough

    acronsi.com

    .acronis.com

    cloud-fes-eu1.acronis.com

    Needs to be like:

    cloud-fes-eu1.acronis.com:44445

  • RinconmikeRinconmike Enthusiast ✭✭

    Still nothing from Sonicwall on the incorrect max DPI-SSL on the TZ670

Sign In or Register to comment.