NSA2700 - 4433 unreachable intermittently after FW Update SonicOS 7.0.1-R1456
StuartBooth Newbie ✭
in SSL VPN
After recently patching the SW to the recommended firmware to close of the identified vulnerability we been finding that SSLVPN/Virtual Office port 4433 becomes unavailable after a few days and doesn't work again unless the unit is rebooted.
Remote users are unable to access the Virtual Office web portal or connect via SSLVPN NetExtender.
Is anyone else seeing anything similar to this since patching?
Category: SSL VPN
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Welcome to the SonicWall community.
I could not find any such reported issues. While it is unreachable if you do a packet capture on the firewall for TCP 4433, what do you see?
Are packets getting dropped, not reaching at all, or reaching but staying in consumed status? That will help further investigate this matter.
You can take help from our support team for a thorough investigation.
Technical Support Advisor, Premier Services
I am having the same issue.
We have a few other customers with similar symptoms now, one case has provided a patched firmware. Currently waiting to see if this resolves the issue
10 days running with hotfix, looking better. Previously, SSLVPN service was dying around the 3 day mark.
Hi @StuartBooth , Please can you post what Hotfix version SonicWall provided for you, so if other users have the issue they know which one to ask support for?
Same issue here. It has going on since we upgraded from Gen 6 firewalls to Gen 7 TZ470's. We have 2 in an HA pair running 7.0.1-R1456 now and SSLVPN will stop working after about 2 weeks. We failover to the standby unit and then reboot our primary and fail back to get SSLVPN working again. We have had a couple support tickets and hotfixes from support but nothing is a long term fix.
The Virtual Access portal is also unresponsive until a reboot.
Has this been resolved with the latest firmware? I believe I am experiencing the same issue on my NSA 2700.
@JustAnotherITGuy , yes you should upgrade to the latest firmware 7.0.1-5030, this was a known issue in 7.0.1-R1456
Just to add to this. We are using 2 x NSA 2700 and we have had this issue since June/July when we upgraded from R906. I wish I could go back easily to be honest ....
We were given a hotfix/patch which seemed to work for 150 days then all of a sudden 6 weeks ago the issue happened again. Rebooting the Sonicwall or in some cases waiting 20-30 minutes it can self soothe somehow.
I contacted Sonicwall support last week as the issue happened 5 days later then was given ANOTHER firmware with another fix then 2.5 days later the same issue happened again. New connections on SSLVPN cant connect and browsing to the HTTPS address of the SSLVPN it grinds for 15 seconds before loading.
We deployed these in March 2020.
First firmware we used was SonicOS 7.0.0-R906 - this did not have the SSLVPN issue and all was fine but we noticed randomly the primary would fail over to the secondary so we called support and were issued SonicOS 7.0.0-R963. This fixed the failover issue but introduced the SSLVPN issue that this thread is talking about so we were then issued SonicOS 7.0.1-R1456 which seemed to fix the issue - we had no SSLVPN issues for 152 days then all of a sudden it fell of a cliff and we got the issue, then 2 weeks later it happened again, then 5 days later it happened again. Contacted support again and were given SonicOS 7.0.1-5030-R2007-H17127-506 which we installed then 2.5 days later the SSLVPN issue happened AGAIN.
We now have a bunch of commands we need to run when the issue happens again as we just seem to be beta testers for this. It looks to be some sort of memory leak from speaking to multiple staff - i have a feeling the "hotfix" is just a bit of a bodge checking if a process starts to consume too much memory and restarting it with the hope nobody notices.
I have a Plan B ready to go as I will just put my NSA 3600 back into production as these 2700 models have been rife with issues.
I just wanted to make sure others knew I felt their pain....