Gen6 - Cloud Backup broken in 6.5.4.9
BWC
Cybersecurity Overlord ✭✭✭
Hi,
as we already know there is something wrong with Cloud Backup on 6.5.4.9. There might be some changes between 6.5.4.8 and 6.5.4.9 which broke it. Internal settings show at least a different configuration dialog:
A Packet-Monitor shows the DNS queries for wsdl.mysonicwall.com on both versions, but there is no attempted communication with that host on 6.5.4.9, at least I can't see any.
Is this already reported? I would guess so considering the amount of complaints I saw.
--Michael@BWC
Category: Mid Range Firewalls
1
Comments
I had an open case on another topic, and because the CSR suggested this update would fix the problem, I installed it.
I reported that the original problem is still questionable, but this new problem had come up and asked the CSR to open a new case about this yesterday. Of course, she didn't - but it was reported....
Edited to include:
@BWC - Michael, case 43850205
Further review of the internal settings shows in 6.5.4.7-83n and 6.5.4.8-89n there are five (5) instances of the phrase "Secure HTTP" and each one is selected (i.e., checked).
In 6.5.4.9-92n there are no instances of the phrase.
I suspect there might be other features/functions not operating properly.
I'll update my ticket with this information.
An extract of my TSR - to feed the case:
Sure looks like they turned it off - no wonder you aren't seeing anything.
A very careful look at the rest of the TSR shows the "Secure HTTP" settings are all enabled. No additional features/functions are affected. Thank goodness!
It's stated in 6.5.4.9 release note.
When the firewall communicates with the cloud on an http connection, the resulting content length header may be big enough to cause a stack overflow on the device. GEN6-2688
When the firewall communicates with the cloud on an http connection, the resulting session ID header may cause a Buffer Overflow on the device first requesting the connection. GEN6-2687
They removed it to prevent BOF.
However the new issue is that cloud backup cant utilize HTTPS and they didn't aware of it.
FYI. NSM SaaS schedule backup seems working fine.
Well, I guess this issue got analyzed very well (for free) and a fix should be imminent.
Thanks @Larry @Nat
--Michael@BWC
I've Logged a case with Sonicwall for this,
Spoke to a first line rep from support
They have mentioned that it has been communicated quite a few times in their ticketing system to the devs.
Devs have replied to most cases that they are working on the issue but no ETA for a fix yet as of 21st of December 2021.
will post as soon as i hear an update
Same experience for me after upgrading to 6.5.4.9 on TZ600 device.
I ran into the exact same problem on SOHO250.
I hope that a solution will be made as soon as possible.
Create Backup > Cloud Backup execution
Status: Error: Failed to upload preference backup file. [Cloud service connection failed [-11]]
Does anyone know if there will be a new firmware released soon to solve this?
I just dont feel good to update to 6.4.5.9 and soon after have to update again to a fixed firmware.
even if i dont use cloud backup on every sonicwall...
@Chojin some users reported this already to SNWL but no ETA for a fixed version.
Interestingly zero/nil/null/nothing from the SNWL officials here in the forum who like to chime in sometimes.
--Michael@BWC
ok thanks for the info maybe i open up a ticket to ask when this is fixed to speed up?
Updated my support case the other day requesting the latest hot fix.
Just received a phone call from Support asking for a remote session!
Here's a recap:
I asked why, and was told it was to transfer the file.
What?
Yes, the file is very large, so I want to transfer it to you in a remote session.
How can a hot fix be larger than the standard firmware update, which is only a couple hundred MB? Could you update the case and include a link? I'll download it.
Oh, I'll see if I can add the file to the case but it is very large - and he then hung up.
Someone needs to review the skill set of the folks they have purportedly helping us...
LOL ... just LOL 😥
--Michael@BWC
update:
Greetings from SonicWall!
As per our engineers, the issue has been resolved. Please check, And update us back.
looking forward from you!
i haven't tested this yet so will confirm once tested i'm just passing on information i had
@Robbert what does that mean? Should it been fixed at the backend or did you got a hotfix?
I'am still running 6.5.4.9-92n and the problem persists.
--Michael@BWC
@BWC - Michael, I installed the hotfix over the weekend and the cloud back-up functionality has been restored. Later today I'm going to compare TSRs to see what else has been corrected.
However, there was no mention from the CSR as to when the full update will be available. I believe you have to open a Support case to be able to get this fix. I don't want to publish the link I eventually received because I don't recall what the Community rules are about something like that.
@Larry I'll wait until it gets officially released, I did not rolled out 6.5.4.9 in masses and don't wanna spread some hotfix which gets replaced shortly thereafter. Time is to precious. I guess @Robbert quoted an email from SNWL when receiving the HF.
--Michael@BWC
@Larry @BWC
Were running 6.5.4.8-89n and have been fine up until the new year, with most of ours stopping on 12/29/2021 or 12/30/2021
Automatic backups are no longer working but manual backups are.
Have you seen this issue?
@fairrite we need to be careful to not mix the topics (6.5.4.8 vs 6.5.4.9) here, but I can confirm on 6.5.4.8 that it stopped on Dec 29th but only on two TZ appliances I checked, another NSa was saving the config on Jan 1st, 4th and 8th. Another NSa 2650 stopped on Dec 28th, there is something up for sure, but not consistently.
--Michael@BWC
@fairrite thanks for the "heads up." Sure enough, the one TZ have at 89n stopped last year. Good ol' Y2K22...
I'm going to open a new Support case on this stupidity.
@BWC @Larry
This email was indeed an update from sonicwall support
they have attached a hotfix, i'm not sure if i'm allowed to upload it here,
but i have currently asked them for all gen6 models as i only got a tz hotfix whereas i will be needed HF for nsa models as wel
can anyone tell me if i'm allowed to upload the file here because i will just change the extension name to whatever the input is allowing me to do and people will have to change the extension again when they download it
@Robbert AFAIK it's not allowed to re-distribute the Firmware file, every customer has to open a ticket to get the file by itself. In the past I had to open a Ticket for each and every appliance I needed the hotfix for, which bumps the close rate for tickets pretty good, because they are so easy to handle :)
--Michael@BWC
This!
I had to open a Ticket for each and every appliance I needed the hotfix for
@BWC
i don't know who came up with that policy but creating a ticket for every hotfix version to me seems like a way of bumping statistics quickly, anyway not my problem i don't work for sonicwall
but i will need all of the hotfixes anyway so i'm going to push for it and i'm going to refuse to open a ticket for every single model , thats just sillyness and it will take too much time = money on my agenda to even start a conversation over that with the support guys.
but they "supposedly" have it fixed so i'll ask them in what version the hotfix will be build in and when we can expect that to be on the download page
@Robbert the reason for the "one ticket per hot-fix" is because the ticket is based on the device's serial number. That's how cases are tracked.
It would be nice to create one ticket and include all the serial numbers, but I don't think the CSRs are geared to work with such a logical construct...
sarcastic note: thats way too logical to work like that. fin.
anyway yes it would be nice if it could. to be fair i've had quite a few engineers who were very helpfull and willing to go the extra mile just for the customer but its very rare because usually these people will get upgraded to other teams fairly quick as they get jobs done quite fast.
On 17.Dezember @BWC started this Issue. Today 23. January i run in to it again.
Is there anyone at sonicwall interested in picking up our informations and hand-on experience ? We must stand our man on the front line at customer. Can someone here write a list to send this to the management for getting answer what is the goal with that
Ok i start with these : details in the community
broken Backup
brocken Netextender
brocken VPN
unstable Gui
and the latest : Bootloop when updating Patches
(...)
We were asked by the local product experts why we don´t upgrade to Gen7.
Yes Sir : time is money and my time is really not only for sonicwall. No there is the other player called microsoft. But this is an other story.
WE must earn money with our service and products. And we all want a product to believe on. Then we can praise it to the customer.
But this bill doesn't seem to add up anymore
--Thomas
Gen6 for us stopped Cloud backups as of 12/30/2021 across the board and is still broken for automatic backups, but manual works without a hot fix.
Gen7 is broken too in the exact same way so that will not help.
My issue is the same as listed in this thread. It is across 6.x Versions and 7, I have over 30 firewalls we support and all display the same behavior. I open a case with Sonicwall and we seen that during the Auto backup the event log shoed to many cloud backups and could not create a new backup. The thing that is seen on all these firewalls is that at the end of the year the cloud backups stopped rolling out after 3 files. i had firewalls with as many as 6 Cloud backups all stopping at or around 12/30/21. This was also true on OS7 devices. I Asked the tech to escalate this to there loud backup Eng and a few days later they just closed the case. Bad Support!!! Anyway if you remove all the cloud backups from Year 2021 the cloud backs resume and they seem to be rolling the oldest out after the 3 allowed. I bit of a pain on over 30 firewalls but waiting for them to fix this issue is wasting my time. Anyway Hope this helps.
Well that is some investigative prowess right there!
if you remove all the cloud backups from Year 2021 the cloud backs resume and they seem to be rolling the oldest out after the 3 allowed.
Support only offered limited suggestions - mostly the push to go 92n-hot-fix. I'm going to test this on a specific client device to see what happens. Because I would much rather do this than blindly update firmware across the board!