Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Gen7 Firmware 7.0.1-5050 released

BWCBWC Cybersecurity Overlord ✭✭✭

Hi all,

there is a new Firmware available for Gen7 and the Release Notes are listing a ton of bugs as fixed (which we all hope for). Many of them where addressed here in the Community already.

I strongly suggest to have a deeper look into this and update if suitable.

The listed "Additional References" section is huge and a bit concerning which bugs might hidden behind all of that.

--Michael@BWC

Category: Entry Level Firewalls
Reply

Comments

  • TKWITSTKWITS Community Legend ✭✭✭✭✭
    edited February 2022

    I usually find the Known Issues section more helpful than the fixes.

    GEN7-29058 A wildcard FQDN object will not resolve subdomains unless a www FQDN object is also created.

    No wonder my wildcard AOs are hit or miss.... Will have to implement the workaround.

    I'll be upgrading to this tonight and update the thread. Thanks for the heads up.

  • Simon_WeelSimon_Weel Enthusiast ✭✭

    Let me get this straight - this means I have to create TWO address objects in case I use a wildcard? Like if I create an address object *.microsoft.com, I also have to create www.microsoft.com?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Simon_Weel according to the Release Notes it sounds that way, but it should be easy to verify.

    --Michael@BWC

  • ThKThK Cybersecurity Overlord ✭✭✭

    @BWC my vpn connection to my headquater suddenly starts working automatically ...suprise suprise.... after rebooting my tz370 with 5050 an my nsa2700 I already patched in the afternoon. I just decided to stay in homeoffice for the rest of the week.

    Thanks a lot to sonicwall. i always believed in you

    --Thomas

    🤔

  • Piotr81Piotr81 Newbie ✭

    I already applied latest release and I hope will be rock solid this time. I've got to many problems with not responding GUI and Core 0 CPU usage 100% what was finished reboot device. I got 2 patch fix from support what improve a little bit stability but after 2 weeks firewall stop responding. Everything was working in the network but you couldn't login to device and also device was disconnected from cloud manage console.

    Very interesting how fix will device now:

    GEN7-30532 Core 0 gradually increases to 100% utilization after about 12 hours.

    GEN7-29043 Client DPI-SSL may cause high CPU utilization.

    GEN7-29383 Firewall appliances may stop responding.


    Thanks a lot for your work and let's hope will works now!

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    I bit the bullet and upgraded during the lunch hour yesterday. I will wait a couple more days for my findings as coincidentally our security services licenses expired and the results Im seeing may be because of that, rather than the firmware change. Once the license gets reapplied I will provide additional insight.

    For now though I haven't had any problems after almost 24 hrs.

  • RinconmikeRinconmike Enthusiast ✭✭

    A lot of additional fixes that sonicwall does not list what they are:

    The following additional resolved issues in this release are listed here for reference: GEN7-22240, GEN7-23631,GEN7-23834,GEN7-24321,GEN7-25750,GEN7-25751,GEN7-25813,GEN726604, GEN7-26622, GEN7-26793,GEN7-27090,GEN7-27367,GEN7-27471,GEN7-27508,GEN7-27512, GEN7-27542, GEN7-27555,GEN7-27725,GEN7-27727,GEN7-27728,GEN7-27863,GEN7-27866,GEN727927, GEN7-27948, GEN7-27954,GEN7-27957,GEN7-27958,GEN7-28005,GEN7-28022,GEN7-28055, GEN7-28056, GEN7-28082,GEN7-28084,GEN7-28111,GEN7-28116,GEN7-28120,GEN7-28124,GEN728155, GEN7-28163, GEN7-28175,GEN7-28177,GEN7-28182,GEN7-28222,GEN7-28223,GEN7-28272, GEN7-28276, GEN7-28278,GEN7-28366,GEN7-28386,GEN7-28391,GEN7-28403,GEN7-28413,GEN728436, GEN7-28444, GEN7-28462,GEN7-28480,GEN7-28492,GEN7-28496,GEN7-28497,GEN7-28508, GEN7-28547, GEN7-28548,GEN7-28570,GEN7-28595,GEN7-28596,GEN7-28617,GEN7-28624,GEN7-28626, GEN7-28657, GEN7-28665,GEN7-28692,GEN7-28717,GEN7-28735,GEN7-28740,GEN7-28741, GEN7-28745, GEN7-28747,GEN7-28748,GEN7-28753,GEN7-28754,GEN7-28769,GEN7-28778,GEN728779, GEN7-28799, GEN7-28829,GEN7-28830,GEN7-28856,GEN7-28857,GEN7-28862,GEN7-28872, GEN7-28889, GEN7-28901,GEN7-28914,GEN7-28934,GEN7-28978,GEN7-29084,GEN7-29103,GEN729111, GEN7-29165, GEN7-29174,GEN7-29176,GEN7-29184,GEN7-29237,GEN7-29247,GEN7-29264, GEN7-29288, GEN7-29298,GEN7-29318,GEN7-29339,GEN7-29344,GEN7-29350,GEN7-29355,GEN729543, GEN7-29548, GEN7-29619,GEN7-29683,GEN7-29740,GEN7-29768,GEN7-29772,GEN7-29773, GEN7-29796, GEN7-29809,GEN7-29830,GEN7-29843,GEN7-29844,GEN7-30018,GEN7-30083,GEN730308, GEN7-30333, GEN7-30445,GEN7-30448,GEN7-30482,GEN7-30505,GEN7-30532,GEN7-30595, GEN7-30619, GEN7-30741,GEN7-30768,GEN7-30772,GEN7-30908,GEN7-30990

  • RobbertRobbert Newbie ✭

    Right so here's our first experience with a TZ670 HA bundle on the new firmware which we're testing.

    upgraded the units about 2 hours ago to the 5050 firmware from 5030.

    One of my Colleagues was Qcing some config and he sat on the routing policy page as he was just looking at some entries out of the blue the Sonicwall failed over to its secondary unit, no errors in the logs at first hand, i will have a look at the tracelogs in a bit and update here but the primary unit didn't even seem to have rebooted.

    @BWC can you or anyone else let me know your experiences because we've only done it now on a set of units which we could easily reverse the firmware if needed.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Quick follow up:

    No issues so far. RAM usage has been much more stable around 35% as opposed to starting at 40% and steadily rising. This is with full security services license and DPI-SSL on.

  • prestonpreston All-Knowing Sage ✭✭✭✭

    @BWC & @TKWITS

    F.Y.I. Pinging to the firewall Interface, also is now consistent with this release not going up and down like previous firmware versions

  • SmashSmash Newbie ✭

    Upgraded my home TZ270 without issue yesterday. Looking to schedule out the office 4700 HA shortly. Thanks Sonicwall!

  • Piotr81Piotr81 Newbie ✭

    After long 6 day ran, firewall stop responding via website. I can ping, I can login via console cable, I see in NMS and can browse from, but I cant login from LAN to web GUI interface. Everything seems to be working except web GUI interface.

  • RobbertRobbert Newbie ✭

    Thanks all for keeping this thread going.

    so my update from my end, with our tz670 HA bundles i've ran into an issue with the 5050 firmware

    where i cannot access the standby unit on the standby monitoring ip anymore after the upgrade...

    anyone else wants to weigh in on this? , checked arp tables for pot. missing info there but that looks fine.

    when i do failover i can only access the active unit.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    @Robbert I would open a ticket with support regarding your issue. It'll be a bit of a pain working with them, but they should be made aware of it.

  • RobbertRobbert Newbie ✭

    Yeah i'm already opening a ticket with them , thanks for the tip though.. our reseller has already confirmed that they can reproduce this issue as wel but they are trying to find the technical cause as to where it sits to provide some help

  • prestonpreston All-Knowing Sage ✭✭✭✭
    edited February 2022

    Hi @Piotr81, I am seeing this also with the 5050 firmware, it passes traffic normally and can ping X0 but the Web GUI stops working randomly after a few days, it only seems to affect X0 in my testing, when it happens I can RDP to a Server on a Different Interface X2 and then access the Management GUI via that Interface IP.

    I was seeing this every now and again on the Previous firmware 5030, but I couldn't ping the X0 either but it still passed traffic and could get to it via another Interface.

    in both cases a reboot fixes it until it happens again


    F.Y.I. @EnaBev , @Mallik ,@TIJU

  • RobbertRobbert Newbie ✭

    i wonder if this would also affect Vlan interfaces below the X0

  • RussFRussF Newbie ✭

    I was pretty excited about the list of problems that 5050 seems to resolve and had scheduled downtime this weekend to upgrade our TZ470, but after following this thread, I think I will hold off for a while to see how this turns out.

    Russ

  • prestonpreston All-Knowing Sage ✭✭✭✭

    Not sure as I don't have any sub interfaces on X0, maybe someone at SonicWall will confirm it is a known issue and inform us of a hotfix version we can request from Support

  • Piotr81Piotr81 Newbie ✭

    I've created ticket with them and expect fix in the short time. I have different vendor firewall on my desk for test but I don't like it. My Technical Director is not happy that I have so many problems with firewall and we can't sell them to customers. I like Sonicwall, look nice, full of configuration settings but is not stable. I hope support sort all problems with stability very quick this time. They are very close is just GUI;) Keep cross my all fingers...

  • RinconmikeRinconmike Enthusiast ✭✭

    My TZ670 is on 7.0.1-5030.

    Any new negative reports on the 7.0.1-5050?

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited March 2022

    @Rinconmike besides some PPPoE oddities (which do not seem 5050 specific) I would highly recommend 5050 over 5030. No reports of crashes etc so far.

    Update: Currently only TZ without HA deployed, I heard weird stories about HA deployments, but will face that myself next month at the earliest.

    --Michael@BWC

  • RinconmikeRinconmike Enthusiast ✭✭

    I installed 5050 a week ago and no issue. I notice today that 5051 is out and 5050 is not listed on the previous firmware.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    I got their email announcing 5051 and noticed 5050 was removed. I think the issues fixed in 5051 were likely introduced in 5050, which is why they pulled it.

    So for those playing the game, update to 5051 ASAP.

  • jasni26jasni26 Newbie ✭

    We're running an NSA3700 Cluster and since the update to 7.0.1.5051 we have the problem, that after about 18-36h the active firewall is not reachable anymore and the passice firewall takes over. After another 18-36h the remaining firewall is also not reachable und connections are lost.

    Only way to get the firewall (single or ha cluster) is to powercycle the firewalls.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    @jasni26 Open a ticket with support. It's gonna be painful but they may have a hotfix.

  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited April 2022

    @jasni26 you should have a look in the newly released 7.0.1-5052 which addresses some issues regarding HA and nearly 4 pages of other resolved issues.

    I expected a 5060 release, but I gues we're not there yet.

    --Michael@BWC

  • TKWITSTKWITS Community Legend ✭✭✭✭✭
    edited April 2022

    As Larry pointed out in the other thread there isn't actually much difference between the resolved fixes between 5051 and 5052...

Sign In or Register to comment.