Gen7 Firmware 7.0.1-5050 released
BWC
Cybersecurity Overlord ✭✭✭
Hi all,
there is a new Firmware available for Gen7 and the Release Notes are listing a ton of bugs as fixed (which we all hope for). Many of them where addressed here in the Community already.
I strongly suggest to have a deeper look into this and update if suitable.
The listed "Additional References" section is huge and a bit concerning which bugs might hidden behind all of that.
--Michael@BWC
Category: Entry Level Firewalls
1
Comments
I usually find the Known Issues section more helpful than the fixes.
GEN7-29058 A wildcard FQDN object will not resolve subdomains unless a www FQDN object is also created.
No wonder my wildcard AOs are hit or miss.... Will have to implement the workaround.
I'll be upgrading to this tonight and update the thread. Thanks for the heads up.
Let me get this straight - this means I have to create TWO address objects in case I use a wildcard? Like if I create an address object *.microsoft.com, I also have to create www.microsoft.com?
@Simon_Weel according to the Release Notes it sounds that way, but it should be easy to verify.
--Michael@BWC
@BWC my vpn connection to my headquater suddenly starts working automatically ...suprise suprise.... after rebooting my tz370 with 5050 an my nsa2700 I already patched in the afternoon. I just decided to stay in homeoffice for the rest of the week.
Thanks a lot to sonicwall. i always believed in you
--Thomas
🤔
I already applied latest release and I hope will be rock solid this time. I've got to many problems with not responding GUI and Core 0 CPU usage 100% what was finished reboot device. I got 2 patch fix from support what improve a little bit stability but after 2 weeks firewall stop responding. Everything was working in the network but you couldn't login to device and also device was disconnected from cloud manage console.
Very interesting how fix will device now:
GEN7-30532 Core 0 gradually increases to 100% utilization after about 12 hours.
GEN7-29043 Client DPI-SSL may cause high CPU utilization.
GEN7-29383 Firewall appliances may stop responding.
Thanks a lot for your work and let's hope will works now!
I bit the bullet and upgraded during the lunch hour yesterday. I will wait a couple more days for my findings as coincidentally our security services licenses expired and the results Im seeing may be because of that, rather than the firmware change. Once the license gets reapplied I will provide additional insight.
For now though I haven't had any problems after almost 24 hrs.
A lot of additional fixes that sonicwall does not list what they are:
The following additional resolved issues in this release are listed here for reference: GEN7-22240, GEN7-23631,GEN7-23834,GEN7-24321,GEN7-25750,GEN7-25751,GEN7-25813,GEN726604, GEN7-26622, GEN7-26793,GEN7-27090,GEN7-27367,GEN7-27471,GEN7-27508,GEN7-27512, GEN7-27542, GEN7-27555,GEN7-27725,GEN7-27727,GEN7-27728,GEN7-27863,GEN7-27866,GEN727927, GEN7-27948, GEN7-27954,GEN7-27957,GEN7-27958,GEN7-28005,GEN7-28022,GEN7-28055, GEN7-28056, GEN7-28082,GEN7-28084,GEN7-28111,GEN7-28116,GEN7-28120,GEN7-28124,GEN728155, GEN7-28163, GEN7-28175,GEN7-28177,GEN7-28182,GEN7-28222,GEN7-28223,GEN7-28272, GEN7-28276, GEN7-28278,GEN7-28366,GEN7-28386,GEN7-28391,GEN7-28403,GEN7-28413,GEN728436, GEN7-28444, GEN7-28462,GEN7-28480,GEN7-28492,GEN7-28496,GEN7-28497,GEN7-28508, GEN7-28547, GEN7-28548,GEN7-28570,GEN7-28595,GEN7-28596,GEN7-28617,GEN7-28624,GEN7-28626, GEN7-28657, GEN7-28665,GEN7-28692,GEN7-28717,GEN7-28735,GEN7-28740,GEN7-28741, GEN7-28745, GEN7-28747,GEN7-28748,GEN7-28753,GEN7-28754,GEN7-28769,GEN7-28778,GEN728779, GEN7-28799, GEN7-28829,GEN7-28830,GEN7-28856,GEN7-28857,GEN7-28862,GEN7-28872, GEN7-28889, GEN7-28901,GEN7-28914,GEN7-28934,GEN7-28978,GEN7-29084,GEN7-29103,GEN729111, GEN7-29165, GEN7-29174,GEN7-29176,GEN7-29184,GEN7-29237,GEN7-29247,GEN7-29264, GEN7-29288, GEN7-29298,GEN7-29318,GEN7-29339,GEN7-29344,GEN7-29350,GEN7-29355,GEN729543, GEN7-29548, GEN7-29619,GEN7-29683,GEN7-29740,GEN7-29768,GEN7-29772,GEN7-29773, GEN7-29796, GEN7-29809,GEN7-29830,GEN7-29843,GEN7-29844,GEN7-30018,GEN7-30083,GEN730308, GEN7-30333, GEN7-30445,GEN7-30448,GEN7-30482,GEN7-30505,GEN7-30532,GEN7-30595, GEN7-30619, GEN7-30741,GEN7-30768,GEN7-30772,GEN7-30908,GEN7-30990
Right so here's our first experience with a TZ670 HA bundle on the new firmware which we're testing.
upgraded the units about 2 hours ago to the 5050 firmware from 5030.
One of my Colleagues was Qcing some config and he sat on the routing policy page as he was just looking at some entries out of the blue the Sonicwall failed over to its secondary unit, no errors in the logs at first hand, i will have a look at the tracelogs in a bit and update here but the primary unit didn't even seem to have rebooted.
@BWC can you or anyone else let me know your experiences because we've only done it now on a set of units which we could easily reverse the firmware if needed.
Quick follow up:
No issues so far. RAM usage has been much more stable around 35% as opposed to starting at 40% and steadily rising. This is with full security services license and DPI-SSL on.
@BWC & @TKWITS
F.Y.I. Pinging to the firewall Interface, also is now consistent with this release not going up and down like previous firmware versions
Upgraded my home TZ270 without issue yesterday. Looking to schedule out the office 4700 HA shortly. Thanks Sonicwall!
Yes I failed to mention that.
After long 6 day ran, firewall stop responding via website. I can ping, I can login via console cable, I see in NMS and can browse from, but I cant login from LAN to web GUI interface. Everything seems to be working except web GUI interface.
Thanks all for keeping this thread going.
so my update from my end, with our tz670 HA bundles i've ran into an issue with the 5050 firmware
where i cannot access the standby unit on the standby monitoring ip anymore after the upgrade...
anyone else wants to weigh in on this? , checked arp tables for pot. missing info there but that looks fine.
when i do failover i can only access the active unit.
@Robbert I would open a ticket with support regarding your issue. It'll be a bit of a pain working with them, but they should be made aware of it.
Yeah i'm already opening a ticket with them , thanks for the tip though.. our reseller has already confirmed that they can reproduce this issue as wel but they are trying to find the technical cause as to where it sits to provide some help
Hi @Piotr81, I am seeing this also with the 5050 firmware, it passes traffic normally and can ping X0 but the Web GUI stops working randomly after a few days, it only seems to affect X0 in my testing, when it happens I can RDP to a Server on a Different Interface X2 and then access the Management GUI via that Interface IP.
I was seeing this every now and again on the Previous firmware 5030, but I couldn't ping the X0 either but it still passed traffic and could get to it via another Interface.
in both cases a reboot fixes it until it happens again
F.Y.I. @EnaBev , @Mallik ,@TIJU
i wonder if this would also affect Vlan interfaces below the X0
I was pretty excited about the list of problems that 5050 seems to resolve and had scheduled downtime this weekend to upgrade our TZ470, but after following this thread, I think I will hold off for a while to see how this turns out.
Russ
Not sure as I don't have any sub interfaces on X0, maybe someone at SonicWall will confirm it is a known issue and inform us of a hotfix version we can request from Support
I've created ticket with them and expect fix in the short time. I have different vendor firewall on my desk for test but I don't like it. My Technical Director is not happy that I have so many problems with firewall and we can't sell them to customers. I like Sonicwall, look nice, full of configuration settings but is not stable. I hope support sort all problems with stability very quick this time. They are very close is just GUI;) Keep cross my all fingers...
My TZ670 is on 7.0.1-5030.
Any new negative reports on the 7.0.1-5050?
@Rinconmike besides some PPPoE oddities (which do not seem 5050 specific) I would highly recommend 5050 over 5030. No reports of crashes etc so far.
Update: Currently only TZ without HA deployed, I heard weird stories about HA deployments, but will face that myself next month at the earliest.
--Michael@BWC
I installed 5050 a week ago and no issue. I notice today that 5051 is out and 5050 is not listed on the previous firmware.
I got their email announcing 5051 and noticed 5050 was removed. I think the issues fixed in 5051 were likely introduced in 5050, which is why they pulled it.
So for those playing the game, update to 5051 ASAP.
We're running an NSA3700 Cluster and since the update to 7.0.1.5051 we have the problem, that after about 18-36h the active firewall is not reachable anymore and the passice firewall takes over. After another 18-36h the remaining firewall is also not reachable und connections are lost.
Only way to get the firewall (single or ha cluster) is to powercycle the firewalls.
@jasni26 Open a ticket with support. It's gonna be painful but they may have a hotfix.
@jasni26 you should have a look in the newly released 7.0.1-5052 which addresses some issues regarding HA and nearly 4 pages of other resolved issues.
I expected a 5060 release, but I gues we're not there yet.
--Michael@BWC
As Larry pointed out in the other thread there isn't actually much difference between the resolved fixes between 5051 and 5052...