Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SonicWall firmware 7.0.1-5080 has been released

LarryLarry All-Knowing Sage ✭✭✭✭

New OS firmware released on August 5, 2022

Release note are here:

Lots of things fixed in this one.

Two years after initial release, there's finally some momentum...

Category: Entry Level Firewalls
Reply

Comments

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    This will be news for those complaining about RDP over VPN disconnects:

    GEN7-31660 An UDP session was being enabled for RDP sessions connected through NetExtender, causing severe packets loss and, eventually, disconnection

    GEN7-30959 NetExtender may connect slowly and frequently disconnect when there is heavy SSL VPN usage


    I am happy to see the fixes coming through. I will update soon and let others know the result.

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    I'll be waiting reports before taking the plunge. Not much confidence in these updates these days.

  • xdmfanboyxdmfanboy Newbie ✭

    Where are you seeing these updates? I've been checking for two days and none of the announced TZ or NSA updates in the download center as usual. did they pull them?

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @xdmfanboy you scared me a little, because I deployed some instances last week, no trouble so far.

    I can see them for all of my managed appliances in the Download Center. As usual, did you tried a different Browser or Incognite Mode? My bet is on a caching issue, which happens a lot in MSW.

    --Michael@BWC

  • LarryLarry All-Knowing Sage ✭✭✭✭

    @xdmfanboy - I saw a posting on Reddit in the morning, confirmed in my Download Center, and in the late afternoon received a SonicWall email informing me of not only this, but the Gen 6.5 Version 6.5.4.11-97n - Maintenance Release.

    Larry

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    @xdmfanboy The download center has been funky before. If youre not seeing them there try looking under Tenant Products, clicking the serial number of an appropriate device, then click the Firmware tab.

  • MitatOngeMitatOnge All-Knowing Sage ✭✭✭✭
    edited August 2022

    I have tested firmware 7.0.1-5080 on production HA system and find a few bugs.

    1) I cannot downgrade 7.0.1-5080 to one back firmware

    2) When I want to test "Check Network Settings under the Diagnostic Tools" during the Content filtering step gives an "API" error.

    3) Cluster doesn't give correct serial number into the log files. ( When I have send to log to syslog server and check logs files. I saw Primary device serial number every time.( Primary transitioned to Secondary device.)

    4) I didn't access to "192.168.168.168/sonicui/7/m/mgmt/settings/diag" DIAG page.

    5) under the Syslog server settings / Add syslog page/ "Maximum Events Per Second "gives error. there was no string or number into the label box. I cannot remember error message

    6) DP-SSL doesn't show ssl failed web sites like AnyDesk. I caught via Packet Capture.

    7) Packet Capture doesn't show correctly informations.

    etc..

  • AAviAAvi Newbie ✭

    Is it safe to update with this new version? currently using ver 7 0 1 5051 R2624

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    I have been running this on a standalone TZ570 for almost a week without issue.

    In response to MITATONGE:

    1. I am not going to try a downgrade on a production system
    2. These tests all pass successfully
    3. Not Applicable (standalone)
    4. DIAG page works normally
    5. I can enable and adjust the Max Events per Second field
    6. Not currently using DPI-SSL via the Sonicwall
    7. Packet Capture performs normally

    Seems to me your HA is acting up...

  • RobbertRobbert Newbie ✭
    edited August 2022

    Hi All,

    i've posted on reddit as wel,


    we've upgraded some of our gen7 devices from 5065 to 5080,

    so far there's been 1 issue which we have now seen on :

    1 X TZ670 HA STATEFULL Pair

    1 X TZ370

    To Give a Description


    Basically the issue we have seen:

    autogenerated ACL's from VPN policies , where in the ACL the subnet was locked down to single ip ( in the policy its set to subnet )

    example ACL( these are not the actual subnets we use):

    src.zone dst.zone source destination service

    LAN VPN addresobjectname type:network) 192.168.1.0/24 addresobjectname type:host) 10.0.0.2 any


    after upgrading firmware from 5065 to 5080

    we noticed that the traffic from example above 192.168.1.0/24 to 10.0.0.2 was not hitting the ACL at all

    a further look into packet monitor showed that traffic was being dropped???? ( the heck? )

    visually the ACL is there to ALLOW the traffic. ( i couldn't delete the Default generated rule so i deciced to delete the vpn policy

    by chance i did go check if it deleted the lan to vpn rule ( you would expect that right?! ), wrong! it didn't delete the default generated rule )

    and now i knew it wasn't a mistake on our side, for some reason the upgrade had corrupted the ACL , and this was the second sonicwall where it has done this.

    ( yes i know how to delete a corrupt acl rule by going into diag page and enable deletion of default rules, but thats not the point what i'm trying to make here )

    what i am saying is that something in the 5080 code causes this to happen.


    i will create a support ticket with sonicwall and have them acknowledge this error,


    i know how to work around this but i won't accept bugs like this to occur, it creates an absolute ton of work for us if we was to get this at every customer sonicwall.


    @BWC can you do me a favor and check if you can create a policy like this with a device running on 5065 and and then upgrade to 5080 to see if you can reproduce this

    DM me if you want me to give you more specifics )

  • CRISLCRISL Newbie ✭

    Hi All,

    We have a similar case. Migrated from Gen 6 to Gen 7 (5065) and then updated to 5080.

    All auto-generated VPN ACLs with adapted destination ports are no longer met. These rules can also no longer be deleted if generation is suppressed.

    Also the DPISSL exceptions no longer work like it worked before with the CFS exceptions.

    Currently awaiting feedback from support

  • RobbertRobbert Newbie ✭

    whats your case number you refer to if i may ask,

    ours is with engineering at the moment: case number:

    44029548 and 44031908

Sign In or Register to comment.