Some Gen 7 Firewall Users are Experiencing Service Interruptions
Ena
SonicWall Employee
Hello SonicWall Community,
We are investigating reports that some Gen 7 firewall users are experiencing service disruptions in the form of reboot loops or internet connectivity. Please refer to this notification for updates:
We will continue to update this thread as we have more information.
Category: Water Cooler
1
Comments
why is this in the category water cooler?
@Robbert because we all need to keep cool down 😂 ... it's used for general announcements in the past, I think because of there is no such thing as a general Firewall category.
Hopefully it was just a messed up signature and it got resolved by now.
--Michael@BWC
So we have had this issue with our TZ270s for a couple of weeks. It had only affected 2 of our 15 TZ270's but they both locked up and we had to power cycle them to get them to become responsive again.
One thing I did notice during this time frame is the memory usage had continually risen until it hit the upper 90%'s and then the management plane would start spiking to 100% with them quickly becoming unresponsive. We use PRTG to monitor our network, and their Sonicwall VPN sensor monitors the CPU and memory usage.
After the issue last night our TZ270s are running in the 70% range on memory usage.
thats funny,😂
they just want to hide the discussion , fear not its active enough on the Reddit threads😎
IDK, it caused an absolute "Censored" Storm for us during the night😡
Had this issue too at a TZ570. No network access to the device. Needed a hard reboot (removed the power chord) to bring it up again. Had no clue what happened until the information mail from Sonicwall arrived - thankfully.
After disabling of the recommended setting " Enable Incremental updates to IDP,GAV and SPY signature databases " and rebooting the device it is working until now.
I am curious about the reason of the issue...
Rudolfo
If we're not impacted by this particular issue, do we still need to take these steps with non-affected Gen 7 units?
The issue we saw with un-commanded Gen 7 restarts about two weeks ago now were fixed with a hot fix that addressed a data plan crashing problem so not sure if they're connected.
Even Spectrum saw fit to send out an email today to a number of markets.
That's pretty telling if Spectrum feels like they need to say something.
You should also mention that COMCAST is one of the main providers your having connectivity issues with. I've spent the better part of the past week trying to troubleshoot a VPN issue between two sites using Sonicwall's and Comcast just to learn from Comcasts outgoing support message that your firewalls are to blame.
Just an FYI to anyone who implemented the workaround: I had two accounts, one had a TZ270 and the other had a TZ370, and both experienced GVPN connection errors preventing the connection until I reversed the prescribed bug fix and rebooted the SonicWall(see below for specifics on the VPN error).
**I only reversed the bug fix after SonicWall acknowledged in their product advisory email that the problem had been resolved and that the bug fix was no longer necessary.
I hope this helps someone.
VPN ERROR
An error occurred.
2022/01/22 09:35:58:473 Error 47.x.x.x The peer is not responding to phase 1 ISAKMP requests.
Thank you for pointing at this! - Rudolf
Hey,
how do you get this sonicwall product advisory email? Can everyone subscribe to it? Seems like this can be very helpful.
@Chojin you can activate some notifications in your MySonicWall Account, word on the street is usually faster than the SNWL notifications but it's better than nothing.
Log into MySonicWall, Settings -> My Account -> Alarm and check the Notifications you like.
--Michael@BWC
Hello everyone,
We have a fleet of about twenty appliances, three of them were victims of the problem.
We managed to restart two of them, but an NSA250M remains inaccessible.
Symptoms are a restart loop. the appliance is no longer under support,
I don't know what to do ?
Please can you help us ?
I am not from Sonicwall, but did you follow the advice?
https://www.sonicwall.com/support/product-notification/gen-7-firewall-inaccessible-reboot-loop-from-20th-jan-2022/220121010044507/
But the thing is if the devices are not under support they will get no updates . so you can not get rid of the workaround mentioned in the article because the disabling of that function is not needed anymore when the appliances get their updates.
And Chojin, stated above in this thread, there could be a problem arising with GlobalVPN when this workaround setting is in place...
I agree with your comment,
But so it would be a coincidence if our appliance broke down ?
Same day with same symtoms than the other appliances.
It could be as @Chojin mentioned - but at my side my TZ570 is already updated and i can not verify it anymore. I only wanted to point at the additional comment of @Chojin
Problem is that this kind of appliance is out of support since september 2021 :/
Hello @gertrudesaem. I'm sorry to hear about this inconvenience. Although it does sound like the NSA250M experienced similar symptoms as what is described in the KB the issue only affected generation 7 devices. Therefore, it sounds like this device is experiencing another issue. If you do not have support on the device you may be able to create a new discussion in this community and ask our power users for advice.
Kind Regards,
@micah - SonicWall's Self-Service Sr. Manager
Having this random disconnect issue. 2 WAN interfaces in basic failover, neither pass traffic, site to site VPN stops working. Forced to pull power on the TZ 270.
TZ 270 running OS 7.0.1-5095
@MarchMadness are your 2 WAN interfaces PPPoE by any chance? I had some weird trouble in the past with 2 PPPoE WAN interfaces, swapping one out with a DHCP resolved the issues.
Another thing you might look out for is the link status of your WAN interfaces, it might related to this:
--Michael@BWC
Negative, both DHCP. Originally had just 1 ISP but added a second for basic failover thinking it was the first ISP having service issues. This morning it locked up again, wouldn't pass traffic across WAN until I pulled power on the TZ270. Opening a support case.