SSL-VPN dropping after firmware update
cameronshove
Newbie ✭
in SSL VPN
Environment: Pair of NSA 3700s in HA running SonicOS 7.1.1-7040. Just upgraded to that firmware last night and today users connecting to NetExtender and then to RDP servers on the network are soon dropped and the VPN connection disconnects. I found this article about this problem for site to site VPNs..https://www.sonicwall.com/support/knowledge-base/how-to-resolve-traffic-vpn-tunnel-and-connection-being-dropped-periodically/170505411810026/
Anyone seen this for SSL VPN?
Category: SSL VPN
Tagged:
1
Answers
We are in the same situation, same NSa3700 firewall model, also in HA, and same firmware version. The connection and stability problems with NetExtender started right after upgrading the firewall to SonicOS 7.1.1-7040. As an alternative we are using Global VPN, but we cannot use MFA, so it is a temporary solution. We have opened a case with Sonicwall, waiting for resolution, we are even considering downgrading to the previous version, which was stable.
Thank you for replying. I did actually go ahead and downgrade to 7.0.1-5145-R5175 last night. I also opened a support case but their feedback was worthless. They gave me a long convoluted process to make a bunch of bandwidth management rules and settings. I am not comfortable making changes without knowing what problem I'm solving and they didn't give me any of that context. They also referenced an article they said was called "Unable to maintain RDP connection to network from SSL VPN after firmware update" which sounded perfect but didn't provide a link and no searching I did turned it up.
Please let me know if you make any progress on this and I'll do the same. (Follow up questions I sent to support haven't been returned yet). I'm staying on 7.0.1-5145-R5175 for now but obviously want to stay current if possible. However we work from home two days a week and can't be without SSL VPN.
In the same boat. Upgraded our NSA3700 to SonicOS 7.1.1-7040 from 7.0.1.-5030-R2007...VPN constant drops. It also disconnects/drops when doing a GPUPDATE as well. Thought it was some new features I had implemented in the device causing the drops, but, I have disabled all those and it is still persisting.
I believe there is an issue here...either way, I am going to roll back until this is resolved.
Sonicwall Support is standing by their troubleshooting method of adjusting timeout settings although it's unclear why or if the firmware update modified them and they need changed back... if you want to try them I'll post them here but I'm not messing with it myself until I hear these steps either work or another firmware update comes out that fixes this. However it sounds like support isn't acknowledging this is an issue for them.
>Please apply bandwidth management for SSLVPN access rules create BWM
>object under Object>profile objects>bandwidth:
>Guaranteed bandwidth 5 Mbps, priority: 0 real-time and Violation Action
>to drop
Under network>interfaces, x1(This is the WAN interface it could be different on your SonicWALL config): enabled Enable Interface Egress Bandwidth Limitation and Enable Interface Ingress Bandwidth Limitation and set Maximum value to 1000000 kbps
>on SSLVPN to LAN and LAN to SSLVPN, applied the BWM object
Cameraon,
Any updates on this since your last post?
I'm in need of assistance that seems to got me in this situation.
Thanks
We are in the same situation early this year, and we fallback from 7.1.1 to 7.0.1; waiting for a better 7.1.1 release.
Sorry guys, no resolution yet. Still waiting for a newer firmware release and 'hoping' they fixed this in it. They didn't have an answer otherwise.
Actually, it looks like a firmware revision came out since the one I tried that caused this problem but I'm not immediately seeing that it was resolved in it (7.1.1-7051).
I confirm that with 7.1.1-7051 SSLVPN works better.
probably I have a problem somewhere because i loose some ping.
FYI support had a hotfix for this and stated it is included in the 7.1 firmware released today. I can confirm the hotfix has worked well for us so far (been a few days since implementation).
All - thanks for the heads up on the new firmware. I've been running a hotfix for this issue for about six weeks, the Jira case number of which (GEN7-47928) is listed in the new release notes but only as an additional reference point, there is no indication of whether this fix is included in the firmware. The hotifx number itself (HF39872) is also listed but with a description that doesn't quite match the actual issue we were having. As a result I'm going to open a case to see if the newest firmware rolls in the hotfix fully or not.