Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

SMA 500v (KVM) - Restart kills Appliance

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

after having multiple SMA 500v deployed on ESXi and Hyper-V I had the chance to get one done on Proxmox (KVM). Deployment process is straight forward, a few manual steps and all is up and running.

The main problem is, that restarting the appliance (either in Proxmox, or via System → Restart) kills the appliance and after the reboot it's no longer accessible. It seems that parts of the configuration getting corrupted and causing high CPU load (looks like 100% on one core). No login possible via console (the EULA pops up again, but no setup menu, error 3 shows up).

Anyone face something similar?

The whole issue is reproducable and never occured on any other platform.

  • installed 10.2.1.7 initially with a trial license, updated to 10.2.1.10
  • installed a fresh 10.2.1.7, updated to 10.2.1.10 and imported the trial config
  • updated to 10.2.1.11

The "funny" part, restarting a fresh appliance always works, but after importing the config, restart system corrupts the whole instance. BUT updating firmware (which includes a reboot) does not, updates from 10.2.1.7 to 10.2.1.11 and 10.2.1.12 worked well.

I tested this thoroughly and the situation is verified.

Another thing what's different to other deployments, the TSR is around 14MB in size and includes sslvpnGuard.zip and sslvpnProcess.zip, which are including some system /etc files.

I have a hunch that it is related to the in 10.2.1.7 introduced "additional security checks for firmware integrity", but can't tell for sure. I don't have another system which got initially deployed on 10.2.1.7, they are all much older.

Hopefully this SMA case will not cost me another year of my life and it's already reported.

—Michael@BWC

Category: Secure Mobile Access Appliances
Reply

Best Answer

  • CORRECT ANSWER
    BWCBWC Cybersecurity Overlord ✭✭✭
    Answer ✓

    FYI, Support came through real quick, kudos for that.

    It seems that my initial hunch about 10.2.1.7 was correct because the answer from support was that:

    I've seen this problem before but on another platforms, not KVM.
    Please redeploy with the 10.2.1.0 version instead of 10.2.1.7.
    After deployment, upgrade to 10.2.1.5 -> 10.2.1.10-> 10.2.1.12.
    

    I redeployed the appliance and imported the config and reboot is still fine.

    The TSR is down from 14MB to around 80KB, which is the typical size for it. So if your TSR is that big, be warned your appliance may break at reboot.

    —Michael@BWC

Sign In or Register to comment.