Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Firmware 7.1.2 Messed up my config!

Thanks for rushing this update to fix multiple vulnerabilities and not triple checking everything.

One of my site-to-site vpns not longer works.

The address object of my SSLVPN pool was gone!

The routes for my SSLVPN were gone!

It wrote my DNS server backwards!! What! 5.0.168.192

Thanks for ruining my night!

Category: Entry Level Firewalls
Reply

Answers

  • JackBurtonJackBurton Newbie ✭

    And those are just the things I see wrong right now. Who knows what else is messed up.

  • A_ElliottA_Elliott Enthusiast ✭✭

    It removed some Access Policies and a few Routing policies for us. Some IPSEC tunnels never came back either. Had to rebuild those from scratch.

  • TKWITSTKWITS Community Legend ✭✭✭✭✭

    Good to know QA hasn't improved. Some of these issues have happened on 7.0 updates in the past.
    They keep pushing the idea of automatic updates too…

  • ShaSha Newbie ✭

    my night was ruined too. soniwall is ruined. all custom access and nat rules were shuffled and some removed. same to web access managment rules. luckily i have multiple interfaces otherwise i couldnt log in anymore.
    Firmware rollback to 7.1. 1-7058 and config back-up back and it worked fine but this is not good from sonicwall. They need to release a new good fix firmware.

  • sonicteksonictek Newbie ✭

    We've had a few reports of 7.1.2 firmware updates causing problems, and we've advised them to log support calls. We've not had the problem ourselves but have stopped upgrading to 7.1.2 until a newer release comes out. CSE testing will have to wait.

  • ASTech2020ASTech2020 Newbie ✭

    I've upgraded about a dozen so far. Two had serious corruption of outbound firewall rules to the point at which users thought Internet was down. Fortunately, after we ruled out everything else, we looked closely at the outbound rules and could see that key elements had changed and were able to make corrections. In other cases, when we tried to make changes to policies, we got nonsensical error messages that were resolved by deleting the objects involved and recreating them. Whatever was done with 7.1.2 is definitely half-baked. I've never had to check for corruption before, but now it's standard policy. If we didn't have so much riding on Sonicwall at this point, I'd be looking at alternatives as the support has gone down the tubes besides.

  • sonicteksonictek Newbie ✭

    Apparently, if you re-import the config (another reboot) it will put everything back as it should.

  • LarryLarry All-Knowing Sage ✭✭✭✭

    @sonictek - is this "method" something Support told you? Or are you winging it, and it happened to work? Just trying to understand what could potentially go wrong later on with a 7.1.2-wxyz firmware update.

  • sonicteksonictek Newbie ✭

    Not 'winging it'.

    This is a public forum, so I'll just say the following.

    Was told that in nearly all cases this will fix the config back to how it should be within 7.1.2. You need to make sure you have an exported copy of the config before doing the upgrade. There is still a small chance that this won't work so will need to be manually amended in 7.1.2 or go back to 7.1.1.

    Personally, I'm not upgrading any more to 7.1.2 until a newer option becomes available and the 'known' issue is accepted to be fixed.

  • sonicteksonictek Newbie ✭

    Oh, and also being reported that 7.1.2 can lock the firewall up when trying to clear connection failures in DPI SSL.

  • sonicteksonictek Newbie ✭

    Update. A customer logged a call direct with SonicWall Support and they were told the same thing, so appears to be official.

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    Has anyone configured 7.1.2 from scratch and seen the same issues, or hopefully it would work better? I have a new installation that I'll start from defaults and I'd like to possibly try out the new Advanced DNS Filtering feature. That I believe requires 7.1.x.

  • LarryLarry All-Knowing Sage ✭✭✭✭

    @SonicAdmin80 - if you are not using Cloud Secure Edge Connector / ZTNA, then I don't understand why you would want to use 7.1.2. What else do you think you'll "get" from that (aside from some agita)?

  • SonicAdmin80SonicAdmin80 Cybersecurity Overlord ✭✭✭

    I think DNS Filtering was introduced in 7.1.1 so I could use any of the those versions as well, I just don't know which one is usable after 7.0.1. The last somewhat stable version I've used with Gen 7 is 7.0.1 5030 which isn't even available for download anymore.

    Do you know a good 7.1.1 version?

  • LarryLarry All-Knowing Sage ✭✭✭✭

    No, as I've stated in other posts, I'm sticking with 7.0.1-5151 on all Gen 7 devices for the foreseeable future, and will only begin to test 7.1.1 sometime later this year (probably in October hoping another MR after 7058 is released for it).

  • bristibristi Newbie ✭

    Hello Jack,

    We encountered the same problem. For a quick solution, we had to import a backup, and everything worked fine on version 7.1.2. In a nutshell, we were using firmware 7.1.1-7058, which was recommended by SonicWALL. However, we faced some issues with that version, and SonicWALL advised us to upgrade to 7.1.2. Unfortunately, we ran into a similar issue as the one you mentioned. Fortunately, we had previous backups, and importing them into version 7.1.2-7069 worked, but we can't rely on this as a long-term solution. They mentioned that a new version, 7.1.3, will be released soon—hopefully without any issues.

  • sonicteksonictek Newbie ✭

    We have customers using SonicWaves in L3 mode and wanting to add 600 series AP's. You need 7.1.1.x for this support.

  • MariuszMariusz Newbie ✭
    edited August 14

    I recently received a new TZ370 - to replace the TZ400. It had the factory version 7.0.1.5119. I migrated the configuration from the TZ400 - it worked. I immediately updated directly to version 7.1.2.7019 - it worked and the device works correctly. The TZ370 has ROM version 7.0.1.3 - does it matter? The TZ370 has been working without a restart for 23 days. Full protection - AGSS package.

  • dccd60dccd60 Newbie ✭

    received this from tech support,

    Hi we did have a report of some NAT rules and objects being removed when upgrading the the 7.1.2 engineering has incorporated the fix with the next version of 7.1.3 I don't have an ETA for this release. You may be facing this issue you could just remain on the build your on for now until the 7.1.3 comes out or go to the 7.1.2 in a maintenance window and call us and we can run a capture and Troubleshoot it see where the issue ;lies and if we need to add a NAT or rule for it to work again Let me know how you wish to proceed Candice

  • Tech2020Tech2020 Newbie ✭

    We updated another TZ270 on Friday and the first problem was that the local user account the end user had for SSLVPN returned a "bad user name or password" message. When I went to reset the password, the user was missing. When I tried to add the user again, the appliance said that it already existed. I had to import the settings I had saved earlier to correct that. Today the same user had missing address objects that we had to re-add. The 7.1.2 update is atrocious and should be pulled off the web site regardless of what it might purport to fix— and a working update should be substituted in its place immediately. If I get an email that tells me I need to update immediately, that update ought to be better than what I am replacing. The worst part of all this is that I'm at serious risk of liability if I go against Sonicwall's advice and don't install the update. The insurance companies demand that the latest updates are installed, not the latest working updates.

  • ChojinChojin Enthusiast ✭✭

    oh hopefully this is not related to the ssl vpn security issues, which sonicwall believes is used out in the wild.

    maybe there is a way to check if a sonicwall is affected?

  • sonicteksonictek Newbie ✭

    If only someone from SonicWall were to go through Community posts and update us, and more importantly (for a public viewable forum) respond to some of the comments.

  • JonathonPJonathonP Newbie ✭

    we just got bit by this too

  • MariuszMariusz Newbie ✭

    Capture ATP has not been working for over 2 months. Firmware 7.1.2. For a month now, technical support has not been able to help with this matter. We exchange information on this matter - and nothing. They even sent me a specially modified firmware for me - that didn't help either.

Sign In or Register to comment.