SonicOS - which branch is still supported?
Hi,
due to the current "wave" of new vulnerabilities which got addressed in the Firmware released today, I'am having a question about what versions are still supported.
The note sent to Partners does not mention 7.1.1 and 7.1.2 anymore as fixed version. Does that mean 7.1.1 and 7.1.2 are dead and have to be replaced with 7.1.3?
All customers are encouraged to upgrade their firewalls to the latest MR listed below. The releases shared below fix all CVEs listed above. Gen 6 / 6.5 hardware firewalls: SonicOS 6.5.5.1-6n or newer Gen 6 / 6.5 NSv firewalls: SonicOS 6.5.4.v-21s-RC2457 or newer Gen 7 firewalls: SonicOS 7.0.1-5165 or newer ; 7.1.3-7015 and higher TZ80: SonicOS 8.0.0-8037 or newer
—Michael@BWC
Best Answer
-
Vivek SonicWall Employee
Good Afternoon Michael,
SonicWall is currently running two release trains to support Gen7 firewalls.
SonicOS 7.0 and SonicOS 7.1.
7.1.1 and 7.1.2 are the release versions on the SonicOS 7.1 branch.
We recommend users running software versions SonicOS 7.1.1-7040, 7.1.1-7047, 7.1.1-7058, and 7.1.2-7019 upgrade to SonicOS 7.1.3 if they are impacted by the recent high-severity vulnerability mentioned in the PSIRT advisory here.
Users operating with SonicOS 7.0.1-5161 and below are recommended to upgrade to SonicOS 7.0.1-5165
1
Answers
IME the only supported version is the most recent one, because if you are running anything other than the latest, they will just tell you to upgrade. So no point raising a ticket if you're not on the latest.
Curious to know if - after checking MSW / Products / Device / Firmware tab - you saw the "Updated firmware" message and what that value is?
@Larry for a 7.0.1-5161 appliance it shows "Latest Released Firmware 7.1.3-7015".
For the time being, all of my 7.0.1 appliances will be updated with 7.0.1-5165 instead of 7.1.3 until all the reported issues are sorted out.
—Michael@BWC
@BWC - I was asking because my office's TZ270W has a 7.1.2.7019 entry from July still listed although not updated for this event.
@Vivek thanks for clearing this up, users currently on 7.1.1 need to update to 7.1.3 and hope they will not cursed with some trouble 7.1.2 brought to some.
—Michael@BWC
@Vivek - perhaps you could offer a hand to the team crafting these less than crystal clear emails? And instruct them to spell-check before issuing because the word "partner" was misspelled twice…
hi @Larry - Feedback on that has been sent to our teams. Thank You.
I'm really starting to question SonicWall's commitment to its customers re: security issues. I never even received the "email" and had to read about my, now vulnerable, firewall on a news site. Combine this with the fact that there is no 'firmware' section on these forums, and a search of the whole of Sonicwall.com for 'firmware' doesn't result in anything that could be called a usable place to find info about firmware updates, leaves me feeling like we are left to our own.
Do better. Please!
(now I'm off to schedule emergency maint in the middle of a workday.) :(
Every new firmware version should get it's own thread in this forum, started by someone from Sonicwall.
@Arkwright the grooming phase ain't over yet.
https://community.sonicwall.com/technology-and-support/discussion/747/feature-requests-via-the-community
I don't know how much resources SNWL dedicates to the Community, but it should step up it's game for sure.
—Michael@BWC
"grooming phase"…interesting use of language…I wouldn't admit to grooming anybody on the internet :D
I don't judge 😁, but I guess @Saravanan meant it in the way that it is work in progress (more or less).
—Michael