7.1.3-7015 wrecks Object Definitions and access rules
A_Elliott
Enthusiast ✭✭
So…. 7.1.3-7015 deleted a ton of object definitions and changed access rules on our NSa2700-HA pair.
Example:
A defined object (domtoz device) had a rule to allow it to reach a certain vLAN. That rule now has a username and digits as the source address. There are thousands of rules like this that is causing complete chaos for us today.
I'm combing through rules across all firewalls as quick as I can, but this is not acceptable. Lots of rules that blocked connectivity of devices from reaching the WAN or even WAN→LAN are now completely wrong.
If we have something compromised due to SonicWall's lack of QC on their firmware, is SonicWall liable? I'm sure they're not, but I'm ready to move on to something with better support and quality control of the firmware that gets pushed out. This is not the first time a SonicWall firmware update has completely ruined my weekend.
Answers
Apparently these issues affected a TZ670-HA pair, and quite a few TZ400s as well. SonicWall is becoming a cuss word around here…..
No consolation to you, but yours is the first post I've seen about 7.1.3 corrupting rules.
I believe that 7.1.2 had this issue on upgrades and the fix was to restore the previously-saved config after upgrading to 7.1.2
If you use NSM then you can get a diff of the JSON config [which is almost unreadable anyway, even when it's working!].
I thought 7.1.3 would be good to go as well from other posters. I waited a few weeks and saw lots of good reports….
I will add to this thread that upon factory-resetting the devices (and HA-Pairs), restoring the config that was created right before installing the update has seemingly resolved the issues. Just had to be physically present at all of the different locations Friday night through the weekend to do so. 😑
Sorry to read this thread, but it is one of the reasons I've hesitated as long as I have.
I'm curious to know the version of firmware you migrated from?
My guess with regards to the 'good reports' is that these admins had already run into issues with 7.1.2 and dealt with them at that firmware version. It seems to me if you skip 7.1.2 you'll run into said issues with 7.1.3.
Grrr….
All of my non-HA pair units were already on 7.1.2 and it still happened.
This is essentially what happened on a number of our Sonicwalls when we went from 7.1.1 to 7.1.2. The hard lesson is that you not only need a settings backup but screen shots of your key objects and rules so that you can piece things back together if your settings get trashed. Restoring a settings backup seemed to work, but there's no guarantee about that for next time.
Plain text config backup is useful but no way to do this from the GUI, so I take nowhere near as many of these as I would like to do :/