Bug found in 7.1.3-7015: Certificate chosen for mangement
jst3751
Newbie ✭
I have been trying to resolve a problem with applying a non-self-signed certificate for the management interface since installing 7.1.3-7015 on a HA pair of NSA2700 firewalls.
I even obtained a new SSL Certificate specifically for the firewall's FQDN.
What happens is that if any certificate is chosen OTHER THAN the self-signed certificate and left at the default name of 192.168.168.168, upon reboot, a different self-signed certificate is being used. In my case, it is the IP of interface XO.
I have been communicating with Sonicwall support, and they are now escalating to engineering as a bug that needs a hotfix.
Again, this is on a HA pair of NSA2700.
I will be testing this on TZ270 not part of any HA tonight as well.
NOTE: This does not affect the certificate chosen for SSLVPN.
Answers
Was a fix for this forthcoming? Same issue on 6700 HA.
Because I'am not facing this on a non-HA deployment, does Support acknowledged it's for some reason HA-only?
—Michael@BWC
No, it is not exclusive to HA deployments only.
Currently, there is a HF available but apparently only by direct send, So you would need to open a support request and mention HF51903
Otherwise, it will be included in the next maintenance release.
@jst3751 good that there is a HF available, it would be great to know what the underlying issue is and why I don't face it on my appliance for example. But we'll probably never get this information.
—Michael@BWC