Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Issues configuring SSLVPN on TZ570

Hello,

I am running into a few issues when attempting to setup SSLVPN on a new TZ570. I have already created the necessary SSLVPN address object and I have enabled SSLPVN on the WAN zone. When I attempt to change the port from 4433 to 443 and click accept I have a red notification pop up stating that 'Custom URL can not be null'. The slider bar for "Use customer's HTTP server as downloading URL" is greyed out and not enabled.

The second issue I have is when configuring the Client Settings. When I click accept after I configure the client route and client settings I get another red pop-up stating "Command 'no network-address ipv6' does not match"

I am mimicking all of the settings that are currently running on the customers SOHO which this TZ570 is replacing. Any ideas? The TZ570 is running the latest SonicOS 7.0.0-R416.

I am using this guide: https://www.sonicwall.com/support/knowledge-base/how-do-i-configure-the-ssl-vpn-feature-for-use-with-netextender-or-mobile-connect/170505401898786/ which was updated for SonicOS 7.0 and following all of the steps. Thanks.

Category: Entry Level Firewalls
Reply

Best Answer

  • CORRECT ANSWER
    HIS_DanielHIS_Daniel Enthusiast ✭✭
    Answer ✓

    Just in case anybody else runs into this issue. I did reach out to SonicWall support. The technician informed me that the dev team is currently aware of this issue. He told me that this issue should be fixed in the next firmware release but did not have an ETA. They will attempt to provide a hotfix later in the week.

Answers

  • When I try to update the default device profile and don't add a Network Address IPV6 entry I get the error "Command 'no network-address ipv6' does not match" and it doesn't complete the configuration change.

    If I do add an IPV6 entry I get "Command 'network-address ipv6 name SSLVPNDHCP zone SSLVPN' does not match" and it doesn't complete the configuration

    Running TZ570W with beta firmware SonicOS 7.0.0-P461

  • HIS_DanielHIS_Daniel Enthusiast ✭✭

    I ended up receiving a hotfix firmware from support that resolved this issue for me. The firmware was SonicOS 7.0.0-R464-H17127-45. Once I applied the hotfix, I was able to configure SSLVPN without needing to edit any IPV6 settings.

    Support did inform me that 7.0.0-R464 should resolve this so you may try upgrading from P461 and see if the issue resolves for you.

  • YuriyYuriy Newbie ✭

    7.0.0-R46 does not resolve this issue. I have TZ 670 is running the same problem

  • I am running SonicOS 7.0.0-R464 on a TZ570 and getting the same issuue

  • HIS_DanielHIS_Daniel Enthusiast ✭✭

    I can confirm the issue is still ongoing. I am setting up a new TZ570 this morning and upgraded it to 7.0.0-R464 and ran into the same SSLVPN issues. I then upgraded to a previously supplied hotfix firmware from SonicWall support and rebooted the device and I can now finish configuring SSLVPN.

    You should open a case with SonicWall support to receive this hotfix firmware. The hotfix that I received was 7.0.0-R464-H17127-45. Hopefully this issue will be resolved for good in the next general firmware release.

    Hope that helps!

  • sonicteksonictek Newbie ✭

    There's still quite a few bugs in Gen7. We're not actively selling any more Gen7 until we're happy all known bugs have been sorted.

  • prestonpreston Enthusiast ✭✭

    Go in to th Diag page replacing with this in the address bar 7/m/mgmt/settings/diag

    set this as below in the Management Settings section

    Select Accept at the bottom, come off the GUI and log back again


    Create the SSL VPN settings as you would in Gen 6, then go to diag.html

    and in the management settings, change back to SonicUI7, save the settings, come off the GUI and go back in to th firwall and the SSL VPN settings should be there, but as th GUI is screwed up for the SSL VPN section half of the settings e.g. the client routes will be under the SonicPoint L3 section and the rest under the SSL VPN default profile, but it gets round the IPv6 issue until SonicWall release a new firmware


  • kthorkthor Newbie ✭

    This did not work for me, vpn routes refused to stick from either side of Gen6/Gen7 configuration.

    Re

    K

  • HIS_DanielHIS_Daniel Enthusiast ✭✭

    It looks like firmware 7.0.0-R713 was released today for Gen7 appliances and is available on MSW. The release notes specify that the following two issues have been resolved:

    The error message "Command 'no network-address ipv6' does not match" is displayed when configuring SSLVPN Client settings. GEN7-14706

    Settings on the SSLVPN > Server Settings page cannot be saved and the error message "Custom URL can not be null" is displayed. GEN7-17127

    Release Notes located here: http://software.sonicwall.com/Firmware/Documentation/232-005381-00_RevE_SonicOS-X_7.0.0_ReleaseNotes.pdf

Sign In or Register to comment.