Comments

• @shwazh you don't have the intermediate certs imports, this is why it fails (probably). Just google for something like this: "openssl create pfx from pem with chain" … you need all the intermediate certs (for the Sub CAs), your server cert and the private key. There are even tools around if you don't like to tinker with…

  in Certificate on port 443 and 4433 Comment by BWC January 10
• @Arkwright the grooming phase ain't over yet. https://community.sonicwall.com/technology-and-support/discussion/747/feature-requests-via-the-community I don't know how much resources SNWL dedicates to the Community, but it should step up it's game for sure. —Michael@BWC

  in SonicOS - which branch is still supported? Comment by BWC January 10
• @Vivek thanks for clearing this up, users currently on 7.1.1 need to update to 7.1.3 and hope they will not cursed with some trouble 7.1.2 brought to some. —Michael@BWC

  in SonicOS - which branch is still supported? Comment by BWC January 9
• The two restart options appeared with SonicOS 7.1.3 on my TZ 670. In the meantime (since 2022) the options got documented, kinda. Did not know that TZ 670 is Multiblade :) —Michael@BWC

  in SonicOS 7.0.1-5080 - Restart System vs. Restart SonicOS Comment by BWC January 9
• @Larry for a 7.0.1-5161 appliance it shows "Latest Released Firmware 7.1.3-7015". For the time being, all of my 7.0.1 appliances will be updated with 7.0.1-5165 instead of 7.1.3 until all the reported issues are sorted out. —Michael@BWC

  in SonicOS - which branch is still supported? Comment by BWC January 8
• @heritage ok, I followed the same path, keeping my eyes peeled if something odd occurs on my appliance as well. —Michael@BWC

  in Firmware 7.1.2 Messed up my config! Comment by BWC January 8
• @heritage this is fantastic news, NOT. Did you upgraded from 7.0.1, 7.1.1 oder 7.1.2? I only had a single device on 7.1.2 (all others on 7.0.1) which upgraded fine to 7.1.3, but I had no Custom NAT rules configured. —Michael@BWC

  in Firmware 7.1.2 Messed up my config! Comment by BWC January 8
• @shwazh I'am glad that you finally got it to work. Today 6.5.5.1-6n got released, it should be installed right away, because it addresses critical vulnerabilities in SSL-VPN. —Michael@BWC

  in SWEET 32 Vulnerability Comment by BWC January 8
• Have a look over here, this should give you an impression. —Michael@BWC

  in Certificate on port 443 and 4433 Comment by BWC January 8
• @shwazh if the certificate is issued by a public CA (like Sectigo, etc.) most likely you did not imported the intermediate certificates as well. The whole certificate chain needs to be available to the firewall, otherwise only the cert will be treated as self signed, because the signer is unknown. —Michael@BWC

  in Certificate on port 443 and 4433 Comment by BWC January 8
• NetExtender 10.3.1 is available and fixes the issue with MFA. —Michael@BWC

  in SonicWall NetExtender 10.3.0, OTP authentication failure issue Comment by BWC January 7
• NetExtender 10.3.1 is available and fixes the issue with MFA. —Michael@BWC

  in NetExtender 10.3.0 breaks MFA w/Radius C/R Comment by BWC January 7
• @shwazh did you updated to 6.5.4.15-117n (you had -116n)? This might be the difference. —Michael@BWC

  in SWEET 32 Vulnerability Comment by BWC January 7
• I totally overlooked your firmware version, there is a 6.5.4.15-117n available, IMHO with SSL-VPN related fixes, sorry for that. I enabled "Enforce TLS 1.1 and Above" at Manage → System Setup → Appliance → Base Setup. On the internal settings page (replace main.html with diag.html in the address bar) I left "Enable TLS…

  in SWEET 32 Vulnerability Comment by BWC January 2
• Hopefully I'am not mistaken, but I believe Cipher Control does not affect SSL-VPN, only DPI-SSL, SSL Control and Management. I checked on a 6.5.4.15 deployment and 3DES wasn't returned for me. | ssl-enum-ciphers: | TLSv1.2: | ciphers: | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (secp256r1) - A |…

  in SWEET 32 Vulnerability Comment by BWC January 2
More Comments