Comments
-
Agreed. Odd that they link to the exact same release notes .pdf: https://software.sonicwall.com/Firmware/Documentation/232-005681-00_RevH_SMA_10.2.1.7_ReleaseNotes.pdf
-
Oh and post-implementation, I'd always recommend testing HA by taking each firewall offline one at a time to verify everything is still up...something that would obviously best be done after-hours. To me, it's worth the peace of mind to know you've tested it. I do that for all server, storage, switching, power, etc.…
-
From the KB here: CAUTION: If the secondary contains any configuration, please do a factory reset: Reset the firewall to factory default settings when the firewall is accessible and after the reset, disable the PortShield. I've always deployed HA pairs into prod at the same time, but the same thing applies...the secondary…
-
10.2.1.3-27sv is finally back up and its hashes match the previously uploaded file, too.
-
UPDATE - One of the security researches clarified my WAF question. All SMA 100 appliances are vulnerable, regardless of whether the WAF was enabled or not.
-
Product Notification: "SonicWall has verified and patched vulnerabilities of critical and medium severity (CVSS 5.3-9.8) in SMA 100 series appliances, which include SMA 200, 210, 400, 410 and 500v products. SMA 100 series appliances with WAF enabled are also impacted by the majority of these vulnerabilities." What do they…
-
But still no updated 10.2.1.3 update to download...
-
CVEs now added: EDIT - but only 8. 🤷♂️
-
NINE vulnerability fixes listed in that one. 😳 This is the new one: "SMA-3127 Vulnerability: SMA100 multiple management APIs are accessible without login."
-
The response I received this morning on our ticket: "We dont have any engineering update I think ill have to insist on you giving us a call to discuss if this is urgent for you " Call me old-school, but I'm a fan of proper punctuation/capitalization in formal communication channels. [sigh]
-
Welp. Still crickets on a patch ETA in the support ticket I also opened up last week. 🤦♂️
-
Or...throw on an allow list of IPs @ the firewall again like we had to do back in January...
-
Oh boy. 😬
-
Here are the release notes from 10.2.1.3:
-
I wonder if the key here might be what system is at the other end of the VPN connection? Firewall, SMA100 series, or SMA1000 series? This is working okay for me with an SMA 410 on version 10.2.1.x.