Firmware upgrades today (7/17/24)

VPN
1

The following releases are out today (or will be) according to an email from SonicWall overnight. They include “critical security fixes” and “should be applied immediately” according to the message.

• 6.5.4.4-44v-21-2457 (for Gen6 NSv)

• 7.0.1-5161 (Gen7)

• 7.1.1-7058 (Gen7)

• 7.1.2-7019 (Gen7)

Yet I can’t find anything about the issues that have been addressed. Will create a support case to obtain more information, but that will take who knows how much time. Anyone have links to CVEs that have been addressed, or other information?

2

Updates just started showing in MySonicWall. Release notes are there as well, talking about several buffer overflow fixes.

3

It’s to address this https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0012

4

That’s weird because I upgraded to 7.1.1-7058 last week, and it had already been released for a couple of weeks. I just looked in MySonicwall and I don’t see version 7.1.2-7019 AT ALL. Last firmware I show is 7.1.1-7058 that was released on June 19

5

Updated and all the routes vanished, so had to reimport the config after updating… Then shortly after traffic stops flowing, then starts again, and stops again. Rolling back now, as its unusable.

6

Two options disappeared from the /diag/ menu, can’t seem to find where they went or why they got removed.

  • Enable the ability to remove and fully edit auto-added access rules
  • Enable the ability to disable auto-added NAT policy

Update: Sonicwall engineers confirmed this is a bug. How the hell is removal of two options a bug?

7

Absolute sh1tshow of communication.

Warn us you’re releasing a critical fix but give no more information at all?

8

We are also looking for more information on this. So far, we have found nothing other than the email they sent out last night.

9

Do we know if this is a maintenance release (aka beta and buggy AF) or general release (aka stable)

10

hmmm I got no such email. Maybe when it shows on MSM we can see the release notes

11

Not seeing anything for SMA devices.

12

Following. I saw the update available for our TZ270, but I’m not seeing it available for NSA4700. When I checked locally on the TZ, it showed as no firmware being available. I’m installing now on the TZ to test…

13

Looking at MSW, how can the release from today be 7015161 and a month ago the version was 7117058

That numbering scheme makes no sense. Make it make sense please, it’s been a long day

14

Now I’m new to SonicWall NSM, having just moved to the SaaS product from our old on-prem GMS server which was rickety and failing. Let’s not talk about the cost of NSM (it’s ridiculous but necessary to manage our fleet of TZs and NSa’s), let’s just look at the management capabilities… and… wait a second…

Where the f@&k is the new firmware in NSM?! We’re practically BEGGED to apply these updates the day before they’re released, sight unseen, and now as I’m paying through the nose for this SaaS management service I’m supposed to manually download each model’s firmware and upload them to the service to pass to my firewalls? HOW IS THIS BETTER THAN GMS?!

/rant off

But seriously, SonicWall, today has basically nailed your coffin closed for us. We will not be renewing any of the licensing for our 55 firewalls. The MSP we’re merging with has an investment in WatchGuard and Cisco. We were toying with sticking to SW but not now. Ludicrous pricing, lack of features, terrible reporting, and now this mess… just too much to ask of us.

15

Interesting, so possible to mitigate this by editing the inbound IKE rule to only allow connections from IP addresses to/from which there are IPSEC tunnels in use, I guess?

16

Sonic Wall is like Dell, releasing the same crap 3 months later with a new timestamp.

17

WOW - this isn’t good. We’re holding off upgrading the estate and are just mitigating the risk with the firewall rules for the moment…

18

lol.

Have been advised by SNWL support to turn these options on in the past to allow me to delete erroneous access rules that existed due to software bugs.

19

These disappeared after you upgraded? If so, what version did you upgrade to, out of curiosity? I never knew about these options until now, and I’d sure like to have them if possible.

20

To which version did you updated?