Remediation through updated preferences file
Description
Purpose of the preference file
You may have received communication from SonicWall that provided a new preferences file to import onto your firewall. The modified preferences file provided by SonicWall was created from the latest preferences file found in cloud storage. If the latest preferences file does not represent your desired settings, please do not use the file. Instead, please follow the instructions for manual remediation documented above.
The new preferences file makes the following changes:
- The password for all local users has been randomized.
- If TOTP is enabled, the binding has been reset.
- IPSec VPN keys have been randomized.
These configuration changes have been made to update these possibly exposed parameters and provide a configuration you may find useful for remediation. You may choose not to apply the preferences file and do these tasks manually instead. This document contains brief step-by-step guides and resources you can use.
Notes:
- Importing the preferences file will cause IPSec VPNs to stop working until the updated keys are manually configured on the peer IPSec termination points. Additionally, users will be unable to access resources until the password reset process is completed.
- In a High Availability environment, importing preferences will immediately result in a reboot of the active firewall. There will be a failover to the peer firewall while the preferences are being applied.
Downloading New Preferences File
Download the preferences file from mysonicwall.com
The new preferences file is available for download on the My Workspace | Products page on mysonicwall.com. Below are the brief steps. For more information, refer to the KB titled How to Retrieve Cloud Backups from MySonicWall. Alternatively, the preferences file (and an accompanying README) has been uploaded to a SonicWall support case we opened on your behalf.
To download the new preferences file from mysonicwall.com:
- Go to https://www.mysonicwall.com. Log into your account.
- Navigate to My Workspace | Products. Find the firewall from the list of products. You can use the search bar to filter the list.
- Click on the device serial number, then click on the Cloud Backups tab.
- Search for the latest preferences file. It will be tagged “LATEST” above the list of available preferences files
- Use the download icon to download the new preferences file.
Applying New Preferences File
Import the preferences file into the firewall
As outlined above, importing this file will cause disruptions to IPSec VPNs, TOTP bindings, and user access. IPSec VPN pre-shared keys will need to be reconfigured manually to restore functionality after importing the preferences. Users with TOTP bindings will have them reset along with their password. To minimize the disruption to your environment, preferences should be imported during a maintenance window, off-hours, or during times of minimal activity as importing preferences causes an immediate firewall reboot to apply the new configuration. Below are the brief steps. Refer to the KB titled How to import settings on SonicWall? for more information.
- Navigate to DEVICE | Settings | Firmware and Settings.
- Click Import/Export Configuration. Click Import Configuration. Browse for the new preferences file with the .exp file extension. The firewall will reboot when the importing preferences.
Creating New Golden Image Backup/Re-export Preferences
Re-export the preferences file and create a new system backup
SonicWall recommends exporting a new preferences file and creating a new system backup after reconfiguring all relevant credentials. Store the preferences file locally for safekeeping. Below are the brief steps. Refer to the KB titled How can I save a backup settings file from a SonicWall firewall? for more information.
- Navigate to DEVICE | Settings | Firmware and Settings.
- Click Import/Export Configuration. Click Export Configuration. Click Export on the Export Configuration overlay. Save the file locally.
