Do I need to upgrade the client?

03/26/2020 3 8822

DESCRIPTION:

Mismatches between Client version and firmware version can cause the following two issues:

1. Client versions that are based on older firmware than the base firmware the SMA is running will not be fully functional and may not even be fully compatible with the appliance.

2. A bug fix for a client issue is made available on the appliance by the client hotfix. If the client is not upgraded then the bug is not resolved completely and will persist to some extent.

Some customers have many different client software versions in use. The changes made to resolve a bug are not just on the appliance, they are also in the Connect Tunnel and other client components.  By having various client software versions deployed, inconsistent results are experienced complicating support.  Old clients, in addition to being subject to software failures (bugs), also are subject to security vulnerabilities in many cases.  

When SonicWALL resolves product defects by generating a new hotfix set this will include both a client and platform hotfix.  Some customers fail to upgrade their clients to the versions provided in the client hotfix.  By not upgrading the clients, they are not actually getting the fix for the problem. 

When upgrading firmware the current hotfixes for that firmware version should be applied at the same time and then the client upgrades should be completed. 

When installing new hotfixes it is expected that both the platform and client hotfixes will be installed and the end user client software will also be upgraded.

Supported combinations of client and firmware are identical to the allowed upgrades documented in the release notes.  For example The release notes for 12.3.0 firmware says: 

Client systems running version 12.3 client software can be used with SonicWall SMA appliances running one of the following firmware versions:
• 12.2 + latest hotfixes
• 12.1 + latest hotfixes
• 11.4 + latest hotfixes

Clients older than 11.4.0 are not supported when used with a 12.3 appliance. 

CAUSE:

When client-side problems exist, a DTS (bug) is opened, engineering modifies the system and the client software to resolve the issue. When customers apply only part of the solution, whether only one of the hotfixes or the set of two hotfixes but not the client software upgrade, the failure is not truly resolved.

The result is an ongoing issue that is not resolved.  

If the client version is old and a problem is reported, support will inform the customer that the combination is unsupported and the client version must be upgraded before any real investigation of the failure can be completed.  

RESOLUTION:

The resolution is to apply client and platform hotfixes as a set along with client upgrades.  Always apply the platform hotfix first.  Always upgrade the client packages to the new version provided with the hotfixes. 

This maintains a stable and consistent environment. 

Keeping the client versions concurrent with the appliance ensures the feature set of that firmware is fully supported by the client system.  It ensures resolved vulnerabilities are eliminated. It also ensures the combination of client and SMA firmware has been tested to confirm operation and reliability.