Product Notifications

This article helps answer frequently asked questions regarding Security as a Service (SECaaS) End of Sale in Canada, EMEA, APJ & LATAM.I am in the USA, what about me? This program is already end of sale in the USA but existing contracts continue to remain functional. What happens on Aug 1st, 2024? No new contracts (12-month commitments) can be started through the Security as a Service Program, but existing subscriptions will continue to be renewed.What happens to my existing contracts and units? Nothing happens to existing SECaaS units, th

1695304901OverviewAs part of our ongoing commitment to security, we are discontinuing support for the TLS 1.0 and TLS 1.1 encryption protocols in our license manager. This will cause GEN 5 and GEN 6 firewalls running older firmware to not communicate with the license manager leading to licensing issues. The firewall will not be able to validate its license or obtain necessary updates resulting in a licensing failure. The firewall will operate with reduced functionality or disable certain advanced features that require periodic license validatio

SonicWall will be updating IP addresses for the Hosted Email Security (HES) platform in North America and in Europe Network administrators will need to update access rules to allow for the following HES subnets:North America 173.240.210.0/24173.240.213.0/24204.212.170.0/24Europe173.240.221.0/24The subnets can also be found in the HES FAQ KB article and firewall settings.HES FAQ KB article: https://www.sonicwall.com/support/knowledge-base/sonicwall-hosted-email-security-faq/170504903060180/Firewall rules for HES: https://www.sonic

1677675623We are pleased to be announcing the general availability of SMA 100 10.2.1.7 release supporting all SMA models (SMA410, SMA210, SMA400, SMA200, SMA500v for ESXi, SMA500v for HyperV, SMA500v for KVM, SMA500v for AWS, SMA500v for Azure) This release includes several key security features that protect the operating system from potential attack as well as updates to the OpenSSL Library. For more details on any of these features, please refer to the SMA 100 10.2.1 administration guide or the release notes. Links have been provided bel

1675879078DescriptionWe have identified an inconsistency in Capture Client Windows 3.7.6 and older clients on endpoints running Windows 11 version 22H2. This results in Web Content Filtering (WCF) policies that enforce blocked categories to be no longer effective on impacted endpoints.   NOTE: The ability to allow or block domains/URLs using custom lists continues to function normally.CauseAs part of category-based Content Filtering, Capture Client sends requests to the SonicWall Content Filtering Service. The encrypted and decrypted

BackgroundMicrosoft will remove the ability to use basic authentication as of October 1st, 2022. They will allow a one-time extension but the final deadline will be January 2023 with no possibility of further use. Cloud App Security used basic authentication to provision connectors, journal, connection filter, mail flow rules and phishing filters. Consequently, an affected customer who does not take action by September 30th will lose the ability to have changes be reflected in Microsoft when making changes to Protect (Inline) policies or r

Improper neutralization of special elements in the SonicWall SSL-VPN SMA100 series management interface allows a remote authenticated attacker to inject OS Command as a 'root' user which potentially leads to remote command execution vulnerability or denial of service (DoS) attack. NOTE: SMA 1000 series products are not affected by this vulnerability. AFFECTED PRODUCT(S)SMA100 series firmware 10.2.1.4-31sv and earlier versions.SMA100 series firmware 10.2.0.9-41sv and earlier versions.CPE(S) WORKAROUNDNoneFIXED SOFTWARESMA100 series firmware

Effective December 20, 2020, EN 60950-1:2006 was withdrawn and EN 62368-1:2014 is the replacement standard for the presumption of conformity with Directive 2014/35/EU (Low Voltage Directive or LVD), which applies to SonicWall POE switches in European Union (EU) countries and was also adopted by the United Kingdom (UK). The scope of this impact is as follows:Certain SonicWall POE switches placed in the EU and UK markets after December 19, 2020, may not be compliant with EN 62368-1:2014. Further action is required for these appliances.All SonicWa

UPDATED: 3 p.m. EST, Jan. 22On January 20, 2022, at around 9.30 p.m. (U.S. EST), SonicWall started to receive reports that some SonicOS 7.0 firewall users were experiencing service disruptions in the form of reboot loops or connectivity issues.CauseCertain firewalls running SonicOS 7.0 were not able to correctly process the signature update published on Jan. 20. During signature update parsing by one of the components within SonicOS, a corner case error condition led to a restart or connectivity disruption. Firewalls are designed to fetch new s

Feb. 2 Update: An earlier version of this article indicated that firmware 9.0.0.10 would be compatibile with end-of-support (EOS) SRA models. Additional investigation has found that the supported 9.0.0.10 firmware and the unsupported SRA models are incompatible. The last SRA models reached EOS status in 2019 and are no longer supported per Terms of Service.SonicWall is aware of a vulnerability, reported by CrowdStrike, impacting end-of-support Secure Remote Access (SRA) products, specifically the SRA 4600 running an old version of firmware (9.0

Starting January 1, 2022, SonicWall Email Security products began experiencing an issue causing junk box and message log updates to fail. Administrators and email users will face the following two issues:Inability to access junk box or un-junk new emailsInability to trace the incoming/outgoing emails through message logsSonicWall customers using the following Email Security or firewall products should make note of the below updates:Hosted Email Security: FULLY PATCHED – The fix was deployed in North America and Europe instances on Jan. 2. No ac

What is the vulnerability?A Host Header Redirection vulnerability in SonicOS potentially allows a remote attacker to redirect firewall management users to arbitrary web domains. The following SonicWall products are impacted by this non-critical vulnerability:PlatformsImpacted VersionTZ, NSa (GEN7)7.0.1-R1262 and olderNSv (Virtual GEN7)7.0.1-R1283 and olderNSsp (GEN7)7.0.1-R579 and olderNSa, TZ, SOHO W, SuperMassive 92xx/94xx/96xx (GEN6+)6.5.4.7 and olderNSsp 12K, SuperMassive 98006.5.1.12 and olderSuperMassive 10K6.0.5.3-94o and olderNSv (Virtu

A critical vulnerability (CVSS 9.1) in SMA 100 series appliances, which includes SMA 200, 210, 400, 410 and 500v, could potentially allow a remote unauthenticated attacker the ability to delete arbitrary files from a SMA 100 series appliance and potentially gain administrator access to the device.The vulnerability (SNWLID-2021-0021) is due to an improper limitation of a file path to a restricted directory potentially leading to arbitrary file deletion as ‘nobody.’There is no evidence that this vulnerability is being exploited in the wild.SonicW

Some versions of SonicWall Analytics On-Prem contain a critical (CVSSv3 9.8) Java Debug Wire Protocol (JWDP) service vulnerability that potentially can be leveraged by a remote, unprivileged user to execute arbitrary code within the system.SonicWall PSIRT is not aware of active exploitation in the wild.ImpactThe vulnerability allows for unauthenticated remote exploitation. Deployment of SonicWall Analytics 2.5 and earlier are ‘on-prem’ and should be in a secure network segmentation not exposed to the internet. Temporary MitigationsUntil the bel

Through the course of collaboration with trusted third parties, including Mandiant, SonicWall has been made aware of threat actors actively targeting Secure Mobile Access (SMA) 100 series and Secure Remote Access (SRA) products running unpatched and end-of-life (EOL) 8.x firmware in an imminent ransomware campaign using stolen credentials. The exploitation targets a known vulnerability that has been patched in newer versions of firmware.SonicWall PSIRT strongly suggests that organizations still using 8.x firmware review the information below an

Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a crash or potentially read sensitive information from the memory locations.OverviewSonicWall Switches running certain versions of impacted firmware may contain a vulnerability that could be leveraged for an OOB (Out-Of-Bounds) read by sending a specially crafted LLDP packet.ImpactOut-of-bounds Read allow attackers to cause a SonicWall switch crash or potentially read sensitive information from other memory locations. A crash can

SonicWall physical and virtual firewalls running certain versions of SonicOS may contain a vulnerability where the HTTP server response leaks partial memory. This can potentially lead to an internal sensitive data disclosure vulnerability.At this time, there is no indication that the discovered vulnerability is being exploited in the wild.RESOLUTIONSonicWall strongly advises customers apply the respective SonicOS patch immediately. After reviewing this security advisory, please go to MySonicWall and download the appropriate SonicOS patch releas

UPDATE: June 15, 2021 | 10 a.m. PDTAdditional analysis confirms that one of the requirements for the vulnerability to be triggered is that the potential attack must come from the same origin IP as the active management session. That requires the admin to either have their machine compromised, or the attacker and the admin reside on the same remote network. Both of these scenarios are exceptionally unlikely. While we have yet to see this vulnerability exploited in the wild, SonicWall still recommends the upgrade for all impacted users.June 14, 2

May 27, 2021, 11:30 a.m. PDT.SonicWall has validated and patched a post-authentication vulnerability (SNWLID-2021-0014) within the on-premises version of Network Security Manager (NSM). This vulnerability only impacts on-premises NSM deployments. SaaS versions of NSM are not affected.This critical vulnerability potentially allows a user to execute commands on a device’s operating system with the highest system privileges (root).SonicWall customers using the on-premises NSM versions outlined below should upgrade to the respective patched version

Update: May 20, 2021. 10 a.m. PDT.SonicWall engineering has completed the fix to remove duplicate client entries for all tenants that are not using static groups within Capture Client 3.6. If you are such a customer and still have issues, please contact SonicWall Technical Support.IssueActionsStatusSlowness, longer-than-normal load times or timeout errors while working within the Capture Client 3.6 management console.Performance improvements applied by SonicWall on May 19, 2021.ResolvedInstances of clients displaying an “Unlicensed” status or d