• SonicWall Secure Mobile Access 10.2.1
  • Version 10.2.1.12
  • Version 10.2.1.11
  • Version 10.2.1.10
  • Version 10.2.1.9
  • Version 10.2.1.8
  • Version 10.2.1.7
  • Version 10.2.1.6
  • Version 10.2.1.5
  • Version 10.2.1.4
  • Version 10.2.1.3
  • Version 10.2.1.2
  • Version 10.2.1.1
  • Version 10.2.1
  • SonicWall Support
    • About This Document

Version 10.2.1.7

March 2023

About Secure Mobile Access

Secure Mobile Access (SMA) provides scalable, secure mobile access for your enterprise while blocking untrusted applications, WiFi pirates, and mobile malware. SMA appliances provide a single gateway and a common user experience across all platforms, including managed and unmanaged devices. Traffic is encrypted using Secure Sockets Layer/Transport Layer Security (SSL/TLS) to protect it from unauthorized users.

SMA is available as a physical appliance or as a virtual appliance running on VMWare ESXi, Microsoft Hyper-V, Amazon Web Services (AWS), Azure, and KVM.

Compatibility and Installation Notes

• Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
• A MySonicWall account is required.
• SMA 10.2.1.7 is compatible with Capture Security Center (CSC).
• CSC provides a cloud dashboard that displays the overall status of all the registered SMA appliances. The dashboard has sliders to choose the Time Period, Count of Alerts, Threats, WAF (Web Application Firewall) Threats, Authentications, VPN Accesses, Bookmark Access, Active devices and Users on a Map, and Threats categories.
• Use your MySonicWall credentials to log into CSC at https://cloud.sonicwall.com.
• Click the SMA tile to view the SMA Dashboard, complete registration, and enable cloud management.

SonicWall SMA 10.2.1.7 is supported on the following SonicWall appliances:

• SMA 200/400
• SMA 210/410
• SMA 500v for ESXi
  • Supported for deployment on VMware ESXi 6.0 and higher

• SMA 500v for HyperV

  • Supported for deployment on Hyper-V server version 2016 and 2019
• SMA 500v for AWS
• SMA 500v for Azure
• SMA 500v for KVM
  

What's New

Security Enhancements

• New firmware availability notification

  Added the firmware upgrade notification on the System > licenses page of SMA100 to notify a newer firmware is available for upgrade. SonicWall recommends using the latest firmware version for highest level of security efficacy and optimal performance.

  For more information, refer to the section New firmware availability notification in the SMA100 10.2.1 Administration Guide.

• OpenSSL version upgrade

  OpenSSL library is updated to the latest version 1.1.1t. This latest version fixes the OpenSSL vulnerability documented in CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation.

  For more information, refer to the section OpenSSL version upgrade in the SMA100 10.2.1 Administration Guide.

• Additional security enhancements
  • Enforce WAF to protect the SMA100 itself.
  • Warning on security configurations, includes enabling 2FA (Two-Factors Authentication), Password expiration, and WAF.
  • Disable user added custom scripts that run automatically after bootup while deploying SMA 500v in AWS or Azure environments.

    Due to this security enforcement the user scripts deployed in SMA 500v will not function. Existing user scripts prior to upgrading version 10.2.1.7 will not function after this upgrade.

  • Additional security checks are done to verify the integrity of the firmware.
  • Restricted traffic - If a firmware integrity issue is detected, the SMA will restrict its own initiated outbound communications. This will not affect any user's VPN access to applications or any resource on the network.
  • In a corner case, the firmware integrity checks may result in a false positive situation and the SMA100 will restrict its own initiated outbound email/syslog communications. On further checks and analysis, the outbound email/syslog communication will be restored to the normal operation.

For more information, refer to the section Additional security enhancements in the SMA100 10.2.1 Administration Guide.

Firmware Upgrade

Be sure to review the following Knowledge Base articles for information on the firmware upgrade on SMA100 Series.

• How to Upgrade Firmware on SMA100 Series Appliances
• Additional SMA 100 Series 10.x and 9.x Firmware Updates Required
• Upgrade Path For SMA100 Series
• SMA 100 Series OpenSSL Library Update in 10.2.1.7

Resolved Issues

This section provides a list of resolved issues in this release.

Issue ID	Issue Description
SMA-3940	Due to an internal SSH daemon configuration issue, PCI Scan test is showing this as an vulnerable.
SMA-4179	CVE-2022-4304: A timing-based side channel exists in the Open SSL RSA Decryption implementation.