cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Contributor I

I don't want to ask, but SONICWALL

For all the Palo Alto, Juniper and Fortinet users who're reading this, I'm already embarrassed enough. Smiley Embarassed  Let's skip the teasing and get to the guts of my question, because I'm sure I ain't the only one running these appliances.  And if you're also embarrassed, feel free to PM me.

 

What's your professional guidance on upgrading their firmwares?

 

In the contemporary mode at mysonicwall.com, a TZ300 will say the latest firmware is a 6.5.4.3.  But if I look in classic mode, all versions are available for download.  Classic also reveals that the general release is 6.5.1.3, and that 6.5.4.3 is a recent feature release.

 

Phone support always pushes for the latest release, but my practice is to stick with the most stable release, and not to upgrade at every turn.  So are there any early adopters?  All fourteen of you Sonicwall users should respond!  Thanks!

---
Eric Geater, CISSP
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."
12 Replies
Community Champion

Re: I don't want to ask, but SONICWALL


@ericgeater wrote:

 

Phone support always pushes for the latest release, but my practice is to stick with the most stable release, and not to upgrade at every turn.  So are there any early adopters?  All fourteen of you Sonicwall users should respond!  Thanks!


So from my experience, regardless of the technology being used, the first answer from phone support is "push the latest release and that will fix the issue".

 

Unfortunately that does not always work but it is their "stock and standard" answer.  So you go away, upgrade to a potentially flaky version of the software/firmware and still have the issue.

 

We went through this many times when things stopped working or began working differently and we had to spend hours on the phone trying to convince first level support that yes we were at the most recent version before they would escalate internally.

 

So no jokes about SonicWall, it seems to be a trait of the industry Smiley Wink

 

Regards

 

Diana

 

 

 

 

 

Community Champion

Re: I don't want to ask, but SONICWALL

 

Sticking to a stable version of a software might sound like an attractive idea, particularly if you don't want to risk some undocumented bug causing havoc in your organization. Then there's the other side of the coin --- If a vendor-supported solution isn't up-to-date, they aren't likely to accept responsibility for anything that goes wrong with it and may not provide assistance to resolve issues.

 

I'll give you an example involving Juniper firewalls. After observing something unusual during manual config backups, we contacted support. They gathered info & did some troubleshooting, but made no progress, and finally told us this : -

 

'This behavior may be attributable to an undocumented bug in the older firmware that the customer is using. The customer is advised to upgrade to version <> to rule this out --- after which we can provide further assistance.'

 

(In other words, they couldn't explain it either --- but if we wanted to avail of their support, we had to upgrade to the latest stable version.)

 

After this, things went fine until we tried out an application control feature. It didn't work perfectly --- when we contacted support they asked us to upgrade to the latest firmware version again. Seeing a pattern?  Man Wink

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
Contributor I

Re: I don't want to ask, but SONICWALL

I am grateful for this type of "strong-armed" solution, as long as the devices can go backwards in version if something screws up.

 

My hesitance on upgrades is always borne from knowing that we rarely have a Plan B solution; that we are applying a fix to production equipment -- but I guess that's a risk every time. 

 

Thanks for your response!

---
Eric Geater, CISSP
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."
Contributor III

Re: I don't want to ask, but SONICWALL

You should generally be okay on N-1 of releases until the new release stabilises.  If the release overwrites firmware and you have no means to back it out I'd stay as is unless you need the feature you mentioned.   

 

I've used the NSA series and they were okay as midrange single box UTMs internally within the network, but didn't have the bells an whistles you'd expect with other vendors, such as Palo Alto or Fortigate.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Contributor I

Re: I don't want to ask, but SONICWALL

Great response. Mind if I ask you a question in private?
---
Eric Geater, CISSP
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."
Community Champion

Re: I don't want to ask, but SONICWALL

Sorry if that was meant for me....I do not mind private messages.

 

 

Contributor I

Re: I don't want to ask, but SONICWALL

great, thanks! In your inbox.
---
Eric Geater, CISSP
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."
Contributor I

Re: I don't want to ask, but SONICWALL

Thank you! Since you have a familiarity with Sonicwall devices, I'd like to ask you something privately, if you don't mind.
---
Eric Geater, CISSP
I've always said, "There's nothing an agnostic can't do if he really doesn't know whether he believes in anything or not."
Community Champion

Re: I don't want to ask, but SONICWALL

@ericgeater 

 

Eric,

 

As the community is for sharing, maybe it would be better to ask all questions on the forum. That way everyone learns and maybe someone could avoid some of the pitfalls that you and others have experienced.

 

Will that work for you?

 

Regards

 

Diana