cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ericgeater
Community Champion

I don't want to ask, but SONICWALL

For all the Palo Alto, Juniper and Fortinet users who're reading this, I'm already embarrassed enough. Smiley Embarassed  Let's skip the teasing and get to the guts of my question, because I'm sure I ain't the only one running these appliances.  And if you're also embarrassed, feel free to PM me.

 

What's your professional guidance on upgrading their firmwares?

 

In the contemporary mode at mysonicwall.com, a TZ300 will say the latest firmware is a 6.5.4.3.  But if I look in classic mode, all versions are available for download.  Classic also reveals that the general release is 6.5.1.3, and that 6.5.4.3 is a recent feature release.

 

Phone support always pushes for the latest release, but my practice is to stick with the most stable release, and not to upgrade at every turn.  So are there any early adopters?  All fourteen of you Sonicwall users should respond!  Thanks!

--
"A claim is as good as its veracity."
12 Replies
dcontesti
Community Champion


@ericgeater wrote:

 

Phone support always pushes for the latest release, but my practice is to stick with the most stable release, and not to upgrade at every turn.  So are there any early adopters?  All fourteen of you Sonicwall users should respond!  Thanks!


So from my experience, regardless of the technology being used, the first answer from phone support is "push the latest release and that will fix the issue".

 

Unfortunately that does not always work but it is their "stock and standard" answer.  So you go away, upgrade to a potentially flaky version of the software/firmware and still have the issue.

 

We went through this many times when things stopped working or began working differently and we had to spend hours on the phone trying to convince first level support that yes we were at the most recent version before they would escalate internally.

 

So no jokes about SonicWall, it seems to be a trait of the industry 😉

 

Regards

 

Diana

 

 

 

 

 

Shannon
Community Champion

 

Sticking to a stable version of a software might sound like an attractive idea, particularly if you don't want to risk some undocumented bug causing havoc in your organization. Then there's the other side of the coin --- If a vendor-supported solution isn't up-to-date, they aren't likely to accept responsibility for anything that goes wrong with it and may not provide assistance to resolve issues.

 

I'll give you an example involving Juniper firewalls. After observing something unusual during manual config backups, we contacted support. They gathered info & did some troubleshooting, but made no progress, and finally told us this : -

 

'This behavior may be attributable to an undocumented bug in the older firmware that the customer is using. The customer is advised to upgrade to version <> to rule this out --- after which we can provide further assistance.'

 

(In other words, they couldn't explain it either --- but if we wanted to avail of their support, we had to upgrade to the latest stable version.)

 

After this, things went fine until we tried out an application control feature. It didn't work perfectly --- when we contacted support they asked us to upgrade to the latest firmware version again. Seeing a pattern?  Man Wink

 

 

Shannon D'Cruz,
CISM, CISSP

www.linkedin.com/in/shannondcruz
ericgeater
Community Champion

I am grateful for this type of "strong-armed" solution, as long as the devices can go backwards in version if something screws up.

 

My hesitance on upgrades is always borne from knowing that we rarely have a Plan B solution; that we are applying a fix to production equipment -- but I guess that's a risk every time. 

 

Thanks for your response!

--
"A claim is as good as its veracity."
Steve-Wilme
Advocate II

You should generally be okay on N-1 of releases until the new release stabilises.  If the release overwrites firmware and you have no means to back it out I'd stay as is unless you need the feature you mentioned.   

 

I've used the NSA series and they were okay as midrange single box UTMs internally within the network, but didn't have the bells an whistles you'd expect with other vendors, such as Palo Alto or Fortigate.

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
ericgeater
Community Champion

Great response. Mind if I ask you a question in private?
--
"A claim is as good as its veracity."
dcontesti
Community Champion

Sorry if that was meant for me....I do not mind private messages.

 

 

ericgeater
Community Champion

great, thanks! In your inbox.
--
"A claim is as good as its veracity."
ericgeater
Community Champion

Thank you! Since you have a familiarity with Sonicwall devices, I'd like to ask you something privately, if you don't mind.
--
"A claim is as good as its veracity."
dcontesti
Community Champion

@ericgeater 

 

Eric,

 

As the community is for sharing, maybe it would be better to ask all questions on the forum. That way everyone learns and maybe someone could avoid some of the pitfalls that you and others have experienced.

 

Will that work for you?

 

Regards

 

Diana