SonicOS Enhanced 5.5.0.0 Release Notes

SonicOS
SonicOS Enhanced 5.5.0.0 Release Notes
Contents
Platform Compatibility ................................................................................................................................................... 1
New Features ................................................................................................................................................................ 2
Known Issues ................................................................................................................................................................ 5
Resolved Issues ............................................................................................................................................................ 8
Upgrading SonicOS Enhanced Image Procedures..................................................................................................... 12
Related Technical Documentation .............................................................................................................................. 17
Platform Compatibility
The SonicOS Enhanced 5.5.0.0 is supported on the following SonicWALL UTM appliances:
SonicWALL TZ 100
SonicWALL TZ 100 Wireless-N
SonicWALL TZ 200
SonicWALL TZ 210
SonicWALL NSA 240
SonicWALL NSA 2400
SonicWALL NSA 3500
SonicWALL NSA 4500
SonicWALL NSA 5000
SonicWALL NSA E5500
SonicWALL NSA E6500
SonicWALL NSA E7500
This release supports the following Web browsers:

Microsoft Internet Explorer 6.0 and higher
Mozilla Firefox 2.0 and higher
Netscape 9.0 and higher
Strong SSL and TLS Encryption Required in Your Browser
The internal SonicWALL Web server only supports SSL version 3.0 and TLS with strong ciphers (128 bits or
greater) when negotiating HTTPS management sessions. SSL implementations prior to version 3.0 and weak
ciphers (symmetric ciphers less than 128 bits) are not supported. This heightened level of HTTPS security protects
against potential SSLv2 roll-back vulnerabilities and ensures compliance with the Payment Card Industry (PCI) and
other security and risk-management standards.
TIP: By default, Mozilla Firefox 2.0 and Microsoft Internet Explorer 7.0 enable SSL 3.0 and TLS, and disable
SSL 2.0. SonicWALL recommends using the most recent Web browser releases. If you are using a previous
release of these browsers, you should enable SSL 3.0 and TLS and disable SSL 2.0. In Internet Explorer, go to
Tools > Internet Options on the Advanced tab and scroll to the bottom of the Settings menu. In Firefox, go to
Tools > Options on the Advanced tab, and then select the Encryption tab.

P/N 232-001671-00 Rev A
New Features
The SonicOS Enhanced 5.5.0.0 introduces support for the following new features:
Wireless/SonicPoint Enhancements
o
SonicPoint-N Autochannel Resolution EnhancementWireless channel selection occurs when

the SonicPoint is initially booting up. This enhancement allows you to view the SonicPoint selected
wireless channel on the SonicPoint > Statistics page.
SonicPoint-N Status EnhancementThis feature allows you to obtain real-time SonicPoint

station status and statistics polled by the management SonicWALL UTM appliance.
Layer 2 Bridge Mode Enhancements

o
Asymmetric Routing SupportAsymmetric routing refers to a network topology in which

outbound and inbound network traffic traversing a local network may take different paths. These
paths include the following network gateway scenarios:
Multiple-firewall scenarioNetwork traffic transits more than one SonicWALL UTM

appliance. For example, X2 bridged to X1 for two SonicWALL UTM appliances.
Single-firewall scenarioNetwork traffic transits a single SonicWALL UTM appliance. For
example, X2 bridged to X1 plus X4 bridged to X3.
Layer 2 Bridge Bypass Fail-to-Wire Functionality on NSA E7500Layer 2 Bridge Bypass is a

physical X0-X1 interface bypass relay implemented on the SonicWALL NSA E7500. This feature is
sometimes known as fail to wire, meaning that the LAN-WAN connection reverts to a straightthrough connection if the SonicWALL appliance experiences a hardware or software failure. When
the bypass relay is closed, network traffic flows unimpeded between the X0 and X1 interfaces.
WLAN Layer 2 Bridge ModePrior to this release, WLAN zones only supported static IP
assignment. This feature allows administrators to configure a WLAN zone in Layer 2 Bridge Mode,
an interface placed in this mode becomes the Secondary Bridge Interface to the Primary Bridge
Interface to which it is paired.
High Availability Enhancements

o
Active/Active UTMThis feature is available on the SonicWALL NSA E7500, E6500, and E5500
platforms in the SonicOS Enhanced 5.5.0.0 release. It provides concurrent deep packet inspection
(DPI) Unified Threat Management (UTM) processing on the backup unit in a High Availability (HA)
pair. Since processing UTM services is very processor intensive, an Active-Active UTM HA pair
provides substantial gains on network throughput speed.
Note: To ensure that the Backup or Idle unit can receive updates with the latest Security Services
signatures, configuring Monitoring IP addresses is mandatory on the following interfaces:
1. Any WAN Interface and /or Primary LAN Interface
2. The Primary LAN or X0 interface only, if monitoring on a WAN interface is not enabled
High Availability ManagementThe High Availability Monitoring settings now support

management access to the HA pair units on all physical interfaces rather than only on X0 and X1.
This flexibility is accommodated by a new Allow Management on Primary/Backup IP Address
option. For compatibility with systems currently using X0 or X1 for HA management, the option is
enabled automatically for that interface after upgrading to SonicOS Enhanced 5.5.
Security Services Enhancements

o
Solera - Deep Packet ForensicDeep Packet Forensics combines a SonicWALL UTM appliance
and a Solera Networks data-recording appliance to accurately identify and store data regarding the
traffic and log events of deep-packet classification. These appliances together will be able to record
multi-gigabits of network traffic without dropping a single packet.

P/N 232-001671-00 Rev A
VPN Enhancements
o
Route Based IPsec VPNRoute based VPN is a more efficient and simple way to manage
network topology. Instead of having to configure the VPN policy, a Static Route configuration is
available via the Tunnel Interface. The Route based VPN feature also provides users with the ability
to define multiple paths for overlapping networks over a clear or redundant VPN.
User Authentication Enhancements

o
SSO Enhancements for Improved Scalability

As part of the enhancements made to Single Sign-On in SonicOS Enhanced 5.5.0.0, the
default settings for some parameters have changed. If upgrading to 5.5.0.0 from a previous
release, then it is recommended that the following settings be changed:
SSO Agent Retries:

Change from 3 to 6
Polling Rate (on the Users tab) Change from 1 to 5 minutes
Multiple SSO Agent Configuration SupportUp to eight SSO agents can be configured
to provide redundancy and load balancing for transparent user authentication.
Streamlined Polling with Multiple-User RequestsA new Multiple-User Request has been
added to allow packing many user requests into a single message to the SSO agent. This
message is basically identical to the existing single-user request message, however, it
contains multiple User IP Address TLVs:
Protocol version
Client serial number
Agent IP address
User name (just one)
User IP address (multiple)
Improved Error HandlingA new Error Indication TLV (type, length, value field) has been
added. This will be returned in the reply from the agent to the SonicWALL UTM appliance
should it encounter a problem leading to failure in identifying a user. In the case where the
Error Indication TLV is received in a reply, the SonicWALL UTM appliance will retry the
request up to the configured number of retries (as it does on a timeout) but will back off and
wit before doing so with the wait time incremented on each subsequent retry as follows:
First try, wait 1 second.

Second try, wait 2 seconds.
Third try and any subsequent tries, wait 4 seconds.
Only if all retries fails will the SonicWALL UTM appliance fail the user authentication
attempt, while logging the issue with any error event message.
o
Guest Service on Non-Wireless ZonesThis feature allows administrators to create wired or

wireless zones, meant for guest Internet access. A zone with Guest Service enabled allows users
access to the Internet, but not to any other local resources. To ensure a secure network
environment, Guest Services also provides the ability to set up easily configurable local user
authentication or powerful custom external authentication.
Multiple DHCP Scopes Per InterfaceThe Multiple DHCP Scopes per Interface feature allows
one DHCP server to manage different IP address scopes for clients spanning multiple subnets. The
DHCP Advanced Setting page provides security with a new tab for Trusted Agents. Trusted DHCP
Relay Agents can be specified here, such as BOOTP Relay or IP Helper, and are used to relay
DHCP messages across different IP networks or subnets. The Option Objects and Option Groups
configuration screens are also moved to the DHCP Advanced Setting page.

P/N 232-001671-00 Rev A
Networking Enhancements
o
Multiple WANAllows for more than two WANs to be configured. WANs can also be VLAN
interfaces. This feature contains changes to WAN failover and Load Balancing (LB), which now
supports up to four WAN members in the WLB group. Users will also be allowed to probe through
the additional WAN interfaces.
Probe Enabled Policy-Based RoutingWith Probe Enabled Policy-Based Routing you can
effectively provide as many WAN route paths as available physical interfaces. This feature provides
an additional level of network path selection ability using Dynamic Routing. A Probe Monitor Policy
object is used by the administrator to define the physical interface in which the probes are to be
sent, a probe interval, type, reply time out, deactivation threshold and reactivation threshold.
Simple Certificate Enrollment Protocol (SCEP)This feature allows administrators to generate

and electronically send applications for secure certificate signing, directly form the SonicWALL
management interface using the Simple Certificate Enrollment Protocol (SCEP). The SCEP
process is automatic, and ensures simple enrollment by eliminating the need for separate
registration and download/upload of certificate information.
DNS Rebinding Attack ProtectionDNS rebinding is a DNS-based attack on code embedded in

Web pages. A DNS rebinding attack can be used to improve the ability of JavaScript, Flash, and
Java based on malware to penetrate private networks. This feature allows administrators to detect
and prevent DNS rebinding attacks by parsing all DNS replies originating from the WAN and
scanning for the following addresses:
Node-local address 127.0.0.1

Link-local address 169.254.0.0/24
Multicast address 224.0.0.0/24
Host belonging to any one of the connected LAN, DMZ or WLAN subnets
The administrator will be able to define a policy to either:

1. Log the attack (default setting)
2. Log the attack and drop the DNS reply
3. Log the attack and modify the DNS reply by stripping out all A records and setting the DNS
header RCODE field to REFUSED (RFC 1035). This option allows the administrator to
block attacks without the potential collateral damage of breaking client application by
dropping the DNS reply.
o
IP Helper Version 3A more general user-defined broadcast/multicast UDP forwarding

configuration is available in this release. IP helper has been extended to support the following builtin IP Helper Relay Protocols:
Time serviceUDP port number 37

DNSUDP port number 53
DHCPUDP port number 67 and 68
Net-Bios DNSUDP port number 137
Net-Bios DatagramUDP port number 138
Wake On LANUDP port number 7 and 9
mDNSUDP port number 5353
One-Time SchedulesSonicOS Enhanced 5.5 supports new scheduling options for One-Time
and Mixed schedules. A One-Time schedule allows configuration of a schedule for a specific date
and time, to be used for an event that occurs only during those parameters. Mixed schedules
combine the options of One-Time and Recurring schedules, and apply to events that occur
repeatedly during the same configured hours and days of the week, between the configured start
and end dates.

P/N 232-001671-00 Rev A
Known Issues
This section contains a list of known issues in the SonicOS Enhanced 5.5.0.0.
Command Line Interface

Symptom
Condition / Workaround
Issue
On SonicWALL TZ Series and NSA 240 appliances,

the X2-X8 interfaces cannot be configured from the
CLI. An error may be reported, and the interfaces
remain configured as PortShield to X0 when viewed
in the Web management interface.
Occurs when the X2-X6 interfaces are

configured as PortShield to X0, and then
the CLI is used to modify their IP address or
zone settings. As a workaround, use the
GUI Web interface to configure X2-X8.
80208
Symptom
Issue
High Availability fails to synchronize the deletion of a

static route to the idle unit.
Occurs after a static route is configured on

the active appliance of any HA pair,
and after the route is then synchronized to
the secondary unit. If the route is then
deleted on the active unit, it is not deleted
on the idle unit. Workaround: The
administrator must restart the active unit to
force a failover to the idle unit, and then log
into the idle units web management
interface and delete the same static route.
79355
Symptom
Issue
SonicWALL security services fail to display block

pages when users try to access websites designated
as Spyware, and the appliance becomes inaccessible
from interfaces configured for L2 Bridge mode.
Occurs on a single appliance topology.
79478
Changing the zone assignment of an interface makes

leads to the user being unable to edit the DHCP relay
policy for that interface.
Occurs when an interface is assigned to a

customized zone and then a DHCP relay
policy is configured with the customized
zone as the source. If the interface is then
assigned to a different interface, the DHCP
relay policy can no longer be edited.
79363
Selecting the Disable Stateful inspection on this

bridge-pair checkbox fails to override TCP Stateful
settings.
Asymmetric Routing: "Disable stateful-inspection on
this bridge-pair" checkbox doesnt over-ride TCP
stateful settings
Occurs when the Disable Stateful

inspection on this bridge-pair checkbox is
selected.
79353
High Availability
Networking

P/N 232-001671-00 Rev A
A client fails to get a DHCP IP address from the

appliance.
Occurs when a DHCP relay policy is

configured from one SonicWALL appliance
to another.
79266
The Default Gateway and Secondary Gateway

address objects are always shown as 0.0.0.0. They
can still be selected, but do not work. These objects
are to be removed as part of the Multiple WAN
feature.
Occurs when attempting to use the Default

Gateway or Secondary Gateway address
object in SonicOS Enhanced release 5.5.
Note that the address objects are shown as
0.0.0.0 when booted to factory default
settings, or if the gateways are not
configured upon upgrade.
79059
Symptom
Issue
Users may see timeouts in browsers or other traffic

and/or redirections to the SonicWALL login page or to
a page saying that access is barred. The Application
section in the Windows event log on the server PC
where the SSO agent is running may contain many
errors with source SonicWALL SSO Agent.
Occurs when Single Sign-On is used and

there are users located on a different
interface to the domain server and
SonicWALL CFS is enforced for traffic from
the zone where those users are located.
Workaround: Add all IP addresses of all
domain servers to the CFS Exclusion List
on the Security Services > Content Filter
page.
79988
Symptom
Issue
H.323 endpoint calls made through Route-Based VPN

with Tunnel Interface configured cannot be
established.
Occurs when attempting to make H.323

calls from NetMeeting client on the LAN of
firewall A to the Polycom client or
NetMeeting client on the LAN of firewall B.
81549
The DHCP client cannot acquire an IP address using

the internal DHCP Server.
Occurs when attempting to configure DHCP

over VPN Central Gateway. If Remote
Networks is changed to an address object,
the DHCP client is unable to obtain an IP
address.
81348
The Enable Windows Networking (NetBIOS)

Broadcast option for a VPN Policy does not
automatically create an IP Helper policy. The IP
Helper policy must be added manually.
Occurs when adding a Tunnel Interface

VPN Policy and selecting the Enable
Windows Networking (NetBIOS)
Broadcast option.
79952
Single Sign-On
VPN

P/N 232-001671-00 Rev A
WWAN
Symptom
Issue
Dial-on-Data profile does not work after Connection

Model is changed.
Occurs when configuring a WWAN profile

Dial-on-Data. Although the Network
Connection Model is set to Ethernet with
WWAN failover, the WWAN connection is
invalid and all traffic is dropped. Note that
this occurs occasionally, and can only be
seen on failover from Ethernet WAN.
Workaround: Reboot the device after
changing the connection type or the WAN
connection model. Only reboot if the 3G
interface fails to appear and obtain an IP
address after such a failover.
81148
Symptom
Issue
Wireless Clients in Wireless Bridge mode cannot

obtain an IP address from an external DHCP server.
Occurs when attempting to connect to the

SonicPoint after configuring it as a Wireless
Bridge.
81503
Wireless

P/N 232-001671-00 Rev A
Resolved Issues
This section contains a list of resolved issues in the SonicOS Enhanced 5.5.0.0.
Active-Active UTM
Symptom
Issue
The GAV HTTP Clientless Notification Alerts fail when

Active-Active UTM is enabled.
Occurs when downloading a virus from the

WAN to LAN. After enabling the HTTP
Clientless Notification Alerts on the GAV
Configuration page and configuring a
Stateful HA pair, with Active-Active UTM
also enabled, the notification alerts should
appear but do not.
81411
Symptom
Issue
Enabling the Comprehensive Anti-Spam Solution

automatically disables any access rules or NAT
policies that have a mix of SMTP and other services.
Occurs when an existing rule or policy has a

mix of services, including SMTP.
80523
Junk Store Corporate Settings time zone is not get

updated to local system time zone, but is retaining
GMT setting.
Occurs when setting the Junk Store

Summary to a specific time, if the local
system time zone is not the same as the
corporate setting.
79805
Symptom
Issue
SSH sessions cannot be stopped by the clear ssh

sessions command on a Hyperterminal console
session, and continue to be active until the appliance
is rebooted.
Occurs when the maximum number of SSH

sessions (4) are started with Putty, and a
continuous show command is started on
each session, and then the Putty
applications are closed without stopping the
command first. Hyperterminal is used to
login to the console and run show ssh
sessions and clear ssh sessions.
76971
Symptom
Issue
The default CFS policy can be deleted by SonicWALL

GMS.
Occurs when using SonicWALL GMS to

open the CFS policy on a unit under GMS
management and then clicking OK without
modifying the policy.
78912
Anti-Spam
Command Line Interface (CLI)
Content Filtering (CFS)

P/N 232-001671-00 Rev A
High Availability
Symptom
Issue
When both Logical and Physical monitoring are

enabled for VLAN interfaces in HA mode, only Logical
monitoring actually occurs. Also, the CLI command
show interface info in HA mode always shows the
interface status and speed as 0 for VLAN interfaces.
Occurs when VLAN interfaces are

configured and HA is enabled.
79237
Symptom
Issue
Configuring policies to translate multiple addresses

from the configured WAN subnet to a private address
on a trusted zone will fail because of ARP behavior.
Occurs when configuring a many-to-one

NAT policy to allow inbound traffic.
79924
Symptom
Issue
Auto-generated Anti-Spam policies and rules are not

deleted when the Anti-Spam service is disabled.
Occurs when CASS is disabled.
80974
Duplicated address objects, address object groups,

and NAT policies, including default outbound NAT
policy disappeared.
Occurs when the system is being

configured in Japanese, and the box has
been restarted.
80719
The TSR does not have complete configuration data

for Auto-Update.
Occurs when user configures an Auto

Update and opens the TSR.
80108
Remote site cannot access the local site of the

secondary bridged interface.
Occurs when local site firewall has a twonode bridge.
79822
Logs cannot be displayed in the SonicOS Enhanced

management interface.
Occurs when using SSL Control for devices

on the WAN, which generates log
messages for untrusted Certificate
Authorities and causes a parsing error when
the CA name is not found.
78313
Xbox receives Strict NAT rating behind an NSA

appliance. However, behind a PRO appliance
(4th Gen), the rating is Moderate.
Occurs when attempting to run a

Connectivity Test on the Xbox.
Workaround: Use a 4th Generation unit,
such as the PRO or TZ 170, 180, or 190,
rather than a 5th Generation unit, such as
the NSA.
77179
LAN printers that are configured to receive DHCP

leases from a UNIX DHCP server in the LAN
incorrectly get DHCP IP addresses from the
SonicWALL.
Occurs when the SonicWALL is configured

to only provide static DHCP addresses to
GVC clients, but mistakenly assigns one of
these IP addresses to a LAN printer that
sends a BOOTP request.
76144
The SonicWALL DHCP server is sending Option 52 in

all cases. This also causes problems with Option 66
on third-party phone clients.
Occurs when user attempts to configure the

DHCP server to Always send options.
74698
NAT
Networking

P/N 232-001671-00 Rev A
Security Services
Symptom
Issue
POP3 clients on the LAN take a long time and

sometimes time out when downloading email
attachments from a mail server on the DMZ.
Occurs when IPS, GAV and Anti-Spyware

Security Services are all enabled.
79131
Symptom
Issue
Unable to connect NX client from SSL-VPN>Virtual

Office page. This is not a supported use case.
Occurs when logging into SSL-VPN in

management status.
80203
Symptom
Issue
The browser takes 30 to 60 seconds to render the

page when attempting to edit group objects from the
SonicOS Enhanced management interface (HTTP or
HTTPS).
Occurs when using Internet Explorer

versions 6, 7, and 8 and editing group
objects containing 50 or more objects.
79802
Symptom
Issue
The auto-added WAN > WAN rule for GMS

management is only shown on the primary unit only,
even after failover.
Occurs when GMS in HTTPS mode is

enabled on an HF pair, and stateful
synchronization is on.
80709
SonicOS sends user-initiated SSO requests to an

SSO agent even when the agent is down, resulting in
timeouts for the user.
Occurs when all SSO agents are down.
79517
Symptom
Issue
When editing a route policy that remains from a

deleted VPN tunnel interface, the firewall crashes,
leaving the tWebmain task suspended.
Occurs when attempting to edit a route

policy or modify its interface to a newly
created VPN tunnel interface.
81498
The VPN wizard allows configuration of DH Group 1

for both site-to-site VPN policies and Group VPN
policies, but the VPN > Settings page does not.
Occurs when FIPS mode is enabled, which

should prevent configuration of DH Group 1
from the wizard too.
81418
Configuring WAN Group VPN via the VPN wizard will

modify the IKE (Phase 1) Proposal of the other Group
VPN policies such as WLAN Group VPN.
Occurs when both Group VPN policies have

the exact same Phase 1 configuration.
81417
SonicOS Enhanced 5.5 does not show 3G as

connected on Network > Interfaces when it is
actually connected.
Occurs when attempting to dial through 3G.
80857
Changing any setting of the manual key tunnel

interface VPN policy disables the static route.
Occurs when changing manual key tunnel

settings.
80565
Remote firewall systems are not always forwarding

packets to the correct interface.
Occurs when using DHCP over VPN with IP

Spoofing enabled.
80432
SSL-VPN
User Interface
Users
VPN

P/N 232-001671-00 Rev A
10
A JavaScript error occurs when attempting to

download the Windows Mobile NetExtender Client.
Occurs when using an Internet Explorer

browser to log into the SonicOS Enhanced
SSL VPN portal at:
https://<WAN IP>/portal, and then clicking
the link to download the client application.
Workaround: Use Firefox.
80354
After phase 1 of policy matching finishes, the system

says 'IKE Initiator: Start Quick Mode (Phase 2)'.
However, the phase 2 packets 'ISAKMP Quick Mode
are not sent.
Occurs when selecting AH as protocol, and

None as authentication in phase 2, with
'keep alive' enabled in aggressive mode.
80176
Symptom
Issue
Traffic flows through the X1 interface even when the

WAN Connection Model is configured as 3G-only.
Occurs when the network cable is

connected, but the system is configured to
use 3G-only.
80992
The default routing entry should change when the

primary WAN port changes.
Occurs when the system has load balancing

turned off, and the original primary port is
changed.
80979
Symptom
Issue
An error appears on the 3G > Settings page.
Occurs when changing any settings and

clicking the Accept button.
81378
When idle, Sierra Wireless and Novatel 3G devices go

into sleep mode.
Occurs when the Connection Model is

configured to Ethernet Only. After some
time, the Connection Model may disappear
from the GUI because the device has gone
to sleep.
81271
Channels 12 and 13 for the TZ 210/200/100W

(International box) are not usable.
Occurs when using a wireless client to scan

the AP on an International box, with the
country set to AU and the Channel set to 12
or 13.
81119
3G is disconnected when the system attempts to fail

back to WAN Ethernet although no WAN Ethernet
cable is present.
Occurs when the system is set to fail from

WAN Ethernet to 3G.
81113
After a firewall is configured from factory defaults and

a failover is triggered, the failover to 3G may fail.
Occurs when using the Sierra Wireless 881

and Verizon Aircard 595 WWAN 3G cards.
79559
User is unable to register and browse HTTPS

websites with SPRINT 3G USB Card.
Occurs when user attempts to browse

HTTPS websites on a WWAN connection.
79481
WAN
Wireless / 3G

P/N 232-001671-00 Rev A
11
Upgrading SonicOS Enhanced Image Procedures

The following procedures are for upgrading an existing SonicOS Enhanced image to a newer version:
Obtaining the Latest SonicOS Enhanced Image Version ........................................................................................... 12
Saving a Backup Copy of Your Configuration Preferences ........................................................................................ 12
Importing Preferences to SonicOS Enhanced 5.5 ...................................................................................................... 13
Upgrading a SonicOS Enhanced Image with Current Preferences ............................................................................ 13
Importing Preferences to SonicOS Enhanced 5.5 ...................................................................................................... 13
Importing Preferences from SonicOS Standard to SonicOS Enhanced 5.5 ............................................................... 14
Support Matrix for Importing Preferences ................................................................................................................... 15
Upgrading a SonicOS Enhanced Image with Factory Defaults .................................................................................. 16
Using SafeMode to Upgrade Firmware....................................................................................................................... 16
Obtaining the Latest SonicOS Enhanced Image Version

To obtain a new SonicOS Enhanced firmware image file for your SonicWALL security appliance:
1. Connect to your mysonicwall.com account at http://www.mysonicwall.com.
2. Copy the new SonicOS Enhanced image file to a directory on your management station.
You can update the SonicOS Enhanced image on a SonicWALL security appliance remotely if the LAN interface or
the WAN interface is configured for management access.
Saving a Backup Copy of Your Configuration Preferences

Before beginning the update process, make a system backup of your SonicWALL security appliance configuration
settings. The backup feature saves a copy of your current configuration settings on your SonicWALL security
appliance, protecting all your existing settings in the event that it becomes necessary to return to a previous
configuration state.
In addition to using the backup feature to save your current configuration settings to the SonicWALL security
appliance, you can export the configuration preferences file to a directory on your local management station. This
file serves as an external backup of the configuration preferences, and can be imported back into the SonicWALL
security appliance.
Perform the following steps to save a backup of your configuration settings and export them to a file on your local
management station:
1. On the System > Settings page, click Create Backup. Your configuration preferences are saved. The
System Backup entry is displayed in the Firmware Management table.
2. To export your settings to a local file, click Export Settings. A popup window displays the name of the
saved file.

P/N 232-001671-00 Rev A
12
Importing Preferences to SonicOS Enhanced 5.5

Preferences importing to the SonicWALL NSA Series and TZ 210 Series appliances is generally supported from the
following SonicWALL appliances running SonicOS Enhanced:
NSA Series
NSA E-Class Series
TZ 190/180/170 Series
PRO Series
There are certain exceptions to preferences importing on TZ 210 Series appliances running SonicOS Enhanced
5.5. Preferences cannot be imported in the following cases:
From a PRO 5060 with optical fiber interfaces where VLAN interfaces have been created
Full support for preferences importing from these appliances is targeted for a future release. At that time, you will
need to upgrade your firmware to the latest SonicOS Enhanced maintenance release available on MySonicWALL.
Upgrading a SonicOS Enhanced Image with Current Preferences

Perform the following steps to upload new firmware to your SonicWALL appliance and use your current
configuration settings upon startup:
1. Download the SonicOS Enhanced firmware image file from mysonicwall.com and save it to a location on
your local computer.
2. On the System > Settings page, click Upload New Firmware.
3. Browse to the location where you saved the SonicOS Enhanced firmware image file, select the file, and
click Upload.
4. On the System > Settings page, click the Boot icon in the row for Uploaded Firmware.
5. In the confirmation dialog box, click OK. The SonicWALL restarts and then displays the login page.
6. Enter your user name and password. Your new SonicOS Enhanced image version information is listed on
the System > Settings page.
Importing Preferences to SonicOS Enhanced 5.5

Preferences importing to the SonicWALL UTM appliances is generally supported from the following SonicWALL
appliances running SonicOS Enhanced:
NSA Series
NSA E-Class Series
TZ 210/200/100/190/180/170 Series
PRO Series
There are certain exceptions to preferences importing on these appliances running the SonicOS Enhanced 5.5.0.0
release. Preferences cannot be imported in the following cases:
Settings files containing Portshield interfaces created prior to SonicOS 5.x
Settings files containing VLAN interfaces are not accepted by the TZ 100/200 Series firewalls
Settings files from a PRO 5060 with optical fiber interfaces where VLAN interfaces have been created
Full support for preferences importing from these appliances is targeted for a future release. At that time, you will
need to upgrade your firmware to the latest SonicOS Enhanced maintenance release available on MySonicWALL.

P/N 232-001671-00 Rev A
13
Importing Preferences from SonicOS Standard to SonicOS Enhanced 5.5

The SonicOS Standard to Enhanced Settings Converter is designed to convert a source Standard Network Settings
file to be compatible with a target SonicOS Enhanced appliance. Due to the more advanced nature of SonicOS
Enhanced, its Network Settings file is more complex than the one SonicOS Standard uses. They are not
compatible. The Settings Converter creates an entirely new target Enhanced Network Settings file based on the
network settings found in the source Standard file. This allows for a rapid upgrade from a Standard deployment to
an Enhanced one with no time wasted in re-creating network policies. Note: SonicWALL recommends deploying the
converted target Network Settings file in a testing environment first and always keeping a backup copy of the
original source Network Settings file.
The SonicOS Standard to Enhanced Settings Converter is available at: https://convert.global.sonicwall.com/
If the preferences conversion fails, email your SonicOS Standard configuration file to
settings_converter@sonicwall.com with a short description of the problem. In this case, you may also consider
manually configuring your SonicWALL appliance.
To convert a Standard Network Settings file to an Enhanced one:
1. Log in to the management interface of your SonicOS Standard appliance, navigate to System > Settings,
and save your network settings to a file on your management computer.
2. On the management computer, point your browser to https://convert.global.sonicwall.com/.
3. Click the Settings Converter button.
4. Log in using your MySonicWALL credentials and agree to the security statement.
The source Standard Network Setting file must be uploaded to MySonicWALL as part of the conversion
process. The Setting Conversion tool uses MySonicWALL authentication to secure private network settings.
Users should be aware that SonicWALL will retain a copy of their network settings after the conversion
process is complete.
5. Upload the source Standard Network Settings file:
Click Browse.
Navigate to and select the source SonicOS Standard Settings file.
Click Upload.
Click the right arrow to proceed.
6. Review the source SonicOS Standard Settings Summary page.
This page displays useful network settings information contained in the uploaded source Network Settings
file. For testing purposes, the LAN IP and subnet mask of the appliance can be changed on this page in
order to deploy it in a testing environment.
7.
8.
9.
10.
11.
12.
(Optional) Change the LAN IP address and subnet mask of the source appliance to that of the
target appliance.
Click the right arrow to proceed.
Select the target SonicWALL appliance for the Enhanced deployment from the available list.
SonicOS Enhanced is configured differently on various SonicWALL appliances, mostly to support different
interface numbers. As such, the converted Enhanced Network Settings file must be customized to the
appliance targeted for deployment.
Complete the conversion by clicking the right arrow to proceed.
Optionally click the Warnings link to view any differences in the settings created for the target appliance.
Click the Download button, select Save to Disk, and click OK to save the new target SonicOS Enhanced
Network Settings file to your management computer.
Log in to the management interface for your SonicWALL appliance.
Navigate to System > Settings, and click the Import Settings button to import the converted settings to
your appliance.

P/N 232-001671-00 Rev A
14
Support Matrix for Importing Preferences

P/N 232-001671-00 Rev A
15
Upgrading a SonicOS Enhanced Image with Factory Defaults

Perform the following steps to upload new firmware to your SonicWALL appliance and start it up using the default
configuration:
1. Download the SonicOS Enhanced firmware image file from mysonicwall.com and save it to a location on
your local computer.
2. On the System > Settings page, click Create Backup.
3. Click Upload New Firmware.
4. Browse to the location where you saved the SonicOS Enhanced firmware image file, select the file, and
click Upload.
5. On the System > Settings page, click the Boot icon in the row for Uploaded Firmware with Factory
Default Settings.
6. In the confirmation dialog box, click OK. The SonicWALL restarts and then displays the login page.
7. Enter the default user name and password (admin / password) to access the SonicWALL management
interface.
Using SafeMode to Upgrade Firmware

If you are unable to connect to the SonicWALL security appliances management interface, you can restart the
SonicWALL security appliance in SafeMode. The SafeMode feature allows you to quickly recover from uncertain
configuration states with a simplified management interface that includes the same settings available on the
System > Settings page.
To use SafeMode to upgrade firmware on the SonicWALL security appliance, perform the following steps:
1. Connect your computer to the X0 port on the SonicWALL appliance and configure your IP address with an
address on the 192.168.168.0/24 subnet, such as 192.168.168.20.
2. Do one of the following to restart the appliance in SafeMode:
Use a narrow, straight object, like a straightened paper clip or a toothpick, to press and hold the reset
button on the front of the security appliance for more than 20 seconds. The reset button is in a small
hole next to the USB ports.
Use the LCD control buttons on the front bezel to set the appliance to Safe Mode. Once selected, the
LCD displays a confirmation prompt. Select Y and press the Right button to confirm. The SonicWALL
security appliance changes to SafeMode.
The Test light starts blinking when the SonicWALL security appliance has rebooted into SafeMode.
Note: Holding the reset button for two seconds will send a diagnostic snapshot to the console. Holding the
reset button for six to eight seconds will reboot the appliance in regular mode.
3. Point the Web browser on your computer to 192.168.168.168. The SafeMode management interface
displays.
4. If you have made any configuration changes to the security appliance, select the Create Backup On Next
Boot checkbox to make a backup copy of your current settings. Your settings will be saved when the
appliance restarts.
5. Click Upload New Firmware, and then browse to the location where you saved the SonicOS Enhanced
firmware image, select the file, and click Upload.
6. Select the boot icon in the row for one of the following:
Uploaded Firmware New!

Use this option to restart the appliance with your current configuration settings.
Uploaded Firmware with Factory Defaults New!

Use this option to restart the appliance with default configuration settings.
7. In the confirmation dialog box, click OK to proceed.
8. After successfully booting the firmware, the login screen is displayed. If you booted with factory default
settings, enter the default user name and password (admin / password) to access the SonicWALL
management interface.

P/N 232-001671-00 Rev A
16
Related Technical Documentation

SonicWALL user guides and reference documentation is available at the SonicWALL Technical Documentation
Online Library: http://www.sonicwall.com/us/Support.html
For basic and advanced deployment examples, refer to SonicOS Guides and SonicOS TechNotes available on the
Web site.
______________________
Last updated: 8/14/2009

P/N 232-001671-00 Rev A
17

SonicOS Enhanced 5.5.0.0 Release Notes

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

SonicOS Enhanced 5.5.0.0 Release Notes

Uploaded by

Copyright:

Available Formats

SonicOS