Sonicos Enhanced 5.9 Download

Sonicos Enhanced 5.9 Download Pc
Sonicos Enhanced 5.9 Download Windows 10
Sonicos Enhanced 5.9 Downloads
Sonicos Enhanced 5.9.1.10-1o

Also bear in mind this post is based on firmware “SonicOS Enhanced 5.9.1.6-5o”. Before you do anything I would suggest you backup your current configuration. This is now in the standard firmware 5.9.1.7, but the setting is automatically set to ON when you update to 5.9.1.7, so you will need to turn it back off again if your Sonicwall is seeming to lock up, and connections are being dropped. The setting is in Firewall Settings Flood Protection Enforce strict TCP compliance with RFC 5961. How to Update SonicOS Firmware - Video: SonicOS Patch Releases. In the table below, find the existing SonicOS version that a firewall is currently running, (SonicOS Running Version); then select the SonicOS patch release from the same row, download that version from MySonicwall, and update SonicOS Firmware using the steps linked above. . Manually specify SonicPoint-N image URL - SonicOS Enhanced 5.0 and higher does not contain an image of the SonicPoint firmware. If your SonicWALL appliance has Internet connectivity, it will automatically download the correct version of the SonicPoint image from the SonicWALL server when you connect a SonicPoint device. SonicOS Version. There are several great tutorials out there on how to setup a SonicWall SSLVPN. Each one is somewhat different as the SonicOS changes and the steps and location of items changes from release to release. So, while they are all similar, this tutorial was done using a SonicWall NSA 3500 running SonicOS Enhanced 5.9.0.0-91o.

Issue Summary

In the past, Dell SonicWALL used industry standard 1024-bit certificates. To comply with Certification Authority/Browser forum requirements based on NIST Special Publication 800-131A, as of January 1, 2014, all web browsers and Certification Authorities (CAs) will no longer sell or support 1024-bit RSA certificates. Certificates with less than 2048-bit key length will need to be revoked and replaced with certificates of higher encryption strength. All current Dell SonicWALL firewalls use versions of SonicOS firmware with the 2048-bit security standard. Recent updates and upgrades of SonicOS firmware use the industry standard and recommended 2048-bit certificate. This is an urgent notification that on January 1, 2014, all web browsers and Certification Authorities (CAs) will no longer support 1024-bit RSA certificates. This change is not driven by Dell SonicWALL, but rather a decision by Certificate Authorities to enforce the use of highly secure certificates. Certificates using the 1024-bit key length will be revoked and must be replaced with certificates of higher encryption strength. If you own a Dell SonicWALL firewall with an older firmware version that does not use 2048-bit certificates you must upgrade the firmware to the latest version or the minimum General Release version which includes the 2048-bit certificate as listed in the Firmware Upgrade Table below by December 31, 2013. Dell SonicWALL is providing the minimum firmware upgrade to all customers regardless of support contract status.

How does this issue affect me?

If you own a Dell SonicWALL firewall with an older firmware version that does not support 2048-bit certificates, the firewall will NOT be able to get real-time license information or the latest security services updates from our back-end systems. Existing security services on Dell SonicWALL firewalls that use 1024-bit certificates will continue to block previously-known threats, but the lack of updates may expose the protected network to new threats and exploits. In addition, you will NOT be able to activate and renew security services.

How can I tell what firmware version is running on my firewall?

Follow these steps to find the firmware version running on your Dell SonicWALL firewall.

Log into your Dell SonicWALL firewall
Click on “System” in the left-hand navigation
Look for “Firmware Version” under the “System Information” heading

What actions do I need to take?

Dell SonicWALL strongly recommends upgrading firewalls running older firmware to the minimum General Release version indicated in the table below. The table lists the affected Dell SonicWALL products and the associated minimum required firmware versions. All General Release versions of the required minimum SonicOS version for your appliance(s) are available on MySonicWALL.com.

Note: Active support is not required to download the minimum General Release version of the firmware listed in the Firmware Upgrade Table below.

When do I need to do this by?

If you have a Dell SonicWALL firewall that does not support 2048-bit certificates you must upgrade the firmware on the firewall by December 31, 2013.

How do I upgrade the firmware on my firewall?

Firmware must be upgraded on your Dell SonicWALL firewall(s) to the latest firmware version or the minimum firmware version as listed in the table below. The latest or minimum required General Release firmware can be downloaded from the MySonicWALL.com Download Center. The following Knowledge Base articles will guide you through the processes for downloading and upgrading the firmware on your firewall.
How to Download SonicOS Firmware
How to Upgrade SonicOS Firmware with Current Preferences on a Dell SonicWALL Firewall

What firmware version do I need to upgrade to?

Follow these steps to determine the required firmware version for your Dell SonicWALL firewall.

Find your firewall model under the “Dell SonicWALL Firewall” column.
Determine if your firewall is running one of the versions listed under “Currently Running Firmware.”
Check the “Minimum Required SonicOS Firmware Version” to see if an upgrade is required. If it is, you will need to upgrade to at least the minimum required version listed in the right-hand column of the table.

FIRMWARE UPGRADE MATRIX

Dell SonicWALL Firewall	Current Running Firmware	Minimum Required SonicOS Firmware Version
SuperMassive 9200/9400/9600	6.1.1.1 or newer	Upgrade not required
NSA 2600/3600/4600/5600/6600	6.1.1.1 or newer	Upgrade not required
NSA E5500/E6500/E7500/E8500/E8510 NSA 240/2400/3500/4500/5000 TZ 210/210W TZ 200/200W TZ 100/100W	5.3.x.x – 5.6.0.11 or older	5.6.0.12
	5.9.0.0 or newer	Upgrade not required
	5.8.1.0 or newer	Upgrade not required
NSA 2400MX	5.7.0.0 – 5.7.1.0	5.7.2.0
NSA 2400MX	5.9.0.0 or newer	Upgrade not required
NSA 250M/250MW NSA 220/220W TZ 215/215W	5.8.0.0 – 5.8.1.1	5.8.1.2
NSA 250M/250MW NSA 220/220W TZ 215/215W	5.9.0.0 or newer	Upgrade not required
TZ 205/205W TZ 105/105W	5.8.0.0 – 5.8.1.5	5.8.1.6
TZ 205/205W TZ 105/105W	5.9.0.0 or newer	Upgrade not required
PRO 4060/4100/5060	4.2.1.6 Enhanced or older	4.2.1.7 Enhanced
PRO 2040/3060	4.2.1.6 Enhanced or older	4.2.1.7 Enhanced
PRO 2040/3060	3.1.6.5 Standard or older	3.1.6.6 Standard
PRO 1260	3.4.1.3 Enhanced or older	3.4.1.4 Enhanced
PRO 1260	3.1.6.5 Standard or older	3.1.6.6 Standard
TZ 190/190W	4.2.1.6 Enhanced or older	4.2.1.7 Enhanced
TZ 170/170W/170 SP	3.4.1.3 Enhanced or older	3.4.1.4 Enhanced
TZ 170/170W/170 SP	3.1.6.5 Standard or older	3.1.6.6 Standard
TZ 170 SPW	3.4.1.3 Enhanced or older	3.4.1.4 Enhanced
TZ 150/150W/150W Rev B	3.1.6.5 Standard or older	3.1.6.6 Standard

What happens if I don’t upgrade the firmware on my Dell SonicWALL firewall?

If you do not upgrade the firmware to a version that does support 2048-bit certificates your Dell SonicWALL firewall will NOT be able to get real-time license information or the latest security services updates from our back-end systems. Existing security services on Dell SonicWALL firewalls that use 1024-bit certificates will continue to block previously-known threats, but the lack of updates may expose the protected network to new threats and exploits. In addition, you will NOT be able to activate and renew security services.

Where can I get more information?

With us, Multicomp can help you, making the upgrade process.

Who is NIST?

NIST stands for “National Institute of Standards and Technology” which is a U.S. federal government “technology agency that works with industry to develop and apply technology, measurements, and standards.” NIST recommendations are part of the standards ecosystem by which web browsers and CAs abide.

Why is NIST recommending a transition to 2048-bit certificates?

In order to provide greater security against malicious attacks, NIST guidelines suggest discontinuing the use of 1024-bit certificates at the end of 2013. Browsers and Commercial CAs within the CA/Browser Forum have decided to abide by this recommendation and created steadfast rules to proactively convert end-users to higher levels of signing.

SonicOS Version

There are several great tutorials out there on how to setup a SonicWall SSLVPN. Each one is somewhat different as the SonicOS changes and the steps and location of items changes from release to release. So, while they are all similar, this tutorial was done using a SonicWall NSA 3500 running SonicOS Enhanced 5.9.0.0-91o. And since verions 5.8.1.13 is recent in my memory, I have notes for that version here too. You will see just between these two releases (5.8.1.13 and 5.9.0.0) there are a few differences.

Create a SonicWall SSLVPN Setup Tasks

There are 3 basic tasks to create a SonicWall SSLVPN.

Create the SSLVPN. This includes setting up proper routes.
Create your users and give them proper access to the right devices on your network.
Install the NetExtender SSLVPN clients

Step 1 – Create the SSLVPN

Login and browse to the SSL VPN / Server Settings page. Populate the form like I did below. Don’t forget to to do the following:

Be certain that the WAN interface is clicked so that it is green. No reason to have a VPN setup if you can’t connect to it from the WAN. I also turn on LAN so that I can test it internally.
Choose a port. I always the default 4433.
If you need to use a signed certificate go to system / certificates and manage that there.
Tell it the domain that you want to use. The only thing that this matches to is the domain name that they will need to enter on the NetExtender client side.
If you need to manage this SonicWall over this VPN directly you will want to Enable Web Management and likewise if you use SSH for SonicWall management, turn that on too.
The Inactivity Timeout will disconnect clients if they are inactive longer than this time period.
Setup the Radius settings if you use Radius. I am not for my VPN, so I ignored that.
Setup the URL for downloading the NetExtender clients if you wish to enable the client to download them from a site that you completely control. This has been good for me because sometimes there are specific versions of the NetExtender client that I want my clients using due to bugs or other.

Next, we go into SSL VPN / Client Settings.

This is where things are a bit different between 5.8 and 5.9. In SonicOS 5.8.1.13, one configures the whole DHCP setup completely in this area by setting the interface where the addresses are routed that you want to use–like X0 for example, Then setup the range using the start ip and end ip and then all of the other network stuff that you would normally expect such as WINS if needed, DNS, etc… You would then to to SSL VPN / Client Routes to set that up like we will describe later for 5.9.

SonicOS 5.9.0.0 SSL VPN Client Settings Page

In SonicOS 5.9.0.0, it appears that they are adding a feature to allow you to have more than one profile. Hopefully that comes in a new release. At the moment, you edit the Default Device Profile. On the Settings tab, you currently only can setup the SSLVPN IP Pool that you define in the Network / Address Objects page.

To the right is how I defined my SSLVPN DHCP pool Network Object on my 5.9 SonicOS.

This is different than the 5.8.1.13 SonicOS and therefore, give you more flexibility as it doesn’t have to draw addresses from a current network that you have assigned to an interface.

On the Client routes tab you need to choose from the address objects defined in Network / Address Objects which ones you want to allow the clients to connect to. In SonicOS 5.8.1.13, this is defined in SSL VPN / Client Routes. In the example to the right, you see that I have added a list of routes for the clients to use through the NetExtender client when they connect. Note that these routes are the superset of the routes that you want people to be able to connect to. Later on as we configure users, you can specify specific routes for individual users.

Finally, in SonicOS 5.9.0.0 you need to go to the Client Settings tab to setup your WINS, DNS, etc… for the client to use. In 5.8.1.13, you will have already done this.

Finally, you will want to go into your Firewall settings and be certain that a rule was automatically created on your WAN interface to allow SSLVPN connections. If not, add one as shown below:

Add a firewall rule to allow connections to the SSLVPN

I should also mention that there is also a Portal Settings page where you can setup a portal for your users to browse to, download their client, etc… As this option is cool, but unnecessary to getting it working, I have left that out for a potential tutorial later on someday.

Step 2 – Create the Users

Sonicos Enhanced 5.9 Download Pc

Navigate to Users / Local Users and then click the button to “Add User”. This will give you the screen below:

Populate the fields:

Name – This is actually the username, this is what they will use to login with using the NetExtender client.
Password / Confirm Password – Obviously type in the password for the user in both of these fields.
Check Boxes – You can force them to change their password or make their password expire after each use if desired.
Email address – Enter their email address.
Account Lifetime – Set to Never Expire if you do not know how long the user will need this account, or set it to the proper timeframe if known.
Comment – This is where I typically put the user’s actual name as the name field is for their login. I also put other comments to remind me why this user has access, if it is a vendor, who in the company they are reporting to, etc…

Groups Tab

On the groups tab be sure to give the user access to the SSLVPN Services Group membership as shown in the example below:

Sonicos Enhanced 5.9 Download Windows 10

There are two more tabs that we won’t display but will discuss:

VPN Access – This is where you specify the exact routes that you want the client to be able to use when they connect to the NetExtender VPN. This gives you complete control over which machines they can connect directly to. But remember, once you give access to an outside individual to a machine inside your network, they now have access to anything that machine has access to.
Bookmark – This allows you to define shortcuts for directly connecting to Terminal Services, VNC, Telnet or SSH. We may cover this in a separate post someday.

With that, you should be done configuring your user for SSLVPN access.

Step 3 – Install and Configure the SSLVPN NetExtender Client

This requires that you have registered your SonicWall and have setup your access to their support portal at https://www.mysonicwall.com/Login.aspx. You will then login to their support site and download the NetExtender clients that your users will need: Mac, Windows, Linux, etc…

Logging in to your SSLVPN using the NetExtender Client

Once the NetExtender client is installed and launched, you connect by entering the either the IPADDRESS:Port or if you have setup DNS, the FQDN:port for your sonicwall’s WAN interface. For example: x.y.q.z:4433 or sslvpn.mydomain.com:4433.

The user will enter their username and password defined in step 2 above and the Domain as defined in Step 1 above and then connect.

Once connected, there are 3 tabs in your

NetExtender client:

Status – Allows you to see how long you have been connected, etc…
Routes – Shows you the routes that are being routed through the SSLVPN client. This is great for troubleshooting why you can’t get places.
DNS – shows you the DNS servers and their priority for your client.

Sonicos Enhanced 5.9 Downloads

That should be it. Choose the Disconnect button when you are done and you will be disconnected.

The following two tabs change content below.

Jeff has 20 years of professional IT experience, having done nearly everything in his roles of IT consultant, Systems Integrator, Systems Engineer, CNOC Engineer, Systems Administrator, Network Systems Administrator, and IT Director. If there is one thing he knows for sure, it is that there is always a simple answer to every IT problem and that downtime begins with complexity. Seasoned IT professional by day, Jeff hopes to help other IT professionals by blogging about his experiences at night on his blog: http://uptimemadeeasy.com. You can find Jeff on Google+ or LinkedIn at: LinkedIn or Twitter at: Twitter

Sonicos Enhanced 5.9.1.10-1o

Configure Your HP Procurve Switch with SNTP - May 5, 2015
Configuring HP Procurve 2920 Switches - May 1, 2015
Troubleshooting Sendmail - November 28, 2014

Stupidloading146