Professional Documents
Culture Documents
Contents
Platform Compatibility ................................................................................................................................................... 1
New Features ................................................................................................................................................................ 2
Known Issues ................................................................................................................................................................ 5
Resolved Issues ............................................................................................................................................................ 8
Upgrading SonicOS Enhanced Image Procedures..................................................................................................... 12
Related Technical Documentation .............................................................................................................................. 17
Platform Compatibility
The SonicOS Enhanced 5.5.0.0 is supported on the following SonicWALL UTM appliances:
SonicWALL TZ 100
SonicWALL TZ 100 Wireless-N
SonicWALL TZ 200
SonicWALL TZ 200 Wireless-N
SonicWALL TZ 210
SonicWALL TZ 210 Wireless-N
SonicWALL NSA 240
SonicWALL NSA 2400
SonicWALL NSA 3500
SonicWALL NSA 4500
SonicWALL NSA 5000
SonicWALL NSA E5500
SonicWALL NSA E6500
SonicWALL NSA E7500
New Features
The SonicOS Enhanced 5.5.0.0 introduces support for the following new features:
Wireless/SonicPoint Enhancements
o
WLAN Layer 2 Bridge ModePrior to this release, WLAN zones only supported static IP
assignment. This feature allows administrators to configure a WLAN zone in Layer 2 Bridge Mode,
an interface placed in this mode becomes the Secondary Bridge Interface to the Primary Bridge
Interface to which it is paired.
Active/Active UTMThis feature is available on the SonicWALL NSA E7500, E6500, and E5500
platforms in the SonicOS Enhanced 5.5.0.0 release. It provides concurrent deep packet inspection
(DPI) Unified Threat Management (UTM) processing on the backup unit in a High Availability (HA)
pair. Since processing UTM services is very processor intensive, an Active-Active UTM HA pair
provides substantial gains on network throughput speed.
Note: To ensure that the Backup or Idle unit can receive updates with the latest Security Services
signatures, configuring Monitoring IP addresses is mandatory on the following interfaces:
1. Any WAN Interface and /or Primary LAN Interface
2. The Primary LAN or X0 interface only, if monitoring on a WAN interface is not enabled
Solera - Deep Packet ForensicDeep Packet Forensics combines a SonicWALL UTM appliance
and a Solera Networks data-recording appliance to accurately identify and store data regarding the
traffic and log events of deep-packet classification. These appliances together will be able to record
multi-gigabits of network traffic without dropping a single packet.
VPN Enhancements
o
Route Based IPsec VPNRoute based VPN is a more efficient and simple way to manage
network topology. Instead of having to configure the VPN policy, a Static Route configuration is
available via the Tunnel Interface. The Route based VPN feature also provides users with the ability
to define multiple paths for overlapping networks over a clear or redundant VPN.
Multiple SSO Agent Configuration SupportUp to eight SSO agents can be configured
to provide redundancy and load balancing for transparent user authentication.
Streamlined Polling with Multiple-User RequestsA new Multiple-User Request has been
added to allow packing many user requests into a single message to the SSO agent. This
message is basically identical to the existing single-user request message, however, it
contains multiple User IP Address TLVs:
Protocol version
Client serial number
Agent IP address
User name (just one)
User IP address (multiple)
Improved Error HandlingA new Error Indication TLV (type, length, value field) has been
added. This will be returned in the reply from the agent to the SonicWALL UTM appliance
should it encounter a problem leading to failure in identifying a user. In the case where the
Error Indication TLV is received in a reply, the SonicWALL UTM appliance will retry the
request up to the configured number of retries (as it does on a timeout) but will back off and
wit before doing so with the wait time incremented on each subsequent retry as follows:
Only if all retries fails will the SonicWALL UTM appliance fail the user authentication
attempt, while logging the issue with any error event message.
o
Multiple DHCP Scopes Per InterfaceThe Multiple DHCP Scopes per Interface feature allows
one DHCP server to manage different IP address scopes for clients spanning multiple subnets. The
DHCP Advanced Setting page provides security with a new tab for Trusted Agents. Trusted DHCP
Relay Agents can be specified here, such as BOOTP Relay or IP Helper, and are used to relay
DHCP messages across different IP networks or subnets. The Option Objects and Option Groups
configuration screens are also moved to the DHCP Advanced Setting page.
Networking Enhancements
o
Multiple WANAllows for more than two WANs to be configured. WANs can also be VLAN
interfaces. This feature contains changes to WAN failover and Load Balancing (LB), which now
supports up to four WAN members in the WLB group. Users will also be allowed to probe through
the additional WAN interfaces.
Probe Enabled Policy-Based RoutingWith Probe Enabled Policy-Based Routing you can
effectively provide as many WAN route paths as available physical interfaces. This feature provides
an additional level of network path selection ability using Dynamic Routing. A Probe Monitor Policy
object is used by the administrator to define the physical interface in which the probes are to be
sent, a probe interval, type, reply time out, deactivation threshold and reactivation threshold.
One-Time SchedulesSonicOS Enhanced 5.5 supports new scheduling options for One-Time
and Mixed schedules. A One-Time schedule allows configuration of a schedule for a specific date
and time, to be used for an event that occurs only during those parameters. Mixed schedules
combine the options of One-Time and Recurring schedules, and apply to events that occur
repeatedly during the same configured hours and days of the week, between the configured start
and end dates.
Known Issues
This section contains a list of known issues in the SonicOS Enhanced 5.5.0.0.
Condition / Workaround
Issue
80208
Symptom
Condition / Workaround
Issue
79355
Symptom
Condition / Workaround
Issue
79478
79363
79353
High Availability
Networking
79266
79059
Symptom
Condition / Workaround
Issue
79988
Symptom
Condition / Workaround
Issue
81549
81348
79952
Single Sign-On
VPN
WWAN
Symptom
Condition / Workaround
Issue
81148
Symptom
Condition / Workaround
Issue
81503
Wireless
Resolved Issues
This section contains a list of resolved issues in the SonicOS Enhanced 5.5.0.0.
Active-Active UTM
Symptom
Condition / Workaround
Issue
81411
Symptom
Condition / Workaround
Issue
80523
79805
Symptom
Condition / Workaround
Issue
76971
Symptom
Condition / Workaround
Issue
78912
Anti-Spam
High Availability
Symptom
Condition / Workaround
Issue
79237
Symptom
Condition / Workaround
Issue
79924
Symptom
Condition / Workaround
Issue
80974
80719
80108
79822
78313
77179
76144
74698
NAT
Networking
Security Services
Symptom
Condition / Workaround
Issue
79131
Symptom
Condition / Workaround
Issue
80203
Symptom
Condition / Workaround
Issue
79802
Symptom
Condition / Workaround
Issue
80709
79517
Symptom
Condition / Workaround
Issue
81498
81418
81417
80857
80565
80432
SSL-VPN
User Interface
Users
VPN
10
80354
80176
Symptom
Condition / Workaround
Issue
80992
80979
Symptom
Condition / Workaround
Issue
81378
81271
81119
81113
79559
79481
WAN
Wireless / 3G
11
12
13
7.
8.
9.
10.
11.
12.
(Optional) Change the LAN IP address and subnet mask of the source appliance to that of the
target appliance.
Click the right arrow to proceed.
Select the target SonicWALL appliance for the Enhanced deployment from the available list.
SonicOS Enhanced is configured differently on various SonicWALL appliances, mostly to support different
interface numbers. As such, the converted Enhanced Network Settings file must be customized to the
appliance targeted for deployment.
Complete the conversion by clicking the right arrow to proceed.
Optionally click the Warnings link to view any differences in the settings created for the target appliance.
Click the Download button, select Save to Disk, and click OK to save the new target SonicOS Enhanced
Network Settings file to your management computer.
Log in to the management interface for your SonicWALL appliance.
Navigate to System > Settings, and click the Import Settings button to import the converted settings to
your appliance.
14
15
16
______________________
Last updated: 8/14/2009
17