SonicOS SonicOS Contents Release Purpose... 1 Platform Compatibility... 1 Upgrading Information... 1 Browser Support... 1 Feature Information... 2 Known Issues... 2 Resolved Issues... 4 Release Purpose SonicOS 6.1.2.0 is the initial release for the Dell SonicWALL NSA 2600 network security appliance. Platform Compatibility The SonicOS 6.1.2.0 release is supported on the following Dell SonicWALL appliance: NSA 2600 The Dell SonicWALL WXA series appliances (WXA 500 Live CD, WXA 5000 Virtual Appliance, WXA 2000/4000 Appliances) are supported for use with Dell SonicWALL NSA appliances running 6.1.2.0. The recommended WXA firmware version is WXA 1.2.1. WXA 1.1.1 will work with SonicOS 6.1.2.0, but you will not be able to see or use the new features in WXA 1.2.1. Upgrading Information For information about obtaining the latest firmware, upgrading the firmware image on your Dell SonicWALL appliance, and importing configuration settings from another appliance, see the SonicOS 6.1 Upgrade Guide available on MySonicWALL or on the www.sonicwall.com Product Documentation page for the NSA series: http://www.sonicwall.com/us/en/support/3643.html Note: Upgrading to SonicOS 6.1.2.0 is not supported from SonicOS 5.9. You can upgrade to SonicOS 6.1.2.0 from a 6.1.1.x release or from SonicOS 5.8.1.x. Browser Support SonicOS uses advanced browser technologies such as HTML5, which are supported in most recent browsers. Dell SonicWALL recommends using the latest Chrome, Firefox, Internet Explorer, or Safari browsers for administration of SonicOS. This release supports the following Web browsers: Chrome 18.0 and higher (recommended browser for dashboard real-time graphics display) Firefox 16.0 and higher Internet Explorer 8.0 and higher (do not use compatibility mode) Safari 5.0 and higher Mobile device browsers are not recommended for Dell SonicWALL appliance system administration.
Feature Information The following features in SonicOS are supported by default on higher models, but must be separately licensed on the Dell SonicWALL NSA 2600: BGP Available for the NSA 2600 with the SonicOS Expanded License Stateful HA Available for the NSA 2600 with the SonicOS Expanded License or the High Availability License The following features are not supported on the Dell SonicWALL NSA 2600: Active/Active DPI Not supported on NSA 2600/3600/4600 Active/Active Clustering Supported by default on SuperMassive 9000 series; Supported with SonicOS Expanded License on NSA 5600, 6600 Port Redundancy in Network > Interfaces Not supported on NSA 2600; Support is targeted for a future release Link Aggregation in Network > Interfaces Not supported on NSA 2600; Support is targeted for a future release Known Issues This section contains a list of known issues in the SonicOS 6.1.2.0 release. Certificates Auto-import CRL via http does not work for revoking certificates. Occurs when you add a certificate, then on the import CRL popup page, select Periodically autoimport CRL via HTTP, enter a valid HTTP URL for CRL download, and click the Apply button. 129379 DPI-SSL The CFS block page is not displayed for a blocked HTTPS website, although the site is correctly blocked and the attempt is logged. DPI-SSL does not take effect for a wireless guest user. The certificate from the remote server is not rewritten using the designated certificate. Occurs when Enable SSL Client Inspection and Content Filter are selected on the DPI-SSL > Client SSL page, and a Content Filter policy is configured to block a site category that uses HTTPS, such as for online banking. When a user accesses a banking website, it is blocked and the attempt is logged, but the CFS block page does not appear. Occurs when guest services are enabled on the WLAN zone and a guest user logs in and attempts to access a website using HTTPS, such as https://mail.google.com. 123676 123097 2
Networking RIPv2 does not advertise routes after changing the interface on which it is running. A test virus is logged, but not blocked when using Wire Mode over Link Aggregation. Occurs when RIPv2 is running on a WAN zone interface, then RIPv2 is disabled on that interface and enabled on a DMZ zone interface which is configured to use the same Cisco 3600 router for its gateway device. Occurs when an anchor port is down, in Secure mode. Wire Mode is configured from LAN to LAN, X2 and X8. Link Aggregation (LAG) configuration is: X2: X3,X6,X7 and X8: X9,X10,X11, with static LAG between two switches connected to these ports. Initially, a virus sent from a PC on one switch to a PC on the other switch is blocked. After X2 is shut down administratively, the next virus transfer is logged, but not blocked. 132949 129955 Users For Single Sign-On authentication, NTLM does not work on Linux (Fedora and Firefox) computers. Instead of NTLM prompting for name and password, the browser redirects to the user authentication page. Occurs when NTLM is configured to be tried before the Single Sign-On agent, or NTLM is selected as the only SSO method. The Simple usernames in local database checkbox is enabled. With no user logged in through the appliance, a new browser is used to browse to a WAN-side web server. The user should be prompted for credentials, but is not. 129835 VoIP The firewall drops SIP packets from WAN to LAN (on a bridged LAN interface). Occurs when: 1. X0 was already configured as LAN with default gateway IP of 192.168.50.1 2. Configure X5(LAN) to X0 in L2 bridge mode 3. Connect a Cisco phone on the LAN side of the X5 interface with IP 192.168.50.13(gateway is 192.168.50.1) 4. As the proxy is already on WAN, make a call from Cisco phone connected to the bridged LAN interface(x5) to a phone on the WAN side. 5. The call should be established, but WAN to Bridged LAN(X5) SIP packets are dropped by the firewall. 128225 3
Resolved Issues This section contains a list of issues that are resolved in the SonicOS 6.1.2.0 release. High Availability High Availability can be enabled even when no HA interface is selected. The High Availability > Status page displays the status as green and the appliance as Active. Occurs when Active/Standby is selected as the Mode on the High Availability > Settings page and a serial number is entered in the Secondary Device field, but no HA Control Interface is selected before clicking Apply. 132863 Networking OSPF authentication configuration is lost after the appliance restarts. Interface statuses are No Link when both interfaces are set to 100 MB Full Duplex. Changing the OSPF area type does not take effect and a OSPF Internal Error 5 error is displayed. With Simple RIP, the appliance does not learn the RIP routes from the peer router. RIP in Advanced Routing works properly. Occurs when OSPF is enabled and configured on the WAN interface, the Authentication is enabled with a "simple password" or Md5, the password is set, then the appliance is restarted. Occurs when the appliance is connected to another appliance or to a Force 10 switch, and the connected interfaces are both configured as 100 MB Full Duplex (not auto-negotiated). Occurs when an interface (such as X2) is configured as OSPF area 2 and set to Stub type, then the interface is changed to NSSA or Totally NSSA type. Occurs when a LAN zone interface is connected to a Cisco 3600 router and RIP v2 multicast is enabled on both sides. RIP routes advertised from the Cisco 3600 are not learned, and all RIP packets are dropped by SonicOS. 133480 132931 132592 132126 SSL VPN Users whose accounts are local to the appliance cannot log into the SSL VPN portal. Occurs when SSL VPN is enabled on the WAN zone, and the local user is a member of the SSLVPN service group and tries to access the portal from a WAN side client machine. 133218 4
Wireless Configuration changes to the SonicPoint 5 GHz Channel do not take effect. After the SonicPoint auto-reboots, the SonicPoints page shows that the channel has been changed, but the console shows the frequency is still that of the initial channel. Occurs when the SonicPoint NDR has synchronized with the NSA 2600 using channels 44 and 48 in Auto mode, then the 5 GHz channel is changed from Auto to Manual and channel 100 is selected. But, channel 100 is only allowed when using Dynamic Frequency Selection (DFS), not yet supported in SonicOS 6.1. 133478 Last updated: 9/26/2013 5