SonicWall Gen7 Firewalls Stuck In Reboot Loop Since Thursday

‘We have never seen anything like this with SonicWall. I’m surprised ... Unfortunately, tech issues like this happen from time to time,’ says Michael Goldstein, CEO of SonicWall partner LAN Infotech.

SonicWall issued a temporary workaround Friday for Gen7 firewalls that had been inaccessible or stuck in a reboot loop since 9:30 p.m. ET Thursday.

“We are currently investigating reports that some firewall users are experiencing a reboot loop,” SonicWall wrote on Twitter at 9:28 a.m. ET Friday, directing users to a product notification advisory for more details. Complaints began streaming in Thursday evening on the sysadmin and sonicwall Reddit threads, with one administrator saying they conducted three or four hours of late night troubleshooting.

The Milpitas, Calif.-based platform security vendor directed administrators to disable incremental updates to the IDP, GAV, and SPY signature databases from the internal settings or diag page. The temporary workaround requires administrators to either login to the firewall from the local area network (LAN) or unplug the WAN connection if they’re unable to log into the firewall.

[Related: Critical SonicWall Flaws Could Give Hackers Control Of Systems]

“Late on Jan. 20, SonicWall received reports that some of its Generation 7 firewalls were experiencing service disruptions and connectivity issues (not related to a product vulnerability),“ a company spokesperson told CRN in an email. ”Within hours, SonicWall issued a temporary workaround to fully restore impacted firewalls. SonicWall continues to investigate root cause and remains in communication with partners.”

“Quick fix for such a bizarre issue,” one administrator wrote on Reddit. SonicWall didn’t immediately respond to questions from CRN about what caused the issue or how many Gen7 firewalls were impacted. An administrator said on Reddit that the issue appears to be connected to “security service licensing, unable to phone home or something as long as the WAN is plugged in.”

SonicWall has 17 virtual and physical firewall offerings on the Gen7 platform, and in November debuted three new high-performance firewall models. Gen7 features TZ series firewalls for SMBs and branches, NSa series firewalls for mid-sized enterprises, NSv series virtual firewalls, and NSsp series firewalls for large enterprises, data centers and service providers. The reboot loop seems to impact multiple series.

Mark Essayian, CEO of KME Systems, a Lake Forest, Calif. MSP that has been a SonicWall partner for 18 years, praised SonicWall Vice President of Channels HoJin Kim and the SonicWall team for taking ownership of the issue and quickly resolving it. As of 9 a.m. EST, all 18 of KME’s Gen 7 firewalls were rebooted and working properly.

Essayian said Kim was communicating with multiple partners Thursday evening as the SonicWall team investigated the issue. “HoJin took ownership of the problem to protect his partners and their customers,” he said. “Urgent and constant communication allowed us to feel comfortable that this would be resolved quickly. SonicWall made sure partners knew this was going to be fixed. It took them only nine hours to fix this.”

As an MSP the “number one, number two and number three” top issue is security, said Essayian. “We stick with SonicWall as our primary security vendor because of their people,” he said. “HoJin last night proved that we have the right security partner.”

LAN Infotech, a 15-year SonicWall partner based in Fort Lauderdale, Fla., rebooted all 200 of its SonicWall servers - including 20 Gen 7 servers - after learning of the issue on Thursday night, said LAN Infotech CEO Michael Goldstein.

“We saw some chatter online about the SonicWall issue and immediately responded,” he said. “That allowed us to avoid a wave of calls from customers this morning. We have never seen anything like this with SonicWall. I’m surprised. They have great products, a great track record and one of the best channel programs in the business. Unfortunately, tech issues like this happen from time to time.”

LAN Infotech’s technology team is constantly monitoring for security threats and issues, said Goldstein. “That paid off for us big time here,” he said. “It allowed us to get out in front of this issue. That’s best practice for MSPs. That’s what we get paid for. That’s why customers love us. This is the new world we live in. It’s a world of constant threats and security issues. You have to be on top of things to be successful today.”

In December, LAN Infotech as part of a general maintenance program had updated all the firmware for its SonicWall fleet, said Goldstein.

Supply chain shortages of the SonicWall Gen 7 firewalls have been an issue that in this case limited the impact to LAN Infotech and its customers, said Goldstein.

LAN Infotech’s SonicWall sales were up 35 percent in 2021, said Goldstein, and he expects another strong double digit growth year for the product line this year. “They are the gold standard for SMB security for us,” he said. “They do a good job building a product that has robust security capabilities, but is priced for the SMB market. They have been a great partner for us. The product just works. This is very unusual.”

SonicWall has experienced a multitude of product security issues over the past year. Just last month, SonicWall disclosed eight vulnerabilities in its Secure Mobile Access (SMA) appliances that government officials warned could allow remote attackers to take control of affected systems.

Five months before that, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned that hackers were actively targeting a known, previously patched, vulnerability in SonicWall SMA 100 series appliances. CISA and security researchers said in July that SonicWall appliances were being hit with HelloKitty ransomware.

“Organizations that fail to take appropriate actions to mitigate these vulnerabilities on their SRA [Secure Remote Access] and SMA 100 series products are at imminent risk of a targeted ransomware attack,” SonicWall wrote in an urgent security notice posted July 14.

And in February 2021, SonicWall confirmed its SMA 100 appliance had a critical zero-day bug a day after researchers said the vulnerability was being exploited in the wild.