EX SSL-VPN: Recommended Hotfixes for 10.6.2 (SW10216)

Return
  • Title

    EX SSL-VPN: Recommended Hotfixes for 10.6.2
  • Resolution

    The following hotfix can be applied only to systems running 10.6.2

    • SonicWALL recommends installing both the clt and pform hotfixes at the same time as they are inter-dependent.

    Hotfixes

     Client-side fixes

    clt-hotfix-10.6.2-320 Download | README | Updated 16-Apr-2013
    Customer-reported issues fixed in this hotfix include, by subcomponent:

    • Problems with AD Tree authentication.
    • Not showing all domains in drop down after closing connection.
    • CEM support for IP based only redirection (disable name based redirection).
    • Client crashing Explorer everytime when connecting.
    • [ActiveX/RDP] RDP (NAM) bookmark-based access provisioned with ActiveX fails.
    •  Buffer overflow vulnerability in Connect Tunnel for Windows.
    • User Credentials are stored in plaintext in memory which is reported as Security Threat (10.6.3)
    • When logging in to CT it displays a message timeout exceeded on 10.6.2 firmware
    • CTS is not working with Username/Password incorrect message
    • In Workplace, CT Installation/upgrade fails for win8,win7(32/64bit)
    • Aventail Connect offers certificate issued for another purpose then client authentication
    • Hardening local admin access on PC's  for network logon / remote tunnel users.
     Appliance-side fixesPform-hotfix-10.6.2-301 Download | README | Updated  19-Feb-2013
    Customer-reported issues fixed in this hotfix include, by subcomponent:

    System/Platform
    • viewLog.do filename variable directory transversal.
    • OD port map resource can be deleted without the complete de-reference of its shortcut.
    • Able to logon with false password when password changed checked and enabled at AD server.
    • AD Tree Authentication Tweaks via CEM using krb5.conf.
    • evpn fails with error when a tunnel connection is attempted using mobile connect or CT.
    • Problems with AD Tree authentication. 
    • Services stopping, users getting disconnected, thread count growing  .
    • Services stopping LDAP related.
    • platform hotfix causes Policy server restarts if any AD auth server is configured without domain .
    • SNMP queries on large datasets are very slow, leading to backpressure / outages..
    • 10.6.2-231 platform hotfix causes Policy server restarts if any AD auth server is configured without domain.
    • Services stopping LDAP related.
    • Services stopping, users getting disconnected, thread count growing.
    • The appliance has detected that the system has been modified post upgrade to 10.6.2
    • AMC user search page displays 'Error - could not load configuration file /tmp/amc_krb5.conf'.
    • Issues with Rollback/Hotfix Removal in AMC.
    • Unable to Delete realms.
    • 10.6.2 Hotfix installation on a FIPS enabled appliance shows error during reboot.
    • Password change failing when using AD tree authentication.
    • EVPN filtering redirects to EW results in ConnectionsIDs prematurely closed
    • Connect tunnel failing to connect with Explorer.exe crashing on Windows 7 and Windows XP machines .
    • All Users dropped, services stopped cores were produced.

     

     
     Workplace/Access Methods
     

    • iPad/iPhone/Android user placed in default zone.
    • RDP bookmarks are getting filtered if no access agents are enabled for a community in MobileConnect..
    • RDP (NAM) bookmark-based access provisioned with ActiveX fails.

    .

  • Key Words

    10216


Feedback submitted.

Did this article help?

[Select Rating]

Thank you for your rating!

Close

Request or Create a KB Article »

Product(s):
SonicWALL E-Class SRA Series
EX9000, EX7000, EX6000

Topic(s):
Technical Solutions

Article History:
Created on: 11/19/2012
Last Update on: 5/13/2014