Dell SonicWALL Firewalls - End of 1024-bit Certificate Support (SW10667)

Return
  • Title

    Dell SonicWALL Firewalls - End of 1024-bit Certificate Support
  • Resolution

    Firmware/Software Version: See table below
    Services: Certificates


    Video Tutorial: Click here for the video tutorial of this topic

    Description:

    Dell SonicWALL Firewalls - End of 1024-bit Certificate Support

    What is the issue?

    In compliance with Certification Authority/Browser forum requirements based on NIST Special Publication 800-131A, at the end of 2013 all web browsers and Certification Authorities (CAs) will no longer sell or support 1024-bit RSA certificates. All certificates less than 2048-bit key length will need to be revoked and replaced with certificates with higher encryption strength. Read the full NIST Special Publication 800-131A.

    Beginning on January 01, 2014 (00:00 GMT), Dell SonicWALL network security appliances with older firmware versions than shown in the table below will not be able to communicate with the SonicWALL License Manager and other backend systems. The SonicWALL backend systems are shifting to 2048-bit certificate enforcement, but the older firmware versions have 1024-bit certificates.

    Without the minimum required firmware, new services cannot be activated from the SonicOS management interface and Dell SonicWALL appliances will not be able to get real time license information or the latest security services updates from backend systems. Existing security services on Dell SonicWALL appliances will continue to block previously-known malware, but the lack of updates might expose the protected network to new threats and exploits.

    Dell SonicWALL strongly recommends upgrading appliances running older firmware to the minimum General Release firmware version indicated in the following table. The table lists the affected Dell SonicWALL products and the associated minimum required firmware versions.


    FIRMWARE UPGRADE TABLE
     
    Dell SonicWALL Firewall
    Current Running Firmware
    Minimum Required SonicOS Firmware Version
    NSA E5500
    NSA E6500
    NSA E7500
    NSA E8500
    NSA E8510
    NSA 240
    NSA 2400
    NSA  3500
    NSA  4500
    NSA  5000
    TZ 210/210W
    TZ 200/200W
    TZ 100/100W
     
       5.3.x.x - 5.6.0.11 or older
     
       5.6.0.12
     
        5.8.0.0 - 5.8.0.7
     
        5.8.0.8
        5.8.1.0 or newer
        5.9.0.0 or newer
      Upgrade not required
       
    NSA 2400MX
      5.7.0.0 - 5.7.1.0
      5.7.2.0
      5.9.0.0 or newer
      Upgrade not required
       
    PRO 4060/PRO 4100/PRO 5060
      4.2.1.6 Enhanced or older
      4.2.1.7 Enhanced
       
    PRO 2040/ PRO 3060
      4.2.1.6 Enhanced or older
      4.2.1.7 Enhanced
      3.1.6.5 Standard or older
      3.1.6.6 Standard
       
    PRO 1260
     3.4.1.3 Enhanced or older
     3.4.1.4 Enhanced
     3.1.6.5 Standard or older
     3.1.6.6 Standard
       
    TZ 190/TZ 190W
     4.2.1.6 Enhanced or older
     4.2.1.7 Enhanced
       
    TZ 180/TZ 180W
     3.9.1.4 Standard or older
     3.9.1.5 Standard
     
     4.2.1.6 Enhanced or older
     4.2.1.7 Enhanced
       
    TZ 170/TZ 170W/TZ 170 SP
     3.4.1.3 Enhanced or older
     3.4.1.4 Enhanced
     3.1.6.5 Standard or older
     3.1.6.6 Standard
       
    TZ 170 SPW
     3.4.1.3 Enhanced or older
     3.4.1.4 Enhanced
       
    TZ 150W Rev B   3.9.1.4 Standard or older  3.9.1.5 Standard 
     
    TZ 150/TZ 150W
     3.1.6.5 Standard or older
     3.1.6.6 Standard
     
    Product models not affected by this certificate issue include:
    • SuperMassive 9200/9400/9600
    • NSA 2600/3600/4600/5600/6600
    • NSA 250M/250MW
    • NSA 220/220W
    • TZ 215/215W  
    • TZ 205/205W
    • TZ 105/105W
    Legacy Dell SonicWALL firewalls are out of scope of this notification.
     
      

    RESOLUTION - ACTION REQUIRED

    Upgrade the firmware on your Dell SonicWALL network security appliance(s) to the latest firmware version or the minimum firmware version as listed in the above table.
    The latest or the minimum required General Release firmware can be downloaded from the MySonicWALL Download Center.

    ADDITIONAL INFORMATION:

    If you have any questions or need additional information about the above, please contact your Dell SonicWALL Representative or email Support at Customer_service@sonicwall.com with the Subject line “End of 1024 Certificate Support”  and include your product Serial Number(s).
     


Feedback submitted.

Did this article help?

[Select Rating]

Thank you for your rating!

Close

Request or Create a KB Article »

Product(s):
SonicWALL NSA Series
5000, 4500, 3500, 2400, 240
SonicWALL E-Class NSA Series
E8510, E8500, E7500, E6500, E5500
SonicWALL TZ Series
210W, 210, 100W
SonicWALL PRO Series
5060, 4100, 4060, 3060, 2040, 1260
TZ Series
190W, 190, 170

Topic(s):
Troubleshooting

Article History:
Created on: 11/15/2013
Last Update on: 8/7/2015