SonicWALL SonicOS 5.8.1.2 User Manual

SonicOS

SonicOS 5.8.1.2 Release Notes for the NSA 220/250M Series Appliances

Contents ..................................................................................................................................................................1

Platform Compat ibility ..............................................................................................................................................1

Brows er Support ......................................................................................................................................................1

New Features in SonicOS 5.8.1.2 ............................................................................................................................2

Sup ported Features by Applian ce Model ..................................................................................................................3

Known Issues ..........................................................................................................................................................4

Upgradi ng Soni cOS Image Proced ures ....................................................................................................................8

Related Techni cal Docum entation..........................................................................................................................13

Platform Compatibility

The SonicOS 5.8.1.2 release is suppor ted on the following SonicWALL Deep Packet Inspection ( D PI) security appliances:

• SonicWALL NSA 250M / 250 M Wireless

• SonicWALL NSA 220 / 220 Wireless

The SonicWALL WAN Acceleration App liance Series (WXA 500 Live CD, WXA 2000 appliance, WXA 4000 appliance, WXA 5000 Virtual Ap pliance) are al so supported for use with NSA appliances running 5.8.1.2. The minimum recommend ed Firmware vers ion fo r WX A Series i s 1.0.12.

Browser Support

SonicOS with Visualization uses advanced browser technologies such as HTML5, which are supported in most recent br owsers. SonicWALL recommends us i ng the l atest Chrome, Firefox, Internet Explorer, or Safar i browsers for ad ministration of SonicOS.

This release supports the following Web browsers:

• Chrome 11 .0 and high er ( r ecommend ed browse r for dashboard r eal-time gra phi cs di spl a y)

• Firefox 4.0 and higher

• Internet Explorer 8.0 and higher (do not use compatibility m ode)

• Safari 5.0 and higher

Mobil e device browsers are not recomm ended for SonicW ALL appliance system adm i nistration.

P/N 232-000648-00 Rev A

SonicOS 5.8.1.2 Release Notes for the NSA 220/250M Series Appliances

New Features in SonicOS 5.8.1.2

This s ection describes the new features supported in the SonicOS 5.8.1.2 release.

SonicWALL NSA Module Support

SonicOS 5.8.1.2 introduces support for the follo wing SonicWALL NSA modules on the NSA 250M series appliances:

WARNING: You MUST power down the appl iance before instal ling or replacing the modules.

• 1 Port ADSL (RJ-11) Annex A– Provides As ymmetric D igital Subscriber Lin e ( ADSL) over plai n old telephone service (POTS) with a downstream rate of 12.0 Mbit/s and an upstream rate of 1.3 Mbit/s.

• 1 Port ADSL (RJ-45) Annex B– Provides A symmetric Digital Subscr iber Line (A DSL) over an In tegr ated Services Di git al Network (ISDN) with a down stream r ate of 12.0 Mbit/s and an upstream rate of 1.8 Mbit/s.

• 1-port T1/E1 Module – Provides th e connect i on of a T1 or E1 (di git ally multip l exed telecomm unication s carrier system) circuit to a SonicWALL firewall using a RJ-45 jack.

• 2-port LAN Bypass Module – Rem oves a single poin t of failure so that essential business communication can cont inue whi l e a netwo r k fail ure is diagnosed and r esol ved.

• 2-Port SFP Module – A smal l form-factor pluggabl e ( SFP) network interface module.

P/N 232-000648-00 Rev A

SonicOS 5.8.1.2 Release Notes for the NSA 220/250M Series Appliances

Supported Features by Appliance Model

The follo wing table l ists the key fe atures in the SonicOS 5.8. 0.x, 5.8.1.0, 5.8.1.2 releases, and whi ch are supported on the Soni cWALL NSA 220 and 250M ser i es appliances.

Features Supported on NSA 220 and NSA 250M Series

DPI-SSL Link Aggregation NSA Modules (supported only on NSA 250M Series ) Port R edun dancy Wirel ess Cli ent Bridge Support Wire M ode App Flow Monitor Real-Time Monit or Top Global Malware Log M onit or Connection Monitor Packet Moni tor Log > Flow Reporting App C ontr ol Advanced App R ules Cloud GAV NTP Auth Type CFS Enhancements

Features Not Supported on NSA 220 and NSA 250M Series

IPFIX & NetFlow Reporting VLAN SonicPoint VAPs CASS 2.0 Enhanced Connection Limit Dynamic WAN Scheduling Browser NTLM Auth SSO Import from LDAP SSL VPN NetExtender Updat e DHCP Scalability Enhancements SIP Application Layer Gateway Enhancements SonicPoint-N DR Acc ept Mu l tip le Proposals for C lients WAN Acceleration Support App C ontr ol Polic y Config uration via App Flow Monitor Global BWM Ease of Us e Enhan cements

P/N 232-000648-00 Rev A

SonicOS 5.8.1.2 Release Notes for the NSA 220/250M Series Appliances

Features Supported on

NSA 220 and NSA 250M Series

App l icati on Usage and Risk Report

Geo-IP Filtering an d Botnet Command & Control Filter i ng

Custo miz a bl e Login Page

LDAP Prim ary Group Attribute

Preservation of Anti-Virus Exclusions After Upgrade

Management Traf fic Only Op tion for Network In terfaces

Current U sers and Detail of Us er s Options for TSR

User Monitor Tool

Auto-Configurati on of URLs to Bypas s User Authentic ation

Symptom

Condition / Workaround

Issue

App C ontr ol advanc ed signatures are applied to

Occurs when enabling the App Control service on

107296

App rules remain in effect even when disabled

Occurs when the Enable App Rules checkbox is

action is applied.

101194

Related traffic confi gur ed in an application r ule

Occ urs wh en an application rul e is created us ing

Enable App Rules

100120

Features Not Supported on

Known Issues

This section contains a list of known issues in t he SonicOS 5.8.1.2 release.

Application Control

traffi c from and to the VPN zone, r ather than the WAN zone only.

globally.

is b l ocked even though the Enable App Rules checkbox is not selected.

the WAN zone, and then enabl ing th e logging or bloc king action for any si gnatur e. Aft er traffi c is gen er ated from the LAN to the VPN, the App control si gnatur es are applied to VP N traffic.

cleared t o disable t hese policies globall y, then an app r ule is created. When traffic on the WAN interface mat ches the rule, the configur ed polic y

Create Rule on th e App Flow Monitor page and the Enabl e App Rules checkb ox is not selected, which is the factory default setting. The app rule is created and functions properly, even though the

checkbox is disabled.

P/N 232-000648-00 Rev A

+ 9 hidden pages