DPI-SSL and SSL v3.0 on Sonicwall

February 25, 2015 Jordansphere Sonicwall

Scenario. I have a bespoke webserver behind a Sonicwall NSA 4500 (in HA mode) running DPI-SSL. I upgraded the webserver. This all went to plan but I couldn't access the server either via the VPN or externally.   We performed some packet traces and noticed that SSL v3.0 seemed to be initiated when connecting via the VPN or externally but when we connected internally the client-server was talking TLS 1.2 .  It appears that SSL v3.0 support was removed from the webserver when upgraded but the Sonicwall was still using this by default.

I was running firmware version 5.9.0.4 on the Sonicwall.

There are two methods to fix this.

1) Update the Current Settings

Go to your diag.html (eg https://192.168.1.1/diag.html)

dpi-ssl

Change the drop down version to TLS 1.0. This requires a reboot.

 

2) Upgrade Firmware

It is recommended that the FW is upgraded over option 1. At the time of writing firmware version 5.9.0.7 fixes the above issue and as both options require a reboot it makes sense to prefer this method.

Powered by WordPress. Designed by elogi.