Issue:  Outdated SonicOS firmware and the expiration of 1024-bit certificates on December 31, 2013.

 

Summary: On January 1, 2014, all web browsers and Certification Authorities (CAs) will no longer support 1024-bit RSA certificates. This change is not driven by Dell SonicWALL, but rather a decision by Certificate Authorities to enforce the use of highly secure certificates.  Certificates using the 1024-bit key length will be revoked and must be replaced with certificates of higher encryption strength. While all current Dell SonicWALL firewalls run versions of SonicOS firmware with the 2048-bit security standard, there is a population of firewalls running older firmware that does not use the new standard. It iscritical that customers running this older firmware perform an update before the end of the year.  After January 1, this older firmware will no longer be able to download daily security updates (GAV, Intrusion Prevention, Content Filtering (CFS), Anti-Spam, Application Control).

 

Quickest path to resolution: If your customers own a Dell SonicWALL firewall with an older firmware version (refer to the attached table) that does not use 2048-bit certificates, they must upgrade the firmware to the latest version or the minimum General Release version which includes the 2048-bit certificate by December 31, 2013.  Most affected units will be those with pre-2011 versions of SonicOS.  Dell SonicWALL is providing the minimum firmware upgrade to all customers regardless of support contract status.  You can distribute the following links if necessary:

–          How to Download SonicOS Firmware

–          How to Upgrade SonicOS Firmware with Current Preferences on a Dell SonicWALL Firewall

 

Customers or Partners logging into MySonicWALL.com will be prompted to update firmware on any units that they have registered to their account OR have claimed through Asset Claiming.  Please direct customers and partners to MySonicWALL.com and include the attached FAQ.  NOTE: Priority units are those with impacted firmware that are currently running security services or will do so in the future (and need to upgrade to talk to back-end servers).  All others are less critical because they are not communicating with MySonicWALL.com.