SMA 100 10.2.1 Release Notes
Version 10.2.1.7
March 2023
About Secure Mobile Access
Secure Mobile Access (SMA) provides scalable, secure mobile access for your enterprise while blocking untrusted applications, WiFi pirates, and mobile malware. SMA appliances provide a single gateway and a common user experience across all platforms, including managed and unmanaged devices. Traffic is encrypted using Secure Sockets Layer/Transport Layer Security (SSL/TLS) to protect it from unauthorized users.
SMA is available as a physical appliance or as a virtual appliance running on VMWare ESXi, Microsoft Hyper-V, Amazon Web Services (AWS), Azure, and KVM.
Compatibility and Installation Notes
- Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
- A
account is required. - SMA 10.2.1.7 is compatible with Capture Security Center (CSC).
- CSC provides a cloud dashboard that displays the overall status of all the registered SMA appliances. The dashboard has sliders to choose the Time Period, Count of Alerts, Threats, WAF (Web Application Firewall) Threats, Authentications, VPN Accesses, Bookmark Access, Active devices and Users on a Map, and Threats categories.
- Use your MySonicWall credentials to log into CSC at https://cloud.sonicwall.com.
- Click the SMA tile to view the SMA Dashboard, complete registration, and enable cloud management.
200/400 210/410 500v for ESXi - Supported for deployment on VMware ESXi 6.0 and higher
500v for HyperV - Supported for deployment on Hyper-V server version 2016 and 2019
500v for AWS 500v for Azure 500v for KVM
What's New
Security Enhancements
- New firmware availability notification
Added the firmware upgrade notification on the System > licenses page of SMA100 to notify a newer firmware is available for upgrade. SonicWall recommends using the latest firmware version for highest level of security efficacy and optimal performance.
For more information, refer to the section New firmware availability notification in the SMA100 10.2.1 Administration Guide.
- OpenSSL version upgrade
OpenSSL library is updated to the latest version 1.1.1t. This latest version fixes the OpenSSL vulnerability documented in CVE-2022-4304: A timing-based side channel exists in the OpenSSL RSA Decryption implementation.
For more information, refer to the section OpenSSL version upgrade in the SMA100 10.2.1 Administration Guide.
- Additional security enhancements
- Enforce WAF to protect the SMA100 itself.
- Warning on security configurations, includes enabling 2FA (Two-Factors Authentication), Password expiration, and WAF.
- Disable user added custom scripts that run automatically after bootup while deploying SMA 500v in
AWS or Azure environments.
Due to this security enforcement the user scripts deployed in SMA 500v will not function. Existing user scripts prior to upgrading version 10.2.1.7 will not function after this upgrade.
- Additional security checks are done to verify the integrity of the firmware.
- Restricted traffic - If a firmware integrity issue is detected, the SMA will restrict its own initiated outbound communications. This will not affect any user's VPN access to applications or any resource on the network.
- In a corner case, the firmware integrity checks may result in a false positive situation and the SMA100 will restrict its own initiated outbound email/syslog communications. On further checks and analysis, the outbound email/syslog communication will be restored to the normal operation.
For more information, refer to the section Additional security enhancements in the SMA100 10.2.1 Administration Guide.
Firmware Upgrade
Be sure to review the following Knowledge Base articles for information on the firmware upgrade on SMA100 Series.
- How to Upgrade Firmware on SMA100 Series Appliances
- Additional SMA 100 Series 10.x and 9.x Firmware Updates Required
- Upgrade Path For SMA100 Series
- SMA 100 Series OpenSSL Library Update in 10.2.1.7
Resolved Issues
This section provides a list of resolved issues in this release.
Issue ID | Issue Description |
---|---|
SMA-3940 | Due to an internal SSH daemon configuration issue, PCI Scan test is showing this as an vulnerable. |
SMA-4179 | CVE-2022-4304: A timing-based side channel exists in the Open SSL RSA Decryption implementation. |
Was This Article Helpful?
Help us to improve our support portal