Professional Geek
RSS icon Email icon Bullet (black)
  • Sonicwall SRA Java Bookmarks Stop Working In Chrome

    Another eye catching headline there!

    We have a couple of clients who use Sonicwall SRA appliances for remote access to internal resources.

    The bookmarks that were setup to gain access to file shares stopped working.

    On some PCs we were seeing a blank page.

    On others it was pretty clear where the problem lay.

    The java plugin wasn’t playing nicely.

    image

    Switching to the HTML version worked fine though. The java version is more feature rich at the moment so ideally we wanted to know why.

    We also realised this was specific to Chrome. Internet Explorer and Firefox were fine.

    That was when the penny dropped as to what the cause was here.

    Google have dropped support for browser plugins.

    They announced this back in September 2013 and as of Chrome version 42 NPAPI plugins are disabled by default. Java and Silverlight are two of the biggest plugins this will impact

    You override the behaviour.

    browse to chrome://flags/

    image

    Look for the NPAPI options and click the enable option

    You’ll need to restart Chrome after doing so

    image

    That will get you around the immediate problem if you want to keep using Chrome.

    it’s the recommendation Sonicwall make at the moment.

    image

    It’s worth knowing that Chrome 45 will do away with NPAPI plugins altogether.

    image

    Full details are here

    Going forward Sonicwall will either have to improve the HTML version, or they’ll drop support for Chrome.

    Seeing as Microsoft’s new browser (Spartan) doesn’t support Active-X controls (not directly, it uses an IE11 engine for compatibility) Sonicwall will have to make some changes to their setup.

    Update:

    Probably worth noting that Chrome still supports PPAPI plugins. There doesn’t appear to be any effort on the part of Oracle to create a PPAPI Java plugin any point soon. Will be interesting to see what happens if/when all the major browsers drop NPAPI plugins!

    * Thanks Dekay *

  • Problems With Sonicwall and Multiple PPPoE Connections

    Now there’s an attention grabbing headline if ever I saw one!

    Just a quick reminder post in case I come across this again or it helps anyone else.

    We did some work for a client recently to replace their firewall with a shiny new Sonicwall NSA 2600.

    In the days following the replacement we were getting reports of connectivity problems.

    Inbound connections to the remote desktop server were dropping out and a web application they use was suffering from time outs.

    Even pings out to various servers on the internet were giving us results that showed something wasn’t quite right.

    image

    The only thing that had changed was the firewall so we put the old one back in and everything returned to normal.

    This meant I spent a few hours going through each setting. We’d set the new firewall up exactly the same as the old one but there was clearly buy ativan online reviews something different between the two.

    We initially narrowed it down to a problem with the PPPoE connections.

    This particular setup had three WAN connections, two of which were PPPoE. The other connection didn’t have any problem at all. 

    After liaising with Sonicwall support we got to the bottom of it.

    There is a setting in the WAN connection that needs to be enabled that wasn’t available with the previous firewall.

    “Allow duplicate MAC addresses”

    image

    There is ONE article on the Sonicwall knowledgebase that mentions this setting.

    The scenario discussed in the article doesn’t fit our setup though.

    We weren’t using load balancing, both connections had a different default gateway and traffic was flowing across both connections, just not very well.

    However, changing the setting worked. Turning it back off caused the issue to reoccur.

    It’s been fine now for almost a month, 

  • Syntactically invalid HELO argument(s)

    Yesterday I had a client report that certain emails were being bounced

    The SMTP error message was this

    501 Syntactically invalid HELO argument(s)

    Not one I’d seen before!

    As with most support queries one of the first questions to ask is “what has changed?” and this particular client has a Sonicwall Email Security Appliance that had failed and been swapped out that same morning

    Looking through the rest of the NDR it was clear the issue was with the appliance.

    Generating server: spam.invalid_sonicwall_gateway_domain.com

    This was also a huge pointer as to what the issue was.

    The host name needs to be a fully qualified domain name but in this case it had just been set to “spam”

    image

    Once it was corrected (e.g spam.customer.com) and the device was rebooted all was well.

    I’m not entirely sure how the host name ended up like that as I’m sure that form won’t allow you to enter a host name that isn’t a fully qualified domain name.

    The device settings were restored from a backup so it’s possible it was part of that but I’m just making a guess on that part!

    Either way it was a simple enough fix and email went back to normal after that.

  • Certification Renewals

    The first post on James new blog reminded me of something that i’ve been querying recently

    I’ve been working with Sonicwall products for years. It started in my previous job so made sense to continue to use them when we started our company.

    One of the things i did was to take the official training and pass the exam to become a Certified Sonicwall Security Administrator (CSSA)

    The benefits for passing include (from the Sonicwall US site)

    • Direct access to 2nd level Technical Support (based on regional availability) 
    • Access to SonicWALL’s Online Forum (discussion group)
    • Support Bulletins and advanced notifications
    • Opportunities to participate in SonicWALL beta programs
    • Certification newsletters
    • CSSA logo usage

    Now when i passed no-one told me i’d need to re-certify after a certain amount of time had passed but this turns out to be the case.

    I tried to speak to 2nd level tech support but they refused to help as i “wasn’t on the list”

    After buy ativan in canada online speaking to our account managers at our distributor and with Sonicwall UK it was only recently we got a definate “yes you have to re-certify” answer

    What annoys me is this,

    Why should i have to take the same exam every year? (or every two years as it now looks)

    If i was doing Microsoft certification i could do the training and pass the exams and become an MCSE

    That certification would stay with me until the certification gets retired. Obviously if new products launch new exams come out but i don’t have to retake anything on a yearly basis

    Am i complaining about nothing?

    I think the sonicwall certification path should include a “re-certification” (or refresher) exam as currently someone taking the exam for the first time would do the same exam as someone who has needs to re-certify

    Just my two-pence worth

  • Sonicwall Firewalls and Internet Explorer 7 – Part 2

    Was having a poke around our Sonicwall management pages today and noticed a new version of firmware!

    Finally!

    Version 3.1.3.0s fixes the issues with pop-ups and Internet Explorer 7 i mentioned in my previous post on this

    They appeared to have fixed it on all the major models.

    I’ve uploaded the new firmware on our firewall (a PRO 2040) and it seems to be working buy ativan generic without any user agent string changes 🙂

    It’s worth reading through the release notes as it claims there are still some issues but i’ll post about these if/when i find them

  • Guess Whose Back?

    —26/01/07 Correction to the post. It should read TICK the box instead of Clear— 

    Back in the office today after a week on holiday. Work was so mad up until i left i didn’t get a chance to post much

    I did mention in my last post that i had a problem getting WSUS clients to update.

    I finally figured it out!

    I had another look through the event log and found the following:

    Event ID: 364     Source: Windows Server Update     Category: Synchronization

    Content file download failed. Reason: The server does not support the necessary HTTP protocol. Background Intelligent Transfer Service (BITS) requires that the server support the Range protocol header.Source File: /msdownload/update/v5/eula/officexpeula_fin.txt Destination File: e:\WSUS\WsusContent\115D075903CAA57C6F0A64061A2C596B8C601C311.txt.

    The sync hadn’t downloaded the files for the updates. The reason i didn’t spot it before was my lack of understanding about WSUS. Since i could see all the updates in the console i initially dismissed this error. Turns out it downloads the details first (the definitions if you will) and then the actual buy brand ativan online files later.

    After a little research it was the Sonicwall firewall that was giving me the problem.

    To fix it i did the following

    Login to the Sonicwall management webpage

    Alter the URL so that you can get at the internal settings..e.g   http://192.168.0.1/diag.html

    Find the “Enable HTTP Byte-Range request with Gateway AV” option and TICK the box (i initially was a little sceptical about this as we dont use the Gateway AV feature)

    Click APPLY (I didn’t reboot the firewall but it might be a good idea to.)

    After this the sync started working fine and the clients started installing updates as they were supposed to

    I was annoyed that i had spent so much time trying to figure this one out but i was pleased that i managed to learn just about everything i’ll ever need to know about WSUS (until version 3!)

    There is also a Microsoft Knowledgebase article on this. KB922330

  • And as if by magic..

    No sooner had a posted about the issues i was having using Sonicwall firewalls with Internet Explorer 7 i received an email from Sonicwall with their take on the problem

    Have a look here

    To fix the problem they are going to be releasing new firmware for all their current (fourth) generation models

    I was pleased to have received an official notice of this, even if it took a little while (how long was IE7 in beta for?!)

    Only thing i find a little strange is their workaround until the firmware release

    (1) remove IE 7.0 and downgrade to IE version 6.0 or

    (2) use Mozilla’s Firefox as an alternative browser

    They don’t mention anywhere the user agent string utility mentioned in my previous post

    It’s not that important i guess as the firmware release will sort everything out…

    No details though as to when the firmware is to be released!

    ** Updated on 19/03/2007 **

    This has been fixed!

    Read my new post here

  • Sonicwall Firewalls and Internet Explorer 7

    In my post about the full release of Internet Explorer 7i said that i was only using it on the laptop as i was worried about not being able to use it with the Sonicwall firewalls we use.

    I decided to do a little bit more investigation into this a felt like i’ve been missing out!

    A quick look on the microsoft IE newsgroup indicates that the firewall runs a script called BrowserCheck.js when it opens the pop-up window.

    Basically this means that the firewall is expecting Internet Explorer 6 so just does nothing when it encounters version 7.

    This gives me two options

    1) Wait for Sonicwall to upgrade the firmware to support IE7

    2) Make the sonicwall think i’m using IE6

    I’m going to take the second option i think

    Microsoft provide the “User Agent String Utility” on their download site for this

    When you run the utility it gives you the option to report the site to Microsoft so “they can help improve” Internet Explorer. I didn’t see the point in doing this as Microsoft wouldn’t be able to browse to the firewall interface. Next you get a new Internet Explorer window with some text added at the end of the title to let you know it’s in compatibility mode. Any tabs you create in this instance will report itself as Internet Explorer 6

    It all worked fine even if i did fine the solution a little clunky

    Also found some registry files on the Fiddlertool site that changes the user agent string as needed. These changes are more permanent but it’s a preference thing in the end.

    So this means i’ll be upgrading my main pc to the latest version!

    ** Updated on 19/03/2007 **

    This has been fixed!

    Read my new post here