You are on page 1of 8

Release Notes

Secure Remote Access


SonicOS

Dell SonicWALL Aventail E-Class SRA 10.6.4

Contents
Platform Compatibility ................................................................................................................................................... 1 Release Caveats ........................................................................................................................................................... 1 Whats New in This Release? ....................................................................................................................................... 2 Known Issues ............................................................................................................................................................... 2 Resolved Issues ............................................................................................................................................................ 6 Technical Documentation and the Knowledge Portal ................................................................................................... 8

Platform Compatibility
The Dell SonicWALL Aventail E-Class SRA 10.6.4 release is supported on the following Dell SonicWALL appliances: Aventail E-Class SRA EX9000 Aventail E-Class SRA EX7000 Aventail E-Class SRA EX6000 Aventail E-Class SRA Virtual Appliance

Note: Windows machines running version 10.6.4 clients should be used with Aventail E-Class SRA appliances running one of the following versions: 10.6.4 10.6.3 10.6.2 10.5.7

If 10.6.4 clients are used with appliances running 10.5.6/10.0.6 or earlier, zone classification will fail when connecting, and the user will be put in the default zone. If you are upgrading an Aventail E-Class SRA appliance to version 10.6.4 from an earlier release, be sure to consult the upgrade instructions in the Dell SonicWALL Aventail Upgrade Guide for detailed information. Youll find a copy of this document on the MySonicWALL Web site (www.mysonicwall.com).

Release Caveats
The 10.5.X release series was the last release with support for OnDemand Dynamic Mode, which is a proxy based agent deployed through the WorkPlace portal. It is important to note that the OnDemand Proxy Agent has two configurations: Dynamic Mode and Mapped Mode. The Mapped Mode use case is still supported, and only Dynamic Mode support is being removed. We recommend customers who still have OnDemand Dynamic mode configured through the WorkPlace portal consider the OnDemand Tunnel agent as an alternative. The OnDemand Tunnel agent offers superior performance and platform coverage over OnDemand Dynamic mode, with identical installation requirements. In 10.6.x, the EX-9000 devices shows only 11GB as the total memory even though it has 32GB. See Knowledge Base article 10552 on www.SonicWALL.com for more details.

Aventail E-Class SRA 10.6.4 Release Notes P/N 232-002269-00 Rev C

Release Notes
Whats New in This Release?
This version of the Aventail E-Class SRA software includes the following new and enhanced features: TLS 1.2 support Command Line Client that works on Mac OS X with Connect Tunnel (eliminates Java) EX-750, EX-1600, and EX2500 are no longer supported and cannot be upgraded to 10.6.4. Due to a known issue in Java 1.7 update 45, Oracle recommends removing an earlier fix which impacts users running older versions of Java. Users who are using Java 1.6 may see additional prompts saying that the libraries are untrusted.

Known Issues 10.6.4


This section contains a list of known issues in the Aventail E-Class SRA 10.6.4 release.

ActiveSync
Symptom An ActiveSync session is consuming two licenses. Condition / Workaround Occurs when using Windows RT 8/8.1. Issue 134431

AMC
Symptom AMC shows unknown version for Citrix Mac OS X agent. Condition / Workaround Occurs when uploading a file for Mac OS X because it is not able to parse the content of the file for a version. Workaround: Rename the downloaded file to comply with file name pattern CitrixReceiver-([\.\d]+).dmg (for example, CitrixReceiver-10.1.1.dmg). Issue 136453

Cache Cleaner
Symptom The wrong Cache Cleaner version number is displayed. The wrong Cache Cleaner version number is displayed. Cache Cleaner displays version .3.15.1 instead of 1.3.16.1. Condition / Workaround Occurs when displaying the About page for the Windows Cache Cleaner system tray icon. Occurs when displaying the About page for the Mac Cache Cleaner system tray icon. The version number cannot be found in the Cache Cleaner application for Mac in the appliance. Issue 135543 135413

Certificates
Symptom SSL handshake fails when using certificates with any MD algorithms. Condition / Workaround Occurs when using certificates with any MD algorithms, which are incompatible with TLS 1.2. Issue 140195

Aventail E-Class SRA 10.6.4 Release Notes P/N 232-002269-00 Rev C

Release Notes
Symptom SSL handshakes fail with SHA-512 certificates. SSL handshake fails when using certificates with any MD algorithms. Connection using TLS 1.2-based client in Microsoft platform is disconnected. Condition / Workaround Occurs when using Windows 7 and a SHA-512 certificate with TLS 1.2. Occurs when using certificates with any MD algorithms, which are incompatible with TLS 1.2. Occurs when the a Microsoft-based client uses a TLS 1.2-based connection, and appliance-based certificates with a weak signature algorithm are used in the server certificate chain. Workaround: If using certificates with MD* or SHA512, upgrade the appliance certificates with a stronger signature algorithm (SHA384, SHA256, or SHA-1). Occurs when using Windows 8 Mobile because certificate authentication fails. Issue 140196 140195 139153

When logging into WorkPlace, the user is not prompted to select the certificate and the WorkPlace page is not displayed.

137611

Ciphers
Symptom AES 128-bit with SHA-256 and AES 256-bit with SHA-256 are not supported. Condition / Workaround Occurs when using TLS 1.1 or 1.2. Issue 137197

Connect Tunnel
Symptom Web resources cannot be accessed from WorkPlace and a Connection refused message is displayed. Condition / Workaround Occurs when using Windows 8 and Internet Explorer 10 with a proxy enabled. Issue 118769

EPC
Symptom Cache Cleaner does not clear browser when user logs out from WorkPlace and never exits. Mac OS X OPSWAT zone classification fails. Secure Virtual Desktop crashes after logging out from WorkPlace. Internet Explorer cannot be launched inside Secure Virtual Desktop. Condition / Workaround Occurs when Firefox 24 or Chrome 30 are open. Occurs when using with Sophos 9.0 and Avast 8.0. Occurs when using 32-bit Windows 8 and Internet Explorer 10. Occurs when using Windows 8/8.1 with Internet Explorer 10/11. Issue 136679 136669 136521 136103

Aventail E-Class SRA 10.6.4 Release Notes P/N 232-002269-00 Rev C

Release Notes
ExtraWeb
Symptom Email attachments in OWA 2013 should be blocked but can be opened. Condition / Workaround Occurs when a pre-defined string in AMC is used for OWA 2013. Workaround: When creating a matching URL for the OWA 2013 resource, select Custom as the type of match, and then type /s/GetFileAttachment as the Path Element. Occurs when using SharePoint 2013 because opening Windows Explorers requires WebDAV, which is not supported. Issue 137520

Clicking Upload files using Windows Explorer instead on port-mapped or hostmapped (custom FQDN) resource displays the
We're having a problem opening this location in File Explorer. Add this web site to your Trusted Sites list and try again error message.

137269

Back link on OWA 2013 Options page leads to IIS landing page.

Occurs when the alias name is the same as the resource start page (owa). Workaround: Change the alias name to anything other than owa. Occurs when the alias name is the same as the resource start page (owa). Workaround: Change the alias name to anything other than owa. Occurs when the alias name is the same as the resource start page (owa). Workaround: Change the alias name to anything other than owa. Occurs when using Google Chrome browser on Android mobile devices.

136484

Clicking Sign Out on OWA 2013 displays a 404 error.

136483

Clicking on saved drafts opens the IIS landing page.

136479

PKI certificate cannot be authenticated.

136230

FIPS
Symptom A FIPS-enabled appliance honors TLS 1.2/1.1/1.0 during an SSL handshake but not SSLv3. A FIPS-enabled appliance honors TLS 1.0 and SSLv3 during an SSL handshake but not TLS 1.2/1.1. Windows 8.1 Mobile Connect plug-in doesnt work. Condition / Workaround Occurs when using WorkPlace, Connect Tunnel, or ExtraWeb. Occurs when using AMC. Issue 137195

Occurs when using with FIPS-enabled 10.6.4 appliances.

135422

Aventail E-Class SRA 10.6.4 Release Notes P/N 232-002269-00 Rev C

Release Notes
Port-mapped Resources
Symptom Accessing a port-mapped resource redirects to WorkPlace. Condition / Workaround Occurs when a Server certificate is not present in the local certificate store. Issue 137275

Provisioning
Symptom Agents are not installed when connecting to WorkPlace. Condition / Workaround Occurs when connecting to WorkPlace from a Windows 7/8/8.1 machine using Internet Explorer 10/11, Firefox, or Chrome with a proxy is enabled. Issue 137614

Secure Virtual Desktop


Symptom Browser does not launch from inside Secure Virtual Desktop. On Demand Tunnel fails with Secure Virtual Desktop. Condition / Workaround Occurs when using SVD-enabled realm with Windows 8 or 8.1 and Internet Explorer 10 or 11. Occurs when using 64-bit Windows 7 or Windows 8 with 64-bit Internet Explorer 10. Issue 137483 136518

WorkPlace
Symptom WorkPlace cannot be launched and a UAC is turned off and Sun Java Plugin is disabled or Sun Java 1.6 or higher is not installed. Please contact your administrator message is displayed. The Aventail Access Manager (AAM) installation page appears every time a user tries to login to WorkPlace. Condition / Workaround Occurs when UAC is turned off and Java is not available. (ActiveX registered at the User level (HKCU) cannot be used when UAC is turned off.) Workaround: Either turn on UAC, enable Java plug-in, or install Java 1.6 or higher. Occurs when WorkPlace is accessed the first time using Google Chrome and the user selects Run This Time, which loads AAM for that session only. Workaround: When Chrome prompts for installation instructions, select Always Run on This Site.
Occurs when attempting to use Sharepoint 2013 with WorkPlace. Workaround: While configuring SharePoint-2010/2013 with Host-mapped/Port-mapped access, create a new Web App Profile similar to the default SharePoint profile and enable the Translate content based on file extension flag. Then, associate the SharePoint2010/2013 resource configuration with the newly created Web App Profile.

Issue 138148

131654

SharePoint 2013 is not supported

126167

Aventail E-Class SRA 10.6.4 Release Notes P/N 232-002269-00 Rev C

Release Notes
Resolved Issues
The following issues are resolved in the Aventail E-Class SRA 10.6.4 release:

Authentication
Symptom Response time is slow when user count approaches 10,000. Users fail authentication after adding an AD group to the appliance/community. Condition / Workaround Occurs when using 1Gb NICs and EVPN queuing for UDP traffic. Occurs when groups are looped back to each other, which causes the appliance to check authentication continuously until authentication fails. Issue

136171 119135

Connect Tunnel
Symptom Connect Tunnel fails and displays a modem error. Connect Tunnel fails to see a certificate on the initial launch. Condition / Workaround Occurs when using an old version of avesp.ko. Occurs when using a script to install Connect Tunnel and perform initial connection. Issue

127805 127152

EPC
Symptom EPC file check detection fails for WorkPlace. EPC check fails. Condition / Workaround Occurs when using system variables (for example $HOME, $USER) on Mac OS X. Occurs when using Eset Nod32 AV Business Edition 4.0 or greater. Issue

130338 127623

ExtraWeb
Symptom Custom FQDN URL fails when launching published Microsoft Word, Excel, or Project applications. Condition / Workaround Occurs when using file is published on SharePoint 2007. Issue

132744

Linux
Symptom Virtual appliance drops to a Linux KDB debug state after a few hours. Condition / Workaround Occurs when using VMWare ESXi Issue

132620

Aventail E-Class SRA 10.6.4 Release Notes P/N 232-002269-00 Rev C

Release Notes
On Demand Tunnel
Symptom ODT session-based packet is lost. Condition / Workaround Occurs when running with Cisco NAC agent. Issue

135510

Aventail E-Class SRA 10.6.4 Release Notes P/N 232-002269-00 Rev C

Release Notes
Technical Documentation and the Knowledge Portal
Check the Dell SonicWALL Customer Support Knowledge Portal, available when you log in to MySonicWALL, for information and hotfixes that are relevant to your appliance. Technical documentation and Knowledge Base articles are also available on the Dell SonicWALL Technical Documentation Online Library: http://www.sonicwall.com/us/Support.html.

______________________ Last updated: 2/1/2014

Aventail E-Class SRA 10.6.4 Release Notes P/N 232-002269-00 Rev C