See page 117 of the SMA 100 Series 10.2 Administration Guide.Restrict access to the portal by enabling Scheduled Logins/Logoffs.See page 207 of the SMA 100 Series 10.2 Administration Guide.Enable and configure End Point Control (EPC) to verify a user’s device before establishing a connection.See page 248 of the SMA 100 Series 10.2 Administration Guide.Enable Geo-IP/botnet filtering and create a policy blocking web traffic from countries that do not need to access your applications.In addition to implementing 2FA, SMA 100 series administrators may also consider the following to further secure access to these devices: Please refer to the following knowledgebase article:.Enable two-faction authentication (2FA) on SMA 100 series appliances.MFA MUST BE ENABLED ON ALL SONICWALL SMA, FIREWALL & MYSONICWALL ACCOUNTS SonicWall states that customers can protect themselves by enabling multi-factor authentication (MFA) on affected devices and restricting access to devices based on whitelisted IP addresses.
Secure Mobile Access (SMA) is a physical device that provides VPN access to internal networks, while the NetExtender VPN client is a software client used to connect to compatible firewalls that support VPN connections. We have determined that this use case is not susceptible to exploitation. Current SMA 100 series customers may continue to safely use NetExtender for remote access with the SMA 100 series.However, we can issue the following guidance on deployment use cases: SMA 100 Series: The SMA 100 series (SMA 200, SMA 210, SMA 400, SMA 410, SMA 500v) remains under investigation for a vulnerability.SonicWall SonicWave APs: No action is required from customers or partners.No action is required from customers or partners. Customers are safe to use SMA 1000 series and their associated clients. SMA 1000 Series: This product line is not affected by this incident.
It may be used with all SonicWall products.
Below is the current status of this investigation: SonicWall is currently investigating what devices are affected by this vulnerability. "Recently, SonicWall identified a coordinated attack on its internal systems by highly sophisticated threat actors exploiting probable zero-day vulnerabilities on certain SonicWall secure remote access products," states SonicWall's security notice published late Friday night. On Friday night, SonicWall released an 'urgent advisory' stating that hackers used a zero-day vulnerability in their Secure Mobile Access (SMA) VPN device and its NetExtender VPN client in a "sophisticated" attack on their internal systems. SonicWall is a well-known manufacturer of hardware firewall devices, VPN gateways, and network security solutions whose products are commonly used in SMB/SME and large enterprise organizations. It does not store any personal data.Security hardware manufacturer SonicWall has issued an urgent security notice about threat actors exploiting a zero-day vulnerability in their VPN products to perform attacks on their internal systems. The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. The cookie is used to store the user consent for the cookies in the category "Performance". This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". The cookie is used to store the user consent for the cookies in the category "Other. The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". The cookie is used to store the user consent for the cookies in the category "Analytics". These cookies ensure basic functionalities and security features of the website, anonymously. Necessary cookies are absolutely essential for the website to function properly.