SonicWALL SSL-VPN 200 locking up

SonicWALL’s SSL-VPN 200 remote access appliances have worked flawlessly for years for a number of clients until recently we started seeing a rash of lockups.  At first a power cycle was all it took to get them back up and running, but shortly afterwards they would not stay online more than a few seconds, before becoming unresponsive to all but a ping.

One unit in particular that was configured to email alerts started sending out messages every hour with the following error:

"License Manager Peer Identity failed - Check certs and time."

I then disconnected it from the network, power cycled it again and connected directly to it.  This time, it booted up just fine and allowed me to log into it.  Researching the error message from before led me to a SonicWALL article detailing possible causes for the message, one of which was:

"The License Manager server or the signature database server may not have a valid SSL Certificate."

I know SonicWALL is requiring some firmware upgrades on currently supported devices that resolves some certificate warnings, so I figured the SSL-VPN 200 was calling home and locking up during its bootup routine.  Why not disallow it from calling home?

Here’s how to fix it:

Boot the SSL-VPN 200 offline, connect a PC to the X0 port, assign yourself a static IP on the same subnet and login to the device

Go to Network | Host Resolution
Create a new host resolution object
IP address: 127.0.0.1
FQDN: licensemanager.sonicwall.com

Save the new host, reconnect to your production network and enjoy!

10 thoughts on “SonicWALL SSL-VPN 200 locking up

  1. Thanks for the post – we found the same issue post New Year. Your 127.0.0.1 suggestion worked perfectly!!! I know the product is EOL… but seriously this is disappointing.

    Like

  2. This is the same solution I found and I am also disappointed with DELL!! I have 2 units that started exhibiting the problem on 12/31/2013.

    Like

  3. Thanks – this appears to have worked here, too.

    Only problem is that I now get regular alert emails:

    SSLVPN: id=sslvpn sn=0006Bxxxxxx time=”2014-01-07 13:31:00″ vp_time=”2014-01-07 13:31:00 UTC” fw=212.xx.xx.xx pri=4 m=0 src=212.xx.xx.xx dst=212.xx.xx.xx user=”system” usr=”system” msg=”License Manager Peer Identity failed – Check certs and time.” agent=”(null)”

    Seeing perhaps a couple an hour.

    Like

    1. In the unit I mentioned that was emailing alerts, I ended up disabling that function to avoid receiving the alerts you’re referring to. As long as you have sufficient security in place, i.e. strong password and administrator/user lockout, I don’t see this as much of an issue. Let me know if you find a solution or workaround for this and I’ll update the post.

      Like

  4. That posted fix was a great start but here is the real workaround by adding a compatible sonicwall license manager server IP and a downloadable certificate from them.

    A pain for sure, at least the hardware is usable again.

    Like

    1. Hi Mark, thanks for posting the link. I was surprised I couldn’t find anything about this issue on their site and was thinking they were going to leave us high and dry. That being said, I’m not sure if I want to go through their procedure, just in case they decide to take that compatible license manager server down too. I guess it’s up to whomever reads this to decide which route to take.

      Erik Mendes

      Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s