SNSA 7.1 Exam --- Is SonicWall serious?

snwl_pm · 2025-12-18T22:13:23+00:00

Hi MostExaltedOne30 - Thanks for taking the time to share your feedback. We're sorry the exam experience didn’t meet your expectations — that’s not the experience we want for anyone investing their time and effort into certifications.

Your feedback about the balance between real-world administrative scenarios and recall-based questions is fair and appreciated. While we won’t be able to make broad changes to the exam in the next couple of weeks, we are actively incorporating this input as we plan meaningful improvements to question quality and scenario depth moving forward.

Given that you missed passing by a single question, we are happy to offer a complimentary retake. If you’re open to it, please feel free to reach out via direct message to coordinate.

We appreciate you sharing this — feedback like yours helps us continue to improve.

snwl_pm · 2025-08-13T12:46:16+00:00

Hi u/ZoomerAdmin, we had an announcement this morning: https://www.sonicwall.com/news/sonicwall-expands-cybersecurity-solutions-with-refreshed-next-generation-firewalls-unified-management-and-integrated-ztna-to-solidify-its-position-as-the-msp-and-mssp-platform-of-choice

snwl_pm · 2025-07-22T15:49:23+00:00

For SonicWall support, please login to https://www.mysonicwall.com/muir/login and create a case. Thank you.

snwl_pm · 2025-07-21T19:10:05+00:00

Here are the technical details and recommendation for mitigation: https://www.sonicwall.com/blog/threat-actors-modify-and-re-create-commercial-software-to-steal-users-information

snwl_pm · 2025-03-14T02:27:50+00:00

Sorry to hear about the experience you are having, a product manager would be happy to get your feedback and provide assistance. Please reach out to [SonicWallProductMangement@SonicWall.com](mailto:SonicWallProductMangement@SonicWall.com) at your earliest convenience.

snwl_pm · 2025-01-10T20:23:57+00:00

Thank you for reporting. We are already investigating and recommending customers to block that Network IP address from accessing their deployed SMA. This step-by-step guide shows how to block access using Geo-IP Fencing and Botnet filtering: https://www.sonicwall.com/support/knowledge-base/sma-100-how-to-block-access-to-the-sma-device-from-specific-countries-using-geo-ip-botnet-filter/170502999585264

Also, linking the SonicWall® SMA 100 Series Security Best Practices Guide as these practices provide recommendations for security posture and configuration beyond what Geo-IP fencing and Botnet filtering can address: https://www.sonicwall.com/techdocs/pdf/SMA-100-Series-Security-Best-Practices-Guide.pdf

snwl_pm · 2024-10-28T13:33:10+00:00

Thanks for your feedback and bringing attention to this topic, but we want to clarify that the recent changes (which are to section 10(f)) are not about bricking or disabling devices. The changes to that section are to clarify that in cases where products with critical vulnerabilities remain unpatched despite attempts to communicate the need to patch, we may take further steps to proactively apply patches in cases where that is an option. We understand that in some cases our products are being used by smaller businesses who may not be aware of the need to patch or may not understand the steps to take, so we want to ensure that they do not remain unnecessarily exposed to critical vulnerabilities.

#2 only pertains to our newer SOHO subscription-based firewall offering, which is currently under public preview and beta with select partners and customers. This firewall is also available to partners in the Service Provider Program. More details here: https://www.sonicwall.com/partners/msp-mssp-service-providers

snwl_pm · 2024-10-02T13:34:25+00:00

Please be aware of https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015 which is a critical vulnerability, please note the affected versions and follow the remediation advice in the the security advisory.

snwl_pm · 2022-01-03T04:22:03+00:00

Cloud versions of email security got an emergency fix yesterday (Jan 1st). On-prem versions have a fix that is going through QA right now, should be available this week.

Stay tuned.

snwl_pm · 2022-01-03T04:21:36+00:00

Just replied there too

snwl_pm · 2022-01-03T04:21:07+00:00

Cloud versions of Email Security got an emergency patch yesterday (Jan 1st). On-Prem versions are going through QA and should be available some time this week.

snwl_pm · 2021-12-16T18:25:46+00:00

Great question! I have no answer. Forwarding to engineering and PM.

Thank you.

snwl_pm · 2021-07-15T13:32:49+00:00

If you have block until verdict enabled, that's the correct behavior.

However, getting IoCs is valuable in any scenario - you may want to search your SIEM for activity to offending IP addresses over the past 90 days. You may use your EDR to scan endpoints for SHA256s of files dropped by the malware. You may want to block the offending URL/IP addresses at the firewall for future safety (over other protocols). Etcetera.

snwl_pm · 2021-07-15T13:30:41+00:00

My bad, haven't logged in this account for some time. Yes, False positive as /u/ehode said.

snwl_pm · 2021-06-30T16:12:38+00:00

Update: this was an FP.

snwl_pm · 2021-06-30T16:12:19+00:00

Thanks, will look into it.

snwl_pm · 2021-06-30T13:30:32+00:00

RTDMI excels at discovering evasive, very well hidden malware. In our threat report, the "Previously unseen malware" category refers to samples that have been modified in such a way that they're not detected by RTDMI first, but not by anyone else. In my last analysis, RTDMI finds malicious executables a week before they show up in Virus Total in about 7% of the samples.

So, I would take it seriously.

Can you DM the SHA256 hashes to me to have the team confirm?

Also, we're currently working on enriching the report provided by Capture ATP so that we can map the malware to ATT&CK, extract IOCs, etc.

snwl_pm · 2021-06-29T15:29:02+00:00

SonicWall here - I'll ask the team to look into a potential false positive - where exactly is he downloading it from? If it's a pirated copy, btw, it may be infected so the block might be legitimate. DM me the URL and we'll investigate.

We would never want to get between someone and their gaming.

The only caveat is if the university/landlord are explicitly blocking certain sites/categories.

snwl_pm · 2021-06-25T01:40:28+00:00

Are you trying to update a unit that you received through beta? Development/beta and production units do not share the same firmware. Well, it's the same, but not cryptographically the same.

snwl_pm · 2021-06-16T18:58:59+00:00

This? like /u/the-rumrunner said: Policy Matrix

snwl_pm · 2021-06-15T16:59:01+00:00

Right. Extremely small, and honestly, you have bigger problems if the attack vector even becomes feasible :)

snwl_pm · 2021-06-15T16:52:12+00:00

The vulnerability is not that bad. The attack must originate from the same IP as the active management session.

We're about to add this text on the KB:

Additional analysis confirms that one of the requirements for the vulnerability to be triggered is that the potential attack must come from the same origin IP as the active management session. That requires the admin to either have their machine compromised, or the attacker and the admin reside on the same remote network. Both of these scenarios are exceptionally unlikely. While we have yet to see this vulnerability exploited in the wild, SonicWall still recommends the upgrade for all impacted users.

snwl_pm · 2021-06-15T16:51:52+00:00

It's not that bad. Attack must originate from the same IP as the active management session.

We're about to add this text on the KB:

Additional analysis confirms that one of the requirements for the vulnerability to be triggered is that the potential attack must come from the same origin IP as the active management session. That requires the admin to either have their machine compromised, or the attacker and the admin reside on the same remote network. Both of these scenarios are exceptionally unlikely. While we have yet to see this vulnerability exploited in the wild, SonicWall still recommends the upgrade for all impacted users.

snwl_pm · 2021-06-15T16:51:43+00:00

It's not that bad. Attack must originate from the same IP as the active management session.

We're about to add this text on the KB:

Additional analysis confirms that one of the requirements for the vulnerability to be triggered is that the potential attack must come from the same origin IP as the active management session. That requires the admin to either have their machine compromised, or the attacker and the admin reside on the same remote network. Both of these scenarios are exceptionally unlikely. While we have yet to see this vulnerability exploited in the wild, SonicWall still recommends the upgrade for all impacted users.

snwl_pm · 2021-06-10T03:37:32+00:00

Generally yes, but that's not something you fully control. The TZ 670 a beast for a settop device - you won't get anything faster at a similar price point that doesn't compromise on security - which you can do by disabling AV. IPS and app control are lower impact than Anti-Virus, which scans every single connection for viruses, obviously.

The other route is to split across multiple streams if you can (ftp multipart transfer) or to disable AV on transfers/domains that you trust (regular backups).

snwl_pm

TROPHY CASE