I’ve just installed the firmware update on a NSA 2650.
Now the connection with “Mobile Connect” no longer works (error 2250, error code 0x57) but with NetExtender it does. Any ideas?
Android, Mac or IOS? Is the client running the latest version of Mobile Connect? If so what version?
Seems they finally disabled it on the latest firmwares.I also had this problem and I knew they announced end of support but it kept working months afterwards so I assumed they’re using the same protocols with Netextender so as long as you can install it on Windows it should be fine but recent events prove that I was mistaken with that. With how long they take to fix things especially with pre v7 kernels, I just deployed Netextender to everyone.
Windows MObile Connect client is EOL. And while I didn’t see a release note saying they were going to break it. I wager if it breaks, its not getting fixed for windows.
I liked it better than NetExender, but alas, its the way forward.
Hello everyone who is having this issue, I had to rollback the software version to 6.5.4.15-109n and was able to have my android device connected to the SSL VPN with mobile connect.
I am still testing while waiting for a response from SonicWall
Hi Everyone -
I wanted to share my experience about this issue.
I stepped through the entire process w/SonicWALL’s support engineers and here is what was found:
We confirmed that the customers device was on the 6.5.4.15-116n firmware update and we confirmed that we were using the latest available version of SonicWALL Mobile Connect for Windows. We created a packet capture and SW support was able to verify (during the multiple connection attempts that were performed during the capture process) that between the Mobile Connect and the SonicWALL firewall, the handshake occurs and the tunnel gets created. But, as soon as the first packets begin to traverse the tunnel, the packets are dropped and tunnel is dumped. The reason provided? The firewall, which was on the latest firmware (at the time), is expecting a higher encryption level than what the Mobile Connect is able to provide. Keep in mind, the Mobile Connect software for Windows was End of Support as of 08/2022. Meaning, there was a 2 year gap between the latest firmware being written before the actual EOS of the VPN client itself.
For more information, I’ve included the EOS article (if you haven’t seen it)
Mobile Connect breaks after upgrade to SonicOS 6.5.4.15
https://www.sonicwall.com/support/knowledge-base/mobile-connect-breaks-after-upgrade-to-sonicos-6-5-4-15/240903132324983#:~:text=Important%20Note%3A,mobile%2Dconnect%2Fsoftware%2F%20.
One last note, the Mobile Connect software (per SonicWALL Support) is still being actively developed for iOS, macOS, Android and Chrome OS as it is the only option for those platforms at this time.
If you go to the VPN client download page, you’ll notice there’s no mention of any Windows Mobile Connect option on that page.
Hope this provides clarity on the topic.
Windows Store version - see below
We’ve had users running Windows Mobile Connect with no issue up until the previous firmware version. It just worked. Sonicwall support just said Mobile Connect support on Windows was discontinued 2022, but no explanation why they’ve disabled it in latest firmware (latest vulnerability?) . The advantage of Mobile Connect was it could be installed by users without needing admin rights and was a small light software. We’ve had to quickly deploy NetExtender to all our Windows users, but it’s another software that needs to be managed on user’s latptops. Mobile Connect lives on for iOS, macOS and Android, NetExtender for Wndows and Linux.
If OP is using the one for windows god help him. It was a terrible product when it was supported and often had issues connecting. Its been depreciated in the windows store for at least 5+ years.
This is the fix right here. I had to install hotfix firmware 6.5.4.15-117n on my TZ 400 to restore access to iOS Mobile Connect 5.0.16. Thanks for sharing.
I would suggest updating to the latest version again. I believe the reason this is breaking SSL VPN (or at least Mobile Connect on Windows) is because this latest firmware was made to address an exploit that can be done via SSL VPN:
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
https://www.bleepingcomputer.com/news/security/sonicwall-sslvpn-access-control-flaw-is-now-exploited-in-attacks/
https://nvd.nist.gov/vuln/detail/CVE-2024-40766
Thanks for the detailed explanation, so unfortunately for Apple users since there is no NetExtender we have to wait until they increase encryption on mobile connect to be able to run the latest recommended version.
I find interesting that this problem doesn’t occur on our TZ470 having latest version.
Maybe the encryption check that you mention is not there yet.
I believe support for Mobile Connect was inadvertently broken because of this firmware addressing a vulnerability that can be exploited SSL VPN, yes.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
Yes, it is the Windows version from the Store. The software ran without any problems for us.
The advantage of the Store version is that it can be installed without admin rights and the connection can be controlled via script (rasphone.exe).
I found the information about EOL (2022-08-15) - thanks for the pointer.
In our infra users preferred it and we never had a problem with it until this latest firmware so I dunno. If it works, don’t fix it.
You can control the sslvpn client with scripts, gpo and other means. You can also install it by gpo as well without user action.