A few weeks ago our SonicWALL NSA 240 router suffered an electrical fault and died. This was over a UK bank holiday weekend and I logged a support case on the Sunday. SonicWALL, to their credit, gave me an RMA number and processed it on Monday, but because of the holiday, they couldn't ship the replacement until Tuesday. It arrived Wednesday lunchtime and I assumed I'd have us back to normal within an hour. Not quite.
As an aside, since we don't run dual SonicWALLs with failover, I knew that even "next-day replacement" cover on the hardware wouldn't be fast enough and that we needed some other cover.
I was relieved (and a little smug), therefore, that we'd followed our own IT risk management framework and prepared our old Zyxel router as an emergency stand-in just a few weeks earlier. We made sure the basic network settings and rules would at least give us Web access, and it worked OK for the couple of days we needed it. There was no VPN and not all the incoming rules were right, but it was way better than nothing.
There were three main stages to getting back to normal:
- Register the new unit with SonicWALL.
- Update the firmware.
- Reload our settings.
Step 1 caused me some grief. I also discovered the hard way that until it's done you can't update the firmware, step 2. When I finally got there, step 3 was easy, given that we're fastidious about exporting settings after making changes.
I began by copying the most recent settings export file (.exp) to a PC which could be isolated from the LAN and connected to the SonicWall LAN interface (X0). The factory default IP of the new SonicWALL is 192.168.168.168 so I set the IP of the setup machine to be 192.168.168.1, with its gateway as 192.168.168.168. I didn't connect any of the WAN ports (X1, X2) at this stage.
Browsing to 192.168.168.168 brought up the login screen. The factory default login is admin, password. The Setup Wizard appeared automatically but I cancelled it until I'd set the admin login timeout to 30 minutes. There's nothing more frustrating than running through the wizard screens only to find the changes won't save because the login's timed out!
TIP: If using IE set it to run in Compatibility Mode. The SonicWALL UI seems to work better that way.
At the top right, I clicked Wizards and followed the Setup Wizard as follows:
a. Change the admin password to our normal one.
b. Check/set the time zone.
c. Ignore 3G/Modem.
d. Set the WAN to DHCP mode with our normal router IP address (which at this time was our old Zyxel) as the Gateway. This would give the SonicWALL Internet access.
e. Leave the LAN IP address alone & turn off DHCP for the LAN.
f. Apply the settings.
RegistrationAfter running the wizard, I connected X1 (i.e. the "WAN") to a LAN socket. Clicking System / Status gave a message that the device needed to be registered. (This would enable all the licenses to be synchronized and the firmware to be updated.)
On another PC I logged into MySonicWALL.com and verified that it already showed the replacement unit registered to us. (SonicWALL do this as part of the RMA procedure.) It showed the serial number, Authentication Code and Registration Code.
On the unit, registration should have just been a case of entering that Registration Code and the MySonicWALL login. However, this repeatedly gave me an "HTTPS required" error. This was particularly puzzling because it hadn't happened when I did this the first time, when we first bought the SonicWALL. However, having tried various fixes and even asking SonicWALL Support, I finally overcame it by enabling management from the "WAN" (which at this time was in reality our LAN) and logging on from another PC, from where the process worked OK and registration / licensing completed.Comparing the shipped firmware version to the latest we had in the faulty unit, it needed updating. This was simply a case of copying the firmware .SIG file onto the setup machine, uploading it via System / Settings / Upload New Firmware... and finally booting from the new firmware.
Reload settingsFinally we were ready to get back to where we started. The first key step was to disconnect X1 from the LAN socket. (If I'd not done this, reloading our settings would have immediately created an IP conflict due to there being two devices using the same address - i.e. our old Zyxel and the replacement SonicWALL!) So, with the isolated PC connected to the isolated SonicWALL, I switched to System / Settings, clicked Import Settings... and browsed to the .exp file to import the settings.
After the import I lost connection as the IP of the SonicWALL had changed. After changing the IP of the setup PC to be in the right 172.16.1.x subnet I could again log in and check that all was well. (This step won't apply to you if you already run your LAN in the 192.168.x.x subnet.) I also had to remember that at this stage the login URL needed a specific port number on the end (e.g. http://<IP address>:8008) as I had set the SonicWALL not to respond on the standard port 80.
All our settings were successfully restored so I could simply disconnect our emergency Zyxel router and connect the SonicWALL in its place.
The glitch with registration, and having to update the firmware, meant that the job took me about 3 hours intead of the 1 hour I'd hoped for. But overall the biggest delay was in waiting for shipment of the replacement unit, where an emergency replacement enabled us to stay online.
Mark Pimperton BSc PhD has worked for a small UK electronics manufacturer for over 20 years in areas as diverse as engineering, technical sales, publications, and marketing. He's been involved in IT since 1999, when he project-managed implementation of a new ERP system, and has been IT Manager since 2008. The first major project he undertook in that role was a second ERP deployment. While still involved in operations, system management, and even a bit of development, Mark is now also responsible for IT risk management. He finds that risk assessment leads to many improvement initiatives, such as a current project to switch from tape backup to disk-based and online backup. Mark is fanatical about documentation, taking special care to record unfamiliar processes. His TechRepublic articles on SSL certificates and PCI DSS compliance are prime examples. Mark is married with two grown-up children.