Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 1 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 1 of 18
`
`
`
`EXHIBIT 9
`
`EXHIBIT 9
`
`
`
`
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 2 of 18
`
`ML Security
`
`Dell“ SonicWALL‘“ SonicOS 6.2.6.0
`
`Release Notes
`
`August 201 6
`
`These release notes provide information about the Dell“ SonicWifiiLLTII SonicOS 6.2.6.0 release.
`
`Topics:
`In About SonicOS 6.2.6.0
`
`a Supported platforms
`0 New features
`
`I Resolved issues
`
`0 Known issues
`
`a Product licensing
`
`a Upgrading information
`
`I Technical support resources
`I About Dell
`
`About SonicOS 6.2.6.0
`
`- Content Filtering Service 4.0
`See the New features section for more information.
`
`This release provides all the features and contains all the resolved issues that Were included in previous
`releases of SonicOS 6.2. For more information, see the previous release notes, available on MySonicWALL or on
`the Support Portal at: https:Hsu pport.software.de{l.comfrelease-notes'product-select.
`
`TZ Series / SOHO Wireless feature support
`Dell SonicWALL SOHO Wireless and TI series appliances running SonicOS 6.2.6.0 support most of the features
`available for other platforms. Only the following features are not supported on the T2 series or SOHO Wireless
`appliances:
`
`- Activemctive Clustering
`
`In Advanced Switching
`
`-_
`I
`Jumbo Frames
`
`0 Link Aggregation
`
`SonicOS 6.2.6.0
`Release Notes
`
`SonioWall-Finjan_00016706
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 3 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 3 of 18
`
`I Port Redundancy
`I Wire Mode
`
`Supported platforms
`
`SonicOS 6.2.6.0 is supported on the following Dell SonicWALL network security appliances:
`
`o SuperMassive 9400
`
`I SuperMassive 9200
`
`I NSA 6600
`
`I NSA 5600
`I NBA 4600
`
`0 NSA 3600
`
`I NSA 2600
`
`I T2600
`
`I T2500 and T2500 Wireless
`I T2400 and T2400 Wireless
`
`I T2300 and T2300 Wireless
`
`I SOHO Wireless
`
`New features
`
`This section provides information about the new features in SonicOS 6.2.6.
`
`Topics:
`
`- About Capture ATP
`I About CFS 4.0
`
`SonicWalI-Finjan_00016707
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 4 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 4 of 18
`
`——
`
`About CFS 4.0
`
`Content Filtering Service [CFS] 4.0 has been redesigned to improve performance and ease of use. The
`workflow was redesigned and more accurate filtering options have been provided. Refer to SonicOS 6.2.6
`Content Filtering Service (CFS) 4.0 Feature Guide for more details. For information about upgrading from an
`older version of CFS, see the SonicOS 6.2.6 CFS 4.0 Upgrade Guide.
`
`Topics:
`o CFS workflow
`
`I CFS settings
`
`I New CFS policy design
`
`I CFS custom Categories
`
`I New objects in CFS 4.0
`
`o CFS log entries
`
`I Websense support in CFS 4.0
`
`I Deprecated CFS 3.0 features
`
`I Comparison of CFS 3.0 to CFS 4.0
`
`CFS workflow
`
`when processing packets, CFS follows this womflow:
`
`‘l
`
`A packet arrives and is examined by CFS.
`
`2 CFS checks it against the configured exclusion addresses, and allows it through if a match if found.
`
`3 CFS checks its policies and finds the first policy which matches the following conditions in the packet:
`I Source Zone
`
`I Destination Zone
`
`o Address Object
`
`I UsersiGroup
`0 Schedule
`
`0 Enabled state
`
`4 CFS uses the CFS Profile defined in the matching policy to do the filtering, and returns the
`corresponding operation for this packet.
`
`5 CFS performs the action defined in the CFS Action Object of the matching policy.
`
`6
`
`If no CFS Policy is matched, the packet is passed through without any action by CFS.
`
`SonioWaII-Finjan_00016708
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 5 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 5 of 18
`
`CFS settings
`The following global settings are used in CFS 4.0:
`
`I
`
`Global settings
`
`I Max URI Caches (entries) - Defines the maximum number of cached URI entries. Cached URl
`entries save the URI rating results, so that SonicOS does not need to ask the backend server for
`the rating of a known URI.
`In CFS 3.0, the cache size had a maximum; in CFS 4.0 the maximum is
`changed to the entry count.
`
`I Enable Content Filtering Service — This option can be cleared to bypass CFS for all packets. By
`default, it is selected.
`
`I Enable HTTPS content filtering .. When enabled, CFS first attempts to get the ServerName
`from the client “hello”. If that fails, CFS attempts to get the CommonName from the SSL
`certificate and then get the rating. If both attempts fail to get the ServerNamelComrnon Name,
`CFS uses the IP address for the rating.
`
`I
`
`Blocked if CFS Server is Unavailable — If the CFS server cannot provide the rating request
`within the specified duration (5 seconds by default}, this option defines whether to allow or
`deny the request.
`I CFS Exclusions
`
`I Exclude Administrator — When enabled, content filtering is bypassed for all requests from an
`account with administrator privileges.
`
`o Excluded address — Content filte ring is bypassed for all requests from address objects selected
`in the Excluded address list.
`
`- Custom Category
`
`I Enable CFS Custom Category — Allows the administrator to customize the ratings for specific
`URIs. When CFS checks the ratings for a URI, it first checks the user ratings and then checks the
`CFS backend server for the ratings.
`
`I Advanced Settings
`
`I Enable Smart Filtering for Embedded URL — When enabled, detects the embedded URL inside
`Google Translate thtps:Htranslate.google.coml and filters the embedded URI. too. Requires
`that client DPI-SSL be enabled also.
`
`I Enable Safe Search Enforcement — Enforces Safe Search when searching on any of the
`following web sites:
`
`o ww.yahoo.com
`I www.ask.com
`
`o ww.dogpile.corn
`
`o www.lycos.corn
`
`Requires that client DPl—SSL be enabled also.
`
`I Enable Google Force Safe Search — When enabled. overrides the Safe Search option for Google
`inside each CFS Policy and its corresponding CFS Action. Note that typically Safe Search happens
`automatically and is powered by Good, but when this option is enabled, SonicOS rewrites the
`Google domain in the DNS response to the Google Safe Search virtual IP address.
`
`I Enable YouTube Restrict Mode — When enabled, accesses YouTu be in Safety rnode. YouTube
`provides a new feature to screen videos that may contain inappropriate content flagged by users
`and other signals.
`
`I Enable Bing Force Safe Search — When enabled overrides the Safe Search option for Bing inside
`each CFS Policy and its corresponding CFS Action.
`
`SonicWalI-Finjan_00016709
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 6 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 6 of 18
`
`New CFS policy design
`A CFS policy defines the filtering conditions that a packet is compared to, and CFS 4.0 provides a new policy
`design, different from the way policies were implemented in CFS 3.0. A default policy is provided, but you can
`define your own. When writing your own policies, following matching conditions can be defined:
`I Name
`
`I Source Zone
`
`I Destination Zone
`
`a Source Address
`
`I UserSIGroup
`I Schedule
`
`I Profile
`
`I Action
`
`If a packet matches the conditions defined for Source Zone, Destination Zone, Address Object, Userstroups,
`Schedule, and Enabled state, it is filtered according to the corresponding CFS Profile and then the CFS Action
`is applied. If authentication data is not available during matching for UserslGroups, no match is made for this
`condition. This strategy prevents performance issues, especially when Single Sign-On is in use.
`
`Each CFS policy has a priority level and policies with higher priorities are checked first.
`
`CFS custom categories
`In CFS 4.0, CFS custom categories are handled consistently with the way ratings are handled in the CFS
`backend server. When adding or editing a custom category, you can select up to four categories for the URI.
`
`Besides adding custom category entries one by one, export and import functions are also supported. One way
`to use this functionality is by exporting the custom category first, editing it, and then importing from that
`exported file.
`
`Only the first 10,000 custom category entries in the file are imported. Invalid entries are skipped and do not
`count toward the maximum of 10,000 custom category entries that are supported.
`
`New objects in CFS 4.0
`Three new kinds of objects are supported in CFS 4.0:
`
`I URI List Objects - Defines the URI list which can be marked as allowed or forbidden.
`
`I CFS Action Objects — Defines what happens after a packet is filtered by CFS.
`
`I CFS Profile Objects — Defines what kind of operation is triggered for each HTTPIHTTPS connection.
`
`These objects are configured on the Firewall > Content Filter Objects page in the SonicOS management
`interface.
`
`URI List Objects
`
`In CFS 4.0, a URI List Object is used for URIIdomain matching. Each URl List Object contains a custom list of
`URls. You can addfeditldelete a CFS URI list object on the Firewall > Content Filter Objects page in SonicOS.
`
`Use the following guidelines when configuring URI List Objects:
`
`I A maximum of 128 URI list objects are allowed.
`
`I
`
`In each object, up to 5,000 URls are supported.
`
`I A URI is a string containing host and path. Port and other content are currently not supported.
`
`SonicWalI-Finjan_00016710
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 7 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 7 of 18
`
`I An IPv4 or IPv6 address string is supported as the host portion of a URI.
`
`I The maximum length of each URI is 255 characters.
`
`I The maximum combined length of all URIs in one URI list object is 131 ,072 [1024‘128] including one
`character for each new line {carriage return] between the URIs.
`
`I Each URI can contain up to 16 tokens. A token in URI is a string composed of the characters:
`[1 ._ (I!
`51“:
`
`n The maximum length of each token is 64 characters including one character for each separator [. or I}
`surrounding the token.
`
`I An asterisk [*I can be used as a wildcard representing a sequence of one or more valid tokens.
`
`When building a policy URI List Objects can be used as either the forbidden URI list or the allowed URI list. URI
`List Objects can also be used by the Web Excluded Domains of Websense.
`
`Action Objects
`The CFS Action Object defines what happens after a packet is filtered by CFS and specified by a CFS Policy.
`You can addieditl delete a CFS Action Object on the Firewall > Content Filter Objects page in SonicOS.
`Within the Action Object you can define whether to block a web site, require a passphrase {password} for
`aCcess, require a confirmation before proceeding to the web site, or use Bandwidth Management.
`
`Passphrase and Confirm features only work for HTTP requests. HTTPS requests cannot be redirected to the
`Passphrase or Confirm page, respectively.
`
`Profile Objects
`The CFS Profile Object defines the action that is triggered for each HTTP/HTTPS connection. You can
`addleditidelete a CFS Profile Object on the Firewall > Content Filter Objects page in SonicOS. When setting
`up a new Profile Object under the new design, a domain may now be resolved to one of four ratings. From
`highest to lowest, the ratings are:
`I Block
`
`I Passphrase
`- Confirm
`
`- BWM [Bandwidth Management}
`
`If the URI is not categorized into any of these ratings, then the operation is allowed.
`
`CFS log entries
`In CFS 4.0, there are only three types of log entries:
`
`I
`
`-
`
`I
`
`logstrSyslogWebSiteAccessed
`
`logstrWebSiteBlocked
`
`logstrCFSAlert — These log entries start with CFS Alert: and are followed by a descriptive message.
`
`SonicWalI-Finjan_00016711
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 8 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 8 of 18
`
`Websense support in CFS 4.0
`The Websense configuration settings are shown in the Security Services > Content Filter page when the
`Content Filter Type selection is set to Websense Enterprise. Websense only works for IPv4 requests. It does
`not work with IPv6.
`
`Websense can be used even when the firewall is not licensed for CFS 4.0 (Content Filtering Premium}.
`
`Deprecated CFS 3.0 features
`CFS 4.0 includes the following changes to CFS 3.0 features:
`
`- Merge "CFS via App Rules“ and “CFS via Zones" into one.
`
`o Remove the GloballLocal custom lists, replaced by URI List objects.
`
`0 Users cannot use CFS without a license, but can still use Websense.
`
`:- Remove CFS configuration from UsersIGroups CFS tab.
`
`I Remove CFS configuration from Zone page if using SonicWALL CFS. The CFS configuration in Zone is
`available only if CFS type is Websense.
`
`- Remove Restrict Web Features for JavaIActiveX. They can be replaced with entries in the Forbidden
`URI list using '-‘
`. ja- vs and * . 9-395.
`
`I Remove Restrict Web Features for HTTP Proxy Server.
`
`-
`
`In CFS 4.0, to block aCcess to H'I'TP Proxy Server, go to the Firewall > App Control Advanced page,
`enable App Control, and then edit the 3648 signature ID to block HTTP proxy aCcess.
`
`Comparison of CFS 3.0 to CFS 4.0
`The following table compares the user experience for various aspects of the old and new CFS.
`
`CFS 3.0 CFS 4.0
`
`Centralized CFS configuration in one place.
`Configu re CFS on CFS page, Zone page, User page
`and App Rules page.
`
`Two modes [via Zones and via App Rules}.
`
`Merged functions into one mode.
`
`Admin cannot predict the filtering results accurately Admin can exactly predict the filtering results.
`after configuration.
`
`Need to define duplicated filtering options.
`
`Define CFS Category object, URI List object, Profile
`object and Action object, which can be reused in
`multiple policies.
`
`Does not support wildcard matching.
`
`Supports wildcard {*l matching for URI List.
`
`Consent feature is global.
`
`Consent feature is per policy.
`
`BWM is only supported in App Rules mode.
`
`BWM is fully supported.
`
`Does not support Override — Confirm.
`
`Supports Override — Confirm.
`
`Only supports GET, POST and HEAD commands for
`HTTP.
`
`Supports GET, HEAD, POST, PUT, CONNECT,
`OPTIONS, DELETE, REPORT, COPY and MOVE
`commands.
`
`Cannot enablefdisable CFS globally.
`
`Can enablea‘disable CFS globally.
`
`Custom category is based on category.
`
`Custom category is based on domain, which is more
`intuitive.
`
`Separate Websense configuration from CFS
`Websense configuration is mixed with CFS
`
`configuration. configuration helps prevent errors.
`
`SonicWaII-Finjan_00016712
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 9 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 9 of 18
`
`Resolved issues
`
`The following issues are resolved in this release.
`
`App Rules
`
`Resolved issue
`
`An App Rule of SMTP Client type with File extension as Match Object does not block
`matching emails when used with SMTPS.
`
`Occurs when Client DPl-SSL and Application Firewall are enabled and the App Rules
`policy uses a Match Object Type: File extension, Content: exe,txt,jpg, and then
`email is sent from a client with txt or jpg files in the attachment. It works fine if
`Client DPl-SSL is not enabled.
`
`Issue ID
`
`175840
`
`High Availability
`
`
` Resolved issue Issue ID
`
`A High Availability pair of NSA 46005 experience frequent HA Failoveri Failback
`events.
`
`174010
`
`Occurs when Physical Monitoring is enabled only on the X0 interface. and the active
`firewall detects a better link status on the idle firewall, in conjunction with the LDAP
`task waiting for too long for a lock to be released.
`
`Synchronizing settings causes the Network > Portshield Groups page on the standby
`unit to be refreshed continuously.
`Occurs when there are X1052 and X1008 X-Series switches on a T2 series appliance.
`Without deleting either switch from the configuration, the X1008 switch is physically
`removed. The primary unit shows the correct status of both switches. On the High
`Availability > Advanced page, the Synchronize Settings button is clicked. The
`secondary unit reboots after synchronization, but the Network > PortShield Groups
`page refreshes continuously.
`
`170876
`
`A client using SSL VPN NetExtender fails to connect to the active unit of an HA Pair
`after a fai lover and failback.
`
`167227
`
`Occurs when the client is connected using SSL VPN NetExtender, then the Force
`ActiveIStandby Failover option is used to force a failover and the client is
`disconnected, but is able to reconnect, and then the same option is used to force a
`failback to the primary firewall. The client is disconnected and gets a “connection
`failed” error when attempting to reconnect.
`
`Networking
`
`Resolved issue
`Issue ID
`
`
`VLAN interfaces and subsequent VPN tunnel policies are not created.
`Occurs when importing a configuration file from an NSA 5600 firewall to an NSA 6600
`firewall.
`
`iCMPv6 service group shows inconsistent member objects.
`Occurs when editing the factory default ICMPvé group [Network 3‘ Services 3‘ Service
`Groups > Edit ICMPvG}. In the factory default state, about 30 service objects are
`shown as members of the lCMPvt’: group. Any attempt to editladd to this group results
`in errors [unable to find network object], deleted members, and an inability to add
`any subtype ICMPv6IND members (ports 141 through 154].
`
`173505
`
`168831
`
`SonioWall-Finjan_00016713
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 10 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 10 of 18
`
`System
`
`Resolved issue
`Issue ID
`
`
`The active firewall in a High Availability pair goes down with memory errors on the
`data plane.
`
`175380
`
`Occurs when Single Sign‘On users are authenticating over HTTP, and enterprise data
`center traffic is passing through the HA pair.
`
`User Interface
`
`Resolved issue
`
`Options for PoE are displayed for non-POE X-Series extended switches.
`Occurs when configuring a non~PoE extended switch. Options for PoE display on the
`Advanced tab of the Add External Switch dialog.
`
`Dynamic pages, such as Dashboard > Log Monitor, Network > Address Objects, or
`Network > NAT Policies, cannot be loaded with Microsoft Edge browser.
`Occurs when the Microsoft Edge browser is used. If the browser window is
`maximized, the page is blurred; if the browser window is not maximized, the page
`disappears.
`
`Users
`
`Issue ID
`
`1715?3
`
`169277
`
`Issue ID
`Resolved issue
`
`
`The domain element of logged in users is not displayed on the Users > Status page if a
`very large number of users are authenticated using Single Sign—On. and a warning is
`displayed, “Attempt to free already freed entry 0x35d4f2d8 to UserlpDomain free
`list!”.
`
`174654
`
`Occurs when the maximum allowed number of users [100,000 in this case] are
`authenticated using 550 on the appliance, with about two thirds of them (65,535]
`authenticated to the same domain, and then some of those users log out, causing the
`domain element to stop being displayed for the remaining users in that domain. After
`more users log out, the warning is displayed.
`
`VPN
`
`Resolved issue
`Issue ID
`
`
`A VPN tunnel policy cannot be established.
`
`175975
`
`Occurs When the tunnel is bound to a DHCP WAN interface that is not in the WAN
`Load Balancing {WLBI group and the system is rebooted.
`
`The Allow Advanced Routing option should not be displayed on the Site—tO‘Site VPN
`policy configuration window.
`
`175850
`
`Occurs when configuring a Site-to-Site VPN policy and viewing the Advanced tab. This
`option should only be displayed for a Tunnel Interface policy.
`
`Unable to add a manual key.
`Occurs when attempting to add an IPv6 manual key on the VPN > Settings 3» VPN
`Policy dialog.
`
`Any unnumbered tunnel interface with dynamic routing is not retained during an
`upgrade.
`Occurs when SonicOS 6.x is upgraded to Sonicos 6.2.5.1.
`A VPN tunnel interface cannot be deleted.
`
`170547
`
`169993
`
`169627
`
`Occurs when a VPN policy of type tunnel interface is configured and then a VPN
`tunnel interface with that name is configured. After upgrading to 6.2.5.1, the VPN
`tunnel interface cannot be deleted as the name has been lost during the upgrade.
`
`SonicWalI-Finjan_00016714
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 11 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 11 of 18
`
`Wireless
`
`Resolved issue
`Issue ID
`
`
`The guest login status window with the Logout button is still displayed although the
`option to display it is disabled.
`Occurs when Wireless Guest Services is enabled and the ”Show guest login status
`window with logout button” option is not selected on the Users > Guest Services
`pageI and then a wireless client Logs in.
`
`Authentication for a SonicPoint ACelACi/NZ cannot be changed directly.
`Occurs when changing the authentication type from WPA2 - EAP to WEP - Shared Key
`by configuring the profile for a SonicPoint ACefACiINZ.
`Workaround: Change the authentication type from WPA2«EAP to WEP-Both (OPEN
`System and Shared Key]. And then, change the authentication type to WEP-Shared
`Key.
`
`175286
`
`171722
`
`Known 1 ss ues
`
`The following are known issues in this release.
`
`3GJ4G
`
`Known issue
`Issue ID
`
`
`The Connect on Data mode is not Working for 36 cards, causing traffic to stop passing
`and no Internet access due to an unsuccessful failover to WWAN after the WAN
`interface is disconnected.
`
`175877
`
`Occurs when a 36 card is connected to the U0 port, U0 is configured in Connect on
`Data mode as the final backup for the WAN {X1} interface, traffic is passing from a
`client system on the LAN side to the WAN and then the X1 interface is disconnected.
`
`Some China-Huawei 36 cards do not connect after the primary WAN interface goes
`down.
`
`175146
`
`Occurs When 36 is configured as final backup in DoD mode, While using a China—
`Huawei 36 card, including the Huawei E398 card with China Unicorn SIM card and the
`Huawei EC169C card with China Telecom SIM card.
`
`Website access over ATEtT Beam and AT&T Momentum 46 USB modem cards fails with
`a connection reset page. Other traffic types succeed, including ping, telnet, and
`nslookup.
`
`168487
`
`Occurs when accessing the Internet over the WAN interface while either of these
`AT&T cards is connected to the U0 port. This issue occurs because the Maximum
`Transmission Unit {MTUi changed from 1500 to 40 in the AT&T network.
`
`AppFIow
`
`Known issue
`Issue ID
`
`
`The GMS flow server continues to send flow data to Agent 1 after updating the
`configuration to use Agent 2.
`
`175592
`
`Occurs when Apply is not clicked after updating the configuration to use Agent 2.
`
`SonicWalI-Finjan_00016715
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 12 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 12 of 18
`
`App Rules
`
`Resolved issue
`Issue ID
`
`
`Policies with match objects are not enforced.
`
`173739
`
`Occurs when the match object size is greater than 150 bytes.
`
`Capture ATP
`
`Known issue
`
`The scanned files are truncated and the firewall log shows “File truncated due to
`highly delayed acks”, but the scan history shOWs all 45 files scanned with result
`clean.
`
`Occurs when sending a PDF file with IMAP protocol as an attachment through a VPN
`tunnel interface.
`
`Issue ID
`
`176213
`
`Some file uploads result in a "highly delayed acks” response and do not receive the
`expected receipt confirmation from the cloud servers.
`
`175967
`
`Occurs when the number of files uploaded for analysis exceeds the concurrent files
`limit for the platform. On a platform supporting 25 concurrent files, if 50 files are
`uploaded for analysis, a “highly delayed acks” response is received for two of them.
`
`The Gateway Anti-Virus status says, "Gateway Anti-Vims Status: File sent to Sandbox,
`but could not confirm receipt due to highly delayed acks".
`Occurs after sending a file to the Capture ATP cloud sewers for analysis.
`
`175415
`
`DPl-SSL
`
`Known issue
`Issue ID
`
`
`The HTTPS service object is not correctly excluded by Client DPI-SSL.
`
`175696
`
`Occurs when the firewall is deployed between an HTTPS proxy server and a client
`system, the proxy server is configured in the client browser, Client DPIvSSL is enabled
`along with the Deployments wherein the Firewall sees a single server IP for
`different server domains, ex: Proxy setup option , HTTPS is selected in the Client
`DPI-SSL Exclude drop-down for Service Objecthroup, and then the user accesses
`some online banking websites which are not excluded as expected, but are decrypted
`by DPl-SSL and the certificates are re-issued by SonicWALL. If proxy is not set in the
`client browser, those sites are correctly excluded from DPl-SSL.
`
`Log
`
`Known issue
`Issue ID
`
`
`The Web Site Hits table is always empty in the Log : Reports page.
`
`176224
`
`Occurs when clicking the Start Data Collection button on the Log 2» Reports page and
`then running LAN to WAN HTI'FU‘H'ITPS web browsing traffic.
`
`Networking
`
`Known issue
`
`SonicOS does not display the teamed OSPF network in either the OSPF routing table
`or in the IP routing table.
`
`Occurs when the interface on the area border router {AER} for the area including the
`firewall is configured as passive.
`
`Issue ID
`
`175469
`
`SonicWalI-Finjan_00016716
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 13 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 13 of 18
`
`Issue ID
`Known issue
`
`
`The tunnel interface name is not displayed in the connection monitor table after
`traffic passes through an unnumbered VPN tunnel interface.
`
`175449
`
`Occurs when a tunnel interface VPN policy is added and a static route going through
`this VPN tunnel interface is added, and then traffic is sent to the destination.
`
`Traffic fails on 1OGb interfaces that are changed from Wirernode in a High
`Availability pair.
`
`175333
`
`Occurs when X18 and X19 are configured as Wirernode pair interfaces in inspect mode
`and traffic is passing, and then X18 is unassigned, then assigned to the LAN zone as a
`static interface and a DHCP server is bound to it. After a client PC connected to X18
`renews its DHCP lease, traffic to the WAN fails and pings from the client PC are not
`received.
`
`The link status between a T2 appliance and a Dell X-Series switch displays “no link”.
`
`175205
`
`OCcurs when changing the link settings to 100 Mbps Full-Duplex with one switch using
`an Isolated Link configuration or with two switches using a Common Link
`configuration.
`
`The FQDN resolved results are not synchronized on the firewalls in an HA pair.
`
`174716
`
`Occurs when a firewall in an HA pair is idle and Stateful Synchronization is enabled.
`
`Auto-added route entries for the WAN are disabled and dimmed in a firewall
`
`173703
`
`configured with a redundant WAN port.
`
`Occurs when WAN port goes down but its redundant port is still up, and then the
`firewall is restarted.
`
`Security Services
`
`Issue ID
`Known issue
`
`
`Workstations cannot communicate with Windows Shared Folders. Files cannot be
`copied, and this GAV alert is generated, “5MB out of order readlwrite”.
`
`175366
`
`Occurs When the CIFSINetbios option is enabled on the Security Services > Gateway
`Anti -Virus page. Communication works after disabling CIFS! Netbios.
`
`Gateway Anti -Virus does not correctly block a malicious email attachment.
`Occurs when using Thunderbird as the email client to download email from an IMAP
`server on the WAN, and email with a malicious attachment is downloaded.
`
`174499
`
`Switching
`
`Known issue
`Issue ID
`
`
`The L2 LAG members are not aggregated on the VLAN trunk ports, and traffic is
`blocked.
`
`175363
`
`Occurs when PortShield and L2 LAG are configured on the VLAN trunk, and the
`firewall is restarted.
`
`A VLAN interface bound to a Trunk interface cannot be deleted, and the Switching >
`VLAN Trunking page only shows the first 32 configured VLAN interfaces.
`
`175229
`
`Occurs When more than 32 VLAN interfaces are configured on the Trunk interface,
`and the one to be deleted is not displayed on the Switching > VLAN Trunking page.
`
`The L2 Link Aggregation Group {LAG} function does not respond.
`
`175152
`
`Occurs when creating a new LAG group, and the aggregator port link is down, and the
`primary WAN is in Round Robin mode.
`
`SonicWalI-Finjan_00016717
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 14 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 14 of 18
`
`Syslog
`
`Known issue
`Issue ID
`
`
`Syslog messages for both admin and user login sessions show “dur=0”, instead of the
`actual duration of the login. This causes SonicWALL GMS to dispiay zeros for the login
`session duration.
`
`175823
`
`Occurs when capturing and viewing the syslog messages that are sent to GMS, and
`when viewing the login durations in GMS.
`
`System
`
`Known issue
`Issue ID
`
`
`Sending diagnostic reports to Support can cause the SonicOS management interface
`to become unresponsive for up to 15 minutes.
`
`175969
`
`Occurs when the Send Diagnostic Reports to Support button is clicked on the System
`> Diagnostics page.
`
`The Enable FTP 'REST' requests with Gateway AV option in the Gateway Anti-Virus
`settings is not turned on after enabling DPI and Stateful Firewali Security.
`
`175100
`
`Occurs when GAV is licensed but disabled with all options disabled, and then the DPI
`and Stateful Firewall Security button is clicked on the System > Settings page and
`the firewall restarts.
`
`The Enable HTTP Byte-Range requests with Gateway AV option in the Gateway
`Anti-Vims settings is not turned on after enabling DPI and Stateful Firewall Security.
`
`175098
`
`Occurs when GAV is licensed but disabled with all options disabled, and then the DPI
`and Stateful Firewall Security button is clicked on the System > Settings page and
`the firewall restarts.
`
`Connections do not update their configurations.
`
`175006
`
`Occurs when Enable Stealth Mode and Randomize lP ID are enabled, and Decrement
`1P TTL for forwarded traffic is disabled, and Maximum DP! Connections is set with DPl
`services enabled.
`
`Users
`
`Known issue
`Issue ID
`
`
`Local users with Limited Administration rights and local users who are part of the
`Read-only Administrators group cannot access the SonicOS management page, but are
`redirected to an authentication page.
`
`175973
`
`Occurs when the local users also belong to the Guest Services group, and Guest
`Services is enabled in the LAN zone, and the user attempts to log into the appliance
`and clicks the Manage button.
`
`RADIUS or LDAP authenticated user sessions remain active after clicking the Logout
`button.
`
`175765
`
`Occurs when a user on the LAN side attempts to access the Internet through the
`firewall and logs in when the login redirect window is displayed and then clicks the
`Logout button. When the Users > Status page is checked, the Active User Sessions
`table still shows the user session as active, and the user can continue to access the
`Internet from the same computer without being required to log in again.
`
`SonicWalI-Finjan_00016718
`
`

`

`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 15 of 18
`Case 5:17-cv-04467-BLF Document 320-10 Filed 12/02/20 Page 15 of 18
`
`VPN
`
`Known issue
`Issue ID
`
`
`The Apply NAT Policies option cannot be enabled in a VPN policy of type Tunnel
`Interface, preventing NAT policies from being applied over the unnumbered tunnel
`interface.
`
`175882
`
`Occurs when the VPN policy is added with the Apply NAT Policies option enabled, but
`when verifying it, the checkbox for Apply NAT Policies is not selected and it cannot
`be enabled.
`
`Traffic over a numbered tunnel interface fails after upgrading the appliance
`firmware.
`
`175845
`
`Occurs when the firewall is upgraded from SonicOS 6.2.4.2 to 6.2.5.1 or 6.2.6.0.
`
`Workaround: After importing configuration settings from a firewall running 6.2.4.2
`to a firewall running 6.2.5.1 or 6.2.6.0, manually recreate the VPN Tunnel Interface
`{numbered tunnel interface}, the route entries, and the firewall access rules.
`
`Connecting via SSH to a firewall with a VPN tunnel set up results in the error
`message, "maximum number of ssh sessions are active, please try again late r”.
`Occurs when a site-to-site VPN tunnel is active between two firewalls and four SSH
`sessions are started on one of the firewalls, then the VPN tunnel is disabled followed
`by exiting all SSH sessions, and then the VPN tunnel is reconnected and the
`administrator attempts to connect via SSH again.
`
`175610
`
`Wireless
`
`Known issue
`
`The beacon interval for a SonicPoint Virtual Access Point (VA?) is affected by the
`beacon interval set for an internal wireless VAP. The error message "Error: Too small
`802.11 Beacon Interval for Virtual Access Point” is displayed upon moving more than
`four VAP objects into a Virtual Access Point Group.
`
`Occurs when a SonicPoint is connected to a T2 Wireless appliance which has its
`wireless radio enabled with the Internal AP Group configured as the Virtual Access
`Point Group, and the beacon interval is set to a value such as 400 milliseconds on the
`Wireless ) Advanced page. The SonicPoint is connected to a WLAN interface of the TI
`and its beacon interval is set to a different value, such as 600 mi