SonicWall server glitch leaves networks unprotected

Updated 3:36 p.m. PST with SonicWall comment.

An outage at SonicWall's licensing server disabled subscription-based security services for customers for at least several hours on Tuesday, according to the company and an angry customer.

Beginning around 2 a.m. PST, "some SonicWall products contacting a particular SonicWall licensing server began receiving erroneous responses," the company said in an e-mail notice to customers sent around 5:40 p.m. PST on Tuesday.

"You are receiving this mail because our monitoring systems indicate that your SonicWall product(s) may have been affected. This may have caused the product license key to be reset, and in some cases may have affected the products' operation," the notice said. "The issue has been corrected and all servers and licensing functions have been restored."

The notice listed affected products as SonicWall UTM Firewall Appliances-PRO series, TZ series and NSA series; all SonicWall Email Security Appliances and Email Security software; SonicWall Content Security Manager Appliances; all Continuous Data Protection Appliances; and SGMS managed appliances.

It was unclear how long the outage lasted and how many customers were affected.

SonicWall spokeswoman Colleen Nichols sent CNET News this statement Wednesday afternoon: "Yes, very early yesterday, one server in SonicWALL's licensing server pool that handles distribution of signatures and license keys malfunctioned. This malfunction caused some customers' license keys to be reset, requiring them to be resynchronized. SonicWALL shut off this server shortly after it began malfunctioning, and at the same time proactively stopped automatic license key updates while we verified the integrity of the rest of our licensing servers. During this period, customers were still able to manually download updates and resynchronize their licenses through mysonicwall.com. As of noon yesterday, our license server pool is online and available, and affected customers can resynchronize their licenses through their product user-interface."

Customers who believe they are affected can go to SonicWall's Web site to get more information about resynchronizing their licenses keys, she said.

At least one customer was wondering why the operation of vital services would be tied to a server used for validating licenses.

"I was shocked this would happen," John Wilson, president of Avalon Technology Consultants, told CNET News. "It's like buying a car and because General Motors servers go down your car stops working."

Avalon, which manages about 50 SonicWall firewalls for its customers, noticed at about 10 a.m. PST on Tuesday that the firewalls were reporting that the antivirus, antispyware, and intrusion prevention services were not longer functioning, he said.

SonicWall advised customers to check all devices to be sure they were functioning, which "is not an insignificant task," he added.

"We have been recommending and installing SonicWall firewalls for our clients for several years, and we had no idea that the devices would stop working when SonicWall's servers went offline," Wilson wrote in an e-mail to CNET News.

"We believe that this is a serious security flaw with the potential to compromise security for tens of thousands or even millions of networks, and we believe this should be brought to the industry's attention," he wrote.