SonicWall explains why firewalls were caught in reboot loops

In a weekend update, SonicWall said the widespread reboot loops that impacted next-gen firewalls worldwide were caused by signature updates published on Thursday evening not being correctly processed.

According to online complaints from admins [1, 2, 3], devices from all Gen 7 firewall series running SonicOS 7.0 were stuck in reboot loops starting from 9:30 PM EST on January 20 and onwards.

While SonicWall provided a workaround to revive the impacted firewalls by disabling incremental updates to IDP, GAV, and SPY signature databases, the company didn't explain what was causing the issues.

SonicWall shared the root cause of the connectivity and restart loop issues affecting its products in a new update published over the weekend on its support site.

"Certain firewalls running SonicOS 7.0 were not able to correctly process the signature update published on Jan. 20. During signature update parsing by one of the components within SonicOS, a corner case error condition led to a restart or connectivity disruption. Firewalls are designed to fetch new signatures on startup, so this process repeated after a restart," the company said.

"SonicWall updated the signatures to address the issue, including refreshed timestamps. Firewalls will automatically pull the full signature update, so no end-user action is required. SonicWall has identified the root cause and implemented multiple changes to prevent future occurrences."

Reactivate incremental updates after applying the fix

The company also advises customers who have applied the temporary workaround to re-enable incremental updates "once the firewall has returned to normal operation" as it makes signature delivery faster.

Customers should reach out to SonicWall support if the new signature updates or the temporary fix don't address the Gen 7 firewall reboot loop issues.

SonicWall's Gen 7 firewalls are its newest firewall devices with encrypted traffic inspection, malware analysis, and cloud app security capabilities.

Models include TZ series firewalls for SMBs and branches, the NSa series firewalls for mid-sized enterprises, the NSsp series firewalls for large enterprises, data centers, and service providers, and the NSv series virtual firewalls.

SonicWall also revealed earlier this month that some of its Email Security and firewall products were experiencing message log updates and junk box failures starting with January 1, 2022, because of the Y2K22 bug.