You'll experience an issue when Sonicwall Email Security keeps giving errors of stale thumbprints. Trying to force a download of the affected database doesn't work. If you contact Sonicwall tech support they'll have you try and rebuild the databases, most likely using the following commands through SSH:
stop appservices
mysql -dodbrecovery
cleanupdcdatabase
However, after running those commands the thumbprint databases diagnostic page won't show any statistics for the thumbprint databases and won't populate.
This is caused because the Dell Secureworks iSensor IPS/IDS solution somehow changes the update packets going to Sonicwall enough that they fail checksum, and therefore are never applied. Once you remove the iSensor the updates will immediately start working and the thumbprint diagnostic page will start populating.
You'll need to call Secureworks and have them put in an exception for the Sonicwall IPs (mailfrontier.net is the URL). However, white listing them isn't enough, they need to modify the policy to prohibit the iSensor from touching the packets at all; simply white listing will continue to manifest the problem.
No comments:
Post a Comment