1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tivo and SonicWall Firmware 5.9.x IPS Download Issue Solution

Discussion in 'TiVo Help Center' started by Gerhard, Sep 4, 2013.

  1. Sep 4, 2013 #1 of 22
    Gerhard

    Gerhard New Member

    231
    0
    Sep 29, 2002
    So,

    I just spent server hours on the phone with SonicWall, as my Firewall / IPS was not allowing the download of the Tivo program updates.

    I had recently updated to firmware 5.9.x on the SonicWall, and the IPS (Intrusion Prevention System) was block the Tivo programming update as a LOW LEVEL MALWARE ATTACK!

    So, either the new firmware or the latest signatures for the latest firmware (5.9 at this posting), was causing the issue.

    Unfortunately, you only have two options with a SonicWall:

    1) Allow the Tivos to by-pass the IPS system completely. (Do you trust Tivo?)

    2) Turn off the Low Priority Attacks setting on the SonicWall IPS.

    Unlike a Palo Alto or Tipping Point, it appears that a common SonicWall (e.g. small business one) can not be set to allow a specific tripped rule to be turned off for a specific network object.

    [At least that's what they told me... which doesn't make sense...]
     

    Attached Files:

  2. Sep 4, 2013 #2 of 22
    Gerhard

    Gerhard New Member

    231
    0
    Sep 29, 2002
    I take it all back, It appears that you cannot have the IPS Turned on for the LAN segment.

    There is something that the TiVo is doing that is being considered some sort of attack or malware and it is being blocked by the IPS and version 5.9 of the SonicWallOS software.

    Oddly, even if you exclude the TiVos from the IPS by designating them with static IP addresses and placing them in the IPS exclusion list, they will still fail to get their programming updates.

    Of course, the WANN segment of the sonic wall is turned on for IPS and all the other goodies the sonicwall does but, it seems kind of strange that you can't turn the IPS on the LAN segment.

    I guess it's time to do a full packet capture of what the TiVos are sending out on the web and receiving from the web in order to determine exactly what malware signature or virus signature or whatever is causing them have IP packets dropped.
     
  3. Sep 4, 2013 #3 of 22
    kdmorse

    kdmorse Active Member

    5,031
    7
    Jan 29, 2001
    Germantown, MD
    I wonder if it's a remanifestation of this old (2005) problem report:

    Of course it could also be completely unrelated.
     
  4. Sep 4, 2013 #4 of 22
    Gerhard

    Gerhard New Member

    231
    0
    Sep 29, 2002
    Ahhhhh.... Another Deutschstadter!


    Howdy neighbor! I'm going to call and ask for an American tomorrow... Someone that can handle giving a systems engineer the low down on how the sonic wall should be properly setup.

    The IPS has almost no information exception for how to buy a license in e manual!

    ...and the guy didn't want to believe it could possibly be the SonicWall.

    Let alone the fact that the only actual PC I have is so locked down that he could not get their remote access (webex) to wok...

    "Please use chrome instead of IE"

    "You understand that I don't have JAVA installed,mor Chrome,,or flash, etc... Right? And I'm not going to be installing them... So why don't you tell me what to do, and I'll take some screen shots, and send you a limited packet capture. Then I want it analyzed, and I want you to tell me exactly which IPS rule is being triggered, and how we allow an exception for only the TiVos..."

    Crickets, and whining...
     
  5. mystikal1

    mystikal1 New Member

    1
    0
    Sep 17, 2013
    San Antonio, TX
    Have you heard anything on this. I am having the exact same problem. Was pulling my hair out thinking it was me until I saw this post..
     
  6. LTrain425

    LTrain425 New Member

    1
    0
    Sep 19, 2013
    Thank you for posting this, I had the exact problem on a NSA 240 that I just upgraded to 5.9. I downgraded to 5.8 and it's working again.

    Downgrading required a factory reset of the SonicWall, something in 5.9 saved config did not allow 5.8 to boot. Not too bad since I don't have much in the way of configuration in my SonicWall, but if you have a complex config with forwards be warned that a downgrade may require a full wipe and rebuild.
     
  7. Gerhard

    Gerhard New Member

    231
    0
    Sep 29, 2002
    Folks,

    My current case number is 02645462 and I suggest you call Sonicwall / Dell and open one as well.

    The issue at hand is that their technical support wants to use work arounds, as opposed to fix the problem.

    They have clearly fixed it previously, and the workaround basically means that you need to isolate the TiVos and loose all of the tablet remote functionality, etc.

    (The work around is to put the TiVos on a separate network, then give them new DHCP IP addresses, and disable all IPS related functionality on that network. Obviously, it's unwise to open traffic between LAN1 and LAN2 (LAN2 being the TiVo network), as the entire reason for having an IPS on your primary LAN is to prevent network intrusion, etc.)
     
  8. ewjreplay

    ewjreplay New Member

    14
    0
    Oct 8, 2008
    I use a Sonicwall TZ215 and have the same issue. At first I thought it was TIvo, then I thought it was me (not setting up the Sonicwall right) and now from testing I know it is the Sonicwall.

    The downloads work when my Linksys is used. It did not work when I had my Sonicwall wide open all ports/no filters LAN/WAN etc.

    I also noticed a 18% drop in throughput and internet speed with the new firmware.

    I have reported both to Sonicwall; my first report since 2009 on Monday morning via email. Considering I have this (and others) with TotalSecure I assumed they would get back to me within 24 hours. If I do not hear from them by noon Wednesday I will call them.

    Either way I will let you know what I hear back.



     
  9. ewjreplay

    ewjreplay New Member

    14
    0
    Oct 8, 2008
    I did that and still had connection problems plus I want my TiVo on a network with my xbox and home wireless for guest. Basically they are asking you to turn part of your router into a 3 year old $80 Linksys router.

     
  10. Gerhard

    Gerhard New Member

    231
    0
    Sep 29, 2002
    I posted a link to this thread and pointed out that I'm not the only person with this issue...

    I have been asked for full blown packet dumps (again)... Tell your tech to look at my case, as I've got screen caps in there, and packet caps, and such from the Tivo to the WAN.
     
  11. Gerhard

    Gerhard New Member

    231
    0
    Sep 29, 2002
    Folks,

    I've got to start by saying that sonicwall has horrible technical support.

    Basically, no matter what I say to them, they can't answer my questions.

    What I said to them was this (I'm an systems engineer):

    1) What rule is being violated by the Tivo's that is causing the issue?

    2) How to I add an exception for specific MAC addresses?

    3) Why when I perform adding exceptions does it not work?

    Right now I'm waiting to see if the new firmware works properly, but the initial solution was to put the Tivo's on their own VLAN and use a separate port on the SonicWall with the IPS/Malware checking disabled.
     
  12. scb87

    scb87 New Member

    1
    0
    Nov 1, 2013
    FYI only, I just spent the past 2 weeks debugging this very issue. Like most of you, once I upgrade my firmware from 5.8 to 5.9, the Tivo Program Guide would no longer download. So, after trying to get Sonicwall to tell me which 'rule' was blocking it, by process of elimination we've determined that it was the Content Filtering System (CFS) that was blocking it. I've since created an exception list of the Tivo's IP and it's back to working. I'm still waiting for them to tell me what the actual problem is tho.
     
  13. GreggS

    GreggS New Member

    1
    0
    Nov 8, 2013
    It is possible to exclude the TIVO services from IPS.

    1) Under Address Objects create three range objects tied to the WAN zone
    208.73.180.0 - 208.73.183.255
    204.176.49.0 - 204.176.49.127
    206.112.115.0 - 206.112.115.255

    2) Under Address Objects create a group object that contains the three range objects created in step 1

    3) On the Intrusion Prevention page, click Configure IPS settings. Select the "Enable IPS Exclusion List" checkbox. Select the "Use Address Object" radio button. Select the Group object created in step 2. Click OK.

    4) On the Content Filter page scroll down to the CFS Exclusion List section. Check the "Enable CFS Exclusion List" checkbox then select the group object you created in step 2. Click Apply at the top of the page

    What you are doing is telling the SonicWall that the IP addresses that belong to TiVo are ok to exclude from CF & IPS processing. Entering the IP addresses (or MAC addresses) of your TiVo boxes won't do it.

    I would still like to see this fixed so that IPS and CF can be turned back on for these IP addresses, but at least this leaves your TiVo boxes on the same network as the rest of your equipment.
     
  14. wcs1236

    wcs1236 New Member

    1
    0
    Nov 12, 2013
    Great job in figuring this out and explaining it!
     
  15. lcberry

    lcberry New Member

    2
    0
    Mar 6, 2003
    Dead on Greg! Worked for me on my TZ200 with 5.9 OS.
     
  16. techbrute

    techbrute New Member

    3
    0
    Dec 16, 2007
    Outstanding info. Now I just have to wait for the TiVo service to be fixed before I can actually test this.
     
  17. techbrute

    techbrute New Member

    3
    0
    Dec 16, 2007
    Ok, the service was up this morning when I woke, so I tried connecting and it worked. Thanks so much for the info!
     
  18. vmiikhelson

    vmiikhelson New Member

    1
    0
    Feb 5, 2006
    Hi scb87,

    Thank you for the hint. It reminded me an old SonicWall CFS issue with Stamps.com.

    All in all, I have excluded SonicWall from CFS and update worked immediately. It is much better than excluding it from IPS.

    Thank you,
    Vladimir
     
  19. tomatillo

    tomatillo New Member

    2
    0
    Jun 6, 2003
    Network -> Zones -> LAN -> remove Content Filtering if enabled. TiVo downloads will work again.
     
  20. microtel

    microtel New Member

    2
    0
    Jul 15, 2014
    BTW I have worked on dealing with this issue last year as well before going back to older firmware on the Sonicwall. Now I have had to update the device for other reasons and simply disabling the Content Filtering is not an option - If you have a Sonicwall at home, it is for a reason, Content Filtering is one big part of that reason for many, not to mention all the advanced protections the device offers. I would not recommend anyone do that to get around the issue, it would be better to go back to 5.8
     

Share This Page