Latest News

Cyberattacks often begin with a single click. That’s why content filtering is more critical than ever in today’s digital landscape. But not all filtering technologies are the same and understanding the difference between DNS and URL filtering can help your organization build a smarter, layered security strategy for web access.

What is DNS Filtering?

DNS filtering works at the Domain Name System (DNS) level.
This is the same system that translates a website (like linkedin.com) into the IP address your device uses to connect.
When DNS filtering is enabled, requests for malicious, risky, or non-compliant domains are blocked before a full connection is established.

Benefits of DNS Filtering:

• Fast and lightweight – stops threats before a page even loads
• Great for remote/hybrid work – protection travels with users
• Broad protection – blocks entire domains known for hosting malware, phishing, or botnets.

Example:
If a user clicks a phishing link to malicious-phish.com, DNS filtering stops it from resolving so no connection or download is made (and no risk).

What is URL Filtering?

URL filtering goes deeper. It analyzes the full web address (URL), including the specific page, folder, or file path, after DNS resolution.

This allows organizations to enforce more granular web access policies and send the entire URL for more in-depth evaluation.

Benefits of URL Filtering:

• Granular control – Send specific pages for further risk-based evaluation (e.g., example.com/sports/basketball)
• Advanced Threat Protection – Stops users from accessing compromised subpages or dangerous downloads on otherwise “safe” domains

Example:
A site like example.com may be generally safe, but example.com/freeware.exe could contain malware. URL filtering catches this.

Version 7.3.1-7013 - This version of SonicOS 7.3.1 is a maintenance release for existing platforms and also resolves issues found in previous releases.

Release notes: 232-006386-00_RevB_SonicOS_7.3.1_ReleaseNotes.pdf

A new feature included in this release is Credential Auditor.

Credential Auditor is a built-in security feature that helps organizations reduce credential-based risks. It validates user passwords against industry-recognized lists of compromised credentials and provides actionable insights for administrators.

Key Capabilities

• Automated Credential Checks: Compares user passwords against known compromised credential databases.
• Risk Identification: Flags accounts with exposed or weak credentials for immediate attention.
• Administrative Actions: Enables administrators to enforce security measures, such as issuing warnings to affected users and requiring password changes.

Key Features:

• Provides proactive protection against leaked credentials, securing both local and externally authenticated accounts.
• Improves password hygiene across the network.
• Reduces the risk of credential-based attacks.
• Simplifies compliance with security best practices

More information: Understanding and Using Credential Auditor on SonicWall Firewalls

NSM (Network Security Manager) is now included with every Gen7/8 firewall with an active support subscription. Additional features are included in security/support bundles (like Advanced Protection Service Suite or Managed Protection Service Suite).

If you want to add or increase the storage time you can purchase SaaS 7, 30, 90 or 365 Days of Advanced Reporting and Analytics.

SaaS Reporting

Firewalls need active management. With MPSS, SonicWall experts handle the management of your Generation 7 or 8 firewall, ensuring you always have the best firewall configuration to defend against cyber threats.

SonicWall’s Managed Protection Security Suite (MPSS) brings the expertise of our SonicSentry team to manage and monitor your firewalls, becoming an extension of your team to help you maximise your resources and achieve better security. For MSPs, partnering with us for firewall management can help you grow your business without adding headcount, while also freeing your team to focus on more customer service-oriented tasks.

Managed Protection Security Suite Datasheet

As a prerequisite, a minimum level of configuration is required and a document is available to help. I would advise anyone to set their firewall to best practices and include these amendments.

MSS Managed Firewall Best Practice Configurations

Gen 7 pricing will be adjusted starting October 15, 2025, as we continue expanding our Gen 8 portfolio. While both Gen 7 and Gen 8 provide strong, modern capabilities, Gen 8 will be the platform for future innovations and extended lifecycle support.

Many of the new Gen 8 models are in stock (currently limited), but we're getting more in every week.

Added some discounted products - see home page promotions.

These mostly include some Essential renewal bundles, but also NSa 2700 offer.

Details here.

The SonicWall GEN8 TZ Series and GEN8 NSa Series firewalls introduce in-product migration capabilities that allow administrators to import configuration settings from supported legacy SonicWall firewalls. This greatly simplifies the upgrade process by eliminating the need for manual reconfiguration during hardware refresh or platform upgrade.

Settings Import Feature:

• Export/Import settings
• Devices must be entirely configured from scratch in a typical greenfield deployment (new setup). With GEN8 firewalls, you can import .exp configuration files from supported legacy devices, streamlining migration.
• The GEN8 TZ and NSa firewalls support in-product migration from select current and previous generation SonicWall firewalls.
• This feature is especially useful when upgrading from GEN6 or GEN7 models.

Key Benefits:

• Reduces time spent on manual configuration
• Maintains policy consistency across hardware generations
• Simplifies deployments and rollback planning

Pre-Requisites: The following devices are supported as source firewalls from which settings can be exported and imported to GEN8 TZs and NSa models:

SonicWall will retire the Essential Protection Service Suite (EPSS) effective August 1, 2025.

In today’s threat landscape — where cyberattacks use automation, AI, and advanced evasion — customers need a simple, effective solution. To address this, we’re simplifying our service portfolio to make it easier to deliver the protection your customers expect.

As of August 1, SonicWall will offer a single subscription bundle: the Advanced Protection Service Suite (APSS) — delivering best-in-class threat prevention at a low total cost of ownership.

Partners in the Service Provider Program can also choose the Managed Protection Service Suite (MPSS), which adds the firewall management expertise of the SonicSentry NOC. MPSS is currently available in NOAM, with global availability coming soon.

We encourage you to begin transitioning your customers to APSS or MPSS, both of which include advanced security, support, and SaaS-based reporting and analytics.

Device > Settings > Administration > Login / Multiple Administrators > Login security

Device > Settings > AdministrationLogin / Multiple Administrators > Login security

Device > Settings > Firmware and Settings

Device > Users > Settings > Authentication

Device > AppFlow > Flow Reporting > Settings

Device > Log > Settings

Device > Log > Name Resolution

Network > SSLVPN > Server Settings

Network > Firewall > Advanced > Settings

Network > Firewall > Advanced > Connections

Network > Firewall > Flood Protection > TCP > Layer 3 SYN Flood Protection - SYN Proxy

Network > Firewall > Flood Protection > UDP

Network > Firewall > Flood Protection > ICMP

Network > VoIP > Settings

Policy > Security Services > Gateway Anti-Virus

Policy > Security Services > Anti-Spyware

Policy > Security Services > Intrusion Prevention

Policy > Capture ATP > Settings > Basic

Policy > Security Services > Geo-IP Filter

Policy > Security Services > Botnet Fiter

Policy > Security Services > App Control

Policy > Security Services > App Control > Signatures

Objects > Match Objects > URI Lists

Objects > Profile Objects > Content Filter > CFS Default Profile > Settings > URI List

Objects > Profile Objects > Content Filter > CFS Default Profile > Settings > Category

Objects > Profile Objects > Content Filter > CFS Default Profile > Settings > Reputation

Objects > Profile Objects > Content Filter > CFS Default Profile > Advanced

Policy > Rules and Policies > Content Filter Rules > CFS Default Policy

In collaboration with Microsoft Threat Intelligence (MSTIC), SonicWall has identified a deceptive campaign to distribute a hacked and modified version of SonicWall’s SSL VPN NetExtender application that closely resembles the official SonicWall NetExtender software. NetExtender enables remote users to securely connect and run applications on the company network. Users can upload and download files, access network drives, and use other resources as if they were on the local network. Security solutions from SonicWall (GAV: Fake-NetExtender [Trojan]) and Microsoft (TrojanSpy:Win32/SilentRoute.A) will flag the installer as malicious and enable proactive defenses.

The website impersonating the legitimate NetExtender is hosting a Trojanized version of SonicWall’s actual NetExtender version 10.3.2.27 (the latest release version), digitally signed by “CITYLIGHT MEDIA PRIVATE LIMITED.”

The threat actor added code in the installed binaries of the fake NetExtender so that information related to VPN configuration is stolen and sent to a remote server.

Technical Details

The threat actor modified the following component files, which are part of the NetExtender installer, to execute the application and send configuration information to a remote server:

• NeService.exe (Modified file; digital signature is invalid)
• NetExtender.exe (Modified file; no digital signature)

Modifications to NeService.exe

This file is the SonicWall NetExtender Windows service used by the NetExtender application. It contains a function used to validate the digital certificates of NetExtender components. Upon successful validation, the program continues to execute; otherwise, it displays a validation failure message and exits.

In the malicious installer, this file is patched at all locations where the function results are evaluated. The patch bypasses the check, allowing execution to continue regardless of validation results.

Modifications to NetExtender.exe

Additional code was added to send VPN configuration information to a remote server with the IP address 132.196.198.163 over port 8080. Once the VPN configuration details are entered and the “Connect” button is clicked, the malicious code performs its own validation before sending the data to the remote server. Stolen configuration information includes the username, password, domain, and more.

Mitigation

SonicWall and Microsoft have acted quickly to take down the impersonating websites and have had the installer’s digital certificate revoked.

It is strongly recommended that users download SonicWall applications only from trusted sources: sonicwall.com or mysonicwall.com.

SonicWall Capture ATP with RTDMI™ detects the malicious installer, and SonicWall Managed Security Services identifies and blocks it as:

• GAV: Fake-NetExtender (Trojan)

Microsoft Defender Antivirus detects this as:

• "SilentRoute" Trojan ("TrojanSpy:Win32/SilentRoute.A")

IOCs

Sha256:

• d883c067f060e0f9643667d83ff7bc55a218151df600b18991b50a4ead513364 : Malicious NetExtender Installer
• 71110e641b60022f23f17ca6ded64d985579e2774d72bcff3fdbb3412cb91efd : Malicious NEService.exe
• e30793412d9aaa49ffe0dbaaf834b6ef6600541abea418b274290447ca2e168b: Malicious NetExtender.exe

Network:

• 132.196.198.163

DNS vs URL Filtering - What’s the Difference and Why it Matters.

Cyberattacks often begin with a single click. That’s why content filtering is more critical than ever in today’s digital landscape. But not all filtering technologies are the same and understanding the difference between DNS and URL filtering can help your organization build a smarter, layered security strategy for web access.

What is DNS Filtering?

DNS filtering works at the Domain Name System (DNS) level. This is the same system that translates a website (like linkedin.com) into the IP address your device uses to connect.

When DNS filtering is enabled, requests for malicious, risk, or non-compliant domains are blocked before a full connection is established.

Benefits of DNS Filtering:

• Fast and lightweight – stops threats before a page even loads
• Great for remote/hybrid work – protection travels with users
• Broad protection – blocks entire domains known for hosting malware, phishing, or botnets

What is URL Filtering?

URL filtering goes deeper. It analyzes the full web address (URL), including the specific page, folder, or file path, after DNS resolution.

This allows organizations to enforce more granular web access policies and send the entire URL for more in-depth evaluation.

Benefits of URL Filtering:

• Granular control – Send specific pages for further risk-based evaluation (e.g., example.com/ sports/basketball)
• Advanced Threat Protection – Stops users from accessing compromised subpages or dangerous downloads on otherwise “safe” domains

Why You Need Both

DNS filtering is your first line of defense by keeping users from even reaching known bad destinations. URL filtering is your second layer which analyzes deeper content on the fly to catch what DNS filtering didn’t.

Together they give you:

• Comprehensive threat coverage to prevent data loss and breaches
• Flexible policy-based controls based on user groups • A layered security approach that’s secures web access wherever your users are