Nope, as a Sonicwall Certified Engineer I can tell you this is basically wrong. Yes, it does save all the important keys in Plaintext, but only if you don't read the manual which warns about this, and only if you click ok on the dialog box pop-up which warns you about this when you go to do it. The legit need for this BTW is when you have to replicate a firewall config onto another Sonicwall box that's perhaps different architecture and you need a human readable copy of all the keys etc. Cheers- Neil Gardner ps. The more interesting Sonicwall issue is that if you don't change the default IP address of the Sonicwall (192.168.168.168) then anyone with access to your LAN segment can change the LAN Ip address of the Sonicwall using a publically available Sonicwall utility - even if the box has had it's username/password changed.... If I bothered to sniff out the transaction I would probably be able to recreate the ARP request that does this. I reported this in person to a Senior SOnicwall tech rep and he didn't think it was an issue. Go Figure. >>> Milton Lopez <mlopez@xxxxxxxxx> 31/07/2004 9:46:07 a.m. >>> Our Sonicwall Pro 300 firewall appliance includes a diagnostic tool called "Tech Support Report", which dumps the current configuration info to a plain text file. I have been asked by Sonicwall personnel to email this file as an attachment during several tech. support calls, without any additional warning or explanation. One of the items included in the report is a plain-text copy of the Shared Secret used for authenticating VPN users. Unless everything I've read about protecting this kind of information NOTICE: This message contains privileged and confidential information intended only for the use of the addressee named above. If you are not the intended recipient of this message you are hereby notified that you must not disseminate, copy or take any action in reliance on it. If you have received this message in error please notify Allied Telesyn Research Ltd immediately. Any views expressed in this message are those of the individual sender, except where the sender has the authority to issue and specifically states them to be the views of Allied Telesyn Research.
