Flashing Cyberguard SG560

Had quite the adventure this morning. Decided to upgrade firmware to 4.0.4 which has been completely rebranded by McAfee who have apparently bought out Secure Computing.

After upgrading I had some issues. Web interface was MUCH slower due to the graphical enhancements (graph showing CPU usage and other stuff on the first page, etc.) I could have lived with the slowness, but the device kept inexplicably rebooting. Seemed like it was running out of memory or something. It seemed to run fine until I went in to make changes to the unit and then it would reboot.

SG560Flash So, I decided to downgrade back to the latest version of the Secure Computing version of the firmware before they were bought out by McAfee and the firmware was rebranded. I found that you can do that by including the “-i” option in “Extra Parameters” as shown to the left.

It worked but after it finished I no longer got any response from the SG560. I went back to look at it and all of the LED lights were flashing in unison. It had been a long time since I had flashed it and had forgotten that this is normal for when the unit is needing to be configured. It means that the default settings have been cleared and it has a default IP address of 192.168.0.1 There is no DHCP server enabled and so you have to assign a static IP address to your laptop or whatever you’re connecting to the SG560 with. You have to connect directly to it via a network cable and then you can restore the config backup or whatever. Default login is: root
Password: default

I spent a lot of time trying to figure out what the problem was. Ended up downloading the netflash.exe tool (for use with all SG models) and doing a unit recovery. Also had to download the recovery file “recovery version 1.0.4 for SG560” in connection with the netflash tool. Ran this and had an issue at first where it just sat there trying to do the recovery:

SG560Recovery SG560RecoveryAssignIP I couldn’t get the capture for the actual problem I had. It said something about there being more than one interface on my PC and asking if the one referenced by the IP address it showed was the right one. It was the Hamachi adapter. I choose no but then it would not work. I think it’s supposed to choose the other available adapter when you choose no, but if that’s what is supposed to happen, it didn’t. I was able to get it to work by disabling the hamachi adapter in network neighborhood.

SG560RecoverySelectRecoveryFile SG560RecoveryHang

So after sucessfully running the recovery I then upgraded the firmware to the older version that I wanted it to be at (3.2.2) I still hadn’t understood that all the lights flashing in unison was an indication that it was needing to be configured (ie: assign static IP address to laptop in 192.168.0.0 subnet, connect to the web management at http://192.168.0.1 and then restore the backup I had made to begin with. -> forgot to mention at the beginning that I did make a backup of all the settings before doing the firmware update… (I’m getting a little wiser in my old age.)

Once I realized that I had to redo the recovery a few more times and I was able to get everything going.

One other important note: To reset the SG560 to default factory settings hit the reset button in the back twice in a row within 3 seconds. Pretty much just right in a row with no delay between the two depressions.

After reading in a few different versions of the manual for the SG560 I became convinced that the DNS proxy does cache the DNS entries on the device itself and does not register the DNS entries with the DNS server that is owned by your ISP. It may attempt to, but I think the ISP must have some settings for their DNS server that rejects requests from subscribers to update DNS records on their server for names within their local network.

DNSProxy So I checked the “Update DNS with local DHCP leases” I was reluctant to do this before because I was afraid that it would register the names with my ISP’s DNS server and somehow other users on the node would be able to get to my devices on my local network. Even if it does register they shouldn’t be able to get to them because that traffic would be dropped by the firewall settings on the SG560.

I need to get a firmer grasp on all of the packet filter rules on the SG560. Not entirely confident with this yet.

With the “Update DNS with local DHCP leases” checked I get the expected results when doing an NSLOOKUP on any of the devices on the network.

NSLookup It shows as non-authoritative, but it does work. Before I was unable to ping to my laptop when it was connected wirelessly to the network. I could ping out from the laptop via the wireless connection but could not ping to the laptop. When connected with an ethernet cable then I could ping to it. I couldn’t figure this out. Still can’t. After rebuilding the SG560 it started working. Based on this post I do know it had to do with the DNS proxy server not working. I thought I would have to set up BIND on my debian server (ubuntu) which I haven’t ever done. Still should probably do that some time for the experience.

The laptop is multihomed by the fact that it has a wireless connection and a wired connection. Thus the nslookup shows two IP addresses for the name “mikelaptop” The 192.168.50.61 is the ethernet gigabit lan adapter and the 192.168.50.12 is the intel pro wireless adapter. When I first tried pinging mikelaptop I did it when the laptop was connected via the gigabit lan adapter and it worked. Then I disconnected and connect with the wireless adapter. At first I could not ping as it was still resolving to 192.168.50.61 which was the gigabit adapter. After using nbtstat -R to clear the netbios lookup cache then it did resolve to the 192.168.50.12 and I got a ping response.

Does that make sense? Does netbios use DNS? I just finished researching it and yes, it can resolve via DNS, but there’s more to it than that. More information here.

UPDATE – August 3, 2011: Since it looks like eventually the firmware files may no longer be available from McAfee, I decided to grab some of the files that pertain to SG560 and put them here for whoever might need them in the future.

DOWNLOAD SG560 FIRMWARE FILES

This entry was posted on August 21, 2009, 12:27 pm and is filed under Technical Journal. You can follow any responses to this entry through RSS 2.0. You can skip to the end and leave a response. Pinging is currently not allowed.

#1 by Chris on October 8, 2009 - 6:18 am

Quote

Where did you get the the firmware 3.2.2?
I can’t find anything but the new ones.

#2 by mbrinson on October 8, 2009 - 8:36 pm

You can get that firmware and older ones here:

http://my.securecomputing.com/downloads.cfm

You have to sign up to be able to log in.

#3 by Line O'Sevens on May 18, 2011 - 5:51 pm

I know this is waaaay old, but for the purposes of Those Who Come After Us who are looking for firmwares for these and who find the previous link no longer useful (McAfee shut it all down), here’s a link that DOES work as of May 2011:

http://go.mcafee.com/utm/downloads/snapgear/firmware/archive/

#4 by mbrinson on August 3, 2011 - 8:15 am

Thanks Line! I’m updating the link in the post to reflect the new one.

Mike's Blog

Gospel study notes and technical journal

Flashing Cyberguard SG560

4 Comments

Categories

Admin

Tags

inGroup GTM Classifier