Cisco warns of an expired certificate for vEdge SD-WAN gateways. Customers are advised not to reboot their network devices under any circumstances.

Do you have a Cisco vEdge SD-WAN gateway in your office? Then stay away from there. The network specialist has been inundated with complaints from customers whose network was no longer reachable after restarting the gateway. The culprit: an expired hardware certificate.

The certificate expired on May 9, but seems to have baffled Cisco as well as cheated customers. The network specialist published a status update today with more information about the problem. The certificate is stored in the TPM chip of the physical SD-WAN gateway. vEdge routers with model numbers 1000, 2000 and 100M and 100B are susceptible to this.

This can lead to total failure when restarting the device. Loss of connection, port hopping, interface jitter, or operational policy changes are just a few of the possible consequences of a simple reboot. Cisco strongly advises against this.

Ticking time bomb

That’s easier said than done. Because even if the customer does not carry out this action, the gateway can restart itself, for example to install an update. Many customers are currently concerned that their connectivity could be lost at any time and they would have to reconfigure their gateway.

Cisco has already secured some software versions. On the status page you will find an overview of which version you can upgrade to, depending on which version you are currently on. You should be able to carry out these and only these updates with confidence. The updates are only preventive and cannot restore your gateway once the damage has been done.