๐Ÿ—„๏ธ Assets

SonicWall EoL Highlights an Asset Management Gap: Network Equipment Lifecycle Tracking in Enterprise Environments

The SonicWall Generation 6 end-of-life situation reveals a consistent gap in enterprise asset management: network equipment EoL dates are not tracked with the same rigour as software licence renewals or server hardware refresh cycles. Organisations with accurate, proactively managed network equipment lifecycle records have a weeks-to-months advantage in responding to EoL-driven security risks.

4 min read
#asset-management#end-of-life#network-equipment#sonicwall#vpn#lifecycle#cmdb

SonicWallโ€™s Generation 6 SSL-VPN appliances reached end-of-life on 16 April 2026. For organisations that discovered this fact on 19 May โ€” when ReliaQuest published research documenting active ransomware exploitation of EoL-related vulnerabilities โ€” the response window is already compressed. The hardware was unpatched for over a month before the full exploitation picture became clear. This lag is not unusual; it is the typical pattern for EoL-driven security incidents.

The underlying cause is rarely a lack of awareness that hardware eventually reaches EoL. It is the absence of systems that proactively surface EoL dates as actionable security events rather than operational notes buried in vendor documentation.

The Asymmetry in Asset Lifecycle Tracking

Enterprise organisations typically track software licence renewals with precision โ€” the financial and operational consequences of a lapsed licence are immediate and visible. Server hardware is tracked in CMDB systems with hardware refresh cycles driven by manufacturer warranty periods.

Network equipment occupies a different position. Firewalls, VPN appliances, switches, and routers often remain in operation significantly beyond their manufacturer warranty periods without the same financial pressure driving renewal. End-of-life for network equipment means loss of support and patches โ€” consequences that are security risks rather than immediately visible operational failures.

The result is that network equipment EoL dates are commonly tracked inconsistently: some in spreadsheets, some in CMDB notes fields, some only in the memories of the network engineers who originally deployed the devices. When a vendor announces EoL, the information reaches security teams through advisory channels โ€” but the gap between โ€œvendor announces EoLโ€ and โ€œsecurity team knows that device X at location Y is affectedโ€ can be weeks or months.

Building a Network Equipment Lifecycle Register

The practical solution is a dedicated network equipment lifecycle register as part of the CMDB, with the following fields:

Device identification: Hostname, location, model, serial number, firmware version, function (SSL-VPN, perimeter firewall, core switch, etc.)

Lifecycle dates: Manufacturing date (for hardware-specific CVEs), initial deployment date, vendor warranty end date, vendor end-of-support date, vendor end-of-life date. Where EoL dates are not yet announced: estimated EoL based on vendor product generation cadence.

Current patch status: Firmware version vs. latest available version. Outstanding CVEs for the current firmware. CISA KEV-listed CVEs outstanding on the device.

Network exposure: Internet-facing (yes/no), accessible from untrusted zones, authentication handling (yes/no), criticality to business operations.

Planned replacement: Target replacement date, replacement project status, hardware ordered (yes/no).

Risk rating: Combined assessment of EoL proximity, outstanding CVEs, exposure level, and compensating controls.

Proactive EoL Monitoring

Several mechanisms can reduce the gap between vendor EoL announcements and security team awareness:

Vendor EoL advisory subscriptions: Most major network equipment vendors maintain mailing lists or RSS feeds for lifecycle announcements. Register for these and route them to a security distribution list.

PSIRT advisory tracking: Vendor security advisories (PSIRTs) typically note whether patches are available for all supported versions or only for currently supported versions. A PSIRT that lists a CVE as unpatched for the model version in your environment is an early indicator of EoL-driven exposure.

Annual lifecycle review: Schedule an annual review of all network equipment in the lifecycle register, checking vendor EoL pages for announced dates in the coming 12โ€“18 months. Devices reaching EoL within 12 months should enter active replacement planning.

CISA KEV integration: Regularly compare the CISA KEV catalogue against devices in the lifecycle register. Any KEV-listed CVE affecting a device in the register that is unpatched (whether due to EoL or patch latency) should trigger immediate escalation.

The SonicWall Case as a Template

SonicWall announced the Generation 6 EoL date well in advance โ€” organisations had months of notice. The security incidents attributed to Akira ransomware affecting Gen6 devices in April and May 2026 are not the result of surprising new information; they are the result of the EoL date arriving without completed remediation.

A proactive lifecycle register with a 12โ€“18 month forward-looking review would have surfaced the Gen6 EoL as a planned security project no later than mid-2025, allowing hardware procurement, migration planning, and replacement to complete before the device became an unpatched, actively-exploited perimeter component.

The cost of the tracking infrastructure is low. The cost of the alternative โ€” discovering that perimeter equipment is EoL during an active ransomware incident โ€” is substantially higher.

Share this article