SonicOS 7.0.1 Release Notes

Version 7.0.1-5119 June 2023

June 2023

This version of SonicOS 7.0.1 is a maintenance release for existing platforms and resolves issues found in previous releases.

For information about the most recent release for the NSsp 15700 platform, please see Version 7.0.1-5129 June 2023.

Supported Platforms

The platform-specific versions for this unified release are all the same:

Platform Firmware Version
TZ Series 7.0.1-5119
NSa Series 7.0.1-5119
NSv Series 7.0.1-5119
NSsp Series 7.0.1-5119
  • NSa 2700
  • NSa 3700
  • NSa 4700
  • NSa 5700
  • NSa 6700
  • NSsp 10700
  • NSsp 11700
  • NSsp 13700
  • TZ270 / TZ270W
  • TZ370 / TZ370W
  • TZ470 / TZ470W
  • TZ570 / TZ570W
  • TZ570P
  • TZ670
  • NSv 270
  • NSv 470
  • NSv 870

SonicOS NSv deployments are supported on the following platforms:

  • AWS (BYOL and PAYG)
  • Microsoft Azure (BYOL)
  • VMware ESXi
  • Microsoft Hyper-V
  • Linux KVM

What's New

This release provides these new features:

  • Event log reporting is now supported using IPFIX
  • Firewall information can now be passed to Network Security Manager (NSM) through ZeroTouch heartbeat reply messages

Resolved Issues

Issue ID Issue Description
GEN7-28162 Access points connected to the firewall failed to successfully complete.
GEN7-29806 Check Network Settings tests fail when all internet traffic is routed through VPN that is defined using an unnumbered tunnel interface.
GEN7-35191 The firewall fails to send the SFR file to Network Security Manager (NSM).
GEN7-35328 When logging in to a firewall as a read-only administrator, a warning is displayed that informs the user that they cannot preempt the existing administrator and to choose between Do NOT Begin Management and Non-Config. This is confusing because an administrator with read-only permissions should automatically start administration in non-configuration mode.
GEN7-36529 The presence of a large number of FQDN address objects can cause high CPU utilization. One effect of this is the ULA page to failing to respond for user authentication.
GEN7-36720 The firewall might automatically restart after submitting a one-time password (OTP) received by email in the NetExtender user OTP window.
GEN7-37020 The Observed Threats Data displayed on the Dashboard does not match the data shown in the AppFlow Report.
GEN7-37021 The front panel indicator of an interface does not indicate that it is inactive when the corresponding L2 switching LAG aggregator port becomes unavailable.
GEN7-37091 The BWM Monitor page displays as a blank page when there is a difference between the system time and the BWM clock time, resulting in a timeline offset in management interface display.
GEN7-37172 The Guest Services > Custom Page authentication does not display the custom texts or URLs.
GEN7-37403 The firewall does not accept an LDAP server name that begins with a number.
GEN7-37456 MAC filtering and options did not work as expected, including not being able to add a client to a custom allow group when the MAC filter is disabled. If an existing Address Object name was changed, clicking on the Add icon causes a new entry for the same MAC address to be added to the group.
GEN7-37564 A DPI-SSL server-enabled firewall is not sending server hello and server certificate packets to the client. The website times out when accessed.
GEN7-37668 On the Network > Interfaces page, when expanding the Zones field, the scaling is not working. The fields do not all move over, particularly sub-interfaces with long names.
GEN7-37693 The Report Events via IPFIX is missing from the system logs in current firewalls. This data was available in legacy devices .
GEN7-37763 Capture ATP Block Until Verdict is not blocking some file downloads. Support for Capture ATP-eligible files transferred over HTTP as gzip files was recently added..
GEN7-37994 When registering a NSv firewall, the system would report a successful registration, but did not update the licenses on the firewall.
GEN7-38129 An incorrect validation in the health check email body text causes the Log Mail Advanced Settings page to not function when clicking on Advanced.
GEN7-38156 Administrator was unable to access the management interface X0 management IP using an SSL-VPN connection over IPv6 to WAN IP on the firewall.
GEN7-38194 Disabling virtual MAC for High Availability causes the firewall to drop the ARP request generated by itself. The device could not then be managed using the WAN interface and LAN to WAN traffic would fail unless the firewall was restarted.
GEN7-38265 No audio was present when connecting with an HTML5 RDP bookmark in SSL-VPN.
GEN7-38594 A conflict between the log module and IPFIX causes the firewall to restart.
GEN7-38663 The size limit of custom header value has been adjusted to 512 characters.
GEN7-38743 Content Filtering Service (CFS) policies based on AD Groups do not work when using TSA agent for SSO authentication.
GEN7-39015 The firewall might automatically restart after submitting a one-time password (OTP) received by email in the NetExtender user OTP window.
GEN7-39024 Warnings are displayed when using DPI-SSL because of the expiration of the built-in Intermediate certificate (DigiCert SHA2 Secure Server CA).
GEN7-39347 A warning is displayed when logging in as a read-only administrator when using the MGMT interface.
GEN7-39385 The DDNS profile for changeip.com displays a Network Error warning when configuring a profile because of a change in ChangeIP's API.
GEN7-39406 The Per Event IPFIX control states in the Event/System Log Settings could not enabled or disabled.
GEN7-39469 The firewall may restart when an LDAP user that is part of Administrators group tries to log in to the firewall.

Additional References

The following additional resolved issues in this release are listed here for reference:

GEN7-39139, GEN7-38246, GEN7-38151, GEN7-37934, GEN7-37838, GEN7-37671, GEN7-37601, GEN7-37563, GEN7-37339, GEN7-37097, GEN7-37066, GEN7-36237, GEN7-34702, GEN7-32615

Known Issues

Issue ID Issue Description
GEN7-36178 FTP automation fails if the server response takes more than 2 seconds.
GEN7-36194 If two VPN TIs are named with the same starting 16 characters, then Advanced Routing support cannot be enabled on both.
GEN7-37226 10G interfaces and 1G interfaces are allowed by management interface to be put into an L2 Static LAG Group even though this configuration setting should not be allowed.
GEN7-37508 When importing a configuration that has WAN to TrustZone secure WireMode interfaces configured, traffic is not blocked. The same configuration created on its own works as expected.
GEN7-39850 The warning message gateway must be default is displayed when choosing an 6to4AutoTunnel interface for an IPv6 Policy Based Route for the gateway.
GEN7-40352 Adding a Content Filter Profile Objects when selecting block for "29. Search Engines and Portals" causes the error Command 'category "1. Violence/Hate/Racism" block' does not match.
GEN7-40390 In a NSv L3 High Availability configuration, changing the X0 IP address causes the Primary to lose its connection with Secondary. Restarting the firewall is required to to restore the connection.
GEN7-40520 After upgrading the firmware on a firewall, the firewall reports that it is not synchronized to Network Security Manager (NSM).
GEN7-40554 Importing preferences from a NSa 5600 to a NSa 6700 fails if a SSO policy are not configured correctly.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden