SonicOS 7.0.1 Release Notes

Version 7.0.1-5161 July 2024

July 2024

This version of SonicOS 7.0.1 is a maintenance release for existing platforms and resolves issues found in previous releases.

SonicOS 7.0.1 firmware should be only used by existing customers who are running SonicOS 7.0.1-5151 or earlier. Do not downgrade to this SonicOS 7.0.1-based firmware if you are already running a version of SonicOS 7.1.1.

Compatibility and Installation Notes

  • Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
  • A MySonicWall account is required.

Supported Platforms

The platform-specific version for this unified release is the same:

Platform Firmware Version
TZ Series 7.0.1-5161
NSa Series 7.0.1-5161
NSv Series 7.0.1-5161
NSsp Series 7.0.1-5161
  • TZ270 / TZ270W
  • TZ370 / TZ370W
  • TZ470 / TZ470W
  • TZ570 / TZ570W
  • TZ570P
  • TZ670
  • NSa 2700
  • NSa 3700
  • NSa 4700
  • NSa 5700
  • NSa 6700
  • NSv 270
  • NSv 470
  • NSv 870
  • NSsp 10700
  • NSsp 11700
  • NSsp 13700
  • NSsp 15700

SonicOS NSv deployments are supported on the following platforms:

  • AWS (BYOL and PAYG)
  • Microsoft Azure (BYOL)
  • VMware ESXi
  • Microsoft Hyper-V
  • Linux KVM

Resolved Issues

Issue ID Issue Description
GEN7-46630 VPN traffic is intermittently dropped when specific traffic matches a route policy and security policy whose timestamp keeps changing frequently and the VPN tunnel is reset by the route table update. The recheck of the security policy causes the packet to be dropped as the traffic is determined to have been sent as clear text, but should be sent on VPN now.
GEN7-47066 The default HTTPS management NAT rule is reset to top priority after a firewall is restarted with Zero Touch enabled, overriding custom-defined NAT policies.
GEN7-48245 DPI-SSL intercepts some TLS 1.2 connections even after adding an bypass decryption policy. The decryption pre-policy lookup code attempts to identify if the Content Filtering Service (CFS) and country resolution are required to match the traffic, even when a high-priority policy with no CFS and country lookup match.
GEN7-48257 Stack-based buffer overflow vulnerability in SonicOS HTTP server (SNWLID-2024-0008)
GEN7-48274 Heap-based buffer overflow vulnerability in SonicOS SSL-VPN (SNWLID-2024-0009)
GEN7-48662 Content Filtering Service (CFS) blocking over DPI-SSL is not working when TLS hybridized Kyber support is enabled on Chrome browsers. (This support is now enabled by default on Chrome browsers.)
GEN7-48885 App Rules over DPI-SSL are not working when TLS hybridized Kyber support is enabled on Chrome browsers. (This support is now enabled by default on Chrome browsers.)
GEN7-48948 When using DPI-SSL, the block page may not be displayed.
GEN7-49425 NSsp15700 only: The default buffer size for a non-master blade when fetching the Geo-IP map database may experience an overflow if the database size exceeds the maximum limit.
GEN7-49544 Heap-based buffer overflow vulnerability in SonicOS IPSec (SNWLID-2024-0012)

Known Issues

Issue ID Issue Description
GEN7-41102 The Password Change page is not prompting for a new password when Password change is enabled on the firewall for an imported user.
GEN7-42675 In devices configured for Policy Mode, if the highest priority matching security policy has All users selected, and does not have any of App/Match/URL/Web-Cat selected, then the user redirection is skipped for subsequent security policies.
GEN7-43500 After changing the name of a local user, the entry is still displayed in Server DPI-SSL Inclusion and Server DPI-SSL Exclusion lists and the user with the changed name cannot be selected.
GEN7-43554

Unable to add valid domains to the Custom Malicious Domain Name List and White List pages after adding an invalid domain because the pending configuration is still present.

Logging out and back in will alleviate this problem.

GEN7-46927 Traffic from a custom LAN over VPN stops when the WAN Load Balancing member order is changed.
GEN7-47528 When installing NetExtender software from the SSL VPN portal page for 32-bit Windows, the message The installer is only for x64 machine. is displayed .
GEN7-47918 When a lot of VPN security associations are present in a Stateful High Availability environment, some IKE security associations may not be cleaned up on the secondary device if the synchronization message fails.
GEN7-47948 App Rule is blocking files that do not match the hexadecimal content configured in the associated Match Object.

Additional References

GEN7-45198, GEN7-45579, GEN7-45962, GEN7-46606, GEN7-48249, GEN7-48249, GEN7-49508

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden