• SonicWall SonicOS 7.0.1
  • Version 7.0.1-5161 July 2024
  • Version 7.0.1-5151 March 2024
  • Version 7.0.1-5145 November 2023
  • Version 7.0.1-5129 June 2023
  • Version 7.0.1-5119 June 2023
  • Version 7.0.1-5111 April 2023
  • Version 7.0.1-5100 March 2023
  • Version 7.0.1-5095 November 2022
  • Version 7.0.1-5083 September 2022
  • Version 7.0.1-5080 September 2022
  • Version 7.0.1-5072 June 2022
  • Version 7.0.1-5030-R945 May 2022
  • Version 7.0.1-5065 April 2022
  • Version 7.0.1-5054 April 2022
  • Version 7.0.1-5052 April 2022
  • Version 7.0.1-5030 December/October 2021
  • Version 7.0.1-5026 September 2021
  • Version 7.0.1-5023 August 2021
  • Version 7.0.1-5019 August 2021
  • Version 7.0.1 July 2021
  • Version 7.0.1 June 2021
  • Version 7.0.1 April 2021
• SonicWall Support
  • About This Document

Version 7.0.1-5145 November 2023

November 2023

This version of SonicOS7.0.1 is a maintenance release for existing platforms and resolves issues found in previous releases.

What's New

• Administrators can disable the Virtual Portal on the Wide Area Network (WAN) while keeping SSL VPN services unaffected. This feature offers greater control over network accessibility without disrupting secure remote connections.

  Key benefits include:

  • Enhanced Security: With the Virtual Portal disabled on the WAN, you can substantially reduce the attack surface for potential security breaches. External entities will not be able to access your Virtual Portals, enhancing overall network security.
  • Uninterrupted SSL VPN Services: By disabling the Virtual Portal on the WAN, SSL VPN services remain unaffected, ensuring that your users can continue to securely access your network resources.

  The default behavior is that the virtual portal settings are migrated from the previous SonicOS version.

  To disable the virtual portal access on the WAN Zone on the appliance:

  1. Navigate to NETWORK | SSL VPN > Portal Settings.
  2. In the Portal Settings section, enable Disable Virtual Office on Non-LAN Interfaces.

• Support for Non-WDS Wireless Bridge mode

• Support for AESGCM algorithms in IKEv2 for encryption

Supported Platforms

The platform-specific versions for this unified release are all the same:

Platform	Firmware Version
TZ Series	7.0.1-5145
NSa Series	7.0.1-5145
NSv Series	7.0.1-5145
NSsp Series	7.0.1-5145

NSa 2700 NSa 3700 NSa 4700 NSa 5700 NSa 6700

NSsp 10700 NSsp 11700 NSsp 13700 NSsp 15700

TZ270 / TZ270W TZ370 / TZ370W TZ470 / TZ470W TZ570 / TZ570W TZ570P TZ670

NSv 270 NSv 470 NSv 870

Resolved Issues

Issue ID	Issue Description
GEN7-24752	L2TP connections cannot be made when Enable IP header checksum enforcement is enabled. The packet is dropped for the failure to handle IPSec or an incorrect IP checksum value.
GEN7-36260	The appliance reboots with a segmentation fault after changes are made to WAN Load Balancing.
GEN7-36305	An appliance may experience high CPU usage when WAN Load Balancing is enabled.
GEN7-36796	Administrators cannot edit or disable automatically added NAT policies after Enable the ability to disable auto-added NAT policy is enabled on the DEVICE | Diagnostics page.
GEN7-37233	Users running Capture Client for MacOS may lose their Internet connection when Endpoint Security Rules are applied for SSO Enforcement.
GEN7-38094	The list of blocked countries for GeoIP is not sorted alphabetically.
GEN7-38337	Network Loop/Flood happens when enabling LACP between SonicWall and Dell switches running VLT.
GEN7-38389	Network Loop/Flood happens when enabling LACP between SonicWall and Dell switches running VLT.
GEN7-38538	Creation of a Link Aggregation Group may fail when using X0 as the aggregator interface.
GEN7-38601	The appliance displays an error and restarts when using the Access Point Floor Plan feature and managed using Network Security Manager (NSM).
GEN7-38644	Administrators cannot to filter logs based on the time.
GEN7-39035	Traffic fails after shutdown of a L2 Link Aggregation Group aggregator port (PortShield mode or trunk mode) using the management interface.
GEN7-39248	Creating an administrator account name that contains special characters causes the Device > Settings > Firmware & Settings page to not display any backups. The error An error occurred but the cause could not be determined at this time is displayed when trying to access the list.
GEN7-39415	DPI-SSL version selection options have been improved: Removed SSL 3.0 support in the DPI- SSL version. Provided new user interface for the DPI-SSL version selection on the Diagnostics page. Added the corresponding diagnostic commands to the command-line interface (CLI) to match those available in the management interface.
GEN7-39523	SSL VPN users may intermittently be unable to connect with NetExtender, Mobile Connect, or Virtual Office.
GEN7-39636	NSsp 15700 only: When a NSsp 15700 appliance is configured in High Availability mode, the management interface may intermittently be unavailable.
GEN7-39654	The CTA (Capture Threat Assessment) Report shows IPS Reporting and Spyware Reporting as disabled when they are enabled.
GEN7-39775	Mobile client users connecting through a TZ wireless series are not able to access the internet after changing the device from WDS Station to Access point mode.
GEN7-39805	A Zero Touch session is treated as a connection going through interface X0, which blocks configuring X0 using Network Security Manager (NSM).
GEN7-40407	Using Two-Factor authentication to log in via Virtual Office when Partitions is enabled succeeds for the first domain in the dropdown list, but other domains fail displaying the error: Incorrect name/password.
GEN7-40455	High memory utilization may be experienced on NSv platforms.
GEN7-40534	The status code of a security policy may show as Active when the policy is disabled.
GEN7-40564	CVE-2023-2650 Possible DoS translating ASN.1 object identifiers
GEN7-40609	When logging in with the correct administrator credentials, the error Require client certification login is displayed when Common Access Card is enabled.
GEN7-40610	After a user has logged in using Common Access Card using a smart card, the user is shown as Unknown User in the User Session window and Dashboard.
GEN7-40617	Changing the web management certificate from ECDSA to RSA type does not take effect until the appliance is restarted.
GEN7-40829	NSsp 15700 only: The IPFix statistics are not updated after enabling IPFIX.
GEN7-40972	Loading the Geo-IP cache while loading the Diagnostic tab may cause high DataPlane CPU utilization.
GEN7-41026	When an appliance is configured with a value of Any for the service field and Allow Management Traffic is enabled for the access rule may cause the CPU usage to increase to 100%.
GEN7-41050	High Core 0 utilization may be seen when the appliance starts up with FQDN address objects defined.
GEN7-41064	Post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN's getBookmarkList.json URL endpoint.
GEN7-41065	Post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN's sonicflow.csv, appflowsessions.csv endpoints.
GEN7-41068	Post-authentication SSL-VPN user assertion failure leads to Stack-Based Buffer Overflow vulnerability via main.cgi.
GEN7-41069	Post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN's getPacketReplayData.json URL endpoint.
GEN7-41074	Post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN's ssoStats-s.xml, ssoStats-s.wri endpoints.
GEN7-41075	Post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN's sonicwall.exp, prefs.exp endpoints.
GEN7-41076	Post-authentication Stack-Based Buffer Overflow Vulnerability in the SSL VPN's plainprefs.exp URL endpoint.
GEN7-41107	Audit Logs configured with a field that begins with special characters (such as - or + or =) may cause memory-related issues.
GEN7-41149	TZ series only: Traffic may fail when setting built-in wireless on a TZ wireless model series when changing the setting from WDS station mode.
GEN7-41231	A hard-coded password was present in the dynHandleBuyToolbar demo function.
GEN7-41394	The information for the countries of Iraq and Syria was adjusted to no longer use DST.
GEN7-41433	improvements were made to ensure extra file system integrity checks are performed to prevent potential system corruption.
GEN7-41622	When a packet is send via VPN with certain tags, it may trigger high CPU DataPlane usage if traffic is heavy.
GEN7-41952	Post-authentication Improper Privilege Management vulnerability in the SonicOS SSL VPN Tunnel.
GEN7-43527	NSsp 15700 only: A High Availability Pair may show a high Core 0 utilization of 100% causing the appliance to restart.
GEN7-43528	The appliance may restart automatically after enabling LDAP authentication.

Additional References

GEN7-28433, GEN7-34477, GEN7-37004, GEN7-37288, GEN7-37318, GEN7-37858, GEN7-37943, GEN7-37977, GEN7-38521, GEN7-38795, GEN7-39183, GEN7-39401, GEN7-39443, GEN7-39522, GEN7-39876, GEN7-39937, GEN7-39958, GEN7-40001, GEN7-40046, GEN7-40051, GEN7-40073, GEN7-40232, GEN7-40370, GEN7-40660, GEN7-40737, GEN7-40779, GEN7-40781, GEN7-40798, GEN7-40908, GEN7-41521, GEN7-41644, GEN7-41730, GEN7-42178, GEN7-42199, GEN7-42952, GEN7-43153

Known Issues

Issue ID	Issue Description
GEN7-41011	Groups imported from LDAP are not automatically populated with the LDAP location.
GEN7-41040	A security policy is automatically added from the SSO Bypass settings, but it should not be added in appliances configured for Policy Mode.
GEN7-41102	The user is not prompted to change their password when Password change is enabled on the appliance for an imported user.
GEN7-41340	The connected route of sub-VLAN WAN interface displays as inactive when its parent interface is set to Unassigned.
GEN7-41630	An IPv6 VPN policy with a Disabled status will become enabled after the policy is edited.
GEN7-41996	Disabling Automatically adjust clock for daylight saving time makes no change to current system time.
GEN7-42202	A custom uploaded botnet signature file is not saved and then is lost when the device restarts.
GEN7-42675	In devices configured for Policy Mode, if the highest priority matching security policy has All users selected and does not have any of App/Match/URL/Web-Cat selected then user redirection is skipped for subsequent security policies.
GEN7-43049	An intermittent issue may occur when a network error is seen in the management interface after uploading the firmware and restating the appliance with factory default settings. The API sends the response and closes the HTTP connection before rebooting, making it appear that the unit is still operating.
GEN7-43500	After changing the name of a local user, the entry is still displayed in Server DPI-SSL Inclusion and Server DPI-SSL Exclusion lists. The user with the changed name cannot be selected.
GEN7-43505	Unable to add a central gateway VPN policy for DHCP over VPN when the authentication method is Certificate.
GEN7-43554	Unable to add valid domains to the Custom Malicious Domain Name List and White List page after adding an invalid domain because the pending configuration is still present. Logging out and back in resolves the issue.