SonicOS/X 7.0.1 Release Notes
- SonicWall SonicOS 7.0.1
- Version 7.0.1-5161 July 2024
- Version 7.0.1-5151 March 2024
- Version 7.0.1-5145 November 2023
- Version 7.0.1-5129 June 2023
- Version 7.0.1-5119 June 2023
- Version 7.0.1-5111 April 2023
- Version 7.0.1-5100 March 2023
- Version 7.0.1-5095 November 2022
- Version 7.0.1-5083 September 2022
- Version 7.0.1-5080 September 2022
- Version 7.0.1-5072 June 2022
- Version 7.0.1-5030-R945 May 2022
- Version 7.0.1-5065 April 2022
- Version 7.0.1-5054 April 2022
- Version 7.0.1-5052 April 2022
- Version 7.0.1-5030 December/October 2021
- Version 7.0.1-5026 September 2021
- Version 7.0.1-5023 August 2021
- Version 7.0.1-5019 August 2021
- Version 7.0.1 July 2021
- Version 7.0.1 June 2021
- Version 7.0.1 April 2021
- SonicWall Support
Version 7.0.1-5161 July 2024
July 2024
This version of SonicOS 7.0.1 is a maintenance release for existing platforms and resolves issues found in previous releases.
SonicOS 7.0.1 firmware should be only used by existing customers who are running SonicOS 7.0.1-5151 or earlier. Do not downgrade to this SonicOS 7.0.1-based firmware if you are already running a version of SonicOS 7.1.1.
Compatibility and Installation Notes
- Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
- A MySonicWall account is required.
Supported Platforms
The platform-specific version for this unified release is the same:
| Platform | Firmware Version |
|---|---|
| TZ Series | 7.0.1-5161 |
| NSa Series | 7.0.1-5161 |
| NSv Series | 7.0.1-5161 |
| NSsp Series | 7.0.1-5161 |
|
|
|
|
SonicOS NSv deployments are supported on the following platforms:
|
|
Resolved Issues
| Issue ID | Issue Description |
|---|---|
| GEN7-46630 | VPN traffic is intermittently dropped when specific traffic matches a route policy and security policy whose timestamp keeps changing frequently and the VPN tunnel is reset by the route table update. The recheck of the security policy causes the packet to be dropped as the traffic is determined to have been sent as clear text, but should be sent on VPN now. |
| GEN7-47066 | The default HTTPS management NAT rule is reset to top priority after a firewall is restarted with Zero Touch enabled, overriding custom-defined NAT policies. |
| GEN7-48245 | DPI-SSL intercepts some TLS 1.2 connections even after adding an bypass decryption policy. The decryption pre-policy lookup code attempts to identify if the Content Filtering Service (CFS) and country resolution are required to match the traffic, even when a high-priority policy with no CFS and country lookup match. |
| GEN7-48257 | Stack-based buffer overflow vulnerability in SonicOS HTTP server (SNWLID-2024-0008) |
| GEN7-48274 | Heap-based buffer overflow vulnerability in SonicOS SSL-VPN (SNWLID-2024-0009) |
| GEN7-48662 | Content Filtering Service (CFS) blocking over DPI-SSL is not working when TLS hybridized Kyber support is enabled on Chrome browsers. (This support is now enabled by default on Chrome browsers.) |
| GEN7-48885 | App Rules over DPI-SSL are not working when TLS hybridized Kyber support is enabled on Chrome browsers. (This support is now enabled by default on Chrome browsers.) |
| GEN7-48948 | When using DPI-SSL, the block page may not be displayed. |
| GEN7-49425 | NSsp15700 only: The default buffer size for a non-master blade when fetching the Geo-IP map database may experience an overflow if the database size exceeds the maximum limit. |
| GEN7-49544 | Heap-based buffer overflow vulnerability in SonicOS IPSec (SNWLID-2024-0012) |
Known Issues
| Issue ID | Issue Description |
|---|---|
| GEN7-41102 | The Password Change page is not prompting for a new password when Password change is enabled on the firewall for an imported user. |
| GEN7-42675 | In devices configured for Policy Mode, if the highest priority matching security policy has All users selected, and does not have any of App/Match/URL/Web-Cat selected, then the user redirection is skipped for subsequent security policies. |
| GEN7-43500 | After changing the name of a local user, the entry is still displayed in Server DPI-SSL Inclusion and Server DPI-SSL Exclusion lists and the user with the changed name cannot be selected. |
| GEN7-43554 |
Unable to add valid domains to the Custom Malicious Domain Name List and White List pages after adding an invalid domain because the pending configuration is still present. Logging out and back in will alleviate this problem. |
| GEN7-46927 | Traffic from a custom LAN over VPN stops when the WAN Load Balancing member order is changed. |
| GEN7-47528 | When installing NetExtender
software from the SSL VPN portal page for 32-bit Windows, the message The installer is only for x64 machine. is displayed
. |
| GEN7-47918 | When a lot of VPN security associations are present in a Stateful High Availability environment, some IKE security associations may not be cleaned up on the secondary device if the synchronization message fails. |
| GEN7-47948 | App Rule is blocking files that do not match the hexadecimal content configured in the associated Match Object. |
Additional References
GEN7-45198, GEN7-45579, GEN7-45962, GEN7-46606, GEN7-48249, GEN7-48249, GEN7-49508
Was This Article Helpful?
Help us to improve our support portal