• SonicWall SonicOS 7.0.1
  • Version 7.0.1-5161 July 2024
  • Version 7.0.1-5151 March 2024
  • Version 7.0.1-5145 November 2023
  • Version 7.0.1-5129 June 2023
  • Version 7.0.1-5119 June 2023
  • Version 7.0.1-5111 April 2023
  • Version 7.0.1-5100 March 2023
  • Version 7.0.1-5095 November 2022
  • Version 7.0.1-5083 September 2022
  • Version 7.0.1-5080 September 2022
  • Version 7.0.1-5072 June 2022
  • Version 7.0.1-5030-R945 May 2022
  • Version 7.0.1-5065 April 2022
  • Version 7.0.1-5054 April 2022
  • Version 7.0.1-5052 April 2022
  • Version 7.0.1-5030 December/October 2021
  • Version 7.0.1-5026 September 2021
  • Version 7.0.1-5023 August 2021
  • Version 7.0.1-5019 August 2021
  • Version 7.0.1 July 2021
  • Version 7.0.1 June 2021
  • Version 7.0.1 April 2021
• SonicWall Support
  • About This Document

Version 7.0.1-5111 April 2023

April 2023

This version of SonicOS 7.0.1 is a maintenance release for existing platforms and resolves issues found in previous releases.

For information about the most recent release for the NSsp 15700 platform, please see Version 7.0.1-5100 March 2023.

Supported Platforms

The platform-specific versions for this unified release are all the same:

Platform	Firmware Version
TZ Series	7.0.1-5111
NSa Series	7.0.1-5111
NSv Series	7.0.1-5111
NSsp Series	7.0.1-5111

NSa 2700 NSa 3700 NSa 4700 NSa 5700 NSa 6700

NSsp 10700 NSsp 11700 NSsp 13700

TZ270 / TZ270W TZ370 / TZ370W TZ470 / TZ470W TZ570 / TZ570W TZ570P TZ670

NSv 270 NSv 470 NSv 870

Resolved Issues

Issue ID	Issue Description
GEN7-29243	SNMP Queries are taking a long time to complete when there are Portshielded Interfaces and querying interface-related object identifiers.
GEN7-31345	The SMB File transfer speed over VPN drops significantly when the files are copied to a LAN device behind an NSv instance in Azure.
GEN7-32492	The OSPF MTU of Unnumbered Tunnel Interfaces is set to a fixed value of 1446, which may not always be correct.
GEN7-32624	A device may be unable to get a WAN IP from the ISP from a PPPoE connection after the device is restarted.
GEN7-33153	Appliances now require that the administrator must change the administrator password if the appliance is started from factory default settings or if the default administrator password is still password.
GEN7-33218	Guest users are not redirected to the captive portal authentication page.
GEN7-33655	When the user authentication method is set to RADIUS, even if the Read-Only Admins Group belongs to the user's group, the user can log in as a Full Administrator when logging in to the administration user interface using a Global VPN Client.
GEN7-34401	DHCP via IP Helper is not working over IPSec VPN in SD-WAN configurations.
GEN7-34875	NSa 3700 only: The appliance stops passing traffic and becomes inaccessible through the LAN interface after a few months in operation.
GEN7-35282	The download speed is slower than expected when Bandwidth Management is enabled on access rules when the TCP advertised window is not large enough.
GEN7-35355	LDAP users of the format domain\username are unable to authenticate when using Time-based One-Time Password authentication.
GEN7-35356	NSa 2700 only: An appliance may become inaccessible after being active for some time because of a deadlock state between the routing and VPN modules.
GEN7-35478	The system log displays an incorrect fw_action for the message Syslog Website Accessed.
GEN7-35530	When configuring a High Availability environment, both the Primary and Secondary device both became Active and cannot discover its peer firewall for synchronization or failover.
GEN7-35651	An option was added on the diagnostics page for GEO-IP that allows administrators to drop TCP handshakes coming from an IP address that originates from a blocked country. Synchronized packets not forwarded to the LAN Geo-IP will prevent the block page from being displayed. The default behavior if this option is not enabled requires TCP handshakes to establish a connection to be able to display the block page.
GEN7-35761	On the management user interface, the Storage LED may display as being Off, but the light remains lit on the device .
GEN7-35947	NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, and NSsp 13700 models only: If an administrator is logged into both the Safe Mode user interface and the Safe Mode command-line interface at the same time, and uploads firmware and restarts the appliance with the current configuration or factory default, the unit will stop responding after displaying the message Installed Firmware.
GEN7-36244	The management interface shows that the 10G interfaces (X29-X33) are still available in the front panel display with a TwinAX cable connected and shutting down the interfaces as an administrator.
GEN7-36461	A firewall may reboot when multiple Access Rules are deleted when the source zone is in a custom DMZ and the destination zone is a VPN.
GEN7-36535	When using a DPI-SSL server, the intermediate certificate is not being sent.
GEN7-36602	The administrator cannot disable RADIUS proxy forwarding when the user-name attribute format is set to Other in the SSO configuration.
GEN7-36610	Cannot to connect to WiFi when both SSID suppression and MAC filtering are enabled.
GEN7-36631	In High Availability configurations, for Flow Reporting on Network Security Manager for firewalls , the secondary device sends flow logs with the secondary serial number instead of the primary serial number.
GEN7-36703	Security Headers have been added for servers.
GEN7-36790	NSa 4700, NSa 5700, NSa 6700, NSsp 10700, NSsp 11700, and NSsp 13700 models only: An issue was intermittently experienced when an appliance could not be successfully upgraded using the Safe Mode user interface.
GEN7-36919	When using the Wizard to create a NAT policy, a Service Group gets created for service explicitly named "any" instead of using the default any Service Group.
GEN7-36965	Global VPN client RCF import fails when password contains special chars, such as #.
GEN7-37018	When an LDAP user without administration privileges attempts to log in from a LAN, the error message Unknown error is displayed instead of a more specific reason, such as not enough privilege.
GEN7-37044	Improper Restriction of Excessive MFA Attempts
GEN7-37095	For TZ 270, TZ 370, and TZ 470 models only: the Enable Stateful Synchronization option is not displayed within the management interface for High Availability. If this option was enabled in prior versions, the setting will continue to function even though it is not visible.
GEN7-37134	Under some conditions, the Content Filtering Service (CFS) DNS reply handling and request time can trigger conflicts in the handling of cache timers, causing the device to restart.
GEN7-37186	When CASS is enabled, the Real-time Block List (RBL) filter is not hiding the RBL Filter settings.
GEN7-37221	Sorting the NAT Policies list does not work as expected.
GEN7-37274	The Send IKEv2 Cookie Notify setting is not functioning correctly and causes establishment of a IKEv2 VPN to fail.
GEN7-37417	Deleting a user account with a domain format causes the error to be displayed: Network Object not found.
GEN7-37480	The QR code is blank for RADIUS users while binding SSL VPN Time-based One-Time Password (TOTP) authentication.
GEN7-37783	Devices are unable to negotiate IKE using 3rd Party Certificate VPN tunnel when using a certificate of a larger size because the DF flag forbids the fragmentation of the packet involved, causing the packet to never reach the peer gateway.
GEN7-38111	SonicOS Stack-based Buffer Overflow Vulnerability. For more information, refer to CVE-2023-0656.
GEN7-38501	A firewall with the watchdog settings enabled restarts itself every few minutes after updating to SonicOS 7.0.1-5108.

Additional References

The following additional resolved issues in this release are listed here for reference:

GEN7-26565, GEN7-31774, GEN7-32249, GEN7-32373, GEN7-33318, GEN7-33434, GEN7-33890, GEN7-34069, GEN7-34418, GEN7-35180, GEN7-35494, GEN7-35518, GEN7-35647, GEN7-35831, GEN7-36030, GEN7-36179, GEN7-36191, GEN7-36192, GEN7-36321, GEN7-36332, GEN7-36541, GEN7-36642, GEN7-36648, GEN7-36826, GEN7-36852, GEN7-36908, GEN7-37043, GEN7-37142, GEN7-37316, GEN7-37336, GEN7-37600, GEN7-37794, GEN7-37818, GEN7-37835, GEN7-37976, GEN7-38196, GEN7-38549, GEN7-38551

Known Issues

Issue ID	Issue Description
GEN7-35241	If two IPv6 WAN interfaces are configured, configuring the second interface in IPv6 static mode causes the error Command 'dns primary xxxxx::xxx:xxxx:xxxx::xxxx' does not match to be displayed
GEN7-35248	Deleting the DHCPv6 prefix delegation for one interface will clear the prefix delegation configuration on other interfaces.
GEN7-36178	FTP automation fails if the server response is longer than 2 seconds.
GEN7-36194	If two VPN tunnel interfaces are named starting with the same 16 characters, Advanced Routing support cannot be enabled on both interfaces.
GEN7-36620	NSA 4700, NSA 5700, NSA 6700, NSsp 10700, NSsp 11700, NSsp 13700 models only: After High Availability with Stateful Failover is set up, disabling and then re-enabling Stateful Failover, and keeping the same Control and Data interfaces, will cause the secondary unit to stay in Election state and access to the primary unit will be lost. The status will recover after fifteen minutes or after the units have been power cycled..
GEN7-37226	The user interface allows 10G interfaces and 1G interfaces to be added to an L2 Static LAG Group even though this configuration is not valid.
GEN7-37326	Editing the WAN GroupVPN settings, and then immediately enabling or disabling WAN GroupVPN, may cause some configuration settings to be lost.
GEN7-37501	After the Deny Mac-Filter list containing a wireless client MAC is changed to No Mac Address, or if the Deny Mac-filter list has been disabled, the wireless client remains blocked.
GEN7-37508	When importing a configuration that has WAN to TrustZone secure Wire Mode interfaces configured, the traffic is not blocked.
GEN7-37511	When configuring a gateway and adding a policy-based route using the 6to4AutoTunnel, an error is displayed: gateway must be default.