SonicOS 7.1.1 Release Notes
Version 7.1.1-7051
March 2024
This version of SonicOS7.1.1 is a maintenance release for existing platforms and resolves issues found in previous releases.
Important
- If you are managing your firewall using Network Security Manager(NSM), make certain that you are using NSM version 2.4 or later.
- Downgrading to SonicOS 7.0.1 from SonicOS 7.1.1 is not supported.
- Upgrading SonicOS 7.0.1 to 7.1.1 for NSv requires a fresh installation of NSv for all platforms. (For more information, refer to NSv upgrade from 7.0.1 to 7.1.1.)
- Use the Firmware Auto Update Feature in SonicOS 7.1.1 to ensure that your firewall always has the latest updates for critical vulnerabilities. (For more information, refer to Firmware Auto Update.)
Compatibility and Installation Notes
- Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
- A MySonicWall account is required.
Resolved Issues
Issue ID | Issue Description |
---|---|
GEN7-37742 | SSH login to the management console is not allowed for cloud instances. |
GEN7-41340 | The connected route of sub-VLAN WAN interface turns gray when its parent interface is set to Unassigned. |
GEN7-42260 | Syslog traffic is not being generated when two or more syslog servers are configured. |
GEN7-43029 | SonicOS SSL VPN Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability: SNWLID-2024-0005 |
GEN7-44112 | The error Firmware upload image failed is displayed on some firewalls when upgrading the firmware. |
GEN7-44483 | When FIPS mode is enabled, there are no AES GCM encryption options in the IPSec phase 2 proposal of a VPN policy. |
GEN7-44805 | When NAC is enabled, using a Policy Mode security policy does not work correctly in conjunction with the threat user group. |
GEN7-44806 | When using NAC, TCP and UDP traffic send from a Threat User and received on a non-master blade security policy is not triggered and traffic and will be incorrectly dropped or allowed. |
GEN7-44809 | The firewall may intermittently fail to export the Tech Support Report (TSR). |
GEN7-44899 | DNS rules do not support address objects of type MAC or FQDN. |
GEN7-44909 | The Threat Logs page does not display any data until Refresh is clicked. |
GEN7-45060 | A TZ series firewall may intermittently restart when two SonicWave access points are connected using the built-in wireless using the mesh gateway method and the Radio Mode is changed from 2.4G to 5g mixed-80M-48 on the Internal Wireless page . |
GEN7-45077 | Clicking Graph on the Access Rules page displays the message No Data for Used Rules when All is selected for the Since filter. |
GEN7-45081 | When logged into a firewall managed by Network Security Manager (NSM), and the session has expired, clicking on Config or Non-Config will fail without allowing the administrator to login again. |
GEN7-45110 | Editing an NAC policy in an Access Rule, then changing the source address group, causes the error message <address object name> is not a reasonable value to be displayed. |
GEN7-45225 | When UO is configured as Final Backup in WAN Load Balancing, and X1 is not configured, the web management interface and console diagnostic pings cannot reach the internet. |
GEN7-45474 | The firewall drops TLS 1.2 traffic with a SSHv2 payload because some TCP packets are mistakenly recognized by the firewall as sslv2 clienthello packets. The log shows HTTPS Access Denied: SSL2.0 (Unidentified), SSL Control: Weak SSL Version being used. |
GEN7-45497 | Virtual Office is not accessible when HTTPS management is disabled in the interface configuration. |
GEN7-45508 | The Real-time Monitor, BWM Monitor, and SD-WAN Monitor pages under the Monitor tab are not loading and the graphs are not being displayed when using Classic View. |
GEN7-45522 | Unable to configure a Virtual sub-interface when the interface is configured in L2 Bridge mode. |
GEN7-45578 | SD-WAN routes are not disabled on the Routing Rules page when all of the interfaces in the SD-WAN group are not qualified. |
GEN7-45837 | A PDF file declared benign by Capture ATP when Block Until Verdict is enabled is counted as a virus by AppFlow Reports and Network Security Manager (NSM) when using HTTPS only. |
GEN7-46037 | Thermal alerts are intermittently displayed for some devices, but are a false alarm. |
GEN7-46038 | Unable to enable FIPS Mode in a High Availability configuration. |
GEN7-46044 | Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec: SNWLID-2024-0004 |
GEN7-46111 | When setting an interface in WLAN zone L2 Bridge mode, the bridged-to list does not contain VLAN interfaces. |
GEN7-46319 | Configuring DDNS with dyn.com displays the error Network error in the status. |
GEN7-47176 | DNS rebinding attack prevention is now available for the DNS Proxy feature. |
GEN7-47177 | Duplicate records are displayed on AppFlow Report Users tab. |
GEN7-47373 | The NetExtender version is updated to the latest release (v10.2.339). If the NetExtender client Autoupdate option is enabled on the Firewall SSL VPN/Client settings page, NetExtender clients will check for the newer version and automatically update to v10.2.339. |
GEN7-45735 | CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack): SNWLID-2024-0002 |
Known Issues
Issue ID | Issue Description |
---|---|
GEN7-28519 | BGP cannot be established when MD5 authentication is enabled. |
GEN7-34246 | Browser NTLM Authentication functionality is not functioning as expected. Users must log in to the device in order to authenticate. |
GEN7-34484 | Audit logs are cleared after the firewall is restarted. |
GEN7-41102 | The Password Change page is not prompting for a new password when Password change is enabled on the firewall for a Imported user. |
GEN7-41593 | When upgrading a High Availability pair, if LACP is enabled, then High Availability should be disabled to upgrade and each unit has to be upgraded separately. |
GEN7-41996 | When disabling the Automatically adjust clock for daylight saving time setting, no change is made to the current system time. |
GEN7-43016 |
NSv deployment displays the error disk image
missing when using an
|
GEN7-43500 | After changing the name of a local user, the entry is still displayed in the Server DPI-SSL Exclusion and Server DPI SSL Inclusion lists and the user with the changed name cannot be selected. |
GEN7-43554 |
Unable to add valid domains to the Custom Malicious Domain Name list and White List pages after adding an domain one because the pending configuration is still present. Logging out and back in should resolve the issue. |
GEN7-44642 | For NSSP 15700 only: HTTPS Management on X1 is not accessible when the MGMT/Chassis IP and X1/Aux IP are in the same subnet. |
GEN7-45252 |
For NSSP 15700 only: An
intermittent issue occurs when the Standby firewall fails to start from uploaded
firmware. Perform a forced failover of the firewall. The upgrade should now be successful. |
GEN7-45303 | When there are a large number of FTP-data channels (200,000), where the sessions expire in a short time interval causing the deletion of the caches, this can cause the device to have a high CPU usage and become unresponsive when handling the connection cache timer. This scenario is extremely unlikely to occur but is a current limitation of the firewall. |
GEN7-46030 | When an incorrect firmware file is uploaded using the Firmware Upload page, no error is displayed. |
GEN7-47528 |
When installing the NetExtender software from the SSL VPN portal page for 32-bit Windows, the message Download and install the NetExtender software directly from sonicwall.com. |
Additional References
GEN7-40887, GEN7-43525, GEN7-43829, GEN7-44593, GEN7-44698, GEN7-44721, GEN7-44840, GEN7-45101, GEN7-45130, GEN7-45261, GEN7-45381, GEN7-45577, GEN7-45603, GEN7-45833, GEN7-45834, GEN7-45867, GEN7-45958, GEN7-45979, GEN7-45988, GEN7-46002, GEN7-46032, GEN7-46075, GEN7-46211, GEN7-46823, GEN7-47187, GEN7-47260, GEN7-47283
Was This Article Helpful?
Help us to improve our support portal