SonicOS 7.1.1 Release Notes

Version 7.1.1-7051

March 2024

This version of SonicOS7.1.1 is a maintenance release for existing platforms and resolves issues found in previous releases.

Important

  • If you are managing your firewall using Network Security Manager(NSM), make certain that you are using NSM version 2.4 or later.
  • Downgrading to SonicOS 7.0.1 from SonicOS 7.1.1 is not supported.
  • Upgrading SonicOS 7.0.1 to 7.1.1 for NSv requires a fresh installation of NSv for all platforms. (For more information, refer to NSv upgrade from 7.0.1 to 7.1.1.)
  • Use the Firmware Auto Update Feature in SonicOS 7.1.1 to ensure that your firewall always has the latest updates for critical vulnerabilities. (For more information, refer to Firmware Auto Update.)

Compatibility and Installation Notes

  • Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
  • A MySonicWall account is required.

Resolved Issues

Issue ID Issue Description
GEN7-37742 SSH login to the management console is not allowed for cloud instances.
GEN7-41340 The connected route of sub-VLAN WAN interface turns gray when its parent interface is set to Unassigned.
GEN7-42260 Syslog traffic is not being generated when two or more syslog servers are configured.
GEN7-43029 SonicOS SSL VPN Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability: SNWLID-2024-0005
GEN7-44112 The error Firmware upload image failed is displayed on some firewalls when upgrading the firmware.
GEN7-44483 When FIPS mode is enabled, there are no AES GCM encryption options in the IPSec phase 2 proposal of a VPN policy.
GEN7-44805 When NAC is enabled, using a Policy Mode security policy does not work correctly in conjunction with the threat user group.
GEN7-44806 When using NAC, TCP and UDP traffic send from a Threat User and received on a non-master blade security policy is not triggered and traffic and will be incorrectly dropped or allowed.
GEN7-44809 The firewall may intermittently fail to export the Tech Support Report (TSR).
GEN7-44899 DNS rules do not support address objects of type MAC or FQDN.
GEN7-44909 The Threat Logs page does not display any data until Refresh is clicked.
GEN7-45060 A TZ series firewall may intermittently restart when two SonicWave access points are connected using the built-in wireless using the mesh gateway method and the Radio Mode is changed from 2.4G to 5g mixed-80M-48 on the Internal Wireless page .
GEN7-45077 Clicking Graph on the Access Rules page displays the message No Data for Used Rules when All is selected for the Since filter.
GEN7-45081 When logged into a firewall managed by Network Security Manager (NSM), and the session has expired, clicking on Config or Non-Config will fail without allowing the administrator to login again.
GEN7-45110 Editing an NAC policy in an Access Rule, then changing the source address group, causes the error message <address object name> is not a reasonable value to be displayed.
GEN7-45225 When UO is configured as Final Backup in WAN Load Balancing, and X1 is not configured, the web management interface and console diagnostic pings cannot reach the internet.
GEN7-45474 The firewall drops TLS 1.2 traffic with a SSHv2 payload because some TCP packets are mistakenly recognized by the firewall as sslv2 clienthello packets. The log shows HTTPS Access Denied: SSL2.0 (Unidentified), SSL Control: Weak SSL Version being used.
GEN7-45497 Virtual Office is not accessible when HTTPS management is disabled in the interface configuration.
GEN7-45508 The Real-time Monitor, BWM Monitor, and SD-WAN Monitor pages under the Monitor tab are not loading and the graphs are not being displayed when using Classic View.
GEN7-45522 Unable to configure a Virtual sub-interface when the interface is configured in L2 Bridge mode.
GEN7-45578 SD-WAN routes are not disabled on the Routing Rules page when all of the interfaces in the SD-WAN group are not qualified.
GEN7-45837 A PDF file declared benign by Capture ATP when Block Until Verdict is enabled is counted as a virus by AppFlow Reports and Network Security Manager (NSM) when using HTTPS only.
GEN7-46037 Thermal alerts are intermittently displayed for some devices, but are a false alarm.
GEN7-46038 Unable to enable FIPS Mode in a High Availability configuration.
GEN7-46044 Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec: SNWLID-2024-0004
GEN7-46111 When setting an interface in WLAN zone L2 Bridge mode, the bridged-to list does not contain VLAN interfaces.
GEN7-46319 Configuring DDNS with dyn.com displays the error Network error in the status.
GEN7-47176 DNS rebinding attack prevention is now available for the DNS Proxy feature.
GEN7-47177 Duplicate records are displayed on AppFlow Report Users tab.
GEN7-47373 The NetExtender version is updated to the latest release (v10.2.339). If the NetExtender client Autoupdate option is enabled on the Firewall SSL VPN/Client settings page, NetExtender clients will check for the newer version and automatically update to v10.2.339.
GEN7-45735 CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack): SNWLID-2024-0002

Known Issues

Issue ID Issue Description
GEN7-28519 BGP cannot be established when MD5 authentication is enabled.
GEN7-34246 Browser NTLM Authentication functionality is not functioning as expected. Users must log in to the device in order to authenticate.
GEN7-34484 Audit logs are cleared after the firewall is restarted.
GEN7-41102 The Password Change page is not prompting for a new password when Password change is enabled on the firewall for a Imported user.
GEN7-41593 When upgrading a High Availability pair, if LACP is enabled, then High Availability should be disabled to upgrade and each unit has to be upgraded separately.
GEN7-41996 When disabling the Automatically adjust clock for daylight saving time setting, no change is made to the current system time.
GEN7-43016

NSv deployment displays the error disk image missing when using an .ova file on VMWare ESXi UI version 8.0.

  1. Unzip the .ova file to three files: vmdk file, nvram file and ovf file.
  2. Upload the three files instead of the .ova file.
GEN7-43500 After changing the name of a local user, the entry is still displayed in the Server DPI-SSL Exclusion and Server DPI SSL Inclusion lists and the user with the changed name cannot be selected.
GEN7-43554

Unable to add valid domains to the Custom Malicious Domain Name list and White List pages after adding an domain one because the pending configuration is still present.

Logging out and back in should resolve the issue.

GEN7-44642 For NSSP 15700 only: HTTPS Management on X1 is not accessible when the MGMT/Chassis IP and X1/Aux IP are in the same subnet.
GEN7-45252

For NSSP 15700 only: An intermittent issue occurs when the Standby firewall fails to start from uploaded firmware. Wrong firmware to boot is displayed in printed in the command-line interface (CLI) after clicking the restart image with current settings.

Perform a forced failover of the firewall. The upgrade should now be successful.

GEN7-45303 When there are a large number of FTP-data channels (200,000), where the sessions expire in a short time interval causing the deletion of the caches, this can cause the device to have a high CPU usage and become unresponsive when handling the connection cache timer. This scenario is extremely unlikely to occur but is a current limitation of the firewall.
GEN7-46030 When an incorrect firmware file is uploaded using the Firmware Upload page, no error is displayed.
GEN7-47528

When installing the NetExtender software from the SSL VPN portal page for 32-bit Windows, the message The installer is only for x64 machine is displayed.

Download and install the NetExtender software directly from sonicwall.com.

Additional References

GEN7-40887, GEN7-43525, GEN7-43829, GEN7-44593, GEN7-44698, GEN7-44721, GEN7-44840, GEN7-45101, GEN7-45130, GEN7-45261, GEN7-45381, GEN7-45577, GEN7-45603, GEN7-45833, GEN7-45834, GEN7-45867, GEN7-45958, GEN7-45979, GEN7-45988, GEN7-46002, GEN7-46032, GEN7-46075, GEN7-46211, GEN7-46823, GEN7-47187, GEN7-47260, GEN7-47283

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

  • Hidden
  • Hidden

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.
  • Hidden
  • Hidden