SonicOS 7.1.1 Release Notes
Version 7.1.1-7058
June 2024
This version of SonicOS 7.1 is a maintenance release for existing platforms and resolves issues found in previous releases.
In this firmware version, CFS and DPI-SSL supports the TLS hybridized Kyber feature on Chrome and Edge browsers (GEN7-48526 and GEN7-47567).
Important
- This SonicOS 7.1 firmware will not be available on MySonicWall for NSsp 15700. Please contact your Service Account Manager for the firmware.
- If you are managing your firewall using Network Security Manager (NSM), make certain that you are using NSM version 2.4 or later.
- Downgrading to SonicOS 7.0.1 from SonicOS 7.1 is not supported.
- Upgrading SonicOS 7.0.1 to 7.1 for NSv requires a fresh installation of NSv for all platforms. (For more information, refer to NSv upgrade from 7.0.1 to 7.1.1.)
- Use the Firmware Auto Update Feature in SonicOS 7.1 to ensure that your firewall always has the latest updates for critical vulnerabilities. (For more information, refer to Firmware Auto Update.)
Compatibility and Installation Notes
- Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
- A MySonicWall account is required.
Supported Platforms
The platform-specific versions for this unified release are all the same:
| Platform | Firmware Version |
|---|---|
| TZ Series | 7.1.1-7058 |
| NSa Series | 7.1.1-7058 |
| NSv Series | 7.1.1-7058 |
| NSsp Series | 7.1.1-7058 |
|
|
|
|
SonicOS NSv deployments are supported on the following platforms:
|
|
Resolved Issues
| Issue ID | Issue Description |
|---|---|
| GEN7-33934 | Users are unable to send emails with attachments larger than 1MB when DPI-SSL is enabled. |
| GEN7-39872 | Users may be intermittently disconnected when using NetExtender and downloading a file. |
| GEN7-46338 | Bandwidth Management is not working in an App Rule when the action object is selected to use a BWM object. |
| GEN7-47327 | The Virtual Office web page times out and displays a blank white screen. |
| GEN7-47567 | App Rules over DPI-SSL are not working when TLS hybridized Kyber support is enabled on Chrome browsers. (This support is now enabled by default on Chrome browsers). |
| GEN7-47628 | The ability to update microcode using Safe Mode has been added to be used under direction of customer support when needed. |
| GEN7-47736 | SSL-VPN licenses are being consumed, preventing users from connecting. |
| GEN7-47756 | Login fails when an user with accent characters in their name when using LDAP authentication. |
| GEN7-47953 | All TZ models, NSa 2700, and NSa 3700 only: Under some conditions, the core dump storage may grow larger than 500 MB in size. |
| GEN7-48149 | The hardware monitor controller may report occasional false alarms, including fan failures. |
| GEN7-48173 | Two-Factor Authentication via TOTP fails for LDAP and Radius users when using NetExtender. |
| GEN7-48288 | Logging in using Radius using a RSA pin authentication for SSLVPN users fails. |
| GEN7-48420 | Stack-based buffer overflow vulnerability in SonicOS HTTP server (SNWLID-2024-0008) |
| GEN7-48526 | Content Filtering Service (CFS) blocking over DPI-SSL is not working when TLS hybridized Kyber support is enabled on Chrome browsers. (This support is now enabled by default on Chrome browsers). |
| GEN7-48612 | Heap-based buffer overflow vulnerability in SonicOS SSL-VPN (SNWLID-2024-0009) |
| GEN7-49115 | When using DPI-SSL, the block page may sometimes fail to display. |
| GEN7-49189 | Under some conditions, the firewall might restart itself when handling error conditions. |
| GEN7-49451 | NSsp 15700 only: The default buffer size for a non-master blade when fetching the Geo-IP map database may experience an overflow if the database size exceeds the maximum limit. |
Known Issues
| Issue ID | Issue Description |
|---|---|
| GEN7-43016 |
When deploying an NSv using an |
| GEN7-43500 | After changing the name of a local user, the entry is still displayed in the Server DPI SSL Inclusion and Server DPI SSL Exclusion lists and the user with the changed name cannot be selected. |
| GEN7-43554 |
Unable to add valid domains to the Custom Malicious Domain Name List and White List pages after adding an invalid domain because the pending configuration is still present. |
| GEN7-44642 | NSsp 15700 only: HTTPS management on X1 is not accessible when the MGMT/Chassis IP and X1/Aux IP are in the same subnet. |
| GEN7-45252 | NSsp 15700 only: A Standby firewall may occasionally fail to start from uploaded
firmware. The message Wrong firmware to boot is displayed in printed in the command-line interface (CLI) after
clicking Restart image with current settings. |
| GEN7-47528 | When installing the NetExtender software from the SSL VPN portal page for 32-bit Windows, the message The installer is only for x64 machine is displayed. |
Additional References
GEN7-46935, GEN7-47809, GEN7-47928, GEN7-48060, GEN7-48185, GEN7-48198, GEN7-48389
Was This Article Helpful?
Help us to improve our support portal