HA Sync behavior change due to password complexity enforcement

SonicOS 7.3 and SonicOS 8.0.3, password complexity enforcement is enabled by default and requires alphanumeric and symbolic characters. This change can cause High Availability (HA) synchronization issues if the primary and secondary firewalls do not have matching password policies — especially during RMA or factory reset scenarios.

NOTE: There is no change in user behavior when upgrading from an earlier SonicOS version to 7.3. These features are not enabled by default, but we highly recommend enabling them to strengthen security.  

Applies To: 
SonicWall Gen7 Firewalls running SonicOS 7.3 and SonicOS 8.0.3
Issue 
When upgrading to SonicOS 7.3 or SonicOS 8.0.3, existing user passwords Local Users and Admin Accounts (non-LDAP/RADIUS/SAML) may not meet the new complexity requirements. If the secondary HA unit is factory reset with SonicOS 7.3 or SonicOS 8.0.3 (e.g., after RMA), it will enforce the new default password policy, while the primary unit may still retain the old policy if post upgrade to SonicOS 7.3 or SonicOS 8.0.3 admins have not updated the password policy as recommended by SonicWall click here.  
This mismatch can prevent HA from syncing and may result in failure of the HA pair to establish.

Affected Scenarios 

• Post-upgrade to SonicOS 7.3 and SonicOS 8.0.3
• Factory default or RMA replacement of the secondary unit
• Mismatched password complexity policies between primary and secondary devices 

Symptoms 

• HA pair fails to synchronize
• HA status shows as “Inactive” or “Failed”
• System logs indicate password or sync-related errors 

SonicOS 7.3 and SonicOS 8.0.3 enforces a stronger default password complexity policy in Factory default. 
Enforce Password Complexity 

• Enforces Alphanumeric and symbolic password policy 

Requirements include: 

• Minimum length of 8 characters.
• At least one uppercase letter
• At least one lowercase letter
• At least one number
• At least one special character

NOTE: Only the listed special characters are allowed that include:"!","@","#","$","%","^","&","*","(", and")". Other special characters are treated as illegal character and they could generate errors. 

If the primary firewall still uses legacy password complexity settings, it cannot synchronize with a freshly reset (or RMA'd) secondary device that now enforces the new policy. 

To restore HA synchronization, ensure that both units use the same password complexity policy. 

Option 1 (Recommended): Align Primary with New Default Policy 

1. On the Primary firewall, navigate to: Device|Settings |Administration|Password Policy
2. Update the policy to require: 
   • Alphanumeric characters
   • Special symbols 
3. Update the admin password (if needed) to meet the new requirements.
4. Allow HA to sync with the secondary unit.

Option 2: Match Secondary to Existing Primary Policy 

1. On the Secondary firewall, temporarily log in directly via local management.
2. Lower the password complexity settings to match the primary unit's current policy.
3. Reboot and allow HA to re-establish.

Best Practices 

• After upgrading to SonicOS 7.3 or SonicOS 8.0.3, review and update password complexity settings to align with the new security defaults. 
• Combine this with MFA (Multi-Factor Authentication) for All users.