Secure Mobile Access 12.5 Release Notes
Table of Contents
12.5.0
August 2025
About Secure Mobile Access
Secure Mobile Access (SMA) provides scalable and secure mobile access for enterprises, while effectively blocking untrusted applications, Wi-Fi threats, and malware. SMA appliances offer a unified gateway and consistent user experience across all platforms, including both managed and unmanaged devices. All traffic is encrypted using Secure Sockets Layer/Transport Layer Security (SSL/TLS) to protect it from unauthorized access.
SMA is available as a physical appliance or as a virtual appliance running on VMware ESXi, Microsoft Hyper-V, Amazon Web Services (AWS), Microsoft Azure, and KVM.
The Central Management Server (CMS) can also be deployed on VMware ESXi, Microsoft Hyper-V, AWS, Azure, and KVM.
Supported Platforms
The SMA 12.5 release is supported on the following SMA 1000 series appliances:
- SMA 6200 series (SMA 6200 and SMA 6210)
- SMA 7200 series (SMA 7200 and SMA 7210)
- SMA 8200v (ESXi/Hyper-V/AWS/Azure/KVM)
- Central Management Server (CMS) (ESXi/Hyper-V/AWS/Azure/KVM)
Supported Firmware Levels
You can use the client systems running with version 12.5.0 client software with SonicWall SMA appliances running with the following firmware version:
- 12.4.3 + latest hotfixes → 12.5.0
- It is recommended to upgrade to 12.5.0 from 12.4.3 with latest hotfixes.
For more information on supported platforms, clients, servers, IT infrastructure, and online services, refer to:
Clients running version 12.4.x are compatible with servers running version 12.5.0, as backward and forward compatibility is supported. However, please note that older clients may not support newer features introduced in version 12.5.0. To use these features, it is recommended to upgrade your client to version 12.5.0.
What's New
-
IPv6 support is available.
-
Alerting from Standalone Appliances.
-
LM/MSW Integration for Licensing on Standalone Appliances.
-
Support for Extraweb authentication via the Authentication API.
-
Cross-Site Request Forgery protection is now enforced by default in the Web Proxy.
-
SNMPv3 now supports SHA-2.
-
The system now logs all incoming requests to the AMC.
-
Web Proxy session cookies are now set with appropriate security flags.
-
Basic AD and advanced AD authentication against Microsoft Windows Server 2025 support is available.
-
LDAP over SSL/TLS is now enabled by default in basic Active Directory configurations.
-
New option in CMS to replicate credentials and API keys for the primary admin.
-
New option in CMS to clear logs on managed appliances.
-
New option in CT to choose between default or embedded browser for SAML authentication.
-
Enhanced usability and performance of the file explorer in Workaplce.
-
Support for SAML logout in tunnel clients.
Resolved Issues
| Issue ID | Issue Description |
|---|---|
| SMA1000-7127 | The unknown filter for the platform is not working on the User Sessions page. |
| SMA1000-7136 | Disk usage alert on CMS should also consider the /var/log/couchdb partition. |
| SMA1000-7215 | Refreshing the browser on the Workplace home page logs the user out. |
| SMA1000-7438 | Prohibit the use of the Device-VPN realm during Workplace login. |
| SMA1000-7503 | RDP shortcut's "Screen resolution" selection is missing the "Screen-percent" option. |
| SMA1000-7508 | Update SSL certificate chains when the CA list is updated. |
| SMA1000-7529 | Upgrade/hotfix installation from CMS creates tasks with incorrect execution times for nodes in different time zones. |
| SMA1000-7708 | AMC should discourage using NAT address pools, especially on cloud platforms. |
| SMA1000-7732 | The AWS instance is configured with the default MTU of 9001. |
| SMA1000-7794 | Support routing tunnel traffic to the internet on single-homed cloud appliances. |
| SMA1000-7892 | Deprecate the "Use Mobile Connect secure web browser" option from Workplace shortcuts. |
| SMA1000-7956 | The default maximum password length of 12 for the local auth server is too short. |
| SMA1000-7964 | CT auto-upgrade issues with Device VPN. |
| SMA1000-8064 | Remove the "Switch to Legacy client" option from macOS CT. |
| SMA1000-8077 | Users can select a platform while downloading CT clients in Workplace Lite mode. |
| SMA1000-8120 | The hidden realm information message is truncated during Workplace login. |
| SMA1000-8175 | Intune Graph API query for Windows devices should use the "azureADDeviceId" attribute as the key. |
Known Issues
| Issue ID | Issue Description |
|---|---|
| SMA1000-7748 | Due to limitations in the Azure Marketplace, manual creation of IPv6 networking configuration is required. |
| SMA1000-8212 | Automated CMS map updates require a manual workaround in specific time zones. |
| SMA1000-8229 | The upload status is not correctly updated when CAPTURE ATP is enabled for File Explorer. |
Additional References
SMA1000-8219, SMA1000-8116, SMA1000-8062, SMA1000-8060, SMA1000-8056, SMA1000-8040, SMA1000-7969, SMA1000-7966, SMA1000-7923, SMA1000-7816, SMA1000-7760, SMA1000-7759, SMA1000-7758, SMA1000-7756, SMA1000-7755, SMA1000-7749, SMA1000-7744, SMA1000-7602, SMA1000-7585, SMA1000-7578, SMA1000-7290, SMA1000-7242, SMA1000-5226
