SonicOS 7.0.1 Release Notes
Table of Contents
Version 7.0.1-5151 March 2024
March 2024
This version of SonicOS7.0.1 is a maintenance release for existing platforms and resolves issues found in previous releases.
Supported Platforms
The platform-specific versions for this unified release are all the same:
| Platform | Firmware Version |
|---|---|
| TZ Series | 7.0.1-5151 |
| NSa Series | 7.0.1-5151 |
| NSv Series | 7.0.1-5151 |
| NSsp Series | 7.0.1-5151 |
|
|
|
|
SonicOSNSv deployments are supported on the following platforms:
- AWS (BYOL and PAYG)
- Microsoft Azure (BYOL)
- VMware ESXi
- Microsoft Hyper-V
- Linux KVM
Resolved Issues
| Issue ID | Issue Description |
|---|---|
| GEN7-42309 | SonicOS SSL VPN Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability: SNWLID-2024-0005 |
| GEN7-43727 | SSL-VPN portal users are not redirected to the portal after changing their password when using RADIUS MS-CHAPv2. |
| GEN7-44851 | The IKE proposal Authentication default value of the SonicWall Auto Provisioning Server and Client is not consistent. Default value of the SonicWallAuto Provisioning Server IKE proposal was AES-256/SHA-1 when the Server IKE proposal was AES-256/SHA-256. The SonicWall Auto Provisioning Client IKE proposal Authentication default value is now SHA1. |
| GEN7-44949 | Cannot establish a VPN tunnel when using AESGMAC. |
| GEN7-44990 | Garbage is printed in the srcV6= tag for the IPv6 system log. |
| GEN7-45064 | New memory optimizations have been included in this build. |
| GEN7-45556 | Unable to enable FIPS Mode in a High Availability configuration. |
| GEN7-45736 | Duplicate records are displayed on the AppFlow Report Users tab. |
| GEN7-45797 | Integer-Based Buffer Overflow Vulnerability In SonicOS via IPSec: SNWLID-2024-0004 |
| GEN7-46209 | Configuring DDNS with dyn.com causes the error Network error to be displayed in the
status. |
| GEN7-46296 | CVE-2023-48795: Prefix Truncation Attacks in SSH Specification (Terrapin Attack): SNWLID-2024-0002 |
| GEN7-46559 | DNS rebinding attack prevention is now available to be used with the DNS Proxy feature. |
| GEN7-46938 | When trying to create an address object, there is intermittently no option to select the VPN zone. |
| GEN7-47372 | The NetExtender version is updated to the latest release (v10.2.339). If the NetExtender client Autoupdate option is enabled on the Firewall SSL VPN/Client settings page, NetExtender clients will check for the newer version and automatically update to v10.2.339. |
Additional References
GEN7-44370, GEN7-45066, GEN7-45462
Known Issues
| Issue ID | Issue Description |
|---|---|
| GEN7-41102 | The Password Change page is not prompting when Password change is enabled on the firewall for a Imported user. |
| GEN7-41996 | Disabling the Automatically adjust clock for daylight saving time setting does not change the current system time. |
| GEN7-42675 | In devices configured in Policy Mode, if the highest priority matching security policy has All users selected,, and does not have any of App/Match/URL/Web-Cat selected, the user redirection is skipped for subsequent security policies. |
| GEN7-43500 | After changing the name of a local user, the entry is still displayed in Server DPI-SSL Exclusion and DPI-SSL Inclusion lists and the user with the changed name cannot be selected. |
| GEN7-43554 |
Unable to add valid domains on the Custom Malicious Domain Name List and White List pages after adding an invalid domain. Logging out and back in should resolve the issue. |
| GEN7-46927 | Traffic from Custom LANover VPN stops when the order of the WAN Load Balancing member is changed. |
| GEN7-47528 |
When installing the NetExtender software from the SSL VPN portal page for 32-bit Windows, the message Download and install the NetExtender software directly from sonicwall.com. |