SonicOS/X 7.0.1 Release Notes

Version 7.0.1-5052 April 2022

April 2022

This version of SonicOS/X 7.0.1 is a maintenance release for existing platforms and resolves issues found in previous releases.

Supported Platforms

The platform-specific versions for this unified release are all the same:

PlatformFirmware Version
TZ Series7.0.1-5052
NSa Series7.0.1-5052
NSv Series7.0.1-5052
NSsp Series7.0.1-5052
  • NSa 2700
  • NSa 3700
  • NSa 4700
  • NSa 5700
  • NSa 6700
  • NSsp 10700
  • NSsp 11700
  • NSsp 13700
  • TZ270 / TZ270W
  • TZ370 / TZ370W
  • TZ470 / TZ470W
  • TZ570 / TZ570W
  • TZ570P
  • TZ670
  • NSv 270
  • NSv 470
  • NSv 870

SonicOS/X NSv deployments are supported on the following platforms:

  • AWS (BYOL and PAYG)
  • Microsoft Azure (BYOL)
  • VMware ESXi
  • Microsoft Hyper-V
  • Linux KVM

Resolved Issues

Issue IDIssue Description
GEN7-31534NSv series only: Improper restriction of TCP communication channel potentially resulting in DoS
GEN7-31742NSv series only: Potential exposure of sensitive information to an unauthorized user via SNMP
GEN7-31870NSa series, NSsp series, TZ series: Potential exposure of Wireless Access Point (WAP) sensitive information via SNMP
GEN7-31996NSv series only: Allocation of resources without limits or throttling can potentially result in HTTP DoS via the Content Filtering Service (CFS)
GEN7-31997NSa series, NSsp series, TZ series: Stack-based buffer overflow in SonicOS/X potentially resulting in DoS
GEN7-30684Offline registration on KVM using a manual keyset fails.
GEN7-30532Core 0 gradually increases to 100% utilization after about 12 hours.
GEN7-30420High Availability with Stateful Failover-enabled connections may not be fully being synchronized between active and standby units.
GEN7-30388High Availability units may stop responding and fail over to Secondary, reporting a DP crash.
GEN7-30385After importing Settings migrated from an NSa 3600 to an NSa 3700, navigating to the NAT page displays the error: An error has occurred but the cause could not be determined at this time.
GEN7-30375A crash may be observed in configuration auditing timer when the device is rebooted.
GEN7-30022The Search field in the ARP table only allows for the entry of one character.
GEN7-29639When a Bridge member is bound bind to a WAN interface and firewalling is enabled, the firewall cannot be accessed when the system pings the WAN subnet. All traffic, including LAN to WAN, is also affected
GEN7-29637Incorrect values for memory usage may be reported when using SNMP.
GEN7-29383Firewall appliances may stop responding.
GEN7-29246High Availability timeout customization changes to help with large configuration files synchronization between Active and Idle units have been improved.
GEN7-29150Default Service Objects for ICMPv6 are missing in the web management interface.
GEN7-29051In a Stateful Failover configuration, the active firewall may be unable to send cache remove packets to an idle firewall, reporting No buffer, causing connection cache to increase rapidly on the idle firewall.
GEN7-29048A firewall may drop valid traffic as IP spoof dropped over point-to-point connections with probing enabled on a policy-based route.
GEN7-29043Client DPI-SSL may cause high CPU utilization.
GEN7-29007Changing the maximum transmission unit (MTU) of a Virtual interface fails without displaying an error.
GEN7-28979The Exclusion Group setting on App Control changes to None when the device is restarted.
GEN7-28950Packet Monitor displays more packets than are selected in the Filter.
GEN7-28911Anti-Spam does not accept .local hostname under a LDAP server configuration of CASS. It fails with the error host name is empty or not valid.
GEN7-28861Transparent range host and range objects are not available in the Transparent Range drop-down list on the transparent interface configuration page when the primary WAN is set to any value other than X1.
GEN7-28848A device registered offline with the signatures updated will not allow the creation of an Application Group.
GEN7-28847

Border Gateway Protocol (BGP)-related access rules that were deleted are added again after when the device is restarted.

An option on the Diagnostics page, Disable auto-added BGP access rules was added to resolve this issue. When checked, this option will remove any existing automatically-added BGP rules and prevent the automatically-added BGP rules from being added again in the future.

GEN7-28793Modifying third-party SSO API client settings displays the error: Host name / IP address: The host name/IP address must be unique.
GEN7-28782A firewall appliance may stop responding intermittently.
GEN7-28762Some EICAR test files do not get blocked by Gateway Anti-Virus.
GEN7-28744Unable to create a cloud backup with the error Cloud backup service is unavailable.
GEN7-28682System logs file cannot be downloaded from the Secondary Storage. When the button to download the file is clicked, no popup window is displayed by the browser to save the file.
GEN7-28622When editing a multi-path route using unnumbered tunnel interfaces as the next hop interfaces, the error is displayed: interfacex value is unreasonable.
GEN7-28535The error Enter a valid IPV4 addresss for default target in X1 is displayed when trying to change Load Balancing and Failover Group settings so the order of interfaces is different for basic failover.
GEN7-28495SSL-VPN Services group is inheriting all VPN Access objects from its member users,
GEN7-28464Unable to add or edit an WLAN interface when Only allow traffic generated by a SonicPoint/SonicWave is disabled. Attempting to causes this error to be displayed: Command 'no auto-discovery' does not match.
GEN7-28447Communication between two subnets is not blocked by the Security policy when using secondary subnets on the same interface.
GEN7-28412E-mails on the mail server are sometimes not deleted and the connection to the mail server is not disconnected even if password-protected ZIP attachment files are detected as having a virus by Gateway Anti-Virus. This occurs with Gateway Anti-Virus, POP3 protocol Inbound Inspection, and Restrict Transfer of password-protected ZIP files settings enabled.
GEN7-28406When clicking the next arrow to items in the IP address column on the On Check Network Settings page of Diagnostics does not redirect to the setting spage for the specific server.
GEN7-28397 Link Aggregation Control Protocol (LACP) on 40GB Interfaces (X33) fails after rebooting NSa 6700 devices.
GEN7-28388Unable to configure the fiber interfaces on the Portshield Port Graphics page, displaying the error Command 'link-speed auto-negotiate' does not match.
GEN7-28384Unable to configure the interface in Portshield to WLAN zone
GEN7-28360When Failover and Load Balancing is disabled, failover does not occur when shutting down the primary WAN.
GEN7-28307The error Unknown Reason is displayed when configuring Local Users & Groups Settings page in Non-Config mode,
GEN7-28269Deploying an NSv virtual device to an existing Virtual Network in Azure using Marketplace or Templates results in the network secrity group not being associated with the X1 WAN Subnet.
GEN7-28176The Guest Services configuration for Session Synchronization displays incorrect values in the web management interface and command-line interface (CLI).
GEN7-28148`GroupList` (DH) failed to generate after rebooting causing VPN to not come up.
GEN7-28144Unable to export console logs via FTP using the command-line interface (CLI).
GEN7-28123Data Plane Core utilization reaches 100% intermittently, causing the web management interface to lag and disrupting internet access to network hosts
GEN7-28038Possible buffer overflow that can be caused by an invalid parameter used by communication protocols between firewall and backend.
GEN7-27950Unable to manually add the parent switch to a High Availability pair, with this error: Index of the Extended Switch instance.
GEN7-27592The SSL-VPN RDP HTML5 Bookmark disconnects intermittently while resizing the window or itself without any changes.
GEN7-26764The Edit Lists selection box for Authentication Partition always shows Available Radius servers even of other types are chosen such, as SSO agents or LDAP servers.
GEN7-26758Transparent range displays address objects and address groups that are not part of WAN subnet.
GEN7-26447When primary storage option is chosen for log storage, the file location for log files is not updated. The file location still shows extended.
GEN7-26136While connected using NetExtender, users may be frequently disconnected while trying to move, copy, open, or upload files to a shared drive.
GEN7-26089When 100M/10M speeds are forced on an interface, shutting down the interface and bringing it back by clicking the Enabled toggle button results in a No link error.
GEN7-26063The Auto-negotiation of multiple speeds does not work on the QSFP+ (40G) and QSP28 (100G) ports,
GEN7-24957An error is displayed with an undetermined cause the first time users log in using Two-Factor Authentication.
GEN7-24835Address Objects bound to a custom Public zone as well as Trusted zone are not displayed in the Transparent Range list while configuring an interface in Transparent Mode.
GEN7-24821Content Filtering policies block the web pages as expected, but firewall log events are not reporting any block messages and Analytics reporting shows that access to the website is allowed.
GEN7-24658Blade synchronization issues may be seen when trying to log in using the default administrator credentials when using Two-Factor Authentication.
GEN7-20540The Route Policy Details for the source and destination routes are incorrect on the IPv6 Connections page on the backup unit of a High Availability pair.
GEN7-20422A Guest user having Group membership as "Guest Administrators" gets an error when logging in and is unable to use "Auto-generate password" feature for guest accounts according to assigned guest profile, is unable to export guest user list, and, when using the print icon, the password is not displayed on the paper.
GEN7-15543On NSsp 15700 appliances, a BGP/OSPF neighbor cannot be established on a numbered VPN tunnel interface when the VPN policy is established on a non-master blade.
GEN7-13640Packet Monitor configuration is synchronized across a High Availability pair instead of being prevented.

Additional References

The following additional resolved issues in this release are listed here for reference:

GEN7-22240, GEN7-23631, GEN7-23834, GEN7-24321, GEN7-25750, GEN7-25751, GEN7-25813, GEN7-26604, GEN7-26622, GEN7-26793, GEN7-27090, GEN7-27367, GEN7-27471, GEN7-27508, GEN7-27512, GEN7-27542, GEN7-27555, GEN7-27725, GEN7-27727, GEN7-27728, GEN7-27863, GEN7-27866, GEN7-27927, GEN7-27948, GEN7-27954, GEN7-27957, GEN7-27958, GEN7-28005, GEN7-28022, GEN7-28055, GEN7-28056, GEN7-28082, GEN7-28084, GEN7-28111, GEN7-28116, GEN7-28120, GEN7-28124, GEN7-28155, GEN7-28163, GEN7-28175, GEN7-28177, GEN7-28182, GEN7-28222, GEN7-28223, GEN7-28272, GEN7-28276, GEN7-28278, GEN7-28366, GEN7-28386, GEN7-28391, GEN7-28403, GEN7-28413, GEN7-28436, GEN7-28444, GEN7-28462, GEN7-28480, GEN7-28492, GEN7-28496, GEN7-28497, GEN7-28508, GEN7-28547, GEN7-28548, GEN7-28570, GEN7-28595, GEN7-28596, GEN7-28617, GEN7-28624, GEN7-28626, GEN7-28657, GEN7-28665, GEN7-28692, GEN7-28717, GEN7-28735, GEN7-28740, GEN7-28741, GEN7-28745, GEN7-28747, GEN7-28748, GEN7-28753, GEN7-28754, GEN7-28769, GEN7-28778, GEN7-28779, GEN7-28799, GEN7-28829, GEN7-28830, GEN7-28856, GEN7-28857, GEN7-28862, GEN7-28872, GEN7-28889, GEN7-28901, GEN7-28914, GEN7-28934, GEN7-28978, GEN7-29084, GEN7-29103, GEN7-29111, GEN7-29165, GEN7-29174, GEN7-29176, GEN7-29184, GEN7-29237, GEN7-29247, GEN7-29264, GEN7-29288, GEN7-29298, GEN7-29318, GEN7-29339, GEN7-29344, GEN7-29350, GEN7-29355, GEN7-29543, GEN7-29548, GEN7-29619, GEN7-29683, GEN7-29740, GEN7-29768, GEN7-29772, GEN7-29773, GEN7-29796, GEN7-29809, GEN7-29830, GEN7-29843, GEN7-29844, GEN7-30018, GEN7-30083, GEN7-30308, GEN7-30333, GEN7-30445, GEN7-30448, GEN7-30482, GEN7-30505, GEN7-30532, GEN7-30595, GEN7-30619, GEN7-30741, GEN7-30768, GEN7-30772, GEN7-30908, GEN7-30990, GEN7-31089

Known Issues

Issue IDIssue Description
GEN7-31453Custom static routes are not automatically disabled when a WAN probe fails and goes into failover
GEN7-31247Native Bridge Mode Pair causes IP traffic drops from and between the paired VLAN interfaces and causes the firewall web management interface to become inaccessible.
GEN7-30899In networks with ISPs that have high packet loss, DPI-SSL may consume additional memory for each decrypted connection.
GEN7-30810Naming a Service group as a number prevents service objects from using that number as a port.
GEN7-30418Not able to change the Default target IP under WAN failover and Load balancing Probe settings if using 0.0.0.0.
GEN7-29872The error message The server is not sending intermediate certificate may be displayed when using Server DPI-SSL.
GEN7-29867Trying to add an All Deny access rule from WAN > WAN generates the error Rule Blocks Management Rule(s).
GEN7-29853

Settings are not saved when importing LDAP users and assigning the user quota on the Import page.

Assigning per user will save the setting.

GEN7-29640When importing settings using the Migration Tool, Switch settings are not imported.
GEN7-29552Unbinding the Time-based one-time password (TOTP) key from the User Login Status page did not work if the user password does not meet the complexity constraints.
GEN7-29535The console displays a tTimerTask stacktrace about every hour.
GEN7-29415The VLAN subinterface does not show correct maximum transmission unit (MTU) in the web management interface when Jumbo frames are enabled.
GEN7-29262

Traffic failed to pass through VPN tunnel interface for the tunnel VPN policy established on non-master blades when VPN is bound to a VLAN interface and the VLAN's parent interface is unassigned.

Assign the parent physical interface for the VLAN.

GEN7-29210Unable to add 10 GB SFP+ interfaces for Port Mirroring.
GEN7-29058A wildcard FQDN object will not resolve subdomains unless a www FQDN object is also created.
GEN7-28816Cannot ping from VLAN interface trunked with custom VLAN ID after rebooting the unit.
GEN7-28760Multi-Instance virtual firewalls with a 100GbE port attached displays the interface as having a 1GbE link.
GEN7-28475The web management interface reports Command xxx did not match when the guest service is enabled on the LAN zone and the same IP address is used by an administrator and guest to manage the web management interface.
GEN7-26488Native Bridge Mode Pair causes IP traffic drops from and between the paired VLAN interfaces and causes the firewall web management interface to become inaccessible.
GEN7-24141New devices may not be acquired by Network Security Manager that have settings for VoIP are imported from an older (pre-2020) device.
GEN7-19015Cannot connect to Layer Two Tunneling Protocol (L2TP) with packets dropped as the packet does not match traffic selectors if the L2TP clients are behind a network address translation (NAT) IP address assignment.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.