SonicOS/X 7.0.1 Release Notes
- SonicWall SonicOS and SonicOSX 7.0.1
- Version 7.0.1-5072 June 2022
- Version 7.0.1-5030-R945 June 2022
- Version 7.0.1-5065 April 2022
- Version 7.0.1-5054 April 2022
- Version 7.0.1-5052 April 2022
- Version 7.0.1-5030 December/October 2021
- Version 7.0.1-5026 September 2021
- Version 7.0.1-5023 August 2021
- Version 7.0.1-5019 August 2021
- Version 7.0.1 July 2021
- Version 7.0.1 June 2021
- Version 7.0.1 April 2021
- SonicWall Support
Version 7.0.1-5052 April 2022
April 2022
This version of SonicOS/X 7.0.1 is a maintenance release for existing platforms and resolves issues found in previous releases.
Supported Platforms
The platform-specific versions for this unified release are all the same:
| Platform | Firmware Version |
|---|---|
| TZ Series | 7.0.1-5052 |
| NSa Series | 7.0.1-5052 |
| NSv Series | 7.0.1-5052 |
| NSsp Series | 7.0.1-5052 |
|
|
|
|
SonicOS/X NSv deployments are supported on the following platforms:
- AWS (BYOL and PAYG)
- Microsoft Azure (BYOL)
- VMware ESXi
- Microsoft Hyper-V
- Linux KVM
Resolved Issues
| Issue ID | Issue Description |
|---|---|
| GEN7-31534 | NSv series only: Improper restriction of TCP communication channel potentially resulting in DoS |
| GEN7-31742 | NSv series only: Potential exposure of sensitive information to an unauthorized user via SNMP |
| GEN7-31870 | NSa series, NSsp series, TZ series: Potential exposure of Wireless Access Point (WAP) sensitive information via SNMP |
| GEN7-31996 | NSv series only: Allocation of resources without limits or throttling can potentially result in HTTP DoS via the Content Filtering Service (CFS) |
| GEN7-31997 | NSa series, NSsp series, TZ series: Stack-based buffer overflow in SonicOS/X potentially resulting in DoS |
| GEN7-30684 | Offline registration on KVM using a manual keyset fails. |
| GEN7-30532 | Core 0 gradually increases to 100% utilization after about 12 hours. |
| GEN7-30420 | High Availability with Stateful Failover-enabled connections may not be fully being synchronized between active and standby units. |
| GEN7-30388 | High Availability units may stop responding and fail over to Secondary, reporting a DP crash. |
| GEN7-30385 | After importing Settings migrated from an NSa 3600 to an NSa 3700, navigating
to the NAT page displays the error: An error has occurred but the cause could not be
determined at this time. |
| GEN7-30375 | A crash may be observed in configuration auditing timer when the device is rebooted. |
| GEN7-30022 | The Search field in the ARP table only allows for the entry of one character. |
| GEN7-29639 | When a Bridge member is bound bind to a WAN interface and firewalling is enabled, the firewall cannot be accessed when the system pings the WAN subnet. All traffic, including LAN to WAN, is also affected |
| GEN7-29637 | Incorrect values for memory usage may be reported when using SNMP. |
| GEN7-29383 | Firewall appliances may stop responding. |
| GEN7-29246 | High Availability timeout customization changes to help with large configuration files synchronization between Active and Idle units have been improved. |
| GEN7-29150 | Default Service Objects for ICMPv6 are missing in the web management interface. |
| GEN7-29051 | In a Stateful Failover configuration, the active firewall may be unable to send
cache remove packets to an idle firewall, reporting No buffer, causing
connection cache to increase rapidly on the idle firewall. |
| GEN7-29048 | A firewall may drop valid traffic as IP spoof dropped over
point-to-point connections with probing enabled on a policy-based route. |
| GEN7-29043 | Client DPI-SSL may cause high CPU utilization. |
| GEN7-29007 | Changing the maximum transmission unit (MTU) of a Virtual interface fails without displaying an error. |
| GEN7-28979 | The Exclusion Group setting on App Control changes to None when the device is restarted. |
| GEN7-28950 | Packet Monitor displays more packets than are selected in the Filter. |
| GEN7-28911 | Anti-Spam does not accept .local hostname under a LDAP server
configuration of CASS. It fails with the error host name is empty or not
valid. |
| GEN7-28861 | Transparent range host and range objects are not available in the Transparent Range drop-down list on the transparent interface configuration page when the primary WAN is set to any value other than X1. |
| GEN7-28848 | A device registered offline with the signatures updated will not allow the creation of an Application Group. |
| GEN7-28847 | Border Gateway Protocol (BGP)-related access rules that were deleted are added again after when the device is restarted. An option on the Diagnostics page, Disable auto-added BGP access rules was added to resolve this issue. When checked, this option will remove any existing automatically-added BGP rules and prevent the automatically-added BGP rules from being added again in the future. |
| GEN7-28793 | Modifying third-party SSO API client settings displays the error: Host name /
IP address: The host name/IP address must be unique. |
| GEN7-28782 | A firewall appliance may stop responding intermittently. |
| GEN7-28762 | Some EICAR test files do not get blocked by Gateway Anti-Virus. |
| GEN7-28744 | Unable to create a cloud backup with the error Cloud backup service is
unavailable. |
| GEN7-28682 | System logs file cannot be downloaded from the Secondary Storage. When the button to download the file is clicked, no popup window is displayed by the browser to save the file. |
| GEN7-28622 | When editing a multi-path route using unnumbered tunnel interfaces as the
next hop interfaces, the error is displayed: interfacex value is unreasonable. |
| GEN7-28535 | The error Enter a valid IPV4 addresss for default target in X1 is displayed when
trying to change Load Balancing and Failover Group settings so the order of
interfaces is different for basic failover. |
| GEN7-28495 | SSL-VPN Services group is inheriting all VPN Access objects from its member users, |
| GEN7-28464 | Unable to add or edit an WLAN interface when Only allow traffic
generated by a SonicPoint/SonicWave is disabled. Attempting to causes this error to be displayed: Command 'no auto-discovery' does not match. |
| GEN7-28447 | Communication between two subnets is not blocked by the Security policy when using secondary subnets on the same interface. |
| GEN7-28412 | E-mails on the mail server are sometimes not deleted and the connection to the mail server is not disconnected even if password-protected ZIP attachment files are detected as having a virus by Gateway Anti-Virus. This occurs with Gateway Anti-Virus, POP3 protocol Inbound Inspection, and Restrict Transfer of password-protected ZIP files settings enabled. |
| GEN7-28406 | When clicking the next arrow to items in the IP address column on the On Check Network Settings page of Diagnostics does not redirect to the setting spage for the specific server. |
| GEN7-28397 | Link Aggregation Control Protocol (LACP) on 40GB Interfaces (X33) fails after rebooting NSa 6700 devices. |
| GEN7-28388 | Unable to configure the fiber interfaces on the Portshield Port Graphics page, displaying
the error Command 'link-speed auto-negotiate' does not match. |
| GEN7-28384 | Unable to configure the interface in Portshield to WLAN zone |
| GEN7-28360 | When Failover and Load Balancing is disabled, failover does not occur when shutting down the primary WAN. |
| GEN7-28307 | The error Unknown Reason is displayed when configuring Local Users & Groups Settings page in Non-Config mode, |
| GEN7-28269 | Deploying an NSv virtual device to an existing Virtual Network in Azure using Marketplace or Templates results in the network secrity group not being associated with the X1 WAN Subnet. |
| GEN7-28176 | The Guest Services configuration for Session Synchronization displays incorrect values in the web management interface and command-line interface (CLI). |
| GEN7-28148 | `GroupList` (DH) failed to generate after rebooting causing VPN to not come up. |
| GEN7-28144 | Unable to export console logs via FTP using the command-line interface (CLI). |
| GEN7-28123 | Data Plane Core utilization reaches 100% intermittently, causing the web management interface to lag and disrupting internet access to network hosts |
| GEN7-28038 | Possible buffer overflow that can be caused by an invalid parameter used by communication protocols between firewall and backend. |
| GEN7-27950 | Unable to manually add the parent switch to a High Availability pair, with this error: Index of the Extended Switch instance. |
| GEN7-27592 | The SSL-VPN RDP HTML5 Bookmark disconnects intermittently while resizing the window or itself without any changes. |
| GEN7-26764 | The Edit Lists selection box for Authentication Partition always shows Available Radius servers even of other types are chosen such, as
SSO agents or LDAP servers. |
| GEN7-26758 | Transparent range displays address objects and address groups that are not part of WAN subnet. |
| GEN7-26447 | When primary storage option is chosen for log storage, the file location for
log files is not updated. The file location still shows extended. |
| GEN7-26136 | While connected using NetExtender, users may be frequently disconnected while trying to move, copy, open, or upload files to a shared drive. |
| GEN7-26089 | When 100M/10M speeds are forced on an interface, shutting down the
interface and bringing it back by clicking the Enabled toggle
button results in a No link error. |
| GEN7-26063 | The Auto-negotiation of multiple speeds does not work on the QSFP+ (40G) and QSP28 (100G) ports, |
| GEN7-24957 | An error is displayed with an undetermined cause the first time users log in using Two-Factor Authentication. |
| GEN7-24835 | Address Objects bound to a custom Public zone as well as Trusted zone are not displayed in the Transparent Range list while configuring an interface in Transparent Mode. |
| GEN7-24821 | Content Filtering policies block the web pages as expected, but firewall log events are not reporting any block messages and Analytics reporting shows that access to the website is allowed. |
| GEN7-24658 | Blade synchronization issues may be seen when trying to log in using the default administrator credentials when using Two-Factor Authentication. |
| GEN7-20540 | The Route Policy Details for the source and destination routes are incorrect on the IPv6 Connections page on the backup unit of a High Availability pair. |
| GEN7-20422 | A Guest user having Group membership as "Guest Administrators" gets an error when logging in and is unable to use "Auto-generate password" feature for guest accounts according to assigned guest profile, is unable to export guest user list, and, when using the print icon, the password is not displayed on the paper. |
| GEN7-15543 | On NSsp 15700 appliances, a BGP/OSPF neighbor cannot be established on a numbered VPN tunnel interface when the VPN policy is established on a non-master blade. |
| GEN7-13640 | Packet Monitor configuration is synchronized across a High Availability pair instead of being prevented. |
Additional References
The following additional resolved issues in this release are listed here for reference:
GEN7-22240, GEN7-23631, GEN7-23834, GEN7-24321, GEN7-25750, GEN7-25751, GEN7-25813, GEN7-26604, GEN7-26622, GEN7-26793, GEN7-27090, GEN7-27367, GEN7-27471, GEN7-27508, GEN7-27512, GEN7-27542, GEN7-27555, GEN7-27725, GEN7-27727, GEN7-27728, GEN7-27863, GEN7-27866, GEN7-27927, GEN7-27948, GEN7-27954, GEN7-27957, GEN7-27958, GEN7-28005, GEN7-28022, GEN7-28055, GEN7-28056, GEN7-28082, GEN7-28084, GEN7-28111, GEN7-28116, GEN7-28120, GEN7-28124, GEN7-28155, GEN7-28163, GEN7-28175, GEN7-28177, GEN7-28182, GEN7-28222, GEN7-28223, GEN7-28272, GEN7-28276, GEN7-28278, GEN7-28366, GEN7-28386, GEN7-28391, GEN7-28403, GEN7-28413, GEN7-28436, GEN7-28444, GEN7-28462, GEN7-28480, GEN7-28492, GEN7-28496, GEN7-28497, GEN7-28508, GEN7-28547, GEN7-28548, GEN7-28570, GEN7-28595, GEN7-28596, GEN7-28617, GEN7-28624, GEN7-28626, GEN7-28657, GEN7-28665, GEN7-28692, GEN7-28717, GEN7-28735, GEN7-28740, GEN7-28741, GEN7-28745, GEN7-28747, GEN7-28748, GEN7-28753, GEN7-28754, GEN7-28769, GEN7-28778, GEN7-28779, GEN7-28799, GEN7-28829, GEN7-28830, GEN7-28856, GEN7-28857, GEN7-28862, GEN7-28872, GEN7-28889, GEN7-28901, GEN7-28914, GEN7-28934, GEN7-28978, GEN7-29084, GEN7-29103, GEN7-29111, GEN7-29165, GEN7-29174, GEN7-29176, GEN7-29184, GEN7-29237, GEN7-29247, GEN7-29264, GEN7-29288, GEN7-29298, GEN7-29318, GEN7-29339, GEN7-29344, GEN7-29350, GEN7-29355, GEN7-29543, GEN7-29548, GEN7-29619, GEN7-29683, GEN7-29740, GEN7-29768, GEN7-29772, GEN7-29773, GEN7-29796, GEN7-29809, GEN7-29830, GEN7-29843, GEN7-29844, GEN7-30018, GEN7-30083, GEN7-30308, GEN7-30333, GEN7-30445, GEN7-30448, GEN7-30482, GEN7-30505, GEN7-30532, GEN7-30595, GEN7-30619, GEN7-30741, GEN7-30768, GEN7-30772, GEN7-30908, GEN7-30990, GEN7-31089
Known Issues
| Issue ID | Issue Description |
|---|---|
| GEN7-31453 | Custom static routes are not automatically disabled when a WAN probe fails and goes into failover |
| GEN7-31247 | Native Bridge Mode Pair causes IP traffic drops from and between the paired VLAN interfaces and causes the firewall web management interface to become inaccessible. |
| GEN7-30899 | In networks with ISPs that have high packet loss, DPI-SSL may consume additional memory for each decrypted connection. |
| GEN7-30810 | Naming a Service group as a number prevents service objects from using that number as a port. |
| GEN7-30418 | Not able to change the Default target IP under WAN failover
and Load balancing Probe settings if using 0.0.0.0. |
| GEN7-29872 | The error message The server is not sending intermediate certificate may be displayed when using Server DPI-SSL. |
| GEN7-29867 | Trying to add an All Deny access rule from WAN > WAN generates the error Rule Blocks Management Rule(s). |
| GEN7-29853 | Settings are not saved when importing LDAP users and assigning the user quota on the Import page. Assigning per user will save the setting. |
| GEN7-29640 | When importing settings using the Migration Tool, Switch settings are not imported. |
| GEN7-29552 | Unbinding the Time-based one-time password (TOTP) key from the User Login Status page did not work if the user password does not meet the complexity constraints. |
| GEN7-29535 | The console displays a tTimerTask stacktrace about every hour. |
| GEN7-29415 | The VLAN subinterface does not show correct maximum transmission unit (MTU) in the web management interface when Jumbo frames are enabled. |
| GEN7-29262 | Traffic failed to pass through VPN tunnel interface for the tunnel VPN policy established on non-master blades when VPN is bound to a VLAN interface and the VLAN's parent interface is unassigned. Assign the parent physical interface for the VLAN. |
| GEN7-29210 | Unable to add 10 GB SFP+ interfaces for Port Mirroring. |
| GEN7-29058 | A wildcard FQDN object will not resolve subdomains unless a www FQDN object is also created. |
| GEN7-28816 | Cannot ping from VLAN interface trunked with custom VLAN ID after rebooting the unit. |
| GEN7-28760 | Multi-Instance virtual firewalls with a 100GbE port attached displays the interface as having a 1GbE link. |
| GEN7-28475 | The web management interface reports Command xxx did not match when the guest service is
enabled on the LAN zone and the same IP address is used by an administrator and guest to manage
the web management interface. |
| GEN7-26488 | Native Bridge Mode Pair causes IP traffic drops from and between the paired VLAN interfaces and causes the firewall web management interface to become inaccessible. |
| GEN7-24141 | New devices may not be acquired by Network Security Manager that have settings for VoIP are imported from an older (pre-2020) device. |
| GEN7-19015 | Cannot connect to Layer Two Tunneling Protocol (L2TP) with packets dropped as the packet does not match traffic selectors if the L2TP clients are behind a network address translation (NAT) IP address assignment. |
Was This Article Helpful?
Help us to improve our support portal