SonicOS/X 7.0.1 Release Notes

Version 7.0.1 April 2021

April 2021

SonicOS/X 7.0.1 introduces support for the SonicWall NSa 3700 network security appliance. This release provides several new features and enhancements, and fixes a number of issues found in previous releases.

Compatibility and Installation Notes

SonicOS/X 7.0.1 supports all the features and contains all the resolved issues in previous releases of SonicOS/X 7.0.

  • Browser CompatibilitySonicWall recommends using the latest Chrome, Firefox, Safari, or Edge browsers for administration of SonicOS/X. Incognito and private mode are not supported.
  • Product Licensing – A MySonicWall account is required. SonicWall network security appliances must be registered on MySonicWall to enable full functionality and the benefits of SonicWall security services, firmware updates, and technical support.
  • Wireless WAN – 4G/LTE devices are supported on SonicWallTZ and NSa Series firewalls. To see a list of supported devices, go to: Wireless-cards-and-broadband-devices-supported-on-sonicwall-firewalls-and-access-points
  • Cloud ManagementNetwork Security Manager (NSM) 2.2 supports management of all SonicWall firewalls running 7.0.1.

Supported Platforms

SonicOS/X 7.0.1 is supported on the following SonicWall network security appliances:

  • NSa 2700
  • NSa 3700
  • NSsp 15700
  • TZ270 / TZ270W
  • TZ370 / TZ370W
  • TZ470 / TZ470W
  • TZ570 / TZ570W
  • TZ570P
  • TZ670
  • NSv 270
  • NSv 470
  • NSv 870

NSv 270/470/870 deployments are supported on the following platforms:

  • AWS (BYOL or PAYG)
  • Microsoft Azure
  • VMware ESXi
  • Microsoft Hyper-V
  • Linux KVM

What's New

  • Support for Auth Code during SafeMode Authentication

    You can use the appliance Auth Code as the Maintenance Key when accessing SafeMode on unregistered firewalls running SonicOS 7.0.1. The Auth Code is displayed in the web management interface and on the label affixed to the bottom of the appliance.

  • Switch Integration:

    • Native VLAN configuration support in SonicOS for SonicWall Switches

      Provides ability for administrator to specify which VLANs do not carry a VLAN tag. This helps with SonicWave provisioning.

    • New Port Description field for each switch port provides easy labeling of ports
    • Eight Switches per firewall are supported, up from four Switches in previous releases
    • Support for multiple standalone Switches for SonicWall firewall High Availability deployments
  • SDWAN support on Root Instance of NSsp15700
  • One-Arm Mode interface support for NSv private cloud deployments on VMware, Hyper-V and KVM platforms

    In One-Arm Mode, traffic enters and leaves the appliance on the same interface.

  • PPPoE interface mode support on NSv 270/470/870
  • SR-IOV NIC support on NSv 270/470/870 deployed on KVM platforms

    The Single Root I/O Virtualization (SR-IOV) PCI standard allows virtual machines to share access to a physical network interface card (NIC) installed in the hypervisor.

  • Bootstrap configuration provisioning support for NSv 270/470/870 on KVM platforms
  • Firmware upgrade support from NSv 7.0.0 firmware version to NSv 7.0.1 in Policy Mode

  • SonicOS Classic Mode availability on NSv 270/470/870:

    • Firewall Mode switching available between Classic and Policy Mode
    • Firewall Mode switching option on the NETWORK | Firewall > Advanced page
    • Firewall Mode switching option in MySonicWall controls visibility of this option on the firewall, must be enabled for the NSv serial number in the MySonicWall account
    • Firewall Mode choice of Classic or Policy Mode for new SonicOS/X 7.0.1 NSv deployments
    • Fresh NSv 7.0.1 deployments in Classic Mode support settings imports from NSv 6.5.4.v instances

Resolved Issues

Issue IDIssue Description
GEN7-9974On TZ Series platforms, the administrator cannot modify the Account Expires option in a Guest account using time increments expressed in units (Days, Hours, or Minutes) other than the unit used in the original configuration.
GEN7-10226With Client DPI-SSL enabled, when the SSL client uses ECDHE-ECDSA cipher suites to connect towebsites which support TLS1.3 such as Facebook, the connection cannot be established.
GEN7-10783On NSv or TZ firewalls, the Audit Log is incorrect or missing information when importing a configuration settings file.
GEN7-12366On NSv or TZ firewalls, an excluded user setting within a DENY access rule does not work.
GEN7-13697When using DHCP over VPN on a VLAN interface, if bound to a VLAN interface in unassigned state, the peer cannot decrypt packets.
GEN7-15097Percentage-Based WAN Load Balancing does not work as expected. Running the traffic flow based on user defined Percentage-Based WAN Load Balancing fails with existing/previous traffic flows.
GEN7-15344NSsp 15700 does not show Network Monitor Object in Routing rule and Probe drop-down list.
GEN7-15352When using Single Sign-On on an NSsp 15700, the option for Partition selection is not available when adding an SSO agent.
GEN7-15601When Single Sign-On is toggled in the SSO Agent, RADIUS accounting packets are consistently dropped by the firewall rule. Because of this, the SSO Agent keeps trying to connect and keeps failing.
GEN7-15646On NSv series platforms, SSH management of the firewall fails when the SSH port is configured to use a non-standard port.

On NSv series platforms, the web management interface hangs after deleting the DoS action profile that is used by a DoS policy.

GEN7-16351On an NSsp 15700 with Authentication Partitioning enabled, the LDAP server does not have a partition setting. When adding or editing an LDAP server, there is no Partition field or setting.
GEN7-16659On NSv series platforms, the product code and model name are not displayed in the SonicOS/X web management interface and management console after registration using an NSv serial number if the serial number has never been registered before. If the serial number has been registered by someone (even if this SN has been deregistered), this issue does not occur. Restarting the NSv after registration will also solve this issue.
GEN7-16824On TZ series platforms, the Prevention and Detection settings for many IPS signatures are not consistent by default with the category settings.
GEN7-17413On an NSsp 15700 High Availability pair, the standby firewall loses web and console responsiveness when Virtual MAC is disabled on the active firewall with Override MAC Address enabled.
GEN7-17546On NSsp 15700, FTP packets are dropped when using FTP through a VPN tunnel.
GEN7-17566On a TZ470 after upgrading firmware, the X8 and X9 interfaces display "NO LINK" and are down.
GEN7-17664With Client DPI-SSL enabled, changing the re-signing certificate does not take effect without rebooting the firewall.
GEN7-17929When editing Access Rules on SonicOS 7.0, the Bandwidth Management profiles are set to Disabled by default and the error message, "Error: property 'bandwidth_management' can't be empty object" is displayed on the first attempt to apply a rule.
GEN7-18021In a High Availability pair with Enable Stateful Synchronization selected, attempting to use the Tools & Monitors > Active Connections page results in an error popup message, "HA idle".
GEN7-18025When attempting to delete a custom zone that is no longer used in any interface, an error message displays, "Object is in use by an Access Rule."
GEN7-18035On an NSa 2700, no link is established when connecting a 10 GB SFP+ module on interface X18 to a SonicWall Switch.
GEN7-18097An NSv for Hyper-V deployed on Windows server 2019 cannot boot up successfully when clicking "factory default" in the management console.
GEN7-18381The DNS settings cannot be saved when configuring IPv6 options under Specify DNS Servers Manually on the NETWORK | DNS > Settings page.
GEN7-18457On an NSa 2700 with more than 40,000 Single Sign-On user sessions, the web management interface hangs for about 3 minutes after navigating to the DEVICE | Users > Status page.
GEN7-18553On an NSa 2700, moving the native bridge mode of an interface to a LAN interface causes a segmentation fault.
GEN7-18562On a TZ670 with Link Aggregation configured, traffic fails after shutdown of the Parent Interface of a static LAG.
GEN7-18651On an NSa 2700 with multiple Switches portshielded to the firewall X0 interface and active client connections, traffic flow does not resume after restarting the firewall.
GEN7-18654On an NSa 2700 with multiple Switches connected, the firewall sometimes goes down when trying to delete Switches.
GEN7-18734A backed up configuration with X1 in DHCP mode but without an IP address cannot be imported when attempting to reboot the firewall with that saved configuration, resulting in a failed reboot attempt.
GEN7-18775On an NSa 2700 High Availability pair, toggling Preempt mode on the active firewall causes the standby firewall to reboot.
GEN7-18927On an NSa 2700, the default management IP address for the MGMT port cannot be changed, and the error message, "Command no one arm mode does not match" is displayed.
GEN7-18958On an NSa 2700 using the classic navigation view, the PortShield Groups page is missing.

An error popup, "Network error", is displayed after exporting configuration settings on a firewall with connected SonicWall Switches and then rebooting with factory defaults and importing the saved settings file, although the settings are successfully imported after some time.

GEN7-19255On an NSsp 15700, login fails after importing configuration settings that were exported from the same NSsp.
GEN7-19741An NSa 3700 reboots multiple times and the traffic interface ports go down with "NO LINK" displayed for ports X28 and X29.
GEN7-19767On an NSv for Azure Active/Standby High Availability deployment, the firmware cannot be upgraded.
GEN7-19886On NSv series, the WAN interface cannot be configured in PPPoE mode due to the error "Schema validation error: unknown property 'pppoe'".
GEN7-19970On an NSv AWS PAYG (Pay as you Go) instance, the LAN to WAN traffic cannot be matched with the respective LAN to WAN security policy if Gateway AntiVirus is enabled in the action profile before the NSv AWS instance is associated in MySonicWall.
GEN7-20062Before registering an NSv AWS PAYG instance, Capture Threat Assessment report generation displays an incorrect error message and fails to generate the CTA report.
GEN7-20280On an NSa 2700, the power button does not work with a long press after using a short press to shut down the system. Short Press takes less than 5 seconds, while Long press needs more than 5 seconds.
GEN7-20315On an NSa 2700 with more than 40,000 Single Sign-On users, clicking on Users > Status > Show Count results in an unknown error.
GEN7-20316On an NSa 2700 with more than 40,000 Single Sign-On users, an error is displayed while trying to change Access Rules: "Error: unknown property 'block_traffic_for_single_sign_on'".
GEN7-20673The IPv6 Default LB Group of an interface already configured as part of Failover & LB incorrectly allows some settings to still be configurable.
GEN7-20752High Availability cannot be configured if the standby/peer serial number was once wrongly specified.
GEN7-21397On NSsp 15700, files transferred using SMB are not sent to Capture ATP for analysis.
GEN7-21398On NSsp 15700, .zip archive type files are not sent to Capture ATP for analysis.
GEN7-21486On NSsp 15700, enabling Enhanced Security resulted in no files being sent to the Capture ATP engine.
GEN7-21582On NSsp 15700, Block Until Verdict does not block malicious file download over HTTP/HTTPS with DPI-SSL enabled.
GEN7-21741SonicOSX (Policy Mode) does not support the common ‘real-world’ use case where 5-tuple matches multiple security (ULA) policies with differing (but partially overlapping) web categories applied in a positive matching allow action, unless it applies to non-referrer type websites which are rated with one or multiple categories in the applied group.
GEN7-21799Packets with length larger than 1522 bytes cannot be received when Jumbo Frame is enabled on NSa 2700/3700 firewalls and the interface's MTU has been set to 9000.

Additional References

The following additional resolved issues in this release are listed here for reference:

GEN7-14373, GEN7-15097, GEN7-18103, GEN7-18280, GEN7-18494, GEN7-18585, GEN7-18591, GEN7-18634, GEN7-18666, GEN7-18730, GEN7-18760, GEN7-19009, GEN7-19086, GEN7-19355, GEN7-19384, GEN7-19404, GEN7-19459, GEN7-19460, GEN7-19529, GEN7-19537, GEN7-19546, GEN7-19559, GEN7-19593, GEN7-19606, GEN7-19612, GEN7-19619, GEN7-19649, GEN7-19650, GEN7-19659, GEN7-19721, GEN7-19777, GEN7-19820, GEN7-19830, GEN7-19974, GEN7-20038, GEN7-20050, GEN7-20110, GEN7-20124, GEN7-20204, GEN7-20246, GEN7-20247, GEN7-20366, GEN7-20411, GEN7-20414, GEN7-20510, GEN7-20517, GEN7-20544, GEN7-20601, GEN7-20699, GEN7-20708, GEN7-20766, GEN7-20821, GEN7-20856, GEN7-20866, GEN7-21036, GEN7-21047, GEN7-21069, GEN7-21082, GEN7-21094, GEN7-21225, GEN7-21234, GEN7-21235, GEN7-21236, GEN7-21310, GEN7-21320, GEN7-21321, GEN7-21323, GEN7-21357, GEN7-21358, GEN7-21360, GEN7-21363, GEN7-21393, GEN7-21400, GEN7-21438, GEN7-21445, GEN7-21464, GEN7-21490, GEN7-21493, GEN7-21555, GEN7-21556, GEN7-21558, GEN7-21592, GEN7-21728, GEN7-21742, GEN7-21771, GEN7-21773, GEN7-21774, GEN7-21880, GEN7-21917, GEN7-22007, GEN7-22055, GEN7-22084, GEN7-22151, GEN7-22194, GEN7-22236, GEN7-22277, GEN7-22353, GEN7-22358, GEN7-22391, GEN7-22423, GEN7-22443, GEN7-22600, GEN7-22652, GEN7-22775, GEN7-22787, GEN7-23040

Known Issues

Issue IDIssue Description
GEN7-16351On NSsp with Authentication Partitioning enabled, there is no Partition field or setting when adding or editing an LDAP server.
GEN7-19930High Availability settings are lost, but other settings are retained when importing configuration settings to an NSa 2700 that were exported from an NSa 2600 running SonicOS

A client PC cannot obtain a DHCP IP address in certain deployments involving IP Helper over an unnumbered tunnel VPN. Occurs when an unnumbered tunnel VPN is established between two firewalls, where FW1 is a DHCP server and FW2 has IP Helper enabled, and the client PC is connected to FW1.

GEN7-21977Adding, deleting and configuring or managing Dell X series switches on an NSa 3700 is not working as expected and the error message, "Error: Index of the Extended Switch Instance" is displayed.

During SonicOSX web management, the browser might display the error "Failed to open cache db". This occurs because SonicOSX web management is not supported from browsers in private or incognito mode, including Firefox, Chrome and Edge.

Workaround: Manage the firewall using a browser in normal mode.

GEN7-22269An error pops up saying, "Unknown Reason" when accessing the firewall in non-configuration/readonly mode and attempting to select or clear the check box of any option, such as on the Users > Local Users & Groups > Settings page. A more descriptive error message should be displayed.

When deploying multi-level Switch daisy chaining, it takes more than five minutes to detect a Switch at the third level. That is, after connecting it to a Switch that is already connected with daisy chaining to a Switch connected to the firewall.

GEN7-22772The VLANs of the parent Switch are not properly configured on the child Switches in multi-level daisy chaining.
GEN7-22807Client connections consistently fail with "Timeout" log messages when attempting to connect to a firewall with SSL VPN Server enabled.
GEN7-22950After registering the firewall using the manual license keyset method and entering the license keyset, the security services Signature File ID (SFID) is incorrect when checked on the POLICY | Security Services > Summary page under UPDATE SIGNATURES MANUALLY.
GEN7-22972When using SSH Terminal, a LAN PC cannot connect to an SSH session after disabling and then enabling SSH management on the X0 interface.
GEN7-23108X1 cannot be enabled administratively after an NSv is registered using the manual keyset.

On NSsp, Instances sometimes stop working soon after firmware upgrade. This occurs when LDAP is enabled with multiple LDAP servers, due to an issue related to the LDAP referrals.

Workaround: Disable LDAP referrals in SonicOSX.

GEN7-23131In a Stateful High Availability deployment, the standby unit sometimes stops working after adding, editing or deleting a CFS Custom Category.
GEN7-23165On NSv, inbound "Deny" access rules from WAN to WAN for HTTPS Management access sometimes do not block traffic.
GEN7-23211On NSv, the Protocol tab/screen is not available when editing an interface with Zone set to WAN and Mode / IP Assignment set to PPPoE.

Was This Article Helpful?

Help us to improve our support portal

Techdocs Article Helpful form

Techdocs Article NOT Helpful form

  • Still can't find what you're looking for? Try our knowledge base or ask our community for more help.