SonicOS 7.1.3 Release Notes

Technical Documentation>  SonicOS 7.1.3>  Version 7.1.3-7015
Table of Contents

Version 7.1.3-7015

January 2025

This version of SonicOS 7.1.3 is a feature release for existing platforms and also resolves issues found in previous releases.

Important

  • Downgrading to SonicOS 7.0.1 from SonicOS 7.1.3 is not supported.
  • Use the Firmware Auto Update Feature in SonicOS 7.1.3 to ensure that your firewall always has the latest updates for critical vulnerabilities. (For more information, refer to Firmware Auto Update.)

Compatibility and Installation Notes

  • Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
  • A MySonicWall account is required.

Supported Platforms

The platform-specific version for this unified release is the same:

Platform Firmware Version
TZ Series 7.1.3-7015
NSa Series 7.1.3-7015
NSsp Series 7.1.3-7015
  • TZ270 / TZ270W
  • TZ370 / TZ370W
  • TZ470 / TZ470W
  • TZ570 / TZ570W
  • TZ570P
  • TZ670
  • NSa 2700
  • NSa 3700
  • NSa 4700
  • NSa 5700
  • NSa 6700
  • NSsp 10700
  • NSsp 11700
  • NSsp 13700

Resolved Issues

Issue ID Issue Description
GEN7-41593 If LACP is enabled when upgrading a High Availability pair, High Availability should be disabled and each firewall must be upgraded separately.
GEN7-45252

NSsp 15700 only. A Standby firewall may fail to restart from uploaded firmware with the error Wrong firmware to boot displayed in the CLI after clicking Reboot Image with Current Settings.

After forcing a failover for the firewall, the upgrade will be successful.
GEN7-47587 NSsp 15700 only: On firewalls configured for Policy Mode, the highest priority rule is applied after a 3-way handshake instead of on the first packet when there is a lower priority rule that is more specific than a higher priority rule.
GEN7-48603 In an High Availability configuration with external SonicWall-managed switches using a Portshield interface, the Spanning-Tree port status does not change on the switches after an High Availability failover.
GEN7-48727 Inbound Unique Local Address (ULA) access rules are not used.
GEN7-49131 Configuring DDNS with dyn.com displays Network error in the status. This was caused by an incorrect and redundant hostname check for the certificate for the DDNS server.
GEN7-49423 SSL VPN connections may intermittently be dropped preventing users from being able to successfully connect.
GEN7-49738 Integer-Based Buffer Overflow Vulnerability in SonicOS via IPSec (SNWLID-2024-0013)
GEN7-49761 Under some conditions, the highest priority rule is applied after 3-way handshake instead of when the first packet is processed.
GEN7-49766 Generation of a Capture Threat Assessment report fails if the Capture Threat Assessment report is generated containing a custom logo that is larger than 64K.
GEN7-49782 When creating configuration on the Cloud Secure Edge > Access Setting page and adding a Private CIDR object under the connector, the zone assignment dropdown list does not display all the available zones.
GEN7-49875 Fan Failure Alerts (576) are reported in system logs after upgrading to SonicOS 7.1.1-7058.
GEN7-49949 When importing preferences with authentication partitioning, authentication methods keep their default values rather than those provided in the saved configuration.
GEN7-49988 Device is sending system logs to Global Management System (GMS) through the WAN instead of through the VPN when the Management Mode is set to the existing tunnel.
GEN7-49997 The captive portal does not work for local users when using RADIUS authentication.
GEN7-50120 The VPN Policies page is not displaying the Gateway IP and remote networks after importing settings.
GEN7-50133 The Address Object in the Route, Access Rule, and NAT policy is changed after upgrading to 7.1.2-7019 if the address object name contains a ' or ".
GEN7-50173 Enabling TLS 1.3 Hybridized Kyber Support breaks the App Rule action of HTTP Redirect post DPI-SSL Server decryption.
GEN7-50175 The firewall restarts multiple times after upgrading to 7.1.2-7019.
GEN7-50395 After enabling Authentication Partitioning on the Users > Settings page, the Separate settings per authentication partition option cannot be disabled.
GEN7-50543 Unable to access the networks starting with the IP address 172.x.x.x after connecting using the Cloud Secure Edge client.
GEN7-50605 RADIUS Protocol Forgery Vulnerability (Blast-RADIUS) (SNWLID-2024-0014)
GEN7-50741 SonicOS Post-authentication Stack-based buffer overflow vulnerability (SNWLID-2025-0004)
GEN7-50742 SonicOS Post-authentication format string vulnerability (SNWLID-2025-0004)
GEN7-50743 SonicOS Post-authentication arbitrary file read vulnerability (SNWLID-2025-0004)
GEN7-50896 SSL-VPN MFA Bypass Due to UPN and SAM Account Handling in Microsoft Active Directory (SNWLID-2025-0001)
GEN7-51230 SonicOS SSL VPN Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) (SNWLID-2025-0003)
GEN7-51231 SonicOS SSL VPN Authentication Bypass Vulnerability (SNWLID-2025-0003)
GEN7-51232 SonicOS SSH Management Server-Side Request Forgery Vulnerability (SNWLID-2025-0003)

Known Issues

Issue ID Issue Description
GEN7-49808 When creating a configuration on the Cloud Secure Edge > Access Settings page, the error You must associate at least one member object to this group is displayed when attempting to delete any address object from the Default CSE Allowed CIDRs group if it contains an FQDN object.
GEN7-50446 The Setup Guide fails with error: Script is missing one or more "exit" command(s) if LTE/5G for the module device type is selected.
GEN7-51032 When Wireless LAN is disabled, the Wireless Controller Mode is not changed to Non-Wireless automatically.
GEN7-51273 IPv6 ULA redirection may fail.
GEN7-51389

Address Object: Netmask is shown incorrectly in the Network Security Manager (NSM) user interface after the C&D.Network type with Network as 0.0.0.0 and Prefix as 255.0.0.0 will be 0.0.0.0 and 255.255.255.255 instead of 0.0.0.0 and 255.0.0.0.
GEN7-51561 Cannot access The IPv6 HTTPS server when Client DPI SSL is enabled.

Additional References

GEN7-43599, GEN7-43661, GEN7-44786, GEN7-47520, GEN7-48190, GEN7-48273, GEN7-48293, GEN7-48628, GEN7-48835, GEN7-48859, GEN7-48888, GEN7-48979, GEN7-48989, GEN7-49062, GEN7-49127, GEN7-49248, GEN7-49267, GEN7-49304, GEN7-49336, GEN7-49350, GEN7-49376, GEN7-49523, GEN7-49525, GEN7-49571, GEN7-49628, GEN7-49662, GEN7-49688, GEN7-49696, GEN7-49742, GEN7-49771, GEN7-49799, GEN7-49807, GEN7-49827, GEN7-49844, GEN7-49857, GEN7-49858, GEN7-49877, GEN7-49907, GEN7-49961, GEN7-50030, GEN7-50048, GEN7-50067, GEN7-50072, GEN7-50074, GEN7-50075, GEN7-50092, GEN7-50122, GEN7-50124, GEN7-50146, GEN7-50147, GEN7-50183, GEN7-50187, GEN7-50188, GEN7-50189, GEN7-50207, GEN7-50231, GEN7-50245, GEN7-50266, GEN7-50275, GEN7-50306, GEN7-50314, GEN7-50362, GEN7-50369, GEN7-50396, GEN7-50422, GEN7-50433, GEN7-50524, GEN7-50533, GEN7-50535, GEN7-50537, GEN7-50596, GEN7-50599, GEN7-50601, GEN7-50623, GEN7-50635, GEN7-50670, GEN7-50693, GEN7-50737, GEN7-50746, GEN7-50790, GEN7-50821, GEN7-50846, GEN7-50875, GEN7-50891, GEN7-50928, GEN7-50933, GEN7-50964, GEN7-50999, GEN7-51170, GEN7-51195, GEN7-51200, GEN7-51265