SonicOS 7.1.1 Release Notes

Technical Documentation>  SonicOS 7.1>  Version 7.1.1-7058
Table of Contents

Version 7.1.1-7058

June 2024

This version of SonicOS 7.1 is a maintenance release for existing platforms and resolves issues found in previous releases.

In this firmware version, CFS and DPI-SSL supports the TLS hybridized Kyber feature on Chrome and Edge browsers (GEN7-48526 and GEN7-47567).

Important

  • This SonicOS 7.1 firmware will not be available on MySonicWall for NSsp 15700. Please contact your Service Account Manager for the firmware.
  • If you are managing your firewall using Network Security Manager (NSM), make certain that you are using NSM version 2.4 or later.
  • Downgrading to SonicOS 7.0.1 from SonicOS 7.1 is not supported.
  • Upgrading SonicOS 7.0.1 to 7.1 for NSv requires a fresh installation of NSv for all platforms. (For more information, refer to NSv upgrade from 7.0.1 to 7.1.1.)
  • Use the Firmware Auto Update Feature in SonicOS 7.1 to ensure that your firewall always has the latest updates for critical vulnerabilities. (For more information, refer to Firmware Auto Update.)

Compatibility and Installation Notes

  • Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
  • A MySonicWall account is required.

Supported Platforms

The platform-specific versions for this unified release are all the same:

Platform Firmware Version
TZ Series 7.1.1-7058
NSa Series 7.1.1-7058
NSv Series 7.1.1-7058
NSsp Series 7.1.1-7058
  • TZ270 / TZ270W
  • TZ370 / TZ370W
  • TZ470 / TZ470W
  • TZ570 / TZ570W
  • TZ570P
  • TZ670
  • NSa 2700
  • NSa 3700
  • NSa 4700
  • NSa 5700
  • NSa 6700
  • NSv 270
  • NSv 470
  • NSv 870
  • NSsp 10700
  • NSsp 11700
  • NSsp 13700
  • NSsp 15700

SonicOS NSv deployments are supported on the following platforms:

  • AWS (BYOL and PAYG)
  • Microsoft Azure (BYOL)
  • VMware ESXi
  • Microsoft Hyper-V
  • Linux KVM

Resolved Issues

Issue ID Issue Description
GEN7-33934 Users are unable to send emails with attachments larger than 1MB when DPI-SSL is enabled.
GEN7-39872 Users may be intermittently disconnected when using NetExtender and downloading a file.
GEN7-46338 Bandwidth Management is not working in an App Rule when the action object is selected to use a BWM object.
GEN7-47327 The Virtual Office web page times out and displays a blank white screen.
GEN7-47567 App Rules over DPI-SSL are not working when TLS hybridized Kyber support is enabled on Chrome browsers. (This support is now enabled by default on Chrome browsers).
GEN7-47628 The ability to update microcode using Safe Mode has been added to be used under direction of customer support when needed.
GEN7-47736 SSL-VPN licenses are being consumed, preventing users from connecting.
GEN7-47756 Login fails when an user with accent characters in their name when using LDAP authentication.
GEN7-47953 All TZ models, NSa 2700, and NSa 3700 only: Under some conditions, the core dump storage may grow larger than 500 MB in size.
GEN7-48149 The hardware monitor controller may report occasional false alarms, including fan failures.
GEN7-48173 Two-Factor Authentication via TOTP fails for LDAP and Radius users when using NetExtender.
GEN7-48288 Logging in using Radius using a RSA pin authentication for SSLVPN users fails.
GEN7-48420 Stack-based buffer overflow vulnerability in SonicOS HTTP server (SNWLID-2024-0008)
GEN7-48526 Content Filtering Service (CFS) blocking over DPI-SSL is not working when TLS hybridized Kyber support is enabled on Chrome browsers. (This support is now enabled by default on Chrome browsers).
GEN7-48612 Heap-based buffer overflow vulnerability in SonicOS SSL-VPN (SNWLID-2024-0009)
GEN7-49115 When using DPI-SSL, the block page may sometimes fail to display.
GEN7-49189 Under some conditions, the firewall might restart itself when handling error conditions.
GEN7-49451 NSsp 15700 only: The default buffer size for a non-master blade when fetching the Geo-IP map database may experience an overflow if the database size exceeds the maximum limit.

Known Issues

Issue ID Issue Description
GEN7-43016

When deploying an NSv using an .ova file on VMWare ESXi 8.0., the error message Disk image missing is displayed.
GEN7-43500 After changing the name of a local user, the entry is still displayed in the Server DPI SSL Inclusion and Server DPI SSL Exclusion lists and the user with the changed name cannot be selected.
GEN7-43554

Unable to add valid domains to the Custom Malicious Domain Name List and White List pages after adding an invalid domain because the pending configuration is still present.
GEN7-44642 NSsp 15700 only: HTTPS management on X1 is not accessible when the MGMT/Chassis IP and X1/Aux IP are in the same subnet.
GEN7-45252 NSsp 15700 only: A Standby firewall may occasionally fail to start from uploaded firmware. The message Wrong firmware to boot is displayed in printed in the command-line interface (CLI) after clicking Restart image with current settings.
GEN7-47528 When installing the NetExtender software from the SSL VPN portal page for 32-bit Windows, the message The installer is only for x64 machine is displayed.

Additional References

GEN7-46935, GEN7-47809, GEN7-47928, GEN7-48060, GEN7-48185, GEN7-48198, GEN7-48389