SonicOS 7.3 Release Notes

Technical Documentation>  SonicOS 7.3.1>  Version 7.3.1-7013
Table of Contents

Version 7.3.1-7013

November 2025

This version of SonicOS 7.3.1 is a maintenance release for existing platforms and also resolves issues found in previous releases.

Important

  • SonicOS 7.3.1 is not FIPS or Common Criteria certified.
  • SonicWall firewalls running versions of SonicOS 7.1.x or later cannot be managed using Global Management System (GMS).
  • Downgrading to SonicOS 7.0.x, SonicOS 7.1.x, and SonicOS 7.2.x from SonicOS 7.3.1 is not supported.

  • Firewalls currently operating on SonicOS 7.3.0-7019 (non-Hotfix) are supported for upgrade to SonicOS 7.3.1-7013.

    If customers have any questions or require clarification regarding the firmware upgrade path, it is strongly recommended to open a support ticket for assistance.

  • Upgrading SonicOS 7.0.1 to 7.3.1 for NSv requires a fresh installation of NSv for all platforms. (For more information, refer to NSv upgrade from 7.0.1 to 7.1.X.)
  • Use the Firmware Auto Update feature in SonicOS 7.3.1 to ensure that your firewall always has the latest updates for critical vulnerabilities. (For more information, refer to Firmware Auto Update.)

  • Customers using LDAP are advised to review the corresponding Knowledge Base article prior to upgrading to version 7.3.1. (For more information, refer to LDAP Connectivity Fails After Upgrading to SonicOS 7.3.1.)

Compatibility and Installation Notes

  • A MySonicWall account is required.

  • Network Security Manager (NSM) SaaS 3.3 is required to manage firewalls using SonicOS 7.3.1.

    The support for SonicOS 7.3.1 Credential Auditor feature will be available in Network Security Manager (NSM) 3.4 or higher.

  • Network Security Manager (NSM) On-Premises will introduce support for SonicOS 7.3.1 beginning with Network Security Manager release 3.2.0, which is planned for availability in December.

  • SonicOS 7.3.1 supports NetExtender 10.2.
  • Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
  • Credential Auditor feature is not supported on NSsp 15700.

Supported Platforms

The platform-specific version for this unified release is the same:

Platform Firmware Version
TZ Series 7.3.1-7013
NSa Series 7.3.1-7013
NSv Series 7.3.1-7013
NSsp Series 7.3.1-7013
  • TZ270 / TZ270W
  • TZ370 / TZ370W
  • TZ470 / TZ470W
  • TZ570 / TZ570W
  • TZ570P
  • TZ670
  • NSa 2700
  • NSa 3700
  • NSa 4700
  • NSa 5700
  • NSa 6700
  • NSv 270
  • NSv 470
  • NSv 870
  • NSsp 10700
  • NSsp 11700
  • NSsp 13700
  • NSsp 15700

SonicOS NSv deployments are supported on the following platforms:

  • AWS (BYOL and PAYG)
  • Microsoft Azure (BYOL)
  • VMware ESXi
  • Microsoft Hyper-V
  • Linux KVM

What's New

  • Credential Auditor

    SonicOS 7.3.1 introduces Credential Auditor, a built-in security feature designed to strengthen password protection. It automatically checks user credentials against known lists of compromised passwords, flags any matches, and enables administrators to take immediate action such as issuing warnings or enforcing password changes. This capability is included at no additional cost, with no extra SKUs or products required. Credential Auditor provides customers and partners with a simple, proactive way to manage credential risks, further enhancing SonicWall’s integrated, easy-to-use.

Resolved Issues

Issue ID Issue Description

GEN7-55426

Device rebooting when accessing SNMP MIB ipAddrTable.

GEN7-55410

SAML authentication with NetExtender fails when Firefox is the default browser. After logging in, firefox downloads the SAD file instead of initiating VPN.

GEN7-55229

PPPoE is disconnecting intermittently for certain ISP providers.

GEN7-54936

Notice instability with SNMP GET request for ifTable with an illegal value of 0.
GEN7-54896 SonicOS SSLVPN Pre-Auth Stack-Based Buffer Overflow Vulnerability (SNWLID-2025-0016).

GEN7-54855

The bandwidth Management option is missing on the WAN > Advanced page when firewalls are in High Availability mode.

GEN7-54847

When deleting multiple users, if the deletion of any single user fails, it may cause the device to reboot.

GEN7-54843

Notice instability when using http in the URL to download dynamic botnet lists and dynamic external address groups .

GEN7-54817

DPI-SSL client inspection is not enforced if an IP added to DPI-SSL exclusion and removed again.

GEN7-54816

SNMP GET reports 32-bit counters for interface link speed instead of 64-bit, and incorrect speed values.

GEN7-54699

Users cannot set bandwidth management for interfaces higher than 1G.

GEN7-54597

The object disappears when creating a user or a user group whose name contains special characters under SNMP.

GEN7-54536

Connecting with NetExtender shows The server is unreachable due to OTP failure. The session timed out due to insufficient time for operations during the authentication process.

GEN7-52370

Displays The Maximum Number of users is already logged in information when trying to log in via NetExtender or Virtual Office portal to the firewall.

Known Issues

Issue ID Issue Description

GEN7-54716

GMS does not support SonicOS versions after SonicOS 7.0.x.

GEN7-54598

A locked IP address is automatically unlocked when using the GVC client. IPsec VPN reuses connection caches that are not deleted right after a login failure.

GEN7-54569

In a high-availability setup, locked-out IP addresses are not getting synced with the standby node.

GEN7-54564

Unable to import LDAP users belonging to child domains. When clicking on Import LDAP users and selecting the primary server from the list, the user list doesn’t display users from the child domain. It lists users only from the primary domain. Selecting Import from all LDAP servers will display all users from all the servers configured.

GEN7-54531

The firewall UI is not accessible via HTTPS port 8080 after changing from 443, which causes a conflict. Recommended to use a different port than 8080.

GEN7-54380

With New password must contain 8 characters different from the old password enabled, when changing the password to something that doesn't match using NetExtender or Mobile Connect, it displays an error that may be confusing Login failed - Incorrect username/password. 2 more login attempts before lockout. This will be addressed in a subsequent release.

GEN7-54348

Changing the OTP Length and then changing it back results in the error: Ensure the minimum length is not greater than the maximum length.

GEN7-44977

CLI has commands to adjust the percentage of storage for logs, packet capture, threat-logs, and appflow-report. The commands have no effect as this feature was never implemented.

Additional References

GEN7-55948, GEN7-55779, GEN7-55709, GEN7-55694, GEN7-55673, GEN7-55610, GEN7-55600, GEN7-55548, GEN7-55524, GEN7-55441, GEN7-55376, GEN7-55358, GEN7-55356, GEN7-55240, GEN7-55237, GEN7-55171, GEN7-54958, GEN7-54914, GEN7-54850, GEN7-54841, GEN7-54743, GEN7-54711, GEN7-54640, GEN7-54635, GEN7-54532, GEN7-54484, GEN7-54432, GEN7-54394, GEN7-54386, GEN7-54359, GEN7-54346, GEN7-54264, GEN7-54250, GEN7-54219, GEN7-54160, GEN7-54103, GEN7-54082, GEN7-54025, GEN7-53973, GEN7-53742, GEN7-53132, GEN7-50618.