This version of SonicOS 7.3.2 is a maintenance release for existing platforms and also resolves issues found in previous releases.
Firewalls currently operating on SonicOS 7.3.1 (non-Hotfix) are supported for upgrade to SonicOS 7.3.2-7010.
If customers have any questions or require clarification regarding the firmware upgrade path, it is strongly recommended to open a support ticket for assistance.
The platform-specific version for this unified release is the same:
| Platform | Firmware Version |
|---|---|
| TZ Series | 7.3.2-7010 |
| NSa Series | 7.3.2-7010 |
| NSv Series | 7.3.2-7010 |
| NSsp Series | 7.3.2-7010 |
|
|
|
|
SonicOS NSv deployments are supported on the following platforms:
|
|
This maintenance release provides security updates and resolves previously reported issues.
|
Issue ID |
Description |
|
GEN7-56576 |
Category 14 logs are not displaying firewall system event logs in NSM. |
|
GEN7-56535 |
The outbound NAT policy added for CSE connectivity is automatically deleted after a reboot. The CSE Access Tier AIPs are dynamic and are populated only after the CSE connector comes up. During device boot-up, the CSE AO remains empty, causing validation to fail and preventing the NAT policy from being added. |
|
GEN7-56477 |
A certain configuration of the SSO Terminal Service Agent causes the device to reboot. |
|
GEN7-56475 |
Users authenticated via SAML receive a 60-minute session duration with Google IdP |
|
GEN7-56472 |
LDAP bind passwords with 14, 30, 46, and 62 characters cause the LDAP test connection and user authentication to fail due to an error in the calculation of the cipher length for an AES-256 encrypted password with PKCS#7 padding. |
|
GEN7-56452 |
Some local users are showing as logged in via SAML. |
|
GEN7-56391 |
Incoming IP Helper traffic from CSE GlobalEdge Access Tier is being dropped on the firewall with drop code "Packet has unallowed source IP from peer". As a result, CSE clients are unable to access any resources behind the firewall connector. |
|
GEN7-56243 |
Post-authentication Format String vulnerability (SNWLID-2026-0001). |
|
GEN7-55784 |
Syslog is not showing the SSLVPN User login timestamp; only the SSLVPN User logout is mentioned in the report. |
|
GEN7-55730 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55729 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55728 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55727 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55726 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55724 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55723 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55722 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55721 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55719 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55718 |
Unable to modify the X1 PPPoE interface on an NSM-managed firewall. |
|
GEN7-55717 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55703 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55702 |
Post-authentication Stack-based Buffer Overflow (SNWLID-2026-0001). |
|
GEN7-55581 |
The Session Expiry Time is miscalculated for externally authenticated guest users. |
| GEN7-55515 | Post-authentication NULL Pointer Dereference vulnerability (SNWLID-2026-0001). |
|
GEN7-52883 |
In a high-availability deployment with an external Sonicwall-managed switch using a Portshield interface, the Spanning-Tree port status doesn't change on switches after HA failover. |
|
GEN7-48603 |
In a high-availability deployment with an external Sonicwall-managed switch with a Portshield interface, the Spanning-Tree port status doesn't change on switches after HA failover. |
| Issue ID | Issue Description |
|---|---|
| GEN7-54726 | The IPv6 route that is added to NetExtender is incorrect when the SSLVPN IPv6 pool is a range address object. |
| GEN7-54715 | Clicking the Accept button on the Geo-IP Filter settings page will enable the Block all Unknown countries option on the other tab automatically if nothing is configured |
|
GEN7-54598 |
A locked IP address is automatically unlocked when using the GVC client. IPsec VPN reuses connection caches that are not deleted right after a login failure. |
|
GEN7-54569 |
In a high-availability setup, locked-out IP addresses aren't getting synced with the standby node. |
|
GEN7-54564 |
Unable to import LDAP users belonging to child domains. When clicking on Import LDAP users and selecting the primary server in the list, the user list doesn’t show users from the child domain. It lists users only from the primary domain. Selecting Import from all LDAP servers will show all the users from all the servers configured/learnt. |
|
GEN7-54531 |
The Firewall UI is not accessible via HTTPS (port 8080) after changing from port 443. This causes a conflict. Please use a different port than 8080. |
|
GEN7-54348 |
Changing the OTP length and then reverting to the original value results in the error: Ensure the minimum length is not greater than the maximum length. |
|
GEN7-44977 |
CLI has commands to adjust the percentage of storage for logs, packet capture, threat-logs, and appflow-report. However, these commands have no effect because this feature was never implemented. |
GEN7-57023, GEN7-56920, GEN7-56774, GEN7-56606, GEN7-56554, GEN7-56479, GEN7-56431, GEN7-56135, GEN7-56134, GEN7-55817, GEN7-55816, GEN7-55776, GEN7-55757, GEN7-55756, GEN7-55654, GEN7-55190, GEN7-55045, GEN7-54875, GEN7-54423, GEN7-54360, GEN7-51893