SonicOS 8 Release Notes
Table of Contents
Version 8.1.0-8017
August 2025
The platform-specific version for this unified release is the same:
| TZ Series | Firmware Version | NSa Series | Firmware Version |
|---|---|---|---|
| TZ80 | 8.1.0-8017 | NSa 2800 | 8.1.0-8017 |
| TZ280 | 8.1.0-8017 | NSa 3800 | 8.1.0-8017 |
| TZ380 | 8.1.0-8017 | NSa 4800 | 8.1.0-8017 |
| TZ380W | 8.1.0-8017 | NSa 5800 | 8.1.0-8017 |
| TZ480 | 8.1.0-8017 | ||
| TZ580 | 8.1.0-8017 | ||
| TZ680 | 8.1.0-8017 |
This maintenance release provides fixes for previously reported issues.
Resolved Issues
| Issue ID | Issue Description |
|---|---|
|
GEN8-12269 |
NetExtender 10.3.2 - Unable to authenticate to Duo Proxy MFA (issue not present in NetExtender 10.2). |
|
GEN8-12082 |
An error when creating a user group with @ in the name via SNMP through the GUI. |
|
GEN8-11711 |
With a wireless client connected to the Access Point, the monitor page always shows the allow and deny buttons in grey, even if the ACL function is enabled or disabled. |
|
GEN8-11640 |
Setting the schedule for Firmware Auto Update causes an error when using Safari to access the UI. |
|
GEN8-11638 |
App Rule number of times matched shows Zero when the app rule policy name is followed by a space. |
|
GEN8-11523 |
No error is returned when selecting a certificate without Server Authentication enabled for SSLVPN service. |
|
GEN8-11467 |
NSv series and NSsp 15700 only: Users may experience a decrease in performance when configured for Policy Mode. |
|
GEN8-11155 |
The User Domain field does not appear after switching the SSLVPN Authentication Type to certificate. |
|
GEN8-9886 |
Cannot use custom SSL VPN zone object in SSL VPN client profile configuration. |
|
GEN8-8749 |
Failed to search for an LDAP user with Qualified Login Name due to error 'qualified-name is not a valid value'. |
Known Issues
| Issue ID | Issue Description |
|---|---|
| GEN8-14075 | Diag page in SonicOS 8.1.0 doesn’t display option for scp host key check. |
|
GEN8-13422 |
The SAML profile in use for SSL VPN or management should not be deleted. |
|
GEN8-13411 |
NSa3800 -HA -- The primary firewall crashed due to tLdapAsyncTask(0x7f4204ef2640) during mixed traffic execution. |
|
GEN8-13152 |
DPI SSH didn't work on NSv Policy & Global mode. |
|
GEN8-12954 |
Primary active TZ680 is stuck in SYNC status, and HA sync is lost after importing a batch of LDAP users (50+) local. |
|
GEN8-12949 |
Logging out an SSO user will also log out the SAML user on the same IP. |
|
GEN8-12912 |
When switching the storage device in the CLI, the GUI displays correctly, but the stored file remains on the previous storage device. |
|
GEN8-12871 |
Cannot delete the system logs storage file using the CLI, even though the CLI output indicates change made. |
|
GEN8-12822 |
Firewall is rebooting when changing the Local user's Domain from Any to a custom LDAP Domain. |
|
GEN8-12706 |
Licensing Enforce Grace Period and Enforce Packet Blocking do not take effect without a reboot. |
|
GEN8-12561 |
Active 2800 crashed at tSyncComTask when running HTTPS traffic over TI VPN tunnels with 3k clearpass sessions logged on. |
|
GEN8-12114 |
Support Mouse Inactivity Check on NetExtender 10.3.x. |
|
GEN8-11956 |
Wireless drive issue that causes FW hang and gets rebooted after 1-2 hours of wireless stability testing. |
|
GEN8-11939 |
The local user has an Unlimited remaining session time. |
|
GEN8-11882 |
LDAP users cannot change expired passwords using RADIUS MS-CHAPv2 as a fallback when LDAP is set for authentication. |
|
GEN8-11779 |
An expired user can still log in through the SSL VPN portal when using certificate authentication. |
|
GEN8-11776 |
The account lifetime field shows an abnormal value after the user account expiration. |
|
GEN8-11361 |
tCLIPipe-S0 core dump observed when accessing Monitor / Logs / System Logs on the secondary ACTIVE node. |
Additional References
Not Applicable.
