SonicOS 8 Release Notes
Table of Contents
Version 8.1.0-8017
November 2025
Compatibility and Installation Notes
- Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
- A MySonicWall account is required.
Important
-
The TZ80:
- Must be licensed before it can be configured or used.
- Must always be connected to the Internet. It cannot be used in a closed network environment.
-
Beginning with SonicOS 8.0.0, these SonicPoint devices are no longer supported:
- SonicPoint-N
- SonicPoint-NDR
- SonicPoint-Ni/Ne
- SonicPoint-ACe/ACi/N2
- Support for the WEP and TKIP security protocols has been deprecated.
- Support for the Radio Role > Mesh Gateway has been deprecated in the TZ wireless models.
- Settings from Gen 7 firewalls running SonicOS 7.3.x cannot be imported into Gen 8 firewalls operating on SonicOS 8.1.0 due to version incompatibility. However, SonicOS 8.2.0, planned for all Gen 8 firewalls, will introduce support for importing configurations from SonicOS 7.3.x, enabling a streamlined migration process.
The platform-specific version for this unified release is the same:
| TZ Series | Firmware Version | NSa Series | Firmware Version |
|---|---|---|---|
| TZ80 | 8.1.0-8017 | NSa 2800 | 8.1.0-8017 |
| TZ280 | 8.1.0-8017 | NSa 3800 | 8.1.0-8017 |
| TZ380 | 8.1.0-8017 | NSa 4800 | 8.1.0-8017 |
| TZ380W | 8.1.0-8017 | NSa 5800 | 8.1.0-8017 |
| TZ480 | 8.1.0-8017 | ||
| TZ580 | 8.1.0-8017 | ||
| TZ680 | 8.1.0-8017 |
What's New
This maintenance release provides the following enhancements and the fixes for previously reported issues.
-
SAML 2.0 support for Generation 8 firewalls
SonicOS 8.1.0 provides for SAML-based authentication. See the SonicOS 8 SAML Feature Guide for more information.
-
SonicWall firewalls can act as an NTP server
SonicWall Generation 8 firewalls can now be configured to act as NTP servers.
-
Support for WPA2, WPA3, and EAP security protocols
WPA2, WPA3, and EAP security protocols are now supported on wireless TZ models running in Station Mode.
-
DNS Proxy Rule Limit Increase
The DNS proxy rule limit has been increased to support up to 1,024 entries.
-
New DPI-SSL CA certificate
A new SonicWall Firewall DPI-SSL certificate has been added.
-
Renewal of DHCP IP addresses on the wireless interface (W0) when the connection drops and returns or when switching networks.
-
Support for Override Default MAC address on the wireless interface (W0).
- SonicOS 8.1.0 supports the TZ80, TZ280, TZ380, TZ380W, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, and NSa 5800.
- SonicOS 8.1.0 includes in-product migration where you can import settings from your:
- SonicOS Gen 6/6.5 devices to your new SonicOS Gen 8 devices.
- SonicOS Gen 7 devices to your new SonicOS Gen 8 devices.
For more information, refer to the SonicOS 8 Migration Requirements Reference Guide.
Resolved Issues
| Issue ID | Issue Description |
|---|---|
|
GEN8-12269 |
NetExtender 10.3.2 - Unable to authenticate to Duo Proxy MFA (issue not present in NetExtender 10.2). |
|
GEN8-12082 |
An error when creating a user group with @ in the name via SNMP through the GUI. |
|
GEN8-11711 |
With a wireless client connected to the Access Point, the monitor page always shows the allow and deny buttons in grey, even if the ACL function is enabled or disabled. |
|
GEN8-11640 |
Setting the schedule for Firmware Auto Update causes an error when using Safari to access the UI. |
|
GEN8-11638 |
App Rule number of times matched shows Zero when the app rule policy name is followed by a space. |
|
GEN8-11523 |
No error is returned when selecting a certificate without Server Authentication enabled for SSLVPN service. |
|
GEN8-11467 |
NSv series and NSsp 15700 only: Users may experience a decrease in performance when configured for Policy Mode. |
|
GEN8-11155 |
The User Domain field does not appear after switching the SSLVPN Authentication Type to certificate. |
|
GEN8-9886 |
Cannot use custom SSL VPN zone object in SSL VPN client profile configuration. |
|
GEN8-8749 |
Failed to search for an LDAP user with Qualified Login Name due to error 'qualified-name is not a valid value'. |
Known Issues
| Issue ID | Issue Description |
|---|---|
| GEN8-14075 | Diag page in SonicOS 8.1.0 doesn’t display option for scp host key check. |
|
GEN8-13422 |
The SAML profile in use for SSL VPN or management should not be deleted. |
|
GEN8-13411 |
NSa3800 -HA -- The primary firewall crashed due to tLdapAsyncTask(0x7f4204ef2640) during mixed traffic execution. |
|
GEN8-13152 |
DPI SSH didn't work on NSv Policy & Global mode. |
|
GEN8-12954 |
Primary active TZ680 is stuck in SYNC status, and HA sync is lost after importing a batch of LDAP users (50+) local. |
|
GEN8-12949 |
Logging out an SSO user will also log out the SAML user on the same IP. |
|
GEN8-12912 |
When switching the storage device in the CLI, the GUI displays correctly, but the stored file remains on the previous storage device. |
|
GEN8-12871 |
Cannot delete the system logs storage file using the CLI, even though the CLI output indicates change made. |
|
GEN8-12822 |
Firewall is rebooting when changing the Local user's Domain from Any to a custom LDAP Domain. |
|
GEN8-12706 |
Licensing Enforce Grace Period and Enforce Packet Blocking do not take effect without a reboot. |
|
GEN8-12561 |
Active 2800 crashed at tSyncComTask when running HTTPS traffic over TI VPN tunnels with 3k clearpass sessions logged on. |
|
GEN8-12114 |
Support Mouse Inactivity Check on NetExtender 10.3.x. |
|
GEN8-11956 |
Wireless drive issue that causes FW hang and gets rebooted after 1-2 hours of wireless stability testing. |
|
GEN8-11939 |
The local user has an Unlimited remaining session time. |
|
GEN8-11882 |
LDAP users cannot change expired passwords using RADIUS MS-CHAPv2 as a fallback when LDAP is set for authentication. |
|
GEN8-11779 |
An expired user can still log in through the SSL VPN portal when using certificate authentication. |
|
GEN8-11776 |
The account lifetime field shows an abnormal value after the user account expiration. |
|
GEN8-11361 |
tCLIPipe-S0 core dump observed when accessing Monitor / Logs / System Logs on the secondary ACTIVE node. |
Additional References
Not Applicable.
