SonicOS 8 Release Notes

Technical Documentation>  SonicOS 8>  Version 8.2.0-8009
Table of Contents

Version 8.2.0-8009

February 2026

Compatibility and Installation Notes

  • Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
  • A MySonicWall account is required.

Important

  • The TZ80:

    • Must be licensed before it can be configured or used.
    • Must always be connected to the Internet. It cannot be used in a closed network environment.

  • Beginning with SonicOS 8.0.0, these SonicPoint devices are no longer supported:

    • SonicPoint-N
    • SonicPoint-NDR
    • SonicPoint-Ni/Ne
    • SonicPoint-ACe/ACi/N2
  • Support for the WEP and TKIP security protocols has been deprecated.
  • Support for the Radio Role > Mesh Gateway has been deprecated in the TZ wireless models.
  • Settings from Gen 7 firewalls running SonicOS 7.3.x can be imported into Gen 8 firewalls operating on SonicOS 8.2.0 version.

NetExtender Compatibility & Bundling Update

  • New Version Support: SonicOS 8.2.0 introduces official support for NetExtender version 10.3.4, while maintaining backward compatibility with the NetExtender version 10.2.x branch.
  • Upgrade Recommendation: To ensure the highest level of security and performance, it is strongly recommended that customers upgrade all NetExtender clients to version 10.3.4 at their earliest convenience.
  • Transition & Integration Details:
    • Bundled Version: SonicOS 8.2.0 is now natively bundled with NetExtender version 10.3.4.
    • Transition Benefit: This ensures that new deployments and upgrades automatically provide users with the latest recommended client version.

The platform-specific version for this unified release is the same:

TZ Series Firmware Version NSa Series Firmware Version
TZ80 8.2.0-8009 NSa 2800 8.2.0-8009
TZ280 8.2.0-8009 NSa 3800 8.2.0-8009
TZ280P 8.2.0-8009 NSa 4800 8.2.0-8009
TZ280W 8.2.0-8009 NSa 5800 8.2.0-8009
TZ380 8.2.0-8009 NSa 6800 8.2.0-8009
TZ380W 8.2.0-8009
TZ480 8.2.0-8009
TZ580 8.2.0-8009
TZ680 8.2.0-8009

Deprecation Notice

Support for customizing guest login pages using external web servers with the CGI mechanism has been deprecated. This functionality will no longer be enhanced, and customers are advised to migrate to the supported API‑based guest login customization mechanism.

For migration guidance and additional details, refer to the following Knowledge Base article: Deprecation of CGI-Based Guest Login Page Customization.

What's New

  • Credential Auditor

    SonicOS 8.2.0 supports Credential Auditor, a built-in security feature designed to strengthen password protection. It automatically checks user credentials against known lists of compromised passwords, flags any matches, and enables administrators to take immediate action such as issuing warnings or enforcing password changes. This capability is included at no additional cost, with no extra SKUs or products required. Credential Auditor provides customers and partners with a simple, proactive way to manage credential risks, further enhancing SonicWall’s integrated, easy-to-use.

  • Enhanced Security Default

    Updated OpenSSH library to the latest stable version.

  • Simplified Support and Troubleshooting
    • Download all logs and diagnostics with a single click from the Diagnostics page for faster support resolution
    • Dashboard text field for description enhancement for reliable appliance identification.

  • Improved Signature Download Security

    Signature downloads via proxy now use HTTPS (port 443), ensuring the secure transmission of update files in proxy environments.

  • Cloud Secure Edge (CSE) Improvements
    • Support for publishing routes outside the RFC1918 range to allow connections to any private resource through the firewall.
    • Support for more than 100 firewalls connecting to the same CSE organization.

  • Support for Bearer Token Validation for Non‑GUI API Sessions

    The Two‑Factor and Bearer Token Authentication option has been renamed to Non‑GUI Management Login Bearer Token Session Check.

    This security option introduces bearer token validation for non‑GUI (API‑only) sessions, enhancing authentication control for API access.

    Key Details:

    • This option is turned off by default, including after a factory reset.
    • When enabled, the firewall issues a bearer token in the /auth API response.
    • All subsequent non‑GUI API requests must include this bearer token in the request header for authentication.

    For more information and configuration details, refer to the following Knowledge Base article: Support for Bearer Token Validation for Non GUI API Sessions.

This maintenance release also resolves previously reported issues.

  • SonicOS 8.2.0 supports the TZ80, TZ280, TZ280P, TZ280W TZ380, TZ380W, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, NSa 5800, and NSa 6800.
  • SonicOS 8.2.0 includes in-product migration, where you can import settings from your:
    • SonicOS Gen 6/6.5 devices to your new SonicOS Gen 8 devices.
    • SonicWall SOHO/SOHOW security appliance to your new SonicWall TZ80.
    • SonicWall TZ270 security appliance to your new SonicWall TZ280.
    • SonicWall TZ570P security appliance to your new SonicWall TZ280P.
    • SonicWall TZ270W security appliance to your new SonicWall TZ280W.
    • SonicWall TZ370 security appliance to your new SonicWall TZ380.
    • SonicWall TZ370W security appliance to your new SonicWall TZ380W.
    • SonicWall TZ470 security appliance to your new SonicWall TZ480.
    • SonicWall TZ570 security appliance to your new SonicWall TZ580.
    • SonicWall TZ670 security appliance to your new SonicWall TZ680
    • SonicWall NSa 2600 or NSa 2700 security appliance to your new NSa 2800.
    • SonicWall NSa 3600 or NSa 3700 security appliance to your new NSa 3800.
    • SonicWall NSa 4600 or NSa 4700 security appliance to your new NSa 4800.
    • SonicWall NSa 5600 or NSa 5700 security appliance to your new NSa 5800.
    • SonicWall NSa 6600 or NSa 6700 security appliance to your new NSa 6800.

    For more information, refer to the SonicOS 8 Migration Requirements Reference Guide.

Resolved Issues

Issue ID

Description
GEN8-6895 Post-authentication Stack-based Buffer Overflow vulnerability (SNWLID-2026-0004).
GEN8-12981 Improper Access Control Vulnerability (SNWLID-2026-0004).
GEN8-13158 Post-Authentication Path Traversal Vulnerability (SNWLID-2026-0004).

GEN8-13779

Unexpected audit log Interface LAN/DMZ L2 Bridged Mode: VLAN Filtering Mode reported when editing interfaces.

GEN8-14136

Port redundancy could be configured on incompatible interfaces on NSA 2800 and was removed after reboot.

GEN8-14145

High Availability could not be established due to admin sync fail.

GEN8-14180

Log priority changed when creating a configuration file for NSA3800 from NSA3600 using the Migration App on NSM.

GEN8-14218

TOTP not working for NetExtender when using LDAP users.

GEN8-14427

Post-authentication stack-based buffer overflow (SNWLID-2026-0001).

GEN8-14444

Default HTTPS management NAT rule on NSA 2700 returns to top priority after reboot and firmware upgrade.

GEN8-14898

Certain configuration of SSO Terminal Service Agent causes TZ670 device to reboot after upgrade.

Known Issues

Issue ID

Description

GEN8-13375

Virus, Spyware, and IPS cannot be detected when downloading via DPI-SSH from a Windows client.

GEN8-14436

Packets from Layer2 LAG Interface to WAN are dropped and not forwarded.

GEN8-14510

Clicking clear database on PolicyDNS SecurityReports displays API endpoint is incomplete.

GEN8-14580

Restrict access until password change is not editable for local users.

GEN8-14795

X6 OSPF cannot be set to Passive mode or changed back to Disabled.

GEN8-14852

BWM action objects are missing for HTTP Client policy type in App rules.

GEN8-14881

GUI keeps loading when changing All to Default on DeviceUsersPartitionsPartitions Selection Policies.

Additional References

Not Applicable.

Chat