SonicOS 8 Release Notes

Technical Documentation>  SonicOS 8>  Version 8.2.1-8010
Table of Contents

Version 8.2.1-8010

April 2026

Compatibility and Installation Notes

  • Most popular browsers are supported, but Google Chrome is preferred for the real-time graphics display on the Dashboard.
  • A MySonicWall account is required.

Important

  • The TZ80:

    • Must be licensed before it can be configured or used.
    • Must always be connected to the Internet. It cannot be used in a closed network environment.

  • Beginning with SonicOS 8.0.0, these SonicPoint devices are no longer supported:

    • SonicPoint-N
    • SonicPoint-NDR
    • SonicPoint-Ni/Ne
    • SonicPoint-ACe/ACi/N2
  • Support for the WEP and TKIP security protocols has been deprecated.
  • Support for the Radio Role > Mesh Gateway has been deprecated in the TZ wireless models.
  • Settings from Gen 7 firewalls running SonicOS 7.3.x can be imported into Gen 8 firewalls operating on SonicOS 8.2.1 version.

The platform-specific version for this unified release is the same:

TZ Series Firmware Version NSa Series Firmware Version NSv Series Firmware Version
TZ80 8.2.1-8010 NSa 2800 8.2.1-8010 NSv XS 8.2.1-8010
TZ280 8.2.1-8010 NSa 3800 8.2.1-8010    
TZ280P 8.2.1-8010 NSa 4800 8.2.1-8010    
TZ280W 8.2.1-8010 NSa 5800 8.2.1-8010    
TZ380 8.2.1-8010 NSa 6800 8.2.1-8010    
TZ380W 8.2.1-8010        
TZ480 8.2.1-8010        
TZ580 8.2.1-8010        
TZ680 8.2.1-8010        

Deprecation Notice

Support for customizing guest login pages using external web servers with the CGI mechanism has been deprecated. This functionality will no longer be enhanced, and customers are advised to migrate to the supported API‑based guest login customization mechanism.

For migration guidance and additional details, refer to the following Knowledge Base article: Deprecation of CGI-Based Guest Login Page Customization.

What's New

  • Introduction of a virtual firewall using a single processing core named NSv XS

    A new single-core NSv model has been introduced for lower-end cloud use cases, providing a lightweight virtual firewall option for resource-constrained environments.

  • Active/Active DPI

    SonicOS 8.2.1 introduces Active/Active Deep Packet Inspection (DPI) support on NSa 4800, NSa 5800, and NSa 6800 platforms, enabling high-availability deployments with full DPI capabilities across both active units.

  • Enhanced IPv6 Support (Japan JPIX)

    IPv6 enhancements have been added to support the Japan JPIX "v6plus" Static IP service, meeting regional ISP requirements for Japanese deployments.

  • Syslog Support over TCP and TLS 1.3

    Syslog transmission can now be secured using TLS 1.3, and syslog processing has been offloaded to the data plane for improved performance and reliability.

  • Indicator of Compromise (IoC) Support — IP Address

    SonicOS 8.2.1 introduces IP-based IoC detection, enabling the firewall to automatically identify and act on known malicious IP addresses.

  • SDWAN 2.0 Enhancements

    Multiple SD-WAN 2.0 enhancements are included in this release:

    • Support for ANY Zone (WAN and all non-VPN) and mixing of non-VPN zones in SD-WAN policies

    • Bandwidth usage monitoring in SD-WAN 2.0

    • SLA Strategy selection is now available in SD-WAN path selection

    • Interface Cost configuration added to SD-WAN

    • Cloud-defined SLA Thresholds for popular applications

    • HTTP/HTTPS probe options for SD-WAN path monitoring

    • Schedule per rule support in SD-WAN

    • Load Balancing Mode added in Path Selection Profile.

This maintenance release also resolves previously reported issues.

  • SonicOS 8.2.1 supports the TZ80, TZ280, TZ280P, TZ280W TZ380, TZ380W, TZ480, TZ580, TZ680, NSa 2800, NSa 3800, NSa 4800, NSa 5800, NSa 6800, and NSv XS.
  • SonicOS 8.2.1 includes in-product migration, where you can import settings from your:
    • SonicOS Gen 6/6.5 devices to your new SonicOS Gen 8 devices.
    • SonicWall SOHO/SOHOW security appliance to your new SonicWall TZ80.
    • SonicWall TZ270 security appliance to your new SonicWall TZ280.
    • SonicWall TZ570P security appliance to your new SonicWall TZ280P.
    • SonicWall TZ270W security appliance to your new SonicWall TZ280W.
    • SonicWall TZ370 security appliance to your new SonicWall TZ380.
    • SonicWall TZ370W security appliance to your new SonicWall TZ380W.
    • SonicWall TZ470 security appliance to your new SonicWall TZ480.
    • SonicWall TZ570 security appliance to your new SonicWall TZ580.
    • SonicWall TZ670 security appliance to your new SonicWall TZ680
    • SonicWall NSa 2600 or NSa 2700 security appliance to your new NSa 2800.
    • SonicWall NSa 3600 or NSa 3700 security appliance to your new NSa 3800.
    • SonicWall NSa 4600 or NSa 4700 security appliance to your new NSa 4800.
    • SonicWall NSa 5600 or NSa 5700 security appliance to your new NSa 5800.
    • SonicWall NSa 6600 or NSa 6700 security appliance to your new NSa 6800.

    For more information, refer to the SonicOS 8 Migration Requirements Reference Guide.

    • SonicWall NSv 25, NSv 50, and NSv 100 virtual security appliance to your new NSv XS.

    For more information, refer to the SonicOS 8 Upgrade Guide for the NSv Series.

Resolved Issues

Issue ID

Description

GEN8-8528

DNS Security > DNS Report > Host shows same hostnames for multiple IPs listed on this page.

GEN8-11776

Account lifetime field shows abnormal value after local user account expiration.

GEN8-12871

Unable to delete systemlogs storage file through SonicOS CLI.

GEN8-13422

SAML profile is available for deletion even when it is in use.

GEN8-14510

Clicking Clear Database on Policy > DNS Security > Reports displays API endpoint is incomplete.

GEN8-14580

Unable to edit the changes for Restrict access until password changed in local users section.

GEN8-14852

Default BWM action objects are missing in the App Rules tab.

GEN8-14881

GUI keeps loading when changing All to Default on Device > Users > Partitions > Partitions Selection Policies. No errors displayed in UI either.

GEN8-14883

Partition policy details cannot be displayed correctly when re-editing Partition policy in Users > Partitions tab.

GEN8-14890

The mail OTP user login always fails when Enforce login uniqueness option is enabled.

GEN8-16034

Websites randomly stop working when Client DPI‑SSL is enabled on TZ 470, requiring a reboot to restore functionality.

Known Issues

Issue ID

Description

GEN8-15431

SDWAN load balancing is not happening when the SLA strategy is set to Lowest Cost with LB type as Ratio and SDWAN group members are unnumbered VPN tunnel interfaces.
Workaround 1: If you intend to change the unnumbered interface name and it is part of an SD-WAN load balance config, remove it from the SD-WAN group, rename the unnumbered tunnel interface, then add it back.

Workaround 2: If the unnumbered interface name change has already occurred, rename the interface back to the name used in the SD-WAN load balance configuration.

GEN8-15624

When using a 40G port as the HA Control Interface on NSa 6800, restarting the standby firewall may intermittently result in Not receiving heartbeats from peer firewall, causing it to become Active while the HA peer enters electing mode.

GEN8-15723

Unable to pass traffic over a LAG member when its LAG Agg is disabled on NSa 2800.

GEN8-16032

When Active/Active DPI HA is enabled on the primary firewall and the secondary is in an unregistered (no license) state, the HA mode setting is not synced on the secondary and an error is returned on the HA settings and advanced page.
Workaround 1 (Recommended): Register both primary and secondary firewalls separately before enabling Active/Active DPI HA.

Workaround 2: If the issue has already occurred, manually register the secondary firewall; the Active/Active DPI HA setting can then sync successfully.

GEN8-16208

When adding a syslog server entry, no Address Objects appear in the Name or IP Address dropdown list.
Workaround: Create an address object from the syslog server Name or IP Address dropdown; after creation, all existing address objects will be listed.

GEN8-16355

An error pops up when opening an SSH terminal session in the GUI using the Firefox browser.

GEN8-16413

SD-WAN path selection profile shows members as not qualified after reboot. The issue occurs with the Lowest Cost strategy in HA mode when all available HA units reboot simultaneously.
Workaround: Update the cost of the affected interface to a different value, then revert it back to the original value.

GEN8-16551

The SD-WAN Wizard Group settings page is missing Priority, Cost, and Bandwidth configuration options.
Workaround: After completing the SD-WAN setup guide, go to the SD-WAN settings page to manually configure these values.

GEN8-16555

KVM/Proxmox VM management operations (Shutdown/Reboot) time out and fail to execute on NSv XS.

GEN8-16558

Sometimes the auto-download of IoC files still occurs even when file auto-download is disabled.

Additional References

GEN8-16409, GEN8-16112, GEN8-15848, GEN8-15846, GEN8-15666, GEN8-15579, GEN8-15536, GEN8-15237, GEN8-15227, GEN8-14783, GEN8-14443, GEN8-14133, GEN8-14119, GEN8-13882, GEN8-13878, GEN8-13840, GEN8-13822, GEN8-12671

Chat