What’s New in SonicOS 7.1.1

The SonicOS 7 operating system was already the most secure, versatile and easy-to-use operating system SonicWall has ever produced. But the latest release, SonicOS 7.1.1, offers improved security and performance, a superior customer experience and cloud enablement features.

These features are designed to provide a superior customer experience through ease of use, deployments, policy management and day-to-day operations. Here’s a high-level look at SonicOS 7.1.1 benefits:

Superior Threat Protection:

  • New CFS 5.0 engine ​
  • Advanced DNS filtering​
  • Secure boot
  • Enhanced filesystem security ​
  • Storage enhancements​
  • Virtual TPM​
  • OS hardening with new toolchain
  • Improved console application​
  • Maintenance key for both virtual and hardware firewalls

Enhanced Usability:

  • Firewall-managed Wi-Fi 6 APs​
  • More intuitive user experience​
  • Turnkey integrations with third-party NAC solutions ​
  • Storage enhancements​
  • Automatic firmware updates​
  • No more separate SonicOS and SonicCore upgrades

New Multi-Cloud Deployment:

  • NSv Bootstrapping​
  • Support for virtual TPM on-cloud firewall​
  • Token-based registrations
  • New driver and increased performance for NSv

SonicOS 7.1.1 Common Use Cases:

FeatureUse CaseBusiness Outcome
Wi-Fi 6 unified authentication and securityMSP requires the current SonicWave 621, 641 and 681 access points to be managed by SonicWall firewalls in order to avoid using multiple management solutions (for example, having to use NSM to manage firewalls and WNM to manage SonicWave APs)Ease of management and seamless integration with SonicWall wireless products
NAC integration, offering synergy between SonicWall and Aruba solutions and providing health posture telemetryNeed to apply enhanced user and device context (including role, device health and more) to next-generation firewall rules and policies for protection against unsanctioned traffic

Need to protect users on the network from threats such as phishing, malware and exploits

Need to stop unauthorized users and devices by implementing a single policy of authorization and enforcement for users and IoT devices across wired and wireless networks, up to the application level

Need to enable closed-loop attack detection via next-generation firewall and policy-based response with ClearPass

Enable enterprises and educational segments to integrate with their Aruba solutions and get more value from their Gen 7 firewall with Health Posture
DNS security that enables blocking websites at DNS layer without enabling TLS/SSL decryptionAdmin wishes to maximize performance by blocking bad websites at DNS layer without enabling TLS decryption.

MSP – Actively looking to help their customers avoid malicious domains

ISP – Wanting to safeguard against DoS and DDoS attacks

Enterprises – Wish to protect users without affecting user experience or speed

K-12 – Required to provide safe browsing experiences for students and staff while controlling what domains can be accessed

Government – To safeguard systems from malware and bad actors

Delivering DNS layer protection without the need to enable TLS decryption
Stronger content filtering solution with additional categories and reputation-based filtering​Defining which websites are malicious or undesirable within a web filtering gateway requires the use of static lists of known bad URLs and IP—which can’t keep up with websites and IPs with statuses that switch from benign to malicious and back very quicklyImproved content filtering capabilities for Gen7, resulting in more accurate website/URL rating
Secondary storage enhancements to support PCAP (Packet Captures), TSR (Tech-Support Reports) and LogsLimited primary storage space restricts the ability of diagnostics and troubleshooting on Gen 7 firewalls

Customer must purchase secondary storage to have additional abilities beyond just saving settings and image

Admins require logs, TSR and PCAP storing ability on the firewall

Added secondary storage so customers don’t have to purchase separate secondary storage

Enhanced diagnostics and troubleshooting experience

Enables logging and reporting on local firewall

Policy mode profiles for gateway antivirus and anti-spyware to simplify rule creations from security rule pageEnterprises require ability to have security profile for antivirus and anti-spyware when using policy mode in order to simplify security policy creation at layer 7Simplifies unified policy on enterprise deployments using 15700 and NSv firewalls
Virtual TPM and enhanced securityUsers require not just the OS but also the underlying kernel to be secureImproved security and performance
Automated SonicOS image upgradeMSPs require automatic SonicOS upgrade notifications so they can easily identify and schedule new OS upgradeOffers MSPs and others a more convenient user experience

The SonicOS 7.1.1 release is now available for installation on any SonicWall Gen 7 NGFW. Learn more about what makes Gen 7 our most secure, stable and scalable lineup yet, or reach out to your SonicWall partner or sales rep to upgrade today.

Latest Threat Intelligence Tracks Shifting Cyber Frontlines in 2022

Few of 2021’s trends escaped 2022 unscathed. Here’s a quick look at the accelerations and reversals detailed in the 2023 SonicWall Cyber Threat Report.

With the pandemic finally relenting in many areas, employees returning to the safety of the perimeter and supply chains beginning to show signs of normalizing, many felt that 2022 would offer cybersecurity a return to the sort of stability that’s been largely absent the past few years.

Instead, we’ve seen the opposite: Cybercriminals have attempted to maximize the number of potential victims while minimizing risk — and this shift in tactics and targets has brought about the demise of years-long trends and begun to give rise to new cybercrime epicenters.

SonicWall Capture Labs threat researchers spent 2022 tracking these changes in real time, and have compiled their findings in the 2023 SonicWall Cyber Threat Report. This exclusive threat intelligence is designed to arm organizations against today’s ever-changing threat environment.

“The past year reinforced the need for cybersecurity in every industry and every facet of business, as threat actors targeted anything and everything, from education to retail to finance,” said SonicWall President and CEO Bob VanKirk. “While organizations face an increasing number of real-world obstacles with macroeconomic pressures and continued geopolitical strife, threat actors are shifting attack strategies at an alarming rate.”


In 2022, SonicWall Capture Labs threat researchers recorded 493.3 million ransomware attempts globally, a decrease of 21% year over year. This was fueled by a massive drop in North America, which typically sees the lion’s share of ransomware: attacks there fell by nearly half.

But while ransomware was down year-over-year, it remains at historic highs — total attack volume in 2022 was higher than in 2017, 2018, 2019 and 2020. These attacks impacted governments, enterprises, hospitals, airlines and schools throughout the year, resulting in economic loss, widespread system downtime, reputational damage and more. Some of these industries saw a significant uptick in ransomware volume, particularly education and finance, which saw spikes of 275% and 41%, respectively.


After three straight years of decline, malware reversed course in 2022, rising 2% to 5.5 billion. While this is a fairly modest increase, it’s being fueled by double-digit, accelerating growth in cryptojacking and IoT malware, which showed year-over-year increases of 43% and 87%, respectively.

The areas being targeted by malware are also changing rapidly. In 2022, countries that typically see more malware, such as the U.S., the U.K. and Germany, showed year-over-year decreases in attack volume. But Europe as a whole, Latin America and Asia — which all typically see significantly less malware than North America — all recorded significant increases.

IoT Malware

In 2022, SonicWall threat researchers observed 112.3 million IoT malware attempts, representing an 87% year-over-year increase and a new yearly record. While all regions and industries showed an increase in attack volume over 2021, some were hit particularly hard: Triple-digit increases were observed in North America, as well as in the education, retail and finance industries.


Cryptojacking attacks breezed past the 100 million mark for the first time in 2022, reaching a new high of 139.3 million. This 43% increase was fueled by a number of new campaigns that surfaced late in the year, pushing December to 30.36 million hits — a new monthly record and a total exceeding most entire quarters. Despite skyrocketing rates, some were fortunate enough to see welcome decreases, such as government and healthcare customers.

Apache Log4j

Another milestone was observed in intrusion attempts against the Apache Log4j ‘Log4Shell’ vulnerability, which passed the 1 billion mark in 2022. Since its discovery in December 2021, this vulnerability has been actively exploited, and the pace of these attempts seems to be accelerating: Every month in 2022 had significantly more attempts than were seen in December 2021, and 15% more hits were observed in Q2 than were seen in Q1.