diff --git a/tests/firewall/firewall-06-tls-sni-enforce/suricata.yaml b/tests/firewall/firewall-06-tls-sni-enforce/suricata.yaml
index b67886b55..3770357fd 100644
--- a/tests/firewall/firewall-06-tls-sni-enforce/suricata.yaml
+++ b/tests/firewall/firewall-06-tls-sni-enforce/suricata.yaml
@@ -15,6 +15,10 @@ stats:
   # Add stream events as stats.
   #stream-events: false
 
+detect:
+  stream-tx-log-limit: 4
+  guess-applayer-tx: true
+
 # Configure the type of alert (and other) logging you would like.
 outputs:
   - eve-log:
diff --git a/tests/firewall/firewall-06-tls-sni-enforce/test.yaml b/tests/firewall/firewall-06-tls-sni-enforce/test.yaml
index 0c54b3cba..b61b85c40 100644
--- a/tests/firewall/firewall-06-tls-sni-enforce/test.yaml
+++ b/tests/firewall/firewall-06-tls-sni-enforce/test.yaml
@@ -14,6 +14,14 @@ checks:
     count: 26
     match:
       event_type: alert
+- filter:
+    min-version: 8
+    # check for https://redmine.openinfosecfoundation.org/issues/7350
+    count: 4
+    match:
+      event_type: alert
+      alert.signature_id: 3
+      tls.sni: raw.githubusercontent.com
 - filter:
     count: 1
     match: