Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Update 1 Build # 417473

Leave a reply

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Update 1 Build # 417473

Issues resolved in Fireware XTM v11.7.2 Update 1 Build # 417473

•This release includes an update to the Mailshell engine that provides a significant improvement over the original Fireware XTM v11.7.2 release in spam detection for our spamBlocker customers.
•Dynamic DNS updates no longer fail. [70047]
•This release resolves an issue that caused Branch Office VPN to stop functioning after an upgrade from Fireware XTM v11.4.x to v11.6.x or v11.7.x. [71323]
•The iked process no longer crashes when you use the CLI autodiag command for Mobile VPN with IPSec traffic. [70963]
•This release resolves an issue that caused traffic through a branch office VPN tunnel to stop for XTM 3 Series and XTM 25/26 devices. [70202, 71732, 70342]
•Branch office VPN tunnels no longer fail to pass traffic when the tunnel name exceeds 28 characters. [71448]
•SNMP now displays the accurate number of branch office VPN tunnels. [67075]
•The XTM device DHCP server now correctly sends a NACK reply for devices that have an existing DHCP lease. [68975, 64455]
•The loggerd process no longer uses excessive CPU. [66060, 71926]
•This release resolves an issue that caused the CPU on the XTM device to lock up when using IPS or Application Control. [71706]
•An issue that caused the firewalld process to crash has been resolved. [71589]
•The HTTP proxy MSS handling has been improved to enable the MTU to be adjusted independently for inbound and outbound proxy connections. This improvement prevents applications such as Facebook from stalling. [71871]
•This release resolves several issues that caused kernel crashes. [72156, 70316]

You can download 11.7.2 Update 1 Build # 417473 from Watchguard Support Portal by logging in to your account.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Build # 365430

Leave a reply

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Build # 365430

Issues resolved in Fireware XTM v11.7.2 Build # 365430

General
•WatchGuard Server Center no longer fails to open if you specify a long path to the log file. [71406]
•You can now upgrade the XTM OS version on your XTM device from Fireware XTM Web UI from a Windows 8 browser. [70997]
•In response to a security advisory issued by OpenSSL, we have upgraded Fireware XTM OS to use OpenSSL 0.9.8y. [71416]
•In response to a security advisory issued by Adobe, we have upgraded the Flex XSS used in the Fireware XTM Web UI. [70444]
•Our thanks to Wayne Murphy and Ben Burns of Sec-1 for reporting some XSS and SQLi web application vulnerabilities in our quarantine portal, which have been resolved in this release. [71188]

Proxies and Subscription Services
•WebBlocker evaluations (with a WebBlocker trial license) now operate correctly. [71507]
•WebBlocker exception rules to deny web site access now work correctly. [71760, 71783]
•An issue that caused web browsing to slow or fail when you use WebBlocker with Websense server has been resolved. [71057, 71557]
•This release resolves a system memory leak that occurred when you used the HTTPS proxy and WebBlocker. [71082]
•You can now set a main Application Category to Drop while you have a subcategory set to Allow. [71018]
•Proxy stability when using IPS or Application Control has been improved. [71024, 71046, 71270, 71495, 71371, 71240, 71733, 70977, 71713]
•TLS encryption is no longer enabled by default in the SMTP proxy configuration, but can be enabled if you want to use it. [71137]

Logging and Reporting
•This release resolves an issue that caused the logging processes on the XTM device to use a high percentage of CPU. [59979, 66060]
•Log data now correctly shows in Log Manager when you sort messages by the “Date-Time” column. [70145]
•Correct log data now shows correctly in Firebox System Manager Traffic Monitor and in the Web UI Syslog option. [71044]
•A problem with log messages generated for Reputation Enabled Defense has been corrected so that the number of sites blocked by RED is now correctly counted. [70920]
•The User Authentication Denied report now generates with correct and complete information. [71359]
•A problem that prevented reports for older data sets from generating with a resulting memory error has been resolved in this release. [70957]
•The Web Audit by Client PDF report generation process has been improved so that the data now matches the data in an HTML formatted report. [63472]

Networking
•The SNMP process on XTM 25/26 and XTM 33 devices is now restarted automatically in the event that it gets stuck in a dormant state. [70975]
•Multi-WAN failover now works correctly with Static NAT configured on the external interface for failover. [71148]
•This release resolves a problem that prevented Policy Based Routing from correctly routing traffic through a second external interface. [71175]

FireCluster
•This release resolves an issue that caused a low memory condition when an active/passive FireCluster was configured. [70204]
•The Virtual MAC address is no longer sent from the backup master when you use an active/passive FireCluster with DHCP relay enabled. [71028]

Authentication
•You can now correctly add and edit Firebox-DB users from the Web UI. [71079]

Branch Office VPN
•An automatically created VPN policy to allow traffic through a managed VPN tunnel now works correctly when its name exceeds 46 characters in length. [70994]
•When you install the Management Server on a non-English Windows OS, you can now correctly add VPN resources. [71180]

Mobile VPN
•The feature key entry previously called “Mobile VPN Users” has been re-labeled “IPSec VPN Users” for clarity. [69581]

You can download 11.7.2 Build # 365430 from Watchguard Support Portal by logging in to your account.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 Update 1 Build # 415678

Leave a reply

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 Update 1 Build # 415678

Issues resolved in Fireware XTM v11.6.5 Update 1 Build # 415678

General
•This release resolves an issue that caused some configuration saves to fail to take effect on XTM 21 – 23 devices. [70686]
•A problem that caused the XTM 1050 10 Gigabit Fiber ports to fail has been resolved. [70118]
•This release resolves a problem that caused a kernel crash when a reset packet is sent out through the 10 Gigabit Fiber ports on the XTM 1050 and XTM 2050. [70384, 70296]
•RSS feeds no longer try to download RSS updates every six minutes. RSS updates are now queried every 24 hours. [67355]
•A memory leak related to the OSS-Config process has been resolved. [70662]

Proxies and Subscription Services
•The SIP ALG now supports REFER method for call transfers. [59635]
•File downloads no longer stall when you use an HTTP packet filter policy with IPS. [67659]
•The scand process has been improved to restart more quickly in the event of a crash.

Logging and Reporting
•This release resolves an issue that caused the logging processes on the XTM device to use a high percentage of CPU. [59979, 66060]

Networking
•The SNMP process is now automatically restarted if it becomes stuck in a dormant state. [66491, 70975]
•The IGMP_Max_Membership setting for OSPF has been increased to support a large number of VLANs with dynamic routing. [69979]

FireCluster
•The Terminal Services TO Agent now works correctly when used in an active/passive FireCluster. [70098, 69944]
•This release resolves a problem that caused the master in an XTM 2050 FireCluster to go into an idle state when you added a new interface. [70392]
•This release resolves an issue that caused a low memory condition when an active/passive FireCluster was configured. [70204]
•The Virtual MAC address is no longer sent from the backup master when you use an active/passive FireCluster with DHCP relay enabled. [71028]

VPN
•The amount of time it takes to fail over from a leased line to a branch office VPN with OSPF or BGP has been reduced. [70460]
•This release improves Branch Office VPN stability for XTM devices behind a network device that applies NAT. [70394, 59859]
•This release resolves a problem that caused the IKED process to crash under certain conditions. [70638]
•Frequent Mobile VPN client connect/disconnect sequences no longer cause a low memory condition for the XTM device. [67538]
•The Mobile VPN client for iOS no longer disconnects after three minutes of idle time. [69430]

You can download 11.6.5 Update 1 Build # 415678 from Watchguard Support Portal by logging in to your account.

Slow Network or Internet Download and Read Speeds using Intel Network Adapter

Leave a reply

You may find that Network and/or Internet speeds are very slow when using an Intel Network Adapter.

This appears to be an issue with the Speed and Duplex settings, after a Driver update or installation you may notice that the Speed and Duplex is set to 100 Mbps Full Duplex.

100 Mbps Full Duplex

 

 

 

 

 

 

 

 

 

 

When running a LAN Speed Test it only reports a Read speed of 5 Mbps and Internet Speed tests also report terrible Download rates.

LANSpeedTestSlow

 

 

 

 

 

 

 

 

 

 

Upon changing the Speed and Duplex setting to Auto Negotiation the issue is resolved

Auto Negotiation

 

 

 

 

 

 

 

 

 

LAN speed test and www.speedtest.net results after making this change both indicate the issue is resolved

LANSpeedTestFixed

speedtestresult

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 – CSP3 Build # 362451

Leave a reply

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 – CSP3 Build # 362451

11.6.3 – CSP3 Build # 362451 Resolves the following issues:

  • BUG70662: The OSS-Config process no longer leaks memory
  • BUG67355: RSS Feeds no longer try and download RSS updates every 6 minutes. The new update interval is 24 hours.
  • BUG70638: Resolved issue causing the iked process to crash under certain conditions.
  • BUG71028: When using FireCluster Active/Passive, with DHCP relay enabled, the Virtual MAC address will no longer be sent from the Backup Master causing network disruption.
  • BUG70975: The SNMP process on XTM 25/26 and XTM 33 will now be restarted automatically in the event it becomes stuck in a dormant state.

You can request 11.6.3 – CSP3 Build # 362451 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7 Build # 359571

Leave a reply

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7 Build # 359571

New features in Fireware XTM v11.7 Build # 359571

Policy Grouping

  •  With Policy Grouping, you can create and apply tags to policies and then use the tags to easily filter the list of policies and streamline the number of policies in the policy list at one time. This is particularly helpful for users who have complicated device configuration files with many policies to manage. Policy tags are not available for devices running older versions of Fireware XTM OS (pre-v11.7) or for configuration files created for pre-v11.7 devices.

Link Aggregation

  •  You can now group your XTM device physical interfaces together to work as a single logical interface. With link aggregation, you can increase the cumulative throughput of your XTM device beyond the capacity of a single physical interface, and provide redundancy if there is a physical link failure.

WebBlocker Cloud Option with Websense

  •  New support for the Websense URL database in the cloud. Now, you can use the Websense cloud, with over 100 content categories and many new categories, as your WebBlocker Server. Or, if you prefer, you can continue to use a WebBlocker Server with the SurfControl database and 54 content categories. For new WebBlocker activations, the Websense cloud configuration is the default setting. When you upgrade to Fireware XTM v11.7, WebBlocker continues to use the previously configured WebBlocker server. After you upgrade, you can update the WebBlocker configuration to use the Websense cloud for WebBlocker lookups. When you switch between WebBlocker server options, the management software can automatically convert the currently blocked categories to similar categories in the other database.

WatchGuard Mobile VPN App for iOS and Android

  •  New apps make it easy for end users to build a VPN connection from iOS and Android devices. The administrator of the XTM appliance can securely email a file with the required configuration details, which the user can simply click to install the VPN profile after the app is installed. For Android, we now provide a WatchGuard client for Mobile VPN with IPSec. The WatchGuard VPN app for iOS operates with both Mobile VPN with IPSec and Mobile VPN with L2TP connections. The iOS app will be available in the Apple store later this month. The Android app will be available in the Google Play app store later this month as well.

Mobile VPN with L2TP

  •  Support for a new type of Mobile VPN connection – L2TP (Layer 2 Tunneling Protocol) v2, as described in RFC 2661.

IPS and Application Control Support in the HTTPS Proxy

  •  IPS and Application Control security subscriptions are now fully supported by the HTTPS proxy to allow the XTM device to scan for IPS and Application Control signatures on the decrypted HTTPS content stream.

Other new features include:

  •  New web interface for CA Manager – The CA Manager Web UI has moved to the Log and Report Manager Web UI. The combined web interface has been renamed to WebCenter.
  • New web UI to manage quarantined email messages – New look and feel for the Web UI that email recipients use to see and manage their quarantined email messages.
  • Support for more than four external interfaces on your XTM device
  • Hardware Health Monitoring – Your XTM device now self-monitors the health of specific hardware areas and sends an email notification if it detects a problem in those areas.
  • FireCluster support with wireless devices – You can now configure FireCluster for XTM 2 Series Models 25 and 26 Wireless and XTM 33 Wireless. Only active/passive mode is supported for wireless devices.
  • New DHCP options for VoIP support – You can now configure your XTM device to support DHCP options 66, 67 and 150.
  • Per user/group and concurrent login support – You can now set the number of concurrent, authenticated sessions you want to allow, and you can control this on a per user or per group basis.
  • Wireless Hotspot external authentication support – You can optionally configure the wireless hotspot on the XTM device to redirect hotspot users to an external web server before they connect to the wireless network.
  • IPv6 enhancements – We add support for IPv6 stateful firewalling for these networking and security features:

1.1.        IPv6 host/network/address ranges in From and To lists in policies

1.2.        IPv6 addresses in blocked sites and blocked site exceptions

1.3.        Blocked ports applies to both IPv6 and IPv4 traffic

1.4.        TCP SYN checking applies to both IPv6 and IPv4 traffic

  • Branch office VPN failover to modem – If you have enabled serial modem failover on your XTM 25, 26, 3 Series, or 5 Series device, you can configure the branch office VPN to fail over to a modem if all external interfaces cannot connect.
  • Stream packet capture data to a file – A new advanced option to stream packet capture data to a file.
  • Global Dynamic NAT enhancements – When you configure a global dynamic NAT rule, you can now set the source IP address to use
  • IPS Scan mode – You can now select between two scan modes, Fast Scan and Full Scan. The default setting is Full Scan, which directs IPS to scan all packets. To improve performance, you can select Fast Scan, which directs IPS to scan fewer packets. Fast Scan mode greatly improves throughput for scanned traffic, with a slight drop in IPS effectiveness.
  • New Management Tunnels – New support for remote XTM devices behind a NAT gateway

Resolved Issues in Fireware XTM v11.7 Build # 359571

General

  • WFS firmware component files and management applications are no longer bundled with WatchGuard System Manager [67508]
  • A problem that caused the XTM 1050 10 Gigabit Fiber ports to fail has been resolved [70118]
  • This release resolves a problem that caused a kernel crash when a reset packet is sent out through the 10 Gigabit Fiber ports on the XTM 1050 and XTM 2050 [70384, 70296]
  • When an IP address is added to the Temporary Blocked Site list by the administrator through the Firebox System Manager > Blocked Sites tab, the expiration time is no longer reset when traffic is received from the IP address [42089]

Proxies and Subscription Services

  •  File downloads no longer stall when you use an HTTP packet filter policy with IPS [67659]
  • The SIP ALG now supports REFER method for call transfers [59635]
  • The IPS deny message contents have been improved [66839]
  • We have improved the scand daemon so that it restarts faster in the event of a crash

Logging and Reporting

  •  You can now show more than 5000 lines of log messages in Firebox System Manager [66518]
  • The contents of the XTM Configuration Report have been localized for both viewing and printing into all languages supported by the Fireware XTM Web UI [66546]
  • The behavior of the Report Server Maximum Database Size setting now matches that of the Log Server, and prevents the Report Server database from filling the disk partition [67245]
  • Log collector no longer crashes when it reaches the 2GB virtual size limit on 32-bit Windows systems [64249]

Networking

  •  If you manually created dynamic routing policies in Fireware XTM v11.5.x or earlier, the To and From lists in these policies are no longer cleared when you upgrade to v11.6 or v11.7 [67721]
  • The SNMP process is now automatically restarted if it becomes stuck in a dormant state [66491]
  • The IGMP_Max_Membership setting for OSPF has been increased to support a large number of VLANs with dynamic routing [69979]

FireCluster

  •  This release resolves a problem that caused the master in an XTM 2050 FireCluster to go into an idle state when you added a new interface [70392]
  • The Terminal Services TO Agent now works correctly when used in an active/passive FireCluster [70098, 69944]

Wireless

  •  The 5GHz Wireless band now works correctly with channels 36, 40, 149 or 165 [65559]

Branch Office VPN

  •  Managed BOVPN tunnels now include support for optional 1-to-1 NAT [68244]
  • The amount of time it takes to fail over from a leased line to a branch office VPN with OSPF or BGP has been reduced [70460]

Mobile VPN

  •  Frequent mobile VPN client log in/log out events no longer cause a low memory condition on the XTM device [67538]
  • When you use a native Cisco IPsec iOS client for Mobile VPN with IPSec, the client no longer disconnects after three minutes of idle time [69430]
  • If you set the diagnostic log level for Mobile VPN with SSL traffic to “debug” level, log messages now correctly display in Firebox System Manager > Traffic Manager [65165]
  • You can now correctly establish a Mobile VPN with SSL connection from a Windows-based computer when the Windows system account is Chinese [58208]
  • A continuous FTP session over a Mobile VPN with IPSec connection is no longer terminated if an IPSec rekey occurs during the FTP transfer [32769]

You can download 11.7 Build # 359571 from Watchguard Support Portal by logging in to your account.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 – CSP2 Build # 360219

Leave a reply

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 – CSP2 Build # 360219

11.6.3 – CSP2 Build # 360219 Resolves the following issues:

  • Improved BOVPN stability for XTM Firewalls behind a Nating device [BUG70394, RFE59859]
  • Resolved issue causing the loggerd process to use a high percentage of CPU [BUG66060, BUG59979]
  • Resolved issue causing low memory condition when using FireCluster Active / Passive [BUG70204l]
  • Resolved issue causing some configuration saves to not take effect when using 11.6.3 on an XTM 21 – 23 Wireless Model [BUG70686]

You can request 11.6.3 – CSP2 Build # 360219 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 – CSP1 Build # 359164

Leave a reply

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 – CSP1 Build # 359164

11.6.3 – CSP1 Build # 359164 Resolves the following issues:

  • Frequent Mobile user VPN client log on/off no longer causes low memory condition [BUG67538]
  • The SIP ALG now supports REFER method for call transfers [RFE59635]
  • Resolved issue causing file downloads to stall when using IPS and HTTP packet filter policy [BUG67659]
  • The Cisco VPN client from iOS no longer disconnects after 3 minutes of idle time [BUG69430]
  • Improved the scand process recovery, to restart faster in the event of a crash
  • The TO agent now works properly when used with FireCluster Active /Passive [BUG70098] [BUG69944]
  • Resolve issue preventing the 10Gigibit Fiber ports on the XTM 1050 from working properly [BUG70118]
  • A kernel crash no longer occurs when a reset packet is sent out the 10Gigabit Fiber ports on the XTM 1050 and XTM 2050 [BUG70384] [BUG70296]
  • Resolve issue which caused the Master Firebox, in an XTM 2050 FireCluster, to go into an idle state after adding a new interface [BUG70392]
  • The SNMP process will now be restarted automatically in the event it becomes stuck in a dormant state [BUG66491]
  • Increased the IGMP_Max_Membership for OSPF to support a larger number of VLANs with Dynamic routing [BUG69979]
  • The failover time from leased line to BOVPN with OSPF/BGP has been improved [BUG70460]

You can request 11.6.3 – CSP1 Build # 359164 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 Build # 357868

Leave a reply

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 Build # 357868

11.6.3 Build # 357868 Resolves the following issues:

General

  • All XTM 5 Series devices now correctly display their device model in LCD display and Firebox System Manager [69377]
  • This release resolves an issue that caused some XTM 8 Series devices to lock up or reboot unexpectedly [69302]
  • A problem that caused some XTM 1050 devices to crash in some customer environments has been fixed [66670]
  • Fiber modules for XTM 1050 devices now operate correctly [70118]
  • A problem was fixed that caused some XTM devices to crash after a configuration save [65288]
  • Newly added or expired blocked sites no longer cause the XTM device to crash [67994]
  • A cross-site scripting vulnerability present in the authentication page (port 4100) has been addressed in this release [68127]
  • The ATTN light on XTM 2 Series and XTM 33 devices now operates correctly during the reset process [67165]
  • Several XTM device crash issues have been resolved in this release [67866, 69050, 66809, 66032]
  • Changed device passphrases are no longer written to the support.tgz file [69764]
  • It is now possible to schedule an automated update of your device feature key [66997]

WatchGuard System Manager

  •  A Management Server login will no longer fail with the error: “Error Code: Error(1102) no lock available” [68491]
  • When a Management Server login fails, you now see an error message to specify the reason for the failure [66866]
  • Log files for WatchGuard server are now automatically archived to prevent the files from growing too large [34363, 67521]
  • HostWatch no longer fails to display connections because of invalid XML characters [66785]

Firebox System Manager

  •  This release resolves an issue that caused Traffic Monitor to fail to display any data [66975]

Centralized Management

  •  The Management Server no longer fails to apply a v11.3.x template to fully managed v11.3.x devices [68447]
  • You can no longer build an (incorrect) v11.4.x formatted configuration file for Firebox X e-Series devices [68646]
  • Scheduled Tasks that are configured for the same day now process correctly [68329]
  • Devices imported to the Management Server now display correctly [69539]

Logging & Reporting

  •  The unnecessary log message “block_dump: Select timed out” has been removed [66635]
  • The unnecessary log message “miiGetLinkStatus” no longer shows when a network bridge is enabled [41811]
  • The web service file “LogService.wsdl” is now accessible for Eclipse setup [69869]
  • Reports generated with UTF-8 encoding no longer contain corrupted characters [66584]

Proxies and Security Services

  •  This release resolves an issue with IPS and the HTTP proxy that caused NAT exhaustion in some customer environments [66246]
  • A problem that caused XTM device instability when the SIP ALG was in use has been resolved in this release [68312]
  • A problem that caused ActiveFTP to fail in some customer environments has been resolved [65848]
  • This issue resolves an issue that caused some XTM devices to crash during heavy mail traffic [66428]
  • XTM devices no longer try to update Gateway AV and IPS signatures when these features are not licensed [66415]

Authentication

  •  SSO exceptions added as an IP Range now operate correctly [68986]
  • SSO exceptions no longer incorrectly trigger when the last octet of an IP address matches a configured exception [68344]

Networking

  •  A problem that caused Policy-Based Routing to fail when the interface was not down has been resolved [67116]
  • This release resolves an issue that could cause an interface to fail [68554]
  • A problems that caused some XTM devices to periodically fail to pass network traffic has been fixed [65179]
  • Static routes no longer fail when multi-WAN and PPPoE are both enabled [68090]
  • An interfaced configured to use PPPoE no longer waits for a multi-WAN failover to occur before it requests a new IP address [68232]
  • This release resolves an issue that caused outbound traffic to fail after a multi-WAN failover [68183]
  • Multi-WAN now works correctly on XTM 2050 devices configured with ETH16-19 as external interfaces [68405]

FireCluster

  •  This release resolves some memory management issues that caused FireCluster instability [68026]
  • This release resolves a crash issue that caused a FireCluster member failover in an active/passive FireCluster [66872]

VPN

  •  Branch office VPN tunnels no longer fail when a PPPoE interface goes down [68639]
  • This release resolves several IKE process crashes that caused failure for Mobile VPN with IPSec and Branch Office VPN [68118, 69625, 67961, 67881, 68237]
  • Branch office VPN tunnels no longer fail when a dynamically assigned external IP address on the XTM device changes [68163, 68910, 68188]
  • This release resolves an issue that caused branch office VPN tunnels to fail to pass traffic [69090, 67819]
  • A large number of active branch office VPN tunnels no longer causes a CPU spike. [68886]
  • A memory leak that occurred when a large number of branch office VPN tunnels were active has been fixed [66200]
  • This release resolves an issue that caused branch office VPN tunnels to stop passing traffic [67921]
  • Branch office VPN tunnel routes configured to use 1-to-1 NAT now operate correctly with Multi-WAN [67001]
  • This release resolves an issue that caused branch office VPNs to fail after a Fireware XTM OS upgrade [68247]
  • The IKE process now remains stable when Mobile VPN with IPSec connections that use the Safenet client are disconnected [66772]

XTMv

  •  Network connectivity no longer fails after you upgrade the Fireware XTM OS on an XTMv installation [69500]
  • XTMv appliances with PPPoE configured no longer lose network routes after a reboot [69492]

You can download 11.6.3 Build # 357868 from Watchguard Support Portal by logging in to your account.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – CSP3 Build # 354688

Leave a reply

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – CSP3 Build # 354688

11.6.1 – CSP3 Build # 354688 Resolves the following issues:

  • BUG69616: The dynamic IP at peer side is not added into the local cache file at multi-wan
  • BUG69351: After reboot multiple Phase 1 one time outs occurred. Unable to build VPN tunnels
  • BUG69624: Limit rate of phase one auto start after reboot
  • BUG69377 Incorrect model number displayed with MODEL 505 license
  • BUG69625: iked crash sig 6, sig 11
  • BUG68554: Interface failing to route and not listing ‘inet addr’ in status report > interfaces
  • BUG68312: SIP proxy causes CFM restart due to memory cap violation
  • BUG67656: Process `cfm.5′ with pid: 1515 / tid: 1515 died unexpectedly on signal 6 (SIP)
  • BUG67479: CFM Stack traces using SIP after upgrading from 11.4.2 to 11.5.3U1 using existing setup
  • BUG67782: cfm.2 stacktrace, SIP (stack contents @ 0xbe836430), signal 6
  • BUG67001: BOVPN over 1:1 NAT fails with multiWAN causes one way traffic (inbound fails)
  • BUG68944: VPN 1:1 nat does not work when we use it on multiwan(3 pppoe and 1 dhcp)xtm box
  • BUG69090: VPN tunnel fails and stops passing traffic – xfrm_dst_cache value exceeded in slab info
  • BUG67819: memory leak causing xfrm_dst_cache value to increase and causing appliance to lockup
  • BUG67921: Negotiated BOVPN tunnels stopp passing traffic – Appliance has valid SA info
  • BUG69351: After reboot multiple Phase 1 one time outs occurred. Unable to build VPN tunnels XTM2050

You can request 11.6.1 – CSP3 Build # 354688 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.