Tag Archives: “XTM 3 Series”

11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 21, 22, 23, 25, 26, 33, 330, 505, 510, 515, 520, 525, 530, 535, 545, 810, 820, 830, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, Watchguard, XTM

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – CSP2 Build # 352335

Leave a comment

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – CSP2 Build # 352335

11.6.1 – CSP2 Build # 352335 Resolves the following issues:

BUG68090: static routes lost, when PPPoE interface goes down

BUG68183: Multi-WAN Failover Mode PPPoE/Static not working. Default path missing + incorrect DNAT

BUG68986: the “Ip range” style for SSO exception doesn’t work

BUG68370: Cluster member crashes after several successive failovers

BUG68650: kernel Crash when test HTTP Packet filter + IPS and APP on XTM26

BUG69050: kernel crash and reboot EIP ec1c96cb EIP is at br_netfilter_fini+0x221/0x26e [bridge]

BUG65848: Customer’s active FTP is not working

BUG67666: AP scan (Rogue AP Detection “Scan Now”) crashes the kernel with Wireless WAN

BUG68298: Traffic be interrupted when wireless connection occurs on External

BUG66032: XTM2 Wireless will run 1 -2 hours then will lockup with Wireless WAN enabled

BUG68232: With multiwan, DHCP wan interface become down logically, PPPoE interface will down for 1mins

You can request 11.6.1 – CSP2 Build # 352335 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 11.6.1, 21, 22, 23, 25, 26, 33, 330, 505, 510, 515, 520, 525, 530, 535, 545, 810, 820, 830, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, Watchguard, XTM

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – CSP1 Build # 350391

Leave a comment

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – CSP1 Build # 350391

11.6.1 – CSP1 Build # 350391 Resolves the following issues:

BUG66975: FSM traffic monitor shows blank due to log entries without seq attribute

BUG65521: unnecessary firewalld error message in appliance log

BUG66635: Unnecessary log message – 2012-05-02 11:25:56 firewall block_dump: Select timed out Debug

BUG65537: Change in Policy Schedule does not stop existing proxy session

BUG67116: MultiWAN – Outbound PBR failure with default settings – Interface not down

BUG68127: Cross site scripting vulnerability using login Failure from FW Auth Server on 4100 and SSLVPN

BUG68026: BUG66200: Slow Kernel Memory Leak caused by BOVPN

BUG68163: No BOVPN tunnel route due to probable iked failure to learn a new dynamic ip

BUG68188: BOVPN failure with dynamic IP site due to inconsistent DNS name resolution

BUG68237: iked crashes in ike_config_set_policy

BUG67961: iked died unexpectedly on signal 11

BUG66772: IKED stack trace occurring when disconnecting MoVPN IPSec (Safenet Client) connection

BUG68247: Tunnels may fail after upgrade

BUG68886: High CPU usage with high number of BOVPN tunnels

BUG67927: Active / Active mode cluster load balance does not work after health index is lower on one box

BUG67447: WebBlocker fails with logs “failed to send server-request”

BUG68344: SSO exceptions list will trigger when the last octet of the IP is in the exception

BUG65288: kernel crash and reboot

BUG66872: A/P Cluster Member reboots kernel BUG at /builds/utm-11_5_3/src/340457/ip_set.c:507 EIP e033af7d

BUG66809: A/P Cluster Master reboots kernel BUG at /builds/utm-11_5_3_csp/src/341451/EIP: ec2b9f59

BUG65179: Interface traffic stopped  EIP: <e02ac7b> EFLAGS: 00010246 CPU:3

BUG67994: loggered crash EIP: 0060:[<dff85f64>] box reboots

BUG67866: Kernel crash and reboot (EIP: e034df64)

BUG66670: XTM1050 reboot with crash log EIP:0060:[<dff64f7b>]EFLAGS:00010246 CPU:1

BUG68302: XTM8 locking up and rebooting

You can request 11.6.1 – CSP1 Build # 350391 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 21, 22, 23, 330, 505, 510, 520, 530, 810, 820, 830, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, FireBox, Internet Explorer, Internet Explorer 8, Internet Explorer 9, Microsoft, SBS 2003, SBS 2008, SBS 2011, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 3, Service Pack 3, Small Business Server 2003, Small Business Server 2008, Small Business Server 2011, System Manager, Watchguard, Windows, Windows 2000, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP, WSM, XP Mode, XTM

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in the GAV (gateway anti-virus) scand process causes lag and typing delay in Remote Desktop Sessions (RDP) and SIP or VoIP latency issues

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in scand process causes lag and typing delay in Remote Desktop Sessions (RDP).  You may find that remote users report a lag with Remote Desktop Sessions, freezing sessions, black screen and random disconnections.  At around the same time users report these issues you may find that the CPU usage of the scand process on your Watchguard has increased to 100% and the majority of the activity is attributed to the scand process.  You may be able to recreate this issue by browsing websites that utilise lots of Adobe Flash or Media Content as GAV will need to scan all these elements of the web page.  Login to the Watchguard System Manager and then open Firebox System Manager click on Status Report and scroll down the report until you find the Process List (Screenshot Below).  This information will automatically update every 30 seconds so you can see the %CPU column will change and update every 30 seconds.  The top value system shows the overall CPU utilisation and if you look further down you can see which sub processes are actually occupying the CPU time and making up the overall system usage.  In the screenshot below we can see that system is showing 100 % CPU Usage and then further down we can see that the scand process is accounting for 90.99% of this.  When the CPU Usage reaches 100% on the Watchguard unit it may stop forwarding other traffic and this accounts for the lag and jitter we see within the Remote Desktop Session.  Other time sensitive traffic such as VoIP or SIP traffic may also be affected by this issue as the packets are delayed whilst the Firewall recovers from the resource exhaustion.  Users may also report that web pages are slow to load at the time these issues occur where the GAV process is still dealing with the other requests.

Resolution/Workaround:

You can try disabling the GAV (gateway antivirus) for the HTTP and FTP Proxy to ensure that this is the actual cause of your issues, if the problem subsides then you may need to consider updating the XTM OS to the latest release i.e. 11.5.2 and/or adjusting the GAV policy so that it does not scan some content i.e. Images/Text within websites.  You may also need to consider opening a support case with Watchguard to make them aware of this issue, if you have a large number of users then you may even need to consider upgrading your XTM appliance to a larger unit i.e. XTM 23 to XTM 505 or XTM 22 to XTM330 to provide additional processing power (CPU) and system resources to cope with the additional anti-virus scanning requirements.

Watchguard XTM High CPU Usage scand
Watchguard XTM High CPU Usage scand
11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 21, 22, 23, 330, 505, 510, 520, 530, 810, 820, 830, Apple, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, FireBox, Internet Explorer, Internet Explorer 8, Internet Explorer 9, Microsoft, Safari, System Manager, Watchguard, WSM, XTM

Watchguard XTM Firewall UTM Device – Cannot browse some sites and logs report GAV job open failed (failed to connect to scand at scand)

Cannot browse some sites and logs report GAV job open failed (failed to connect to scand at scand)

You may find that you cannot access or browse some websites when you are using a Watchguard XTM Firewall or UTM device and the GAV (gateway antivirus) is enabled.  When you review the appliance logs you see the following event logged GAV job open failed (failed to connect to scand at scand).  In this instance the anti-virus proces or component of the XTM device has probably crashed or stopped responding.

Resolution/Workaround:

You might be able to permantently resolve this issue by upgrading to a newer XTM OS i.e. 11.4.2 to 11.5.2 or you may simply need to apply the latest CSP release for the XTM OS build you are using i.e. 11.4.2 CSP9 (Service Pack).  Newer OS releases and Service Packs often included fixes for these sorts of GAV issue.

A workaround would be to schedule a reboot of your Watchguard XTM appliance, this will reset the GAV (gateway antivirus) and should allow pages to load correctly again.