Tag Archives: “XTM OS”

820, 830

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 Update 1 Build # 415678

Leave a comment

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 Update 1 Build # 415678

Issues resolved in Fireware XTM v11.6.5 Update 1 Build # 415678

General
•This release resolves an issue that caused some configuration saves to fail to take effect on XTM 21 – 23 devices. [70686]
•A problem that caused the XTM 1050 10 Gigabit Fiber ports to fail has been resolved. [70118]
•This release resolves a problem that caused a kernel crash when a reset packet is sent out through the 10 Gigabit Fiber ports on the XTM 1050 and XTM 2050. [70384, 70296]
•RSS feeds no longer try to download RSS updates every six minutes. RSS updates are now queried every 24 hours. [67355]
•A memory leak related to the OSS-Config process has been resolved. [70662]

Proxies and Subscription Services
•The SIP ALG now supports REFER method for call transfers. [59635]
•File downloads no longer stall when you use an HTTP packet filter policy with IPS. [67659]
•The scand process has been improved to restart more quickly in the event of a crash.

Logging and Reporting
•This release resolves an issue that caused the logging processes on the XTM device to use a high percentage of CPU. [59979, 66060]

Networking
•The SNMP process is now automatically restarted if it becomes stuck in a dormant state. [66491, 70975]
•The IGMP_Max_Membership setting for OSPF has been increased to support a large number of VLANs with dynamic routing. [69979]

FireCluster
•The Terminal Services TO Agent now works correctly when used in an active/passive FireCluster. [70098, 69944]
•This release resolves a problem that caused the master in an XTM 2050 FireCluster to go into an idle state when you added a new interface. [70392]
•This release resolves an issue that caused a low memory condition when an active/passive FireCluster was configured. [70204]
•The Virtual MAC address is no longer sent from the backup master when you use an active/passive FireCluster with DHCP relay enabled. [71028]

VPN
•The amount of time it takes to fail over from a leased line to a branch office VPN with OSPF or BGP has been reduced. [70460]
•This release improves Branch Office VPN stability for XTM devices behind a network device that applies NAT. [70394, 59859]
•This release resolves a problem that caused the IKED process to crash under certain conditions. [70638]
•Frequent Mobile VPN client connect/disconnect sequences no longer cause a low memory condition for the XTM device. [67538]
•The Mobile VPN client for iOS no longer disconnects after three minutes of idle time. [69430]

You can download 11.6.5 Update 1 Build # 415678 from Watchguard Support Portal by logging in to your account.

11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 21, 22, 23, 330, 505, 510, 520, 530, 810, 820, 830, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, FireBox, Internet Explorer, Internet Explorer 8, Internet Explorer 9, Microsoft, SBS 2003, SBS 2008, SBS 2011, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 3, Service Pack 3, Small Business Server 2003, Small Business Server 2008, Small Business Server 2011, System Manager, Watchguard, Windows, Windows 2000, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP, WSM, XP Mode, XTM

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in the GAV (gateway anti-virus) scand process causes lag and typing delay in Remote Desktop Sessions (RDP) and SIP or VoIP latency issues

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in scand process causes lag and typing delay in Remote Desktop Sessions (RDP).  You may find that remote users report a lag with Remote Desktop Sessions, freezing sessions, black screen and random disconnections.  At around the same time users report these issues you may find that the CPU usage of the scand process on your Watchguard has increased to 100% and the majority of the activity is attributed to the scand process.  You may be able to recreate this issue by browsing websites that utilise lots of Adobe Flash or Media Content as GAV will need to scan all these elements of the web page.  Login to the Watchguard System Manager and then open Firebox System Manager click on Status Report and scroll down the report until you find the Process List (Screenshot Below).  This information will automatically update every 30 seconds so you can see the %CPU column will change and update every 30 seconds.  The top value system shows the overall CPU utilisation and if you look further down you can see which sub processes are actually occupying the CPU time and making up the overall system usage.  In the screenshot below we can see that system is showing 100 % CPU Usage and then further down we can see that the scand process is accounting for 90.99% of this.  When the CPU Usage reaches 100% on the Watchguard unit it may stop forwarding other traffic and this accounts for the lag and jitter we see within the Remote Desktop Session.  Other time sensitive traffic such as VoIP or SIP traffic may also be affected by this issue as the packets are delayed whilst the Firewall recovers from the resource exhaustion.  Users may also report that web pages are slow to load at the time these issues occur where the GAV process is still dealing with the other requests.

Resolution/Workaround:

You can try disabling the GAV (gateway antivirus) for the HTTP and FTP Proxy to ensure that this is the actual cause of your issues, if the problem subsides then you may need to consider updating the XTM OS to the latest release i.e. 11.5.2 and/or adjusting the GAV policy so that it does not scan some content i.e. Images/Text within websites.  You may also need to consider opening a support case with Watchguard to make them aware of this issue, if you have a large number of users then you may even need to consider upgrading your XTM appliance to a larger unit i.e. XTM 23 to XTM 505 or XTM 22 to XTM330 to provide additional processing power (CPU) and system resources to cope with the additional anti-virus scanning requirements.

Watchguard XTM High CPU Usage scand
Watchguard XTM High CPU Usage scand
11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 21, 22, 23, 330, 505, 510, 520, 530, 810, 820, 830, Apple, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, FireBox, Internet Explorer, Internet Explorer 8, Internet Explorer 9, Microsoft, Safari, System Manager, Watchguard, WSM, XTM

Watchguard XTM Firewall UTM Device – Cannot browse some sites and logs report GAV job open failed (failed to connect to scand at scand)

Cannot browse some sites and logs report GAV job open failed (failed to connect to scand at scand)

You may find that you cannot access or browse some websites when you are using a Watchguard XTM Firewall or UTM device and the GAV (gateway antivirus) is enabled.  When you review the appliance logs you see the following event logged GAV job open failed (failed to connect to scand at scand).  In this instance the anti-virus proces or component of the XTM device has probably crashed or stopped responding.

Resolution/Workaround:

You might be able to permantently resolve this issue by upgrading to a newer XTM OS i.e. 11.4.2 to 11.5.2 or you may simply need to apply the latest CSP release for the XTM OS build you are using i.e. 11.4.2 CSP9 (Service Pack).  Newer OS releases and Service Packs often included fixes for these sorts of GAV issue.

A workaround would be to schedule a reboot of your Watchguard XTM appliance, this will reset the GAV (gateway antivirus) and should allow pages to load correctly again.

11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 21, 22, 23, 330, 505, 510, 520, 530, 810, 820, 830, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, Watchguard, XTM

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.1 – CSP4 Build # 335367

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.1 – CSP4 Build # 335367

11.5.1 – CSP4 Build # 335367 Resolves the following issues:

BUG64669: Resolved a Firebox crash and reboot when using FireCluster.

BUG63793: Improved proxy debug logging when using FireCluster.

BUG63574: Proxy connections fail with logs showing: “failed to create new traffic spec” and “insert_tspec:XX index inuse?

BUG65026: Iked stack trace eip=0x080c4013 caused by Mobile VPN with IPSec connection.

BUG63860: snmpd memory leak

You can request 11.5.1 – CSP4 Build # 335367 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.