Category Archives: WSM

11.6, 11.6, 11.6, 11.6, 11.6, 11.6, 11.6, 11.6, 11.6, 11.6, 11.6, 11.6, 11.6, 11.6, 21, 22, 23, 25, 26, 33, 330, 505, 510, 520, 530, 810, 820, 830, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, FireBox, System Manager, Watchguard, WSM, XTM

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6 – CSP1 Build # 345395

Leave a comment

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6 – CSP1 Build # 345395

11.6 – CSP1 Build # 345395 Resolves the following issues:

BUG67424: Multi-WAN default route path lost on other external interfaces after PPPoE reconnect

BUG67731: Default Gateway route missing issues when using Multi-WAN with DHCP interfaces

BUG67520: Unable to ping static route network while multi wan’s pppoe I/F is disconnected

BUG66937: Kernel- unable to handle kernel NULL pointer dereference at 000002

BUG67399: XTM8 crash BUG: unable to handle kernel paging request at 780fed1e EIP c11f7cf6

BUG67312: XTM2050 crash BUG: unable to handle kernel paging request at cf9f9f5e EIP 4120667e

BUG67159: XTM5 A/P Cluster Kernel Crash  EIP: 0060:[<c11e02bb>]

BUG66135: XTM510 11.5.2  Kernel Crash EIP c11e035b

BUG65426: A/P FireCluster rebooted Pid: 1343, comm: bwdrv_wq/0 Tainted: P EIP c11e06cb

You can request 11.6 – CSP1 Build # 345395 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

11.5.3, 11.5.3, 11.5.3, 11.5.3, 11.5.3, 11.5.3, 11.5.3, 11.5.3, 11.5.3, 11.5.3, 11.5.3, 11.5.3, 11.5.3, 11.5.3, 21, 22, 23, 25, 26, 33, 330, 505, 510, 520, 530, 810, 820, 830, FireBox, SSL VPN, System Manager, Watchguard, WSM, XTM

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.3 Build # 339420

Watchguard XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.5.3 Build # 339420

Fireware XTM OS 11.5.3 Build # 339420 Resolves the following issues:

Minor enhancements

• Changes to the routes section of the Firebox System Manager Status Report to improve consistency in the way IPv4 and IPv6 routes are displayed.

• New IP address validity checking in Mobile VPN configurations to help prevent common errors with overlapping IP addresses.

General

• An instability issue found on some XTM 2 devices, where the device could pass traffic normally but could not be managed with WSM or Web UI, has been fixed. [64546]

• A Support Snapshot (a support.tgz file) can now be correctly saved to a USB drive. [64897]

Policy Manager

• You can now use an IP address with a leading zero (10.19.09.0 vs 10.19.9.0) without causing branch office VPN failures. [65189]

• Policy Manager now updates the Mobile VPN with IPSec policies when the configured Virtual IP Address Pool is changed. [65241]

Authentication

• The Event Log Monitor has been enhanced to more effectively retrieve group information in a clientless SSO environment. [65300]

• The SSO Client now responds appropriately when a client computer resumes from a hibernate or sleep state. [65561]

• In the SSO Setup Wizard, the Event Log Monitor check box is now clear by default. [65825]

• The SSO Agent can now correctly load configuration information when the network interface is unavailable. [65802]

Proxies

• HTTP proxy performance has been improved when downloading very large files. [65967]

• A chunking handling issue in the HTTP proxy has been resolved. [65505]

• The SMTP proxy now correctly detects a multi-line 550 response as a valid response. [64463]

• When you use TLS with the default optional allowed rules in the SMTP proxy, email messages can now be delivered successfully to mail servers that do not support TLS. [64650]

• A SIP ALG memory leak issue has been resolved. [65749]

• The SIP ALG now allows provisional ACKs. [65247]

• A problem that caused the SIP ALG to crash has been resolved. [60222]

Security Services

• Gateway AV now detects password-encrypted virus attachments as scan errors. [65047]

• Gateway AV signature update memory utilization has been optimized in this release. This prevents Gateway AV scanning failures caused by a lack of memory. [64940, 64511, 62222]

• The HTTP response no longer stalls when both Gateway AV and RED are enabled. [65877]

• The UTF8 encoded X-WatchGuard-AntiVirus header no longer breaks attachments with long file names. [64883]

• WebBlocker can now correctly fail over to a configured backup server. [65211]

Centralized Management

• Device configuration templates that contain a TCP-UDP proxy policy and a WebBlocker action now work correctly with WatchGuard devices running Fireware XTM v11.3.x. [65408]

Logging & Reporting

• The frequently seen log message: “failed to get routing rules” has been suppressed. [65463]

• A problem that caused log messages to take up to 15 minutes to fail over to a backup Log Server in some networks has been resolved. [62275]

• The Log Collector can now gracefully recover from errors related to a lack of shared memory. [65101]

• Report Manager no longer shows “500 Internal Server Error” when you try to get access to device reports on February 29th of a calendar leap year. [65735]

• Report Manager can now successfully generate PDF output for reports that contain a bar chart. [65099]

• Report Server no longer stops responding to requests while it generates ConnectWise reports data. [65725]

• The Application Usage and Blocked Applications reports no longer display the incorrect IP address value in the y-axis. [65302]

• You can now specify “https://” as part of the ConnectWise Server address without causing WatchGuard Server Center to fail. [64712]

Networking

• Configuration files that include a large number of 1-to-1 NAT entries no longer cause a traffic interruption when saved. [60037]

• A problem that caused a significant memory spike when you configured the DHCP server lease time to one second has been resolved. [65242]

• A problem that caused XTM device performance degradation to occur on devices configured with at least one VLAN interface and many secondary IP addresses has been resolved. [65591]

FireCluster

• A problem that could cause members in a cluster to lock up until rebooted has been resolved. This problem would only occur on a cluster for which proxies were configured. [61091]

• A crash that could occur when one or more connections spanned multiple failovers (at least two failovers in a row) has been corrected. [66008, 66177]

• A problem that could cause connections to time out prematurely has been corrected. In most cases, the symptom would be the disruption of a service (e.g. an FTP download would fail). The problem could affect connections assigned to the non-master of an Active/Active cluster or connections assigned to the new master of an Active/Passive cluster following a failover. [66110]

• Log messages about a FireCluster reboot have been improved to include the reason for the reboot. [65115]

• A problem that prevented a FireCluster failover from occurring because of an error in interpreting the health of the FireCluster Monitored Port has been resolved. [65441]

• An Application Control bug that caused both members of an active/passive FireCluster to reboot has been resolved. [65770]

Mobile VPN with SSL

• Policy Manager and Web UI now display a warning message if Mobile VPN with SSL is enabled and the external IP address of the XTM device is modified. [65806]

• A problem that caused the Mobile VPN with SSL client to crash when connecting from a computer using the Mac OSX 64-bit operating system has been resolved. [65776]

• The Mobile VPN with SSL client running on a computer using Windows 7 64-bit OS can now operate correctly with a third-party web server certificate. [65535]

Mobile VPN with IPSec

• The Mobile VPN with IPSec Shrew Soft client can now connect to an XTM device configured with a static IP address. [64920]

Branch Office VPN

• The latency of packets that traverse a branch office VPN tunnel has been improved. [65333]

• This release resolves a problem that caused an IKEd stacktrace issue in FireCluster. [63108, 65292]

CLI

• You can now use the CLI vlan-id command with the “external dhcp” option successfully. [65478]

• The CLI show sysinfo command now displays the correct CPU utilization values. [64521]

You can download Fireware XTM OS 11.5.3 Build # 339420 from the Watchguard website.

Please note that Watchguard XTM OS releases are cumulative so you should only need to apply the latest OS to ensure that you also have any previous fixes/features.

11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.4.2, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.1, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 11.5.2, 21, 22, 23, 330, 505, 510, 520, 530, 810, 820, 830, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP1, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP2, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP3, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP4, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP5, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP6, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP7, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP8, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, CSP9, FireBox, Internet Explorer, Internet Explorer 8, Internet Explorer 9, Microsoft, SBS 2003, SBS 2008, SBS 2011, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 1, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 2, Service Pack 3, Service Pack 3, Small Business Server 2003, Small Business Server 2008, Small Business Server 2011, System Manager, Watchguard, Windows, Windows 2000, Windows 7, Windows Server 2003, Windows Server 2003 R2, Windows Server 2008, Windows Server 2008 R2, Windows Vista, Windows XP, WSM, XP Mode, XTM

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in the GAV (gateway anti-virus) scand process causes lag and typing delay in Remote Desktop Sessions (RDP) and SIP or VoIP latency issues

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in scand process causes lag and typing delay in Remote Desktop Sessions (RDP).  You may find that remote users report a lag with Remote Desktop Sessions, freezing sessions, black screen and random disconnections.  At around the same time users report these issues you may find that the CPU usage of the scand process on your Watchguard has increased to 100% and the majority of the activity is attributed to the scand process.  You may be able to recreate this issue by browsing websites that utilise lots of Adobe Flash or Media Content as GAV will need to scan all these elements of the web page.  Login to the Watchguard System Manager and then open Firebox System Manager click on Status Report and scroll down the report until you find the Process List (Screenshot Below).  This information will automatically update every 30 seconds so you can see the %CPU column will change and update every 30 seconds.  The top value system shows the overall CPU utilisation and if you look further down you can see which sub processes are actually occupying the CPU time and making up the overall system usage.  In the screenshot below we can see that system is showing 100 % CPU Usage and then further down we can see that the scand process is accounting for 90.99% of this.  When the CPU Usage reaches 100% on the Watchguard unit it may stop forwarding other traffic and this accounts for the lag and jitter we see within the Remote Desktop Session.  Other time sensitive traffic such as VoIP or SIP traffic may also be affected by this issue as the packets are delayed whilst the Firewall recovers from the resource exhaustion.  Users may also report that web pages are slow to load at the time these issues occur where the GAV process is still dealing with the other requests.

Resolution/Workaround:

You can try disabling the GAV (gateway antivirus) for the HTTP and FTP Proxy to ensure that this is the actual cause of your issues, if the problem subsides then you may need to consider updating the XTM OS to the latest release i.e. 11.5.2 and/or adjusting the GAV policy so that it does not scan some content i.e. Images/Text within websites.  You may also need to consider opening a support case with Watchguard to make them aware of this issue, if you have a large number of users then you may even need to consider upgrading your XTM appliance to a larger unit i.e. XTM 23 to XTM 505 or XTM 22 to XTM330 to provide additional processing power (CPU) and system resources to cope with the additional anti-virus scanning requirements.

Watchguard XTM High CPU Usage scand
Watchguard XTM High CPU Usage scand