Category Archives: 22

Watchguard Feature Requests and Enhancements

Below is a list of Requests for Engineering and Enhancements that have been submitted to Watchguard for the XTM UTM Appliance Range

If you would also like any of these features then I would suggest that you raise a Technical support case with Watchguard and mention the appropraite RFE within your support ticket. You should also ask the case to be set to Status: Bug/Enhancement Submitted and select “Receive BUG/RFE Updates?” so that you are alerted when the feature is implemented in a new XTM OS release. The more cases that are logged against an RFE the faster Watchguard are likely to get the new feature implemented.

  • RFE61499 – Support for FTP through Explicit TLS/SSL
  • RFE62784: Ability to choose dns server requests on dedicated external interface
  • RFE66209 Protection against Brute Force Attacks on OWA, FTP and SMTP
  • RFE67449 – Support for SMTP PIPELINING
  • RFE67450: support for DSN in SMTP proxy
  • RFE67451: support for ENHANCEDSTATUSCODES in SMTP proxy
  • RFE72251: Local WebBlocker Server with Websense Categorization Engine
  • RFE73433 Ability to block or drop traffic based off of geographic location

Please also feel free to post your comments about these feature requests and any others that you think would be beneficial.  I will update the post with new RFE’s so that we can collectively push Watchguard product development for them to be implemented.

 

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – CSP3 Build # 354688

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – CSP3 Build # 354688

11.6.1 – CSP3 Build # 354688 Resolves the following issues:

BUG69616: The dynamic IP at peer side is not added into the local cache file at multi-wan

BUG69351: After reboot multiple Phase 1 one time outs occurred. Unable to build VPN tunnels

BUG69624: Limit rate of phase one auto start after reboot

BUG69377  Incorrect model number displayed with MODEL 505 license

BUG69625: iked crash sig 6, sig 11

BUG68554: Interface failing to route and not listing ‘inet addr’ in status report > interfaces

BUG68312: SIP proxy causes CFM restart due to memory cap violation

BUG67656: Process `cfm.5′ with pid: 1515 / tid: 1515 died unexpectedly on signal 6 (SIP)

BUG67479: CFM Stack traces using SIP after upgrading from 11.4.2 to 11.5.3U1 using existing setup

BUG67782: cfm.2 stacktrace, SIP (stack contents @ 0xbe836430), signal 6

BUG67001: BOVPN over 1:1 NAT fails with multiWAN causes one way traffic (inbound fails)

BUG68944: VPN 1:1 nat does not work when we use it on multiwan(3 pppoe and 1 dhcp)xtm box

BUG69090: VPN tunnel fails and stops passing traffic – xfrm_dst_cache value exceeded in slab info

BUG67819: memory leak causing xfrm_dst_cache value to increase and causing appliance to lockup

BUG69351: After reboot multiple Phase 1 one time outs occurred. Unable to build VPN tunnels XTM2050

You can request 11.6.1 – CSP3 Build # 354688 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

WatchGuard XTM Firewall SNMP OID and Value List

WatchGuard XTM Firewall SNMP OID and Value List

CPU Utilisation in last 5 seconds

OID: .1.3.6.1.4.1.3097.6.3.4.0

Return Value: Numeric (i.e. 234 = 2.34%)

CPU Utilisation in last 1 minute

OID: .1.3.6.1.4.1.3097.6.3.77.0

Return Value: Numeric (i.e. 234 = 2.34%)

CPU Utilisation in last 5 minutes

OID: .1.3.6.1.4.1.3097.6.3.78.0

Return Value: Numeric (i.e. 234 = 2.34%)

CPU Utilisation in last 15 minutes

OID: .1.3.6.1.4.1.3097.6.3.79.0

Return Value: Numeric (i.e. 234 = 2.34%)

Currently Active Connections

OID: .1.3.6.1.4.1.3097.6.3.80.0

Return Value: Numeric (i.e. 44 = 44 Active Connections)

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – CSP2 Build # 352335

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – CSP2 Build # 352335

11.6.1 – CSP2 Build # 352335 Resolves the following issues:

BUG68090: static routes lost, when PPPoE interface goes down

BUG68183: Multi-WAN Failover Mode PPPoE/Static not working. Default path missing + incorrect DNAT

BUG68986: the “Ip range” style for SSO exception doesn’t work

BUG68370: Cluster member crashes after several successive failovers

BUG68650: kernel Crash when test HTTP Packet filter + IPS and APP on XTM26

BUG69050: kernel crash and reboot EIP ec1c96cb EIP is at br_netfilter_fini+0x221/0x26e [bridge]

BUG65848: Customer’s active FTP is not working

BUG67666: AP scan (Rogue AP Detection “Scan Now”) crashes the kernel with Wireless WAN

BUG68298: Traffic be interrupted when wireless connection occurs on External

BUG66032: XTM2 Wireless will run 1 -2 hours then will lockup with Wireless WAN enabled

BUG68232: With multiwan, DHCP wan interface become down logically, PPPoE interface will down for 1mins

You can request 11.6.1 – CSP2 Build # 352335 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.