Category Archives: 830

Watchguard Feature Requests and Enhancements

Below is a list of Requests for Engineering and Enhancements that have been submitted to Watchguard for the XTM UTM Appliance Range

If you would also like any of these features then I would suggest that you raise a Technical support case with Watchguard and mention the appropraite RFE within your support ticket. You should also ask the case to be set to Status: Bug/Enhancement Submitted and select “Receive BUG/RFE Updates?” so that you are alerted when the feature is implemented in a new XTM OS release. The more cases that are logged against an RFE the faster Watchguard are likely to get the new feature implemented.

  • RFE61499 – Support for FTP through Explicit TLS/SSL
  • RFE62784: Ability to choose dns server requests on dedicated external interface
  • RFE66209 Protection against Brute Force Attacks on OWA, FTP and SMTP
  • RFE67449 – Support for SMTP PIPELINING
  • RFE67450: support for DSN in SMTP proxy
  • RFE67451: support for ENHANCEDSTATUSCODES in SMTP proxy
  • RFE72251: Local WebBlocker Server with Websense Categorization Engine
  • RFE73433 Ability to block or drop traffic based off of geographic location

Please also feel free to post your comments about these feature requests and any others that you think would be beneficial.  I will update the post with new RFE’s so that we can collectively push Watchguard product development for them to be implemented.

 

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Update 1 Build # 417473

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Update 1 Build # 417473

Issues resolved in Fireware XTM v11.7.2 Update 1 Build # 417473

•This release includes an update to the Mailshell engine that provides a significant improvement over the original Fireware XTM v11.7.2 release in spam detection for our spamBlocker customers.
•Dynamic DNS updates no longer fail. [70047]
•This release resolves an issue that caused Branch Office VPN to stop functioning after an upgrade from Fireware XTM v11.4.x to v11.6.x or v11.7.x. [71323]
•The iked process no longer crashes when you use the CLI autodiag command for Mobile VPN with IPSec traffic. [70963]
•This release resolves an issue that caused traffic through a branch office VPN tunnel to stop for XTM 3 Series and XTM 25/26 devices. [70202, 71732, 70342]
•Branch office VPN tunnels no longer fail to pass traffic when the tunnel name exceeds 28 characters. [71448]
•SNMP now displays the accurate number of branch office VPN tunnels. [67075]
•The XTM device DHCP server now correctly sends a NACK reply for devices that have an existing DHCP lease. [68975, 64455]
•The loggerd process no longer uses excessive CPU. [66060, 71926]
•This release resolves an issue that caused the CPU on the XTM device to lock up when using IPS or Application Control. [71706]
•An issue that caused the firewalld process to crash has been resolved. [71589]
•The HTTP proxy MSS handling has been improved to enable the MTU to be adjusted independently for inbound and outbound proxy connections. This improvement prevents applications such as Facebook from stalling. [71871]
•This release resolves several issues that caused kernel crashes. [72156, 70316]

You can download 11.7.2 Update 1 Build # 417473 from Watchguard Support Portal by logging in to your account.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Build # 365430

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Build # 365430

Issues resolved in Fireware XTM v11.7.2 Build # 365430

General
•WatchGuard Server Center no longer fails to open if you specify a long path to the log file. [71406]
•You can now upgrade the XTM OS version on your XTM device from Fireware XTM Web UI from a Windows 8 browser. [70997]
•In response to a security advisory issued by OpenSSL, we have upgraded Fireware XTM OS to use OpenSSL 0.9.8y. [71416]
•In response to a security advisory issued by Adobe, we have upgraded the Flex XSS used in the Fireware XTM Web UI. [70444]
•Our thanks to Wayne Murphy and Ben Burns of Sec-1 for reporting some XSS and SQLi web application vulnerabilities in our quarantine portal, which have been resolved in this release. [71188]

Proxies and Subscription Services
•WebBlocker evaluations (with a WebBlocker trial license) now operate correctly. [71507]
•WebBlocker exception rules to deny web site access now work correctly. [71760, 71783]
•An issue that caused web browsing to slow or fail when you use WebBlocker with Websense server has been resolved. [71057, 71557]
•This release resolves a system memory leak that occurred when you used the HTTPS proxy and WebBlocker. [71082]
•You can now set a main Application Category to Drop while you have a subcategory set to Allow. [71018]
•Proxy stability when using IPS or Application Control has been improved. [71024, 71046, 71270, 71495, 71371, 71240, 71733, 70977, 71713]
•TLS encryption is no longer enabled by default in the SMTP proxy configuration, but can be enabled if you want to use it. [71137]

Logging and Reporting
•This release resolves an issue that caused the logging processes on the XTM device to use a high percentage of CPU. [59979, 66060]
•Log data now correctly shows in Log Manager when you sort messages by the “Date-Time” column. [70145]
•Correct log data now shows correctly in Firebox System Manager Traffic Monitor and in the Web UI Syslog option. [71044]
•A problem with log messages generated for Reputation Enabled Defense has been corrected so that the number of sites blocked by RED is now correctly counted. [70920]
•The User Authentication Denied report now generates with correct and complete information. [71359]
•A problem that prevented reports for older data sets from generating with a resulting memory error has been resolved in this release. [70957]
•The Web Audit by Client PDF report generation process has been improved so that the data now matches the data in an HTML formatted report. [63472]

Networking
•The SNMP process on XTM 25/26 and XTM 33 devices is now restarted automatically in the event that it gets stuck in a dormant state. [70975]
•Multi-WAN failover now works correctly with Static NAT configured on the external interface for failover. [71148]
•This release resolves a problem that prevented Policy Based Routing from correctly routing traffic through a second external interface. [71175]

FireCluster
•This release resolves an issue that caused a low memory condition when an active/passive FireCluster was configured. [70204]
•The Virtual MAC address is no longer sent from the backup master when you use an active/passive FireCluster with DHCP relay enabled. [71028]

Authentication
•You can now correctly add and edit Firebox-DB users from the Web UI. [71079]

Branch Office VPN
•An automatically created VPN policy to allow traffic through a managed VPN tunnel now works correctly when its name exceeds 46 characters in length. [70994]
•When you install the Management Server on a non-English Windows OS, you can now correctly add VPN resources. [71180]

Mobile VPN
•The feature key entry previously called “Mobile VPN Users” has been re-labeled “IPSec VPN Users” for clarity. [69581]

You can download 11.7.2 Build # 365430 from Watchguard Support Portal by logging in to your account.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 Update 1 Build # 415678

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 Update 1 Build # 415678

Issues resolved in Fireware XTM v11.6.5 Update 1 Build # 415678

General
•This release resolves an issue that caused some configuration saves to fail to take effect on XTM 21 – 23 devices. [70686]
•A problem that caused the XTM 1050 10 Gigabit Fiber ports to fail has been resolved. [70118]
•This release resolves a problem that caused a kernel crash when a reset packet is sent out through the 10 Gigabit Fiber ports on the XTM 1050 and XTM 2050. [70384, 70296]
•RSS feeds no longer try to download RSS updates every six minutes. RSS updates are now queried every 24 hours. [67355]
•A memory leak related to the OSS-Config process has been resolved. [70662]

Proxies and Subscription Services
•The SIP ALG now supports REFER method for call transfers. [59635]
•File downloads no longer stall when you use an HTTP packet filter policy with IPS. [67659]
•The scand process has been improved to restart more quickly in the event of a crash.

Logging and Reporting
•This release resolves an issue that caused the logging processes on the XTM device to use a high percentage of CPU. [59979, 66060]

Networking
•The SNMP process is now automatically restarted if it becomes stuck in a dormant state. [66491, 70975]
•The IGMP_Max_Membership setting for OSPF has been increased to support a large number of VLANs with dynamic routing. [69979]

FireCluster
•The Terminal Services TO Agent now works correctly when used in an active/passive FireCluster. [70098, 69944]
•This release resolves a problem that caused the master in an XTM 2050 FireCluster to go into an idle state when you added a new interface. [70392]
•This release resolves an issue that caused a low memory condition when an active/passive FireCluster was configured. [70204]
•The Virtual MAC address is no longer sent from the backup master when you use an active/passive FireCluster with DHCP relay enabled. [71028]

VPN
•The amount of time it takes to fail over from a leased line to a branch office VPN with OSPF or BGP has been reduced. [70460]
•This release improves Branch Office VPN stability for XTM devices behind a network device that applies NAT. [70394, 59859]
•This release resolves a problem that caused the IKED process to crash under certain conditions. [70638]
•Frequent Mobile VPN client connect/disconnect sequences no longer cause a low memory condition for the XTM device. [67538]
•The Mobile VPN client for iOS no longer disconnects after three minutes of idle time. [69430]

You can download 11.6.5 Update 1 Build # 415678 from Watchguard Support Portal by logging in to your account.