Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 – CSP1 Build # 359164

11.6.3 – CSP1 Build # 359164 Resolves the following issues:

• Frequent Mobile user VPN client log on/off no longer causes low memory condition [BUG67538]
• The SIP ALG now supports REFER method for call transfers [RFE59635]
• Resolved issue causing file downloads to stall when using IPS and HTTP packet filter policy [BUG67659]
• The Cisco VPN client from iOS no longer disconnects after 3 minutes of idle time [BUG69430]
• Improved the scand process recovery, to restart faster in the event of a crash
• The TO agent now works properly when used with FireCluster Active /Passive [BUG70098] [BUG69944]
• Resolve issue preventing the 10Gigibit Fiber ports on the XTM 1050 from working properly [BUG70118]
• A kernel crash no longer occurs when a reset packet is sent out the 10Gigabit Fiber ports on the XTM 1050 and XTM 2050 [BUG70384] [BUG70296]
• Resolve issue which caused the Master Firebox, in an XTM 2050 FireCluster, to go into an idle state after adding a new interface [BUG70392]
• The SNMP process will now be restarted automatically in the event it becomes stuck in a dormant state [BUG66491]
• Increased the IGMP_Max_Membership for OSPF to support a larger number of VLANs with Dynamic routing [BUG69979]
• The failover time from leased line to BOVPN with OSPF/BGP has been improved [BUG70460]

You can request 11.6.3 – CSP1 Build # 359164 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 Build # 357868

11.6.3 Build # 357868 Resolves the following issues:

General

• All XTM 5 Series devices now correctly display their device model in LCD display and Firebox System Manager [69377]
• This release resolves an issue that caused some XTM 8 Series devices to lock up or reboot unexpectedly [69302]
• A problem that caused some XTM 1050 devices to crash in some customer environments has been fixed [66670]
• Fiber modules for XTM 1050 devices now operate correctly [70118]
• A problem was fixed that caused some XTM devices to crash after a configuration save [65288]
• Newly added or expired blocked sites no longer cause the XTM device to crash [67994]
• A cross-site scripting vulnerability present in the authentication page (port 4100) has been addressed in this release [68127]
• The ATTN light on XTM 2 Series and XTM 33 devices now operates correctly during the reset process [67165]
• Several XTM device crash issues have been resolved in this release [67866, 69050, 66809, 66032]
• Changed device passphrases are no longer written to the support.tgz file [69764]
• It is now possible to schedule an automated update of your device feature key [66997]

WatchGuard System Manager

•  A Management Server login will no longer fail with the error: “Error Code: Error(1102) no lock available” [68491]
• When a Management Server login fails, you now see an error message to specify the reason for the failure [66866]
• Log files for WatchGuard server are now automatically archived to prevent the files from growing too large [34363, 67521]
• HostWatch no longer fails to display connections because of invalid XML characters [66785]

Firebox System Manager

•  This release resolves an issue that caused Traffic Monitor to fail to display any data [66975]

Centralized Management

•  The Management Server no longer fails to apply a v11.3.x template to fully managed v11.3.x devices [68447]
• You can no longer build an (incorrect) v11.4.x formatted configuration file for Firebox X e-Series devices [68646]
• Scheduled Tasks that are configured for the same day now process correctly [68329]
• Devices imported to the Management Server now display correctly [69539]

Logging & Reporting

•  The unnecessary log message “block_dump: Select timed out” has been removed [66635]
• The unnecessary log message “miiGetLinkStatus” no longer shows when a network bridge is enabled [41811]
• The web service file “LogService.wsdl” is now accessible for Eclipse setup [69869]
• Reports generated with UTF-8 encoding no longer contain corrupted characters [66584]

Proxies and Security Services

•  This release resolves an issue with IPS and the HTTP proxy that caused NAT exhaustion in some customer environments [66246]
• A problem that caused XTM device instability when the SIP ALG was in use has been resolved in this release [68312]
• A problem that caused ActiveFTP to fail in some customer environments has been resolved [65848]
• This issue resolves an issue that caused some XTM devices to crash during heavy mail traffic [66428]
• XTM devices no longer try to update Gateway AV and IPS signatures when these features are not licensed [66415]

Authentication

•  SSO exceptions added as an IP Range now operate correctly [68986]
• SSO exceptions no longer incorrectly trigger when the last octet of an IP address matches a configured exception [68344]

Networking

•  A problem that caused Policy-Based Routing to fail when the interface was not down has been resolved [67116]
• This release resolves an issue that could cause an interface to fail [68554]
• A problems that caused some XTM devices to periodically fail to pass network traffic has been fixed [65179]
• Static routes no longer fail when multi-WAN and PPPoE are both enabled [68090]
• An interfaced configured to use PPPoE no longer waits for a multi-WAN failover to occur before it requests a new IP address [68232]
• This release resolves an issue that caused outbound traffic to fail after a multi-WAN failover [68183]
• Multi-WAN now works correctly on XTM 2050 devices configured with ETH16-19 as external interfaces [68405]

FireCluster

•  This release resolves some memory management issues that caused FireCluster instability [68026]
• This release resolves a crash issue that caused a FireCluster member failover in an active/passive FireCluster [66872]

VPN

•  Branch office VPN tunnels no longer fail when a PPPoE interface goes down [68639]
• This release resolves several IKE process crashes that caused failure for Mobile VPN with IPSec and Branch Office VPN [68118, 69625, 67961, 67881, 68237]
• Branch office VPN tunnels no longer fail when a dynamically assigned external IP address on the XTM device changes [68163, 68910, 68188]
• This release resolves an issue that caused branch office VPN tunnels to fail to pass traffic [69090, 67819]
• A large number of active branch office VPN tunnels no longer causes a CPU spike. [68886]
• A memory leak that occurred when a large number of branch office VPN tunnels were active has been fixed [66200]
• This release resolves an issue that caused branch office VPN tunnels to stop passing traffic [67921]
• Branch office VPN tunnel routes configured to use 1-to-1 NAT now operate correctly with Multi-WAN [67001]
• This release resolves an issue that caused branch office VPNs to fail after a Fireware XTM OS upgrade [68247]
• The IKE process now remains stable when Mobile VPN with IPSec connections that use the Safenet client are disconnected [66772]

XTMv

•  Network connectivity no longer fails after you upgrade the Fireware XTM OS on an XTMv installation [69500]
• XTMv appliances with PPPoE configured no longer lose network routes after a reboot [69492]

You can download 11.6.3 Build # 357868 from Watchguard Support Portal by logging in to your account.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.1 – CSP3 Build # 354688

11.6.1 – CSP3 Build # 354688 Resolves the following issues:

• BUG69616: The dynamic IP at peer side is not added into the local cache file at multi-wan
• BUG69351: After reboot multiple Phase 1 one time outs occurred. Unable to build VPN tunnels
• BUG69624: Limit rate of phase one auto start after reboot
• BUG69377 Incorrect model number displayed with MODEL 505 license
• BUG69625: iked crash sig 6, sig 11
• BUG68554: Interface failing to route and not listing ‘inet addr’ in status report > interfaces
• BUG68312: SIP proxy causes CFM restart due to memory cap violation
• BUG67656: Process `cfm.5′ with pid: 1515 / tid: 1515 died unexpectedly on signal 6 (SIP)
• BUG67479: CFM Stack traces using SIP after upgrading from 11.4.2 to 11.5.3U1 using existing setup
• BUG67782: cfm.2 stacktrace, SIP (stack contents @ 0xbe836430), signal 6
• BUG67001: BOVPN over 1:1 NAT fails with multiWAN causes one way traffic (inbound fails)
• BUG68944: VPN 1:1 nat does not work when we use it on multiwan(3 pppoe and 1 dhcp)xtm box
• BUG69090: VPN tunnel fails and stops passing traffic – xfrm_dst_cache value exceeded in slab info
• BUG67819: memory leak causing xfrm_dst_cache value to increase and causing appliance to lockup
• BUG67921: Negotiated BOVPN tunnels stopp passing traffic – Appliance has valid SA info
• BUG69351: After reboot multiple Phase 1 one time outs occurred. Unable to build VPN tunnels XTM2050

You can request 11.6.1 – CSP3 Build # 354688 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.