Category Archives: XTM

Watchguard, XTM

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 – CSP1 Build # 419019

Leave a comment

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series –Fireware XTM OS 11.6.5 – CSP1 Build # 419019

11.6.5 CSP1 Build # 419019 Resolves the following issues:

  • This release contains further improvements to efficacy of spamBlocker with Mailshell
  • [BUG71300] Resolved a Kernel crash which occurred when using FireCluster under high traffic conditions
  • [BUG71738] Resolved Memory leak when an external interface is configured for DHCP and the DHCP server is not responding
  • [BUG71589] Resolved issue causing the firewalld process to crash.
  • [BUG67075] SNMP “Get” now displays the accurate number of Branch Office VPN tunnels.
  • [BUG70202, BUG71732, BUG70342]: Resolved issue causing Branch Office VPN traffic to stop passing when using Firebox models XTM 330, XTM 3, XTM 25/26.
  • [BUG70491] The widsd process no longer uses excess CPU
  • [BUG71926] Fixed issue causing the loggerd process to use excessive CPU.
  • [BUG71871] Improved the HTTP Proxy MSS handling to allow for MTU to be adjusted independently for the in and out proxy channels. This improvement will prevent applications like Facebook from stalling.
  • [BUG69331] Interface link down/up behavior has been improved for XTM 21-23, XTM 25/56 and XTM 33.
  • [RFE71314] The Firebox serial number will now display in the HTTP proxy deny message.
  • [BUG70955] Resolved issue causing the SSID for guest network to stop broadcasting.
  • [BUG69132] Resolved issue causing the Wireless Guest interface status to show as down but the interface continues to function.
  • [BUG70318] When using wireless the log line “ath: phy0: failed to stop TX DMA, queue=0x005!” no longer occurs.
  • [BUG72586] The hostapd debug logs no longer appear when diagnostic logging is disabled.
  • [BUG68975, RFE64455] The Firebox DHCP server now properly sends a NACK reply for devices with an existing DHCP lease.
  • [BUG71323] Resolved issue which caused Branch Office VPN IPSec VPN to stop functioning after upgrade from 11.4.x to 11.6.x or 11.7.x.
  • [BUG69493, BUG65892] Resolved issue which caused the Intel Network Interface Cards to hang and stop passing traffic for short periods of time on XTM 5-series and above.
  • [BUG72048] Resolved Cross site scripting vulnerability on the SSLVPN authentication port related to an invalid login redirect.

You can request 11.6.5 – CSP1 Build # 419019 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

535, 545, 810, 820, 830

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Update 1 Build # 417473

Leave a comment

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Update 1 Build # 417473

Issues resolved in Fireware XTM v11.7.2 Update 1 Build # 417473

•This release includes an update to the Mailshell engine that provides a significant improvement over the original Fireware XTM v11.7.2 release in spam detection for our spamBlocker customers.
•Dynamic DNS updates no longer fail. [70047]
•This release resolves an issue that caused Branch Office VPN to stop functioning after an upgrade from Fireware XTM v11.4.x to v11.6.x or v11.7.x. [71323]
•The iked process no longer crashes when you use the CLI autodiag command for Mobile VPN with IPSec traffic. [70963]
•This release resolves an issue that caused traffic through a branch office VPN tunnel to stop for XTM 3 Series and XTM 25/26 devices. [70202, 71732, 70342]
•Branch office VPN tunnels no longer fail to pass traffic when the tunnel name exceeds 28 characters. [71448]
•SNMP now displays the accurate number of branch office VPN tunnels. [67075]
•The XTM device DHCP server now correctly sends a NACK reply for devices that have an existing DHCP lease. [68975, 64455]
•The loggerd process no longer uses excessive CPU. [66060, 71926]
•This release resolves an issue that caused the CPU on the XTM device to lock up when using IPS or Application Control. [71706]
•An issue that caused the firewalld process to crash has been resolved. [71589]
•The HTTP proxy MSS handling has been improved to enable the MTU to be adjusted independently for inbound and outbound proxy connections. This improvement prevents applications such as Facebook from stalling. [71871]
•This release resolves several issues that caused kernel crashes. [72156, 70316]

You can download 11.7.2 Update 1 Build # 417473 from Watchguard Support Portal by logging in to your account.

330, 505, 510, 515, 520, 525, 530, 535, 545, 810, 820, 830

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Build # 365430

Leave a comment

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Build # 365430

Issues resolved in Fireware XTM v11.7.2 Build # 365430

General
•WatchGuard Server Center no longer fails to open if you specify a long path to the log file. [71406]
•You can now upgrade the XTM OS version on your XTM device from Fireware XTM Web UI from a Windows 8 browser. [70997]
•In response to a security advisory issued by OpenSSL, we have upgraded Fireware XTM OS to use OpenSSL 0.9.8y. [71416]
•In response to a security advisory issued by Adobe, we have upgraded the Flex XSS used in the Fireware XTM Web UI. [70444]
•Our thanks to Wayne Murphy and Ben Burns of Sec-1 for reporting some XSS and SQLi web application vulnerabilities in our quarantine portal, which have been resolved in this release. [71188]

Proxies and Subscription Services
•WebBlocker evaluations (with a WebBlocker trial license) now operate correctly. [71507]
•WebBlocker exception rules to deny web site access now work correctly. [71760, 71783]
•An issue that caused web browsing to slow or fail when you use WebBlocker with Websense server has been resolved. [71057, 71557]
•This release resolves a system memory leak that occurred when you used the HTTPS proxy and WebBlocker. [71082]
•You can now set a main Application Category to Drop while you have a subcategory set to Allow. [71018]
•Proxy stability when using IPS or Application Control has been improved. [71024, 71046, 71270, 71495, 71371, 71240, 71733, 70977, 71713]
•TLS encryption is no longer enabled by default in the SMTP proxy configuration, but can be enabled if you want to use it. [71137]

Logging and Reporting
•This release resolves an issue that caused the logging processes on the XTM device to use a high percentage of CPU. [59979, 66060]
•Log data now correctly shows in Log Manager when you sort messages by the “Date-Time” column. [70145]
•Correct log data now shows correctly in Firebox System Manager Traffic Monitor and in the Web UI Syslog option. [71044]
•A problem with log messages generated for Reputation Enabled Defense has been corrected so that the number of sites blocked by RED is now correctly counted. [70920]
•The User Authentication Denied report now generates with correct and complete information. [71359]
•A problem that prevented reports for older data sets from generating with a resulting memory error has been resolved in this release. [70957]
•The Web Audit by Client PDF report generation process has been improved so that the data now matches the data in an HTML formatted report. [63472]

Networking
•The SNMP process on XTM 25/26 and XTM 33 devices is now restarted automatically in the event that it gets stuck in a dormant state. [70975]
•Multi-WAN failover now works correctly with Static NAT configured on the external interface for failover. [71148]
•This release resolves a problem that prevented Policy Based Routing from correctly routing traffic through a second external interface. [71175]

FireCluster
•This release resolves an issue that caused a low memory condition when an active/passive FireCluster was configured. [70204]
•The Virtual MAC address is no longer sent from the backup master when you use an active/passive FireCluster with DHCP relay enabled. [71028]

Authentication
•You can now correctly add and edit Firebox-DB users from the Web UI. [71079]

Branch Office VPN
•An automatically created VPN policy to allow traffic through a managed VPN tunnel now works correctly when its name exceeds 46 characters in length. [70994]
•When you install the Management Server on a non-English Windows OS, you can now correctly add VPN resources. [71180]

Mobile VPN
•The feature key entry previously called “Mobile VPN Users” has been re-labeled “IPSec VPN Users” for clarity. [69581]

You can download 11.7.2 Build # 365430 from Watchguard Support Portal by logging in to your account.

820, 830

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 Update 1 Build # 415678

Leave a comment

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 Update 1 Build # 415678

Issues resolved in Fireware XTM v11.6.5 Update 1 Build # 415678

General
•This release resolves an issue that caused some configuration saves to fail to take effect on XTM 21 – 23 devices. [70686]
•A problem that caused the XTM 1050 10 Gigabit Fiber ports to fail has been resolved. [70118]
•This release resolves a problem that caused a kernel crash when a reset packet is sent out through the 10 Gigabit Fiber ports on the XTM 1050 and XTM 2050. [70384, 70296]
•RSS feeds no longer try to download RSS updates every six minutes. RSS updates are now queried every 24 hours. [67355]
•A memory leak related to the OSS-Config process has been resolved. [70662]

Proxies and Subscription Services
•The SIP ALG now supports REFER method for call transfers. [59635]
•File downloads no longer stall when you use an HTTP packet filter policy with IPS. [67659]
•The scand process has been improved to restart more quickly in the event of a crash.

Logging and Reporting
•This release resolves an issue that caused the logging processes on the XTM device to use a high percentage of CPU. [59979, 66060]

Networking
•The SNMP process is now automatically restarted if it becomes stuck in a dormant state. [66491, 70975]
•The IGMP_Max_Membership setting for OSPF has been increased to support a large number of VLANs with dynamic routing. [69979]

FireCluster
•The Terminal Services TO Agent now works correctly when used in an active/passive FireCluster. [70098, 69944]
•This release resolves a problem that caused the master in an XTM 2050 FireCluster to go into an idle state when you added a new interface. [70392]
•This release resolves an issue that caused a low memory condition when an active/passive FireCluster was configured. [70204]
•The Virtual MAC address is no longer sent from the backup master when you use an active/passive FireCluster with DHCP relay enabled. [71028]

VPN
•The amount of time it takes to fail over from a leased line to a branch office VPN with OSPF or BGP has been reduced. [70460]
•This release improves Branch Office VPN stability for XTM devices behind a network device that applies NAT. [70394, 59859]
•This release resolves a problem that caused the IKED process to crash under certain conditions. [70638]
•Frequent Mobile VPN client connect/disconnect sequences no longer cause a low memory condition for the XTM device. [67538]
•The Mobile VPN client for iOS no longer disconnects after three minutes of idle time. [69430]

You can download 11.6.5 Update 1 Build # 415678 from Watchguard Support Portal by logging in to your account.