Tag Archives: OS

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 – CSP1 Build # 419019

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series –Fireware XTM OS 11.6.5 – CSP1 Build # 419019

11.6.5 CSP1 Build # 419019 Resolves the following issues:

  • This release contains further improvements to efficacy of spamBlocker with Mailshell
  • [BUG71300] Resolved a Kernel crash which occurred when using FireCluster under high traffic conditions
  • [BUG71738] Resolved Memory leak when an external interface is configured for DHCP and the DHCP server is not responding
  • [BUG71589] Resolved issue causing the firewalld process to crash.
  • [BUG67075] SNMP “Get” now displays the accurate number of Branch Office VPN tunnels.
  • [BUG70202, BUG71732, BUG70342]: Resolved issue causing Branch Office VPN traffic to stop passing when using Firebox models XTM 330, XTM 3, XTM 25/26.
  • [BUG70491] The widsd process no longer uses excess CPU
  • [BUG71926] Fixed issue causing the loggerd process to use excessive CPU.
  • [BUG71871] Improved the HTTP Proxy MSS handling to allow for MTU to be adjusted independently for the in and out proxy channels. This improvement will prevent applications like Facebook from stalling.
  • [BUG69331] Interface link down/up behavior has been improved for XTM 21-23, XTM 25/56 and XTM 33.
  • [RFE71314] The Firebox serial number will now display in the HTTP proxy deny message.
  • [BUG70955] Resolved issue causing the SSID for guest network to stop broadcasting.
  • [BUG69132] Resolved issue causing the Wireless Guest interface status to show as down but the interface continues to function.
  • [BUG70318] When using wireless the log line “ath: phy0: failed to stop TX DMA, queue=0x005!” no longer occurs.
  • [BUG72586] The hostapd debug logs no longer appear when diagnostic logging is disabled.
  • [BUG68975, RFE64455] The Firebox DHCP server now properly sends a NACK reply for devices with an existing DHCP lease.
  • [BUG71323] Resolved issue which caused Branch Office VPN IPSec VPN to stop functioning after upgrade from 11.4.x to 11.6.x or 11.7.x.
  • [BUG69493, BUG65892] Resolved issue which caused the Intel Network Interface Cards to hang and stop passing traffic for short periods of time on XTM 5-series and above.
  • [BUG72048] Resolved Cross site scripting vulnerability on the SSLVPN authentication port related to an invalid login redirect.

You can request 11.6.5 – CSP1 Build # 419019 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 – CSP3 Build # 362451

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 – CSP3 Build # 362451

11.6.3 – CSP3 Build # 362451 Resolves the following issues:

  • BUG70662: The OSS-Config process no longer leaks memory
  • BUG67355: RSS Feeds no longer try and download RSS updates every 6 minutes. The new update interval is 24 hours.
  • BUG70638: Resolved issue causing the iked process to crash under certain conditions.
  • BUG71028: When using FireCluster Active/Passive, with DHCP relay enabled, the Virtual MAC address will no longer be sent from the Backup Master causing network disruption.
  • BUG70975: The SNMP process on XTM 25/26 and XTM 33 will now be restarted automatically in the event it becomes stuck in a dormant state.

You can request 11.6.3 – CSP3 Build # 362451 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7 Build # 359571

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7 Build # 359571

New features in Fireware XTM v11.7 Build # 359571

Policy Grouping

  •  With Policy Grouping, you can create and apply tags to policies and then use the tags to easily filter the list of policies and streamline the number of policies in the policy list at one time. This is particularly helpful for users who have complicated device configuration files with many policies to manage. Policy tags are not available for devices running older versions of Fireware XTM OS (pre-v11.7) or for configuration files created for pre-v11.7 devices.

Link Aggregation

  •  You can now group your XTM device physical interfaces together to work as a single logical interface. With link aggregation, you can increase the cumulative throughput of your XTM device beyond the capacity of a single physical interface, and provide redundancy if there is a physical link failure.

WebBlocker Cloud Option with Websense

  •  New support for the Websense URL database in the cloud. Now, you can use the Websense cloud, with over 100 content categories and many new categories, as your WebBlocker Server. Or, if you prefer, you can continue to use a WebBlocker Server with the SurfControl database and 54 content categories. For new WebBlocker activations, the Websense cloud configuration is the default setting. When you upgrade to Fireware XTM v11.7, WebBlocker continues to use the previously configured WebBlocker server. After you upgrade, you can update the WebBlocker configuration to use the Websense cloud for WebBlocker lookups. When you switch between WebBlocker server options, the management software can automatically convert the currently blocked categories to similar categories in the other database.

WatchGuard Mobile VPN App for iOS and Android

  •  New apps make it easy for end users to build a VPN connection from iOS and Android devices. The administrator of the XTM appliance can securely email a file with the required configuration details, which the user can simply click to install the VPN profile after the app is installed. For Android, we now provide a WatchGuard client for Mobile VPN with IPSec. The WatchGuard VPN app for iOS operates with both Mobile VPN with IPSec and Mobile VPN with L2TP connections. The iOS app will be available in the Apple store later this month. The Android app will be available in the Google Play app store later this month as well.

Mobile VPN with L2TP

  •  Support for a new type of Mobile VPN connection – L2TP (Layer 2 Tunneling Protocol) v2, as described in RFC 2661.

IPS and Application Control Support in the HTTPS Proxy

  •  IPS and Application Control security subscriptions are now fully supported by the HTTPS proxy to allow the XTM device to scan for IPS and Application Control signatures on the decrypted HTTPS content stream.

Other new features include:

  •  New web interface for CA Manager – The CA Manager Web UI has moved to the Log and Report Manager Web UI. The combined web interface has been renamed to WebCenter.
  • New web UI to manage quarantined email messages – New look and feel for the Web UI that email recipients use to see and manage their quarantined email messages.
  • Support for more than four external interfaces on your XTM device
  • Hardware Health Monitoring – Your XTM device now self-monitors the health of specific hardware areas and sends an email notification if it detects a problem in those areas.
  • FireCluster support with wireless devices – You can now configure FireCluster for XTM 2 Series Models 25 and 26 Wireless and XTM 33 Wireless. Only active/passive mode is supported for wireless devices.
  • New DHCP options for VoIP support – You can now configure your XTM device to support DHCP options 66, 67 and 150.
  • Per user/group and concurrent login support – You can now set the number of concurrent, authenticated sessions you want to allow, and you can control this on a per user or per group basis.
  • Wireless Hotspot external authentication support – You can optionally configure the wireless hotspot on the XTM device to redirect hotspot users to an external web server before they connect to the wireless network.
  • IPv6 enhancements – We add support for IPv6 stateful firewalling for these networking and security features:

1.1.        IPv6 host/network/address ranges in From and To lists in policies

1.2.        IPv6 addresses in blocked sites and blocked site exceptions

1.3.        Blocked ports applies to both IPv6 and IPv4 traffic

1.4.        TCP SYN checking applies to both IPv6 and IPv4 traffic

  • Branch office VPN failover to modem – If you have enabled serial modem failover on your XTM 25, 26, 3 Series, or 5 Series device, you can configure the branch office VPN to fail over to a modem if all external interfaces cannot connect.
  • Stream packet capture data to a file – A new advanced option to stream packet capture data to a file.
  • Global Dynamic NAT enhancements – When you configure a global dynamic NAT rule, you can now set the source IP address to use
  • IPS Scan mode – You can now select between two scan modes, Fast Scan and Full Scan. The default setting is Full Scan, which directs IPS to scan all packets. To improve performance, you can select Fast Scan, which directs IPS to scan fewer packets. Fast Scan mode greatly improves throughput for scanned traffic, with a slight drop in IPS effectiveness.
  • New Management Tunnels – New support for remote XTM devices behind a NAT gateway

Resolved Issues in Fireware XTM v11.7 Build # 359571


  • WFS firmware component files and management applications are no longer bundled with WatchGuard System Manager [67508]
  • A problem that caused the XTM 1050 10 Gigabit Fiber ports to fail has been resolved [70118]
  • This release resolves a problem that caused a kernel crash when a reset packet is sent out through the 10 Gigabit Fiber ports on the XTM 1050 and XTM 2050 [70384, 70296]
  • When an IP address is added to the Temporary Blocked Site list by the administrator through the Firebox System Manager > Blocked Sites tab, the expiration time is no longer reset when traffic is received from the IP address [42089]

Proxies and Subscription Services

  •  File downloads no longer stall when you use an HTTP packet filter policy with IPS [67659]
  • The SIP ALG now supports REFER method for call transfers [59635]
  • The IPS deny message contents have been improved [66839]
  • We have improved the scand daemon so that it restarts faster in the event of a crash

Logging and Reporting

  •  You can now show more than 5000 lines of log messages in Firebox System Manager [66518]
  • The contents of the XTM Configuration Report have been localized for both viewing and printing into all languages supported by the Fireware XTM Web UI [66546]
  • The behavior of the Report Server Maximum Database Size setting now matches that of the Log Server, and prevents the Report Server database from filling the disk partition [67245]
  • Log collector no longer crashes when it reaches the 2GB virtual size limit on 32-bit Windows systems [64249]


  •  If you manually created dynamic routing policies in Fireware XTM v11.5.x or earlier, the To and From lists in these policies are no longer cleared when you upgrade to v11.6 or v11.7 [67721]
  • The SNMP process is now automatically restarted if it becomes stuck in a dormant state [66491]
  • The IGMP_Max_Membership setting for OSPF has been increased to support a large number of VLANs with dynamic routing [69979]


  •  This release resolves a problem that caused the master in an XTM 2050 FireCluster to go into an idle state when you added a new interface [70392]
  • The Terminal Services TO Agent now works correctly when used in an active/passive FireCluster [70098, 69944]


  •  The 5GHz Wireless band now works correctly with channels 36, 40, 149 or 165 [65559]

Branch Office VPN

  •  Managed BOVPN tunnels now include support for optional 1-to-1 NAT [68244]
  • The amount of time it takes to fail over from a leased line to a branch office VPN with OSPF or BGP has been reduced [70460]

Mobile VPN

  •  Frequent mobile VPN client log in/log out events no longer cause a low memory condition on the XTM device [67538]
  • When you use a native Cisco IPsec iOS client for Mobile VPN with IPSec, the client no longer disconnects after three minutes of idle time [69430]
  • If you set the diagnostic log level for Mobile VPN with SSL traffic to “debug” level, log messages now correctly display in Firebox System Manager > Traffic Manager [65165]
  • You can now correctly establish a Mobile VPN with SSL connection from a Windows-based computer when the Windows system account is Chinese [58208]
  • A continuous FTP session over a Mobile VPN with IPSec connection is no longer terminated if an IPSec rekey occurs during the FTP transfer [32769]

You can download 11.7 Build # 359571 from Watchguard Support Portal by logging in to your account.

Adobe Flash Player 11.5.502.110 Released for Microsoft Windows and Apple Mac OS X

Adobe Flash Player 11.5.502.110 has been released

Security Enhancements

• This update resolves buffer overflow vulnerabilities that could lead to code execution (CVE-2012-5274, CVE-2012-5275, CVE-2012-5276, CVE-2012-5277, CVE-2012-5280)

• This update resolves memory corruption vulnerabilities that could lead to code execution (CVE-2012-5279)

• This update resolves a security bypass vulnerability that could lead to code execution (CVE-2012-5278)

Fixed Issues

• Crash when playing back Adobe connect recording with screensharing(3348585)

• Flash Player crashes when navigating to and from Flash content in Internet Explorer (3322564)

• Install Application causes a crash and occasionally ipa.exe stops working(3298786)

• Flash Player shows white screen when using Webcam-feed(3337754)

New Features

• Debug stack trace in release builds of Flash Player

• Invoke Event enhancement

• Static linking of DRM (Desktop only)*

* Note: Static linking of DRM contributes to an increase in the size of the Flash Player binary

You can download Adobe Flash Player 11.5.502.110 from http://www.adobe.com