Tag Archives: “XTM 22”

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 – CSP1 Build # 419019

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series –Fireware XTM OS 11.6.5 – CSP1 Build # 419019

11.6.5 CSP1 Build # 419019 Resolves the following issues:

  • This release contains further improvements to efficacy of spamBlocker with Mailshell
  • [BUG71300] Resolved a Kernel crash which occurred when using FireCluster under high traffic conditions
  • [BUG71738] Resolved Memory leak when an external interface is configured for DHCP and the DHCP server is not responding
  • [BUG71589] Resolved issue causing the firewalld process to crash.
  • [BUG67075] SNMP “Get” now displays the accurate number of Branch Office VPN tunnels.
  • [BUG70202, BUG71732, BUG70342]: Resolved issue causing Branch Office VPN traffic to stop passing when using Firebox models XTM 330, XTM 3, XTM 25/26.
  • [BUG70491] The widsd process no longer uses excess CPU
  • [BUG71926] Fixed issue causing the loggerd process to use excessive CPU.
  • [BUG71871] Improved the HTTP Proxy MSS handling to allow for MTU to be adjusted independently for the in and out proxy channels. This improvement will prevent applications like Facebook from stalling.
  • [BUG69331] Interface link down/up behavior has been improved for XTM 21-23, XTM 25/56 and XTM 33.
  • [RFE71314] The Firebox serial number will now display in the HTTP proxy deny message.
  • [BUG70955] Resolved issue causing the SSID for guest network to stop broadcasting.
  • [BUG69132] Resolved issue causing the Wireless Guest interface status to show as down but the interface continues to function.
  • [BUG70318] When using wireless the log line “ath: phy0: failed to stop TX DMA, queue=0x005!” no longer occurs.
  • [BUG72586] The hostapd debug logs no longer appear when diagnostic logging is disabled.
  • [BUG68975, RFE64455] The Firebox DHCP server now properly sends a NACK reply for devices with an existing DHCP lease.
  • [BUG71323] Resolved issue which caused Branch Office VPN IPSec VPN to stop functioning after upgrade from 11.4.x to 11.6.x or 11.7.x.
  • [BUG69493, BUG65892] Resolved issue which caused the Intel Network Interface Cards to hang and stop passing traffic for short periods of time on XTM 5-series and above.
  • [BUG72048] Resolved Cross site scripting vulnerability on the SSLVPN authentication port related to an invalid login redirect.

You can request 11.6.5 – CSP1 Build # 419019 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in the GAV (gateway anti-virus) scand process causes lag and typing delay in Remote Desktop Sessions (RDP) and SIP or VoIP latency issues

Watchguard XTM Firewall and UTM Appliance – High CPU Usage in scand process causes lag and typing delay in Remote Desktop Sessions (RDP).  You may find that remote users report a lag with Remote Desktop Sessions, freezing sessions, black screen and random disconnections.  At around the same time users report these issues you may find that the CPU usage of the scand process on your Watchguard has increased to 100% and the majority of the activity is attributed to the scand process.  You may be able to recreate this issue by browsing websites that utilise lots of Adobe Flash or Media Content as GAV will need to scan all these elements of the web page.  Login to the Watchguard System Manager and then open Firebox System Manager click on Status Report and scroll down the report until you find the Process List (Screenshot Below).  This information will automatically update every 30 seconds so you can see the %CPU column will change and update every 30 seconds.  The top value system shows the overall CPU utilisation and if you look further down you can see which sub processes are actually occupying the CPU time and making up the overall system usage.  In the screenshot below we can see that system is showing 100 % CPU Usage and then further down we can see that the scand process is accounting for 90.99% of this.  When the CPU Usage reaches 100% on the Watchguard unit it may stop forwarding other traffic and this accounts for the lag and jitter we see within the Remote Desktop Session.  Other time sensitive traffic such as VoIP or SIP traffic may also be affected by this issue as the packets are delayed whilst the Firewall recovers from the resource exhaustion.  Users may also report that web pages are slow to load at the time these issues occur where the GAV process is still dealing with the other requests.


You can try disabling the GAV (gateway antivirus) for the HTTP and FTP Proxy to ensure that this is the actual cause of your issues, if the problem subsides then you may need to consider updating the XTM OS to the latest release i.e. 11.5.2 and/or adjusting the GAV policy so that it does not scan some content i.e. Images/Text within websites.  You may also need to consider opening a support case with Watchguard to make them aware of this issue, if you have a large number of users then you may even need to consider upgrading your XTM appliance to a larger unit i.e. XTM 23 to XTM 505 or XTM 22 to XTM330 to provide additional processing power (CPU) and system resources to cope with the additional anti-virus scanning requirements.

Watchguard XTM High CPU Usage scand
Watchguard XTM High CPU Usage scand