Tag Archives: XTM21

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.6 Build # 422607

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.6 Build # 422607

General

  • A number of kernel crashes have been resolved. [73624, 73714, 72553]
  • An issue that caused the firewalld process to crash has been resolved. [72724]
  • MSS handling has been improved to enable the MTU to be adjusted independently for inbound and outbound proxy connections. This improvement prevents applications such as Facebook from stalling.[72722]

Proxies and Subscription Services

  • Several problems that caused spamBlocker process crashes to occur have been resolved. [72730, 73427, 73429]
  • You can now configure spamBlocker thresholds with the Web UI. [73092]
  • You can now show the serial number variable in the HTTP proxy deny message. [72665]
  • The HTTPS proxy now correctly handles Multiple-Domain Certificates. [73273]
  • This release offers improved site name detection when you use WebBlocker with the HTTPS proxy. [72935]
  • This release resolves several issues that caused the Gateway AV scanning process to fail and restart. [73100, 72788, 62451, 69866, 67509]

Logging and Reporting

  • The loggerd process no longer uses excessive CPU. [72672]

Networking

  • Dynamic DNS updates no longer fail. [73114]
  • This release resolves a memory leak that occurred when DHCP is enabled on the external interface but the DHCP server is not responding. [72725]
  • The XTM device DHCP server now correctly sends a NACK reply for devices that have an existing DHCP lease. [72726, 72551]

Wireless

  • This release includes numerous improvements to XTM wireless stability. [73386, 73126, 72568, 72569, 72414, 72033, 72034, 72035, 72036, 72054, 71606]

VPN

  • This release resolves an issue that caused branch office VPN to stop functioning after you upgrade from Fireware XTM v11.4.x to v11.6.x. [72382]
  • This release offers improved VPN stability when using aggressive mode branch office tunnels. [73388]
  • This release resolves an issue that caused traffic through a branch office VPN tunnel to stop for XTM 3 Series and XTM 25/26 devices. [72549, 72547, 72548]
  • This release improves the Mobile VPN with SSL authentication page error handling to prevent cross-site scripting attacks. [72270]
  • This release resolves an issue that prevented the XTM 800, XTM 1500, and XTM 2500 Series devices from correctly using the IPSec encryption chipset under certain conditions. [73130]
  • SNMP now displays an accurate number of branch office VPN tunnels. [73098]

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 – CSP1 Build # 419019

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series –Fireware XTM OS 11.6.5 – CSP1 Build # 419019

11.6.5 CSP1 Build # 419019 Resolves the following issues:

  • This release contains further improvements to efficacy of spamBlocker with Mailshell
  • [BUG71300] Resolved a Kernel crash which occurred when using FireCluster under high traffic conditions
  • [BUG71738] Resolved Memory leak when an external interface is configured for DHCP and the DHCP server is not responding
  • [BUG71589] Resolved issue causing the firewalld process to crash.
  • [BUG67075] SNMP “Get” now displays the accurate number of Branch Office VPN tunnels.
  • [BUG70202, BUG71732, BUG70342]: Resolved issue causing Branch Office VPN traffic to stop passing when using Firebox models XTM 330, XTM 3, XTM 25/26.
  • [BUG70491] The widsd process no longer uses excess CPU
  • [BUG71926] Fixed issue causing the loggerd process to use excessive CPU.
  • [BUG71871] Improved the HTTP Proxy MSS handling to allow for MTU to be adjusted independently for the in and out proxy channels. This improvement will prevent applications like Facebook from stalling.
  • [BUG69331] Interface link down/up behavior has been improved for XTM 21-23, XTM 25/56 and XTM 33.
  • [RFE71314] The Firebox serial number will now display in the HTTP proxy deny message.
  • [BUG70955] Resolved issue causing the SSID for guest network to stop broadcasting.
  • [BUG69132] Resolved issue causing the Wireless Guest interface status to show as down but the interface continues to function.
  • [BUG70318] When using wireless the log line “ath: phy0: failed to stop TX DMA, queue=0x005!” no longer occurs.
  • [BUG72586] The hostapd debug logs no longer appear when diagnostic logging is disabled.
  • [BUG68975, RFE64455] The Firebox DHCP server now properly sends a NACK reply for devices with an existing DHCP lease.
  • [BUG71323] Resolved issue which caused Branch Office VPN IPSec VPN to stop functioning after upgrade from 11.4.x to 11.6.x or 11.7.x.
  • [BUG69493, BUG65892] Resolved issue which caused the Intel Network Interface Cards to hang and stop passing traffic for short periods of time on XTM 5-series and above.
  • [BUG72048] Resolved Cross site scripting vulnerability on the SSLVPN authentication port related to an invalid login redirect.

You can request 11.6.5 – CSP1 Build # 419019 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 Update 1 Build # 415678

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.5 Update 1 Build # 415678

Issues resolved in Fireware XTM v11.6.5 Update 1 Build # 415678

General
•This release resolves an issue that caused some configuration saves to fail to take effect on XTM 21 – 23 devices. [70686]
•A problem that caused the XTM 1050 10 Gigabit Fiber ports to fail has been resolved. [70118]
•This release resolves a problem that caused a kernel crash when a reset packet is sent out through the 10 Gigabit Fiber ports on the XTM 1050 and XTM 2050. [70384, 70296]
•RSS feeds no longer try to download RSS updates every six minutes. RSS updates are now queried every 24 hours. [67355]
•A memory leak related to the OSS-Config process has been resolved. [70662]

Proxies and Subscription Services
•The SIP ALG now supports REFER method for call transfers. [59635]
•File downloads no longer stall when you use an HTTP packet filter policy with IPS. [67659]
•The scand process has been improved to restart more quickly in the event of a crash.

Logging and Reporting
•This release resolves an issue that caused the logging processes on the XTM device to use a high percentage of CPU. [59979, 66060]

Networking
•The SNMP process is now automatically restarted if it becomes stuck in a dormant state. [66491, 70975]
•The IGMP_Max_Membership setting for OSPF has been increased to support a large number of VLANs with dynamic routing. [69979]

FireCluster
•The Terminal Services TO Agent now works correctly when used in an active/passive FireCluster. [70098, 69944]
•This release resolves a problem that caused the master in an XTM 2050 FireCluster to go into an idle state when you added a new interface. [70392]
•This release resolves an issue that caused a low memory condition when an active/passive FireCluster was configured. [70204]
•The Virtual MAC address is no longer sent from the backup master when you use an active/passive FireCluster with DHCP relay enabled. [71028]

VPN
•The amount of time it takes to fail over from a leased line to a branch office VPN with OSPF or BGP has been reduced. [70460]
•This release improves Branch Office VPN stability for XTM devices behind a network device that applies NAT. [70394, 59859]
•This release resolves a problem that caused the IKED process to crash under certain conditions. [70638]
•Frequent Mobile VPN client connect/disconnect sequences no longer cause a low memory condition for the XTM device. [67538]
•The Mobile VPN client for iOS no longer disconnects after three minutes of idle time. [69430]

You can download 11.6.5 Update 1 Build # 415678 from Watchguard Support Portal by logging in to your account.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 – CSP3 Build # 362451

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.6.3 – CSP3 Build # 362451

11.6.3 – CSP3 Build # 362451 Resolves the following issues:

  • BUG70662: The OSS-Config process no longer leaks memory
  • BUG67355: RSS Feeds no longer try and download RSS updates every 6 minutes. The new update interval is 24 hours.
  • BUG70638: Resolved issue causing the iked process to crash under certain conditions.
  • BUG71028: When using FireCluster Active/Passive, with DHCP relay enabled, the Virtual MAC address will no longer be sent from the Backup Master causing network disruption.
  • BUG70975: The SNMP process on XTM 25/26 and XTM 33 will now be restarted automatically in the event it becomes stuck in a dormant state.

You can request 11.6.3 – CSP3 Build # 362451 from Watchguard Support by logging a support case online, they should then be able to provide an ftp download link and appropriate credentials.

Please note that Watchguard CSP releases are cumulative so you should only need to apply the latest to ensure that you also have any previous fixes.