Tag Archives: XTM25

Watchguard Feature Requests and Enhancements

Below is a list of Requests for Engineering and Enhancements that have been submitted to Watchguard for the XTM UTM Appliance Range

If you would also like any of these features then I would suggest that you raise a Technical support case with Watchguard and mention the appropraite RFE within your support ticket. You should also ask the case to be set to Status: Bug/Enhancement Submitted and select “Receive BUG/RFE Updates?” so that you are alerted when the feature is implemented in a new XTM OS release. The more cases that are logged against an RFE the faster Watchguard are likely to get the new feature implemented.

  • RFE61499 – Support for FTP through Explicit TLS/SSL
  • RFE62784: Ability to choose dns server requests on dedicated external interface
  • RFE66209 Protection against Brute Force Attacks on OWA, FTP and SMTP
  • RFE67449 – Support for SMTP PIPELINING
  • RFE67450: support for DSN in SMTP proxy
  • RFE67451: support for ENHANCEDSTATUSCODES in SMTP proxy
  • RFE72251: Local WebBlocker Server with Websense Categorization Engine
  • RFE73433 Ability to block or drop traffic based off of geographic location

Please also feel free to post your comments about these feature requests and any others that you think would be beneficial.  I will update the post with new RFE’s so that we can collectively push Watchguard product development for them to be implemented.

 

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.3 – CSP2 Build # 422637

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.3 – CSP2 Build # 422637

[BUG72788, 69866, 62451, 67509, 70618] Resolved issue causing the AV scanning process to crash and restart
[BUG73560, BUG73557] Resolved kernel crash
 

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Update 1 Build # 417473

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Update 1 Build # 417473

Issues resolved in Fireware XTM v11.7.2 Update 1 Build # 417473

•This release includes an update to the Mailshell engine that provides a significant improvement over the original Fireware XTM v11.7.2 release in spam detection for our spamBlocker customers.
•Dynamic DNS updates no longer fail. [70047]
•This release resolves an issue that caused Branch Office VPN to stop functioning after an upgrade from Fireware XTM v11.4.x to v11.6.x or v11.7.x. [71323]
•The iked process no longer crashes when you use the CLI autodiag command for Mobile VPN with IPSec traffic. [70963]
•This release resolves an issue that caused traffic through a branch office VPN tunnel to stop for XTM 3 Series and XTM 25/26 devices. [70202, 71732, 70342]
•Branch office VPN tunnels no longer fail to pass traffic when the tunnel name exceeds 28 characters. [71448]
•SNMP now displays the accurate number of branch office VPN tunnels. [67075]
•The XTM device DHCP server now correctly sends a NACK reply for devices that have an existing DHCP lease. [68975, 64455]
•The loggerd process no longer uses excessive CPU. [66060, 71926]
•This release resolves an issue that caused the CPU on the XTM device to lock up when using IPS or Application Control. [71706]
•An issue that caused the firewalld process to crash has been resolved. [71589]
•The HTTP proxy MSS handling has been improved to enable the MTU to be adjusted independently for inbound and outbound proxy connections. This improvement prevents applications such as Facebook from stalling. [71871]
•This release resolves several issues that caused kernel crashes. [72156, 70316]

You can download 11.7.2 Update 1 Build # 417473 from Watchguard Support Portal by logging in to your account.

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Build # 365430

Watchguard XTM 1050, XTM 2050, XTM 2 Series, XTM 3 Series, XTM 5 Series, XTM 8 Series – Fireware XTM OS 11.7.2 Build # 365430

Issues resolved in Fireware XTM v11.7.2 Build # 365430

General
•WatchGuard Server Center no longer fails to open if you specify a long path to the log file. [71406]
•You can now upgrade the XTM OS version on your XTM device from Fireware XTM Web UI from a Windows 8 browser. [70997]
•In response to a security advisory issued by OpenSSL, we have upgraded Fireware XTM OS to use OpenSSL 0.9.8y. [71416]
•In response to a security advisory issued by Adobe, we have upgraded the Flex XSS used in the Fireware XTM Web UI. [70444]
•Our thanks to Wayne Murphy and Ben Burns of Sec-1 for reporting some XSS and SQLi web application vulnerabilities in our quarantine portal, which have been resolved in this release. [71188]

Proxies and Subscription Services
•WebBlocker evaluations (with a WebBlocker trial license) now operate correctly. [71507]
•WebBlocker exception rules to deny web site access now work correctly. [71760, 71783]
•An issue that caused web browsing to slow or fail when you use WebBlocker with Websense server has been resolved. [71057, 71557]
•This release resolves a system memory leak that occurred when you used the HTTPS proxy and WebBlocker. [71082]
•You can now set a main Application Category to Drop while you have a subcategory set to Allow. [71018]
•Proxy stability when using IPS or Application Control has been improved. [71024, 71046, 71270, 71495, 71371, 71240, 71733, 70977, 71713]
•TLS encryption is no longer enabled by default in the SMTP proxy configuration, but can be enabled if you want to use it. [71137]

Logging and Reporting
•This release resolves an issue that caused the logging processes on the XTM device to use a high percentage of CPU. [59979, 66060]
•Log data now correctly shows in Log Manager when you sort messages by the “Date-Time” column. [70145]
•Correct log data now shows correctly in Firebox System Manager Traffic Monitor and in the Web UI Syslog option. [71044]
•A problem with log messages generated for Reputation Enabled Defense has been corrected so that the number of sites blocked by RED is now correctly counted. [70920]
•The User Authentication Denied report now generates with correct and complete information. [71359]
•A problem that prevented reports for older data sets from generating with a resulting memory error has been resolved in this release. [70957]
•The Web Audit by Client PDF report generation process has been improved so that the data now matches the data in an HTML formatted report. [63472]

Networking
•The SNMP process on XTM 25/26 and XTM 33 devices is now restarted automatically in the event that it gets stuck in a dormant state. [70975]
•Multi-WAN failover now works correctly with Static NAT configured on the external interface for failover. [71148]
•This release resolves a problem that prevented Policy Based Routing from correctly routing traffic through a second external interface. [71175]

FireCluster
•This release resolves an issue that caused a low memory condition when an active/passive FireCluster was configured. [70204]
•The Virtual MAC address is no longer sent from the backup master when you use an active/passive FireCluster with DHCP relay enabled. [71028]

Authentication
•You can now correctly add and edit Firebox-DB users from the Web UI. [71079]

Branch Office VPN
•An automatically created VPN policy to allow traffic through a managed VPN tunnel now works correctly when its name exceeds 46 characters in length. [70994]
•When you install the Management Server on a non-English Windows OS, you can now correctly add VPN resources. [71180]

Mobile VPN
•The feature key entry previously called “Mobile VPN Users” has been re-labeled “IPSec VPN Users” for clarity. [69581]

You can download 11.7.2 Build # 365430 from Watchguard Support Portal by logging in to your account.