Enhancements and Resolved Issues in Fireware v11.12.1
Release Notes
21
l
PPPoE Link Monitor now works correctly when you use both Link Monitor Ping and TCP with domain
names selected.
[92506]
l
The BOVPN
New Gateway Endpoint
menu now correctly displays the local External interface drop-
down list as the first option, and includes a tooltip to indicate that only the primary IP address of the
selected External interface will be used for tunnel negotiations.
[87940]
l
The BOVPN Gateway Endpoints list now displays columns in the correct order.
[92708]
l
NAT rules now work correctly when you configure a BOVPN tunnel host route using a /32 subnet mask
and 1-to-1 NAT configured.
[92700]
l
This release resolves an issue that caused a Firebox to become unresponsive after a secondary
IP address configured as part of a Dynamic NAT rule was removed from the Firebox configuration.
[92727]
l
DWM-221 modem interoperability has been improved.
[92809]
l
BOVPN IKEv2 tunnels to CheckPoint devices now establish correctly.
[92707]
FireCluster
l
To prevent FireCluster upgrade issues, you can no longer upgrade a single FireCluster member with
Policy Manager.
[90999]
l
Hotspot guest administrators can no longer get access to the backup member of a FireCluster.
[92462]
l
This release resolves a FireCluster issue that caused a kernel crash and subsequent failover for some
customers.
[92567]
l
From Front Panel, you can now correctly expand FireCluster member details for a Firebox installed with
Fireware v11.11.x or earlier.
[92633]
l
FireCluster devices no longer produce
XML-RPC error: connection time out
messages when Gateway
AV signatures are manually updated in Firebox System Manager.
[90792]
Proxies and Services
l
The Firebox now includes the host IP address when it sends data to the WebBlocker Websense
database for classification.
[90264]
l
The IPS signature ID is now included in LEEF syslog messages.
[92551]
l
This release resolves an issue that caused the SMTP/POP3 proxies to strip base64 message parts if
the message parts contained the exclamation point character (!).
[92622]
l
This release improves the detection of macro-enabled Microsoft Office documents.
[92408]
l
The spamBlocker Virus Outbreak Control block function now correctly auto-blocks the source when a
virus is detected.
[92021]
l
The SMTP proxy deny message has been improved to include different admin actions for Gateway AV
Scan errors.
[92010]
l
The HTTP proxy now supports multiple Transfer-Encoding Methods carried in the same header.
[92476]
l
An issue that caused some specific websites to fail to load through the HTTPS Proxy has been fixed.
[92363]
l
When you use policy manual-order mode in Fireware Web UI, HTTPS-Proxy rule position no longer
changes when Content Inspection is enabled.
[92560]
l
An issue has been resolved that caused slow Google website access through links in MS Office
products when using the HTTPS Proxy with Content Inspection enabled.
[92687]
l
Content filtering within gzip-compressed websites has been improved.
[63563]
l
In Fireware v11.11.4, we announced that PFS support was not available on Firebox T10, T30, T50, XTM
25/26, or XTM 33 devices. Because of a bug, support for PFS-capable ciphers in the TLS handshake
process was allowed in both Fireware v11.11.4 and v11.12 for this set of devices, but the restriction is
now correctly enforced in v11.12.1. See this
Knowledge Base
article for more information.
[92504]