background image

Enhancements and Resolved Issues in Fireware v11.12.1

Release Notes

21

l

PPPoE Link Monitor now works correctly when you use both Link Monitor Ping and TCP with domain
names selected.

[92506]

l

The BOVPN

New Gateway Endpoint

menu now correctly displays the local External interface drop-

down list as the first option, and includes a tooltip to indicate that only the primary IP address of the
selected External interface will be used for tunnel negotiations.

[87940]

l

The BOVPN Gateway Endpoints list now displays columns in the correct order.

[92708]

l

NAT rules now work correctly when you configure a BOVPN tunnel host route using a /32 subnet mask
and 1-to-1 NAT configured.

[92700]

l

This release resolves an issue that caused a Firebox to become unresponsive after a secondary
IP address configured as part of a Dynamic NAT rule was removed from the Firebox configuration.

[92727]

l

DWM-221 modem interoperability has been improved.

[92809]

l

BOVPN IKEv2 tunnels to CheckPoint devices now establish correctly.

[92707]

FireCluster

l

To prevent FireCluster upgrade issues, you can no longer upgrade a single FireCluster member with
Policy Manager.

[90999]

l

Hotspot guest administrators can no longer get access to the backup member of a FireCluster.

[92462]

l

This release resolves a FireCluster issue that caused a kernel crash and subsequent failover for some
customers.

[92567]

l

From Front Panel, you can now correctly expand FireCluster member details for a Firebox installed with
Fireware v11.11.x or earlier.

[92633]

l

FireCluster devices no longer produce

XML-RPC error: connection time out

messages when Gateway

AV signatures are manually updated in Firebox System Manager.

[90792]

Proxies and Services

l

The Firebox now includes the host IP address when it sends data to the WebBlocker Websense
database for classification.

[90264]

l

The IPS signature ID is now included in LEEF syslog messages.

[92551]

l

This release resolves an issue that caused the SMTP/POP3 proxies to strip base64 message parts if
the message parts contained the exclamation point character (!).

[92622]

l

This release improves the detection of macro-enabled Microsoft Office documents.

[92408]

l

The spamBlocker Virus Outbreak Control block function now correctly auto-blocks the source when a
virus is detected.

[92021]

l

The SMTP proxy deny message has been improved to include different admin actions for Gateway AV
Scan errors.

[92010]

l

The HTTP proxy now supports multiple Transfer-Encoding Methods carried in the same header.

[92476]

l

An issue that caused some specific websites to fail to load through the HTTPS Proxy has been fixed.

[92363]

l

When you use policy manual-order mode in Fireware Web UI, HTTPS-Proxy rule position no longer
changes when Content Inspection is enabled.

[92560]

l

An issue has been resolved that caused slow Google website access through links in MS Office
products when using the HTTPS Proxy with Content Inspection enabled.

[92687]

l

Content filtering within gzip-compressed websites has been improved.

[63563]

l

In Fireware v11.11.4, we announced that PFS support was not available on Firebox T10, T30, T50, XTM
25/26, or XTM 33 devices. Because of a bug, support for PFS-capable ciphers in the TLS handshake
process was allowed in both Fireware v11.11.4 and v11.12 for this set of devices, but the restriction is
now correctly enforced in v11.12.1. See this

Knowledge Base

article for more information.

[92504]

Summary of Contents for Firebox 1500

Page 1: ...oviding several minor feature enhancements For more information on the bug fixes and enhancements in this release see the Enhancements and Resolved Issues section With this release we re also proud to...

Page 2: ...icate If you use the CLI to regenerate these certificates after you upgrade you must redistribute the new Proxy Authority certificate to your clients or users will receive web browser warnings when th...

Page 3: ...can use your existing feature key If you do not have a feature key for your device you can log in to the WatchGuard website to download it Note that you can install and use WatchGuard System Manager...

Page 4: ...s provided by third party companies remain in English Fireware Web UI The Web UI will launch in the language you have set in your web browser by default WatchGuard System Manager When you install WSM...

Page 5: ...or information on WatchGuard Dimension see the Dimension Release Notes Single Sign On Agent Includes Event Log Monitor Single Sign On Client Single Sign On Exchange Monitor1 Terminal Services Agent2 M...

Page 6: ...lient for Mac powered by NCP Authentication Support This table gives you a quick view of the types of authentication servers supported by key features of Fireware Using an authentication server gives...

Page 7: ...N client Mobile VPN with IPSec for Android devices Mobile VPN with SSL for Windows 4 4 Mobile VPN with SSL for Mac Mobile VPN with SSL for iOS and Android devices Mobile VPN with L2TP 6 Mobile VPN wit...

Page 8: ...ave WatchGuard System Manager client software only installed If you install WatchGuard System Manager and WatchGuard Server software Minimum CPU Intel Core or Xeon 2GHz Intel Core or Xeon 2GHz Minimum...

Page 9: ...install WSM v11 12 1 or to upgrade WatchGuard System Manager from an earlier version to WSM v11 12 1 Fireware OS If your Firebox is running Fireware v11 10 or later you can upgrade the Fireware OS on...

Page 10: ...XTM 8 Series XTM_OS_XTM8_11_12_1 exe xtm_xtm8_11_12_1 zip Firebox M500 Firebox_OS_M400_M500_11_12_1 exe firebox_M400_M500_11_12_1 zip XTM 5 Series XTM_OS_XTM5_11_12_1 exe xtm_xtm5_11_12_1 zip Firebox...

Page 11: ...his release l WG Authentication Gateway_11_11_1 exe SSO Agent software required for Single Sign On and includes optional Event Log Monitor for clientless SSO l WG Authentication Client_11_11 msi SSO C...

Page 12: ...hat s New in Fireware v11 12 presentation or Fireware Help TCP port 4100 now used for firewall user authentication only Beginning with Fireware v11 12 TCP port 4100 is used only for firewall user auth...

Page 13: ...ault policies and services that the setup wizards configure depend on the version of Fireware installed on the Firebox and on whether the Firebox feature key includes a license for subscription servic...

Page 14: ...rocess l We recommend you use Fireware Web UI to upgrade to Fireware v11 12 1 You can also use Policy Manager if you prefer l We strongly recommend that you save a local copy of your Firebox configura...

Page 15: ...ng CA and the Windows CryptoAPI was unable to download it To resolve this error you can download and install the certificate from Symantec Back Up Your WatchGuard Servers It is not usually necessary t...

Page 16: ...ou have already installed Fireware v11 12 1 on your computer you must run the Fireware v11 12 1 installer twice once to remove v11 12 1 software and again to install v11 12 1 Upgrade to Fireware v11 1...

Page 17: ...the Gateway Wireless Controller Summary tab select Manage Firmware to download the latest AP firmware to the Firebox again You cannot install the AP firmware on a Firebox that uses Fireware v11 4 x o...

Page 18: ...orted version the upgrade is prevented If you try to schedule an OS update of managed devices through a Management Server the upgrade is also prevented If you use the Fireware Web UI to upgrade your d...

Page 19: ...atchGuard servers are running Downgrade from Fireware v11 12 1 to Fireware v11 x If you use the Fireware Web UI or CLI to downgrade from Fireware v11 12 1 to an earlier version the downgrade process r...

Page 20: ...e resolves kernel crashes on Firebox T70 M200 and M300 devices configured in drop in mode 92760 92677 l The Turkish timezone settings have been adjusted to eliminate timezone changes throughout the ye...

Page 21: ...when Gateway AV signatures are manually updated in Firebox System Manager 90792 Proxies and Services l The Firebox now includes the host IP address when it sends data to the WebBlocker Websense datab...

Page 22: ...sites list in Fireware Web UI 90621 l Failed authentication attempts from WatchGuard System Manager for the status user now produce a log message log in attempt was rejected invalid credentials 92445...

Page 23: ...upported for v11 x releases For information on how to start and use the CLI see the Command Line Reference Guide You can download the latest CLI guide from the documentation web site at http www watch...

Page 24: ...Technical Assistance Release Notes 24...

Reviews: