Neue Watchguard Fireware Version v12.5
Enhancements and Resolved Issues v12.5
- Policy Manager now displays the OS version for a Fireware upgrade file. [FBX-16667]
- This release resolves a severe Firebox crash that affected some users. [FBX-12412]
- The Samoa time zone name is updated in Policy Manager. [FBX-16509]
- WatchGuard System Manager now supports the upcoming Firebox T35-R model. [FBX-15682]
- Policy Manager now shows the correct Mobile VPN with SSL licenses for your Firebox M270. [FBX-16376]
- This release resolves a kernel crash specific to Firebox M200 and M300 devices. [FBX-12412]
- Management Server policy templates now include the Dynamic NAT and 1-to-1 NAT options in the Advanced tab. [FBX-3982]
- VLAN Hotspot configuration is no longer removed when you change the VLAN ID. [FBX-11625]
- Firebox M270 devices configured for auto-negotiation of network interfaces now display the correct interface speed in Status Report. [FBX-16452]
- The Set Source IP address feature now works correctly for HTTPS proxy traffic with NAT configured but no Content Inspection. [FBX-16392]
- A configured SD-WAN action is no longer applied to traffic sent to the Firebox. [FBX-16341]
- After a FireCluster failover, the link monitor now continues to operate correctly and external interfaces do not show as failed. [FBX-16572, FBX-16576]
- Policy Manager now consistently allows you to remove or edit DHCP reservations. [FBX-16400]
- Web UI now correctly imports aliases that include /128 IPv6 addresses. [FBX-12580]
Proxies and Services
- Users can now use WebBlocker override with their Firebox-DB or Active Directory group membership. [FBX-4652]
- You can now create a custom Warn message for proxy actions. [FBX-15542]
- DNSwatch now correctly updates protected networks when the Firebox is inside a network that applies NAT to internet-bound traffic. [FBX-16737]
- spamBlocker for IMAP proxy can now apply exceptions to emails that do not have a TO: header. [FBX-16210]
- This release resolves an HTTPS proxy issue that required intermediate CA certificates to be imported as General Use for pages to load correctly. [FBX-14768]
- This release adds reverse proxy functionality to the Access Portal. [FBX-8916]
- Users can no longer log in to Access Portal with an AD user name when AD is not configured as an authentication server. [FBX-15845]
Logging and Notification
- The SNMPd process no longer causes high CPU usage. [FBX-16426]
- You can now configure multiple RADIUS servers for authentication. [FBX-15605]
- You can now consistently use Policy Manager to save account lockout settings for Firebox-DB users. [FBX-10455]
- RADIUS authentication no longer fails because of unsupported RADIUS attributes in the access-accept reply. [FBX-16056]
- You can now use ECDSA Certificates for BOVPN and BOVPN Virtual Interface phase 1 authentication. [FBX-15511]
- You can no longer modify the Authentication drop-down in predefined VPN Phase 2 options. [FBX-16642]
- You can now configure BOVPN using the secondary IP address of a VLAN. [FBX-16492, FBX-16493]
- The BOVPN remote gateway IP address is now sent in the correct order when the domain name option is enabled. [FBX-16515]
- Mobile VPN with IPSec DNS server settings no longer revert to the global DNS settings when you use Web UI to modify the VPN configuration. [FBX-16026]
- The Gateway Wireless Controller now supports the upcoming AP327X device. [FBX-15650]
- Gateway Wireless Controller SSID scheduling is no longer affected by the switch to daylight savings time. [FBX-16326]
- NetFlow connections can now leave over any Firebox interface. [FBX-14021]
WatchGuard Mobile VPN with IPSec Client for Windows (v11.14)
- This release restricts the connection test by the client to a maximum of four pings.
- This release features optimization updates to the HotSpot login feature, specifically with Seamless Roaming.
- This release resolves a vulnerability caused by the NCP Credential Provider that allowed unintended access to Windows Explorer.
- The client uninstall no longer fails to remove the filter driver.
- This release improves connection behavior after your computer wakes from sleep mode.
WatchGuard Mobile VPN with IPSec Client for macOS (v3.20)
- This release features support for dark mode, introduced in macOS Mojave release.
- This release supports the macOS Keychain for certificate storage.
- This release features user interface improvements, including split-tunneling configuration with multiple DNS suffixes.
- The client uninstall no longer asks for permission to access your address book, calendar, and photos.
- This release improves detection of friendly networks that were already connected when the system booted.
- This release resolves a log file rights issue that occurred after an OS update.
- This release resolves a connection failure that occurred when a certificate was used in macOS keychain with RSA-PSS padding enabled.
Ihr Ansprechpartner in der SIEVERS-GROUP: Thomas Runte, ICT Security