Neue Watchguard Fireware Version v12.5

Watchguard Server

Enhancements and Resolved Issues v12.5


  • Policy Manager now displays the OS version for a Fireware upgrade file. [FBX-16667]
  • This release resolves a severe Firebox crash that affected some users. [FBX-12412]
  • The Samoa time zone name is updated in Policy Manager. [FBX-16509]
  • WatchGuard System Manager now supports the upcoming Firebox T35-R model. [FBX-15682]
  • Policy Manager now shows the correct Mobile VPN with SSL licenses for your Firebox M270. [FBX-16376]
  • This release resolves a kernel crash specific to Firebox M200 and M300 devices. [FBX-12412]
  • Management Server policy templates now include the Dynamic NAT and 1-to-1 NAT options in the Advanced tab. [FBX-3982]


  • VLAN Hotspot configuration is no longer removed when you change the VLAN ID. [FBX-11625]
  • Firebox M270 devices configured for auto-negotiation of network interfaces now display the correct interface speed in Status Report. [FBX-16452]
  • The Set Source IP address feature now works correctly for HTTPS proxy traffic with NAT configured but no Content Inspection. [FBX-16392]
  • A configured SD-WAN action is no longer applied to traffic sent to the Firebox. [FBX-16341]
  • After a FireCluster failover, the link monitor now continues to operate correctly and external interfaces do not show as failed. [FBX-16572, FBX-16576]
  • Policy Manager now consistently allows you to remove or edit DHCP reservations. [FBX-16400]
  • Web UI now correctly imports aliases that include /128 IPv6 addresses. [FBX-12580]

Proxies and Services

  • Users can now use WebBlocker override with their Firebox-DB or Active Directory group membership. [FBX-4652]
  • You can now create a custom Warn message for proxy actions. [FBX-15542]
  • DNSwatch now correctly updates protected networks when the Firebox is inside a network that applies NAT to internet-bound traffic. [FBX-16737]
  • spamBlocker for IMAP proxy can now apply exceptions to emails that do not have a TO: header. [FBX-16210]
  • This release resolves an HTTPS proxy issue that required intermediate CA certificates to be imported as General Use for pages to load correctly. [FBX-14768]

Access Portal

  • This release adds reverse proxy functionality to the Access Portal. [FBX-8916]
  • Users can no longer log in to Access Portal with an AD user name when AD is not configured as an authentication server. [FBX-15845]

Logging and Notification

  • The SNMPd process no longer causes high CPU usage. [FBX-16426]


  • You can now configure multiple RADIUS servers for authentication. [FBX-15605]
  • You can now consistently use Policy Manager to save account lockout settings for Firebox-DB users. [FBX-10455]
  • RADIUS authentication no longer fails because of unsupported RADIUS attributes in the access-accept reply. [FBX-16056]


  • You can now use ECDSA Certificates for BOVPN and BOVPN Virtual Interface phase 1 authentication. [FBX-15511]
  • You can no longer modify the Authentication drop-down in predefined VPN Phase 2 options. [FBX-16642]
  • You can now configure BOVPN using the secondary IP address of a VLAN. [FBX-16492, FBX-16493]
  • The BOVPN remote gateway IP address is now sent in the correct order when the domain name option is enabled. [FBX-16515]
  • Mobile VPN with IPSec DNS server settings no longer revert to the global DNS settings when you use Web UI to modify the VPN configuration. [FBX-16026]


  • The Gateway Wireless Controller now supports the upcoming AP327X device. [FBX-15650]
  • Gateway Wireless Controller SSID scheduling is no longer affected by the switch to daylight savings time. [FBX-16326]


  • NetFlow connections can now leave over any Firebox interface. [FBX-14021]


WatchGuard Mobile VPN with IPSec Client for Windows (v11.14)

  • This release restricts the connection test by the client to a maximum of four pings.
  • This release features optimization updates to the HotSpot login feature, specifically with Seamless Roaming.
  • This release resolves a vulnerability caused by the NCP Credential Provider that allowed unintended access to Windows Explorer.
  • The client uninstall no longer fails to remove the filter driver.
  • This release improves connection behavior after your computer wakes from sleep mode.


WatchGuard Mobile VPN with IPSec Client for macOS (v3.20)

  • This release features support for dark mode, introduced in macOS Mojave release.
  • This release supports the macOS Keychain for certificate storage.
  • This release features user interface improvements, including split-tunneling configuration with multiple DNS suffixes.
  • The client uninstall no longer asks for permission to access your address book, calendar, and photos.
  • This release improves detection of friendly networks that were already connected when the system booted.
  • This release resolves a log file rights issue that occurred after an OS update.
  • This release resolves a connection failure that occurred when a certificate was used in macOS keychain with RSA-PSS padding enabled.

Ihr Ansprechpartner in der SIEVERS-GROUP: Thomas Runte, ICT Security 

Das könnte Sie auch interessieren