Watchguard: Fireware 12.1.3 Update 2 für XTM Appliances

[Blog] Watchguard: Neue Fireware 12.1.3 Update 2 für XTM Appliances

Enhancements and Resolved Issues in Fireware 12.1.3 Update 2

General

  • This release resolves a crash issue with Web Server certificate imports. [FBX-15281, FBX121X-71]
  • Time zone data has been updated to include recent changes to DST dates in Brazil. [FBX-14272, FBX121X-51]
  • This release resolves multiple firewalld process crash issues. [FBX-12778, FBX121X-67, FBX-14041, FBX121X-52]
  • This release resolves an S0 fault on XTMv and FireboxV virtual platforms. [FBX-9758,FBX121X-38]

Networking

  • Fireboxes configured to use both Multi-WAN and dynamic routing no longer drop traffic unexpectedly with tcp syn checking failed log messages. [FBX-14719, FBX121X-55]
  • Firebox T30/T50 devices no longer fail to resolve ARP for MAC addresses that end with :81:00. [FBX-14022, FBX-121X-57]

Proxies and Services

  • This release resolves an issue with memory usage which would occur when users downloaded files larger than the configured GAV scan limit from a website that uses a very small data chunk size. [FBX-13359, FBX121X-45]
  • This release resolves an issue which would cause IPS/Application Control to fail in environments with high traffic volume. [FBX121X-68]
  • The Explicit proxy now correctly handles and forwards URLs that include a port number, such as www.example.com:80.[FBX-15209, FB121X-70]
  • This release features enhancements to log messages for TDR. [FBX-14974, FBX121X-62]

VPN

  • This release resolves multiple IKE process crash issues .[FBX-14780, FBX-12732, FBX121X-42, FBX-121X-56]
  • This release resolved an issue in which VPN tunnels would fail to renegotiate when a large number of VIF tunnels are configured. [FBX-13976, FBX121X-46]

Enhancements and Resolved Issues in Mobile VPN with IPSec from NCP v13.13

  • This release supports Windows 10 Version 1809.
  • The VPN client icon now only appears in the system tray when you minimize the client. [FBX-13747]
  • This release includes improvements to the silent installation option.

Enhancements and Resolved issues in Mobile VPN with IPSec from NCP 13.10

  • This release features a 64-bit version of each component.
  • The Windows version now matches Windows 10 user interface style correctly.
  • You can now use the pre-connect login client to connect to a hotspot.

Enhancements and Resolved Issues in Fireware 12.1.3 Update 1

General

  • The Arm LED light no longer unexpectedly turns off when a Firebox M200/M300 completes the bootup process. [FBX-11502, FBX121X-25]
  • This release resolves a memory leak in the SNMP process. [FBX-10994, FBX121X-22]
  • The Access Portal login page no longer enables autocorrect for the password field. [FBX-10204, FBX121X-10]
  • This release resolves an issue that caused an invalid FQDN for a domain with many IP addresses. [FBX-11083, FBX121X-17]
  • This release resolves a memory leak in the dhcpdprocess. [FBX-11633, FBX121X-29]
  • This release resolves an issue that caused the OSS daemon to crash. [FBX-12228, FBX121X-27]
  • Traffic Monitor now correctly displays data when an invalid UTF-8 character appears in a log message. [FBX-12268]

VPN

  • This release resolves multiple issues that caused the iked process to crash. [FBX-12555, FBX-12524, FBX-10289 FBX121X-24, FBX-12611]
  • This release resolves an issue that caused the Firebox to send decrypted BOVPN VIF tunnel traffic to the wrong interface. [FBX-11987, FBX121X-7]
  • IKE_Auth initiator request packets larger than 28674 are now supported to improve IKEv2 interoperability with Cisco devices. [FBX-11644, FBX121X-13]
  • This release resolves an issue that caused some UDP traffic to incorrectly route over a Branch Office VPN Virtual Interface tunnel. [FBX-11488, FBX121X-26]

Proxies and Services

  • Proxy memory usage is improved. [FBX-9563, FBX121X-11]
  • This release resolves an issue in which files that exceed Gateway AV scan limits fail to pass through the HTTP proxy. [FBX-12046, FBX121X-18]
  • The dnswatchd process no longer uses CPU when the DNSwatch feature is not enabled. [FBX-12198, FBX121X-14]
  • Subscription service updates no longer fail when you use the Firebox Cloud pay as you go license. [FBX-11762, FBX121X-12]
  • This release resolves an issue with multiple file submissions by APT Blocker when enabled in the IMAP proxy. [FBX-12376, FBX121X-19]
  • This release resolves an issue that prevented some applications that use a “custom TLS record type” from passing through the HTTPS proxy when matching a Domain Name configured to bypass content inspection. [FBX-9478, FBX121X-30]
  • Web UI now allows you to disable Application Control when the license is expired. [FBX121X-16]
  • This release resolves a proxy crash that caused general web browsing failure for users. [FBX-12785]
  • This release resolves an attachment processing issue caused by the APT Blocker Message Hold feature. [FBX-12213, FBX121X-20]

Integrations

  • Autotask or ConnectWise tickets for “botnet-detection threshold exceeded” are no longer created when Botnet Detection is first enabled. [FBX-12237, FBX121X-23]

Enhancements and Resolved Issues in Fireware 12.1.3

General

  • This release removes weak ciphers that do not support forward secrecy from the Firebox web server. [FBX-10752]
  • Web pages served by the Firebox now include security headers outlined in the OWASP Secure Headers Project in HTTP responses. [FBX-9691]
  • This release resolves a vulnerability that made possible a SAML assertion replay attack against the Access Portal. [FBX-9731]
  • This release corrects the Japanese localization of FireCluster upgrade error messages in Fireware Web UI. [FBX-10941]
  • Firebox System Manager no longer reports an error when you view the Front Panel of a Firebox Cloud instance. [FBX-10910]
  • Firebox System Manager no longer frequently disconnects when you connect to a Firebox with an older version of Fireware. [FBX-11814]
  • This release resolves an issue that prevented certificate sync when the Firebox first joins a FireCluster. [FBX-11449]
  • This release resolves an issue that caused all authenticated sessions to terminate after configuration changes are made to authentication server settings with Fireware Web UI. [FBX-11263]

Integrations

  • This release resolves an issue that resulted in Autotask creating unintended duplicate configurations. [FBX-11533]
  • Fireware Web UI no longer allows invalid configuration options that cause AutoTask to fail. [FBX-11771]

Networking

  • This release resolves an issue that caused the Firebox to stop replying to DHCP requests. [FBX-9213, FBX-10643]
  • This release resolves an issue that caused DHCP relay to stop working after a Firebox reboot. [FBX-11464]
  • This release resolves an issue that caused the removal of the default route after PPPoE interface re-negotiation. [FBX-11668]
  • The Huawei E3372 modem now works correctly. [FBX-10888]
  • This release resolves an issue with the WebUI that prevented changing the Link Monitor settings on T10/T15 when using a Modem as external interface. [FBX-11040, FBX-10535]
  • The Enable Link-Monitor check box no longer re-selects itself after you disable it. [FBX-10214]

Centralized Management

  • Management Server now correctly restricts configuration options for active Directory based on RBAC role.[FBX=9167]

VPN

  • Mobile VPN with SSL download page no longer fails to load for two-factor authentication users. [FBX-10085]
  • This release resolves an issue that caused the Mobile VPN with SSL process to crash when FIPS is enabled on Firebox. [FBX-2558]
  • BOVPN over TLS clients can now connect to a remote VPN server with its primary server configured as a domain name. [FBX-11556]
  • This release resolves a kernel crash that occurs when Mobile VPN with SSL traffic is sent through a Virtual Interface (VIF). [FBX-11800]
  • This release adds enhancements to BOVPN Dead Peer Detection when the Firebox is located behind a NAT device. [FBX-11192]
  • This release adds several IPSec BOVPN stability improvements for Fireboxes in a NAT environment. [FBX-11188]
  • This release resolves an issue that causes Managed Branch Office VPN tunnels to restart when the the Management server changes the Firebox configuration. [FBX-11400]
  • SLVPN Management tunnels can now use the # symbol as the first character of the password. [FBX-11271]
  • This release resolves an issue that caused packet loss through Branch Office VPN on M4600 and M5600 with large amounts of traffic. [FBX-11584]

Proxies and Services

  • This release reduces load on the Firebox processor caused by excessive proxy log messages.[FBX-10691]
  • The HTTP proxy no longer fails to get the MD5 hash during a file upload when the file exceeds the Gateway AV scan limit.[FBX-11577]
  • This release improves IPS and Application Control scanning when Content inspection is enabled on T15, T30 and XTM330 platforms.[FBX-11354]
  • IMAP proxy connection count is now correctly reported in Proxy Connection Statistics for connections handled by the TCP-UDP proxy. [FBX-10586]
  • This release resolves an issue that caused some websites to fail to load in the Chrome browser for connections through the HTTPS proxy with TCP MTU probing enabled. [FBX-11280]
  • A FireCluster member without a DNSWatch license will now correctly register to the DNSWatch service when it becomes Master. [FBX-10180]
  • This release resolves an issue that prevented HostWatch from correctly displaying data related to SIP and H323 proxies. [FBX-10238]
  • This release includes several improvements in Proxy memory usage. [FBX-11465, FBX-9256, FBX-10886]
  • This release resolves a memory leak that occurred when the IMAP proxy was enabled. [FBX-11255]
  • This release resolves an issue that prevented mail from downloading through the IMAP proxy with log messages that included: “fail to parse fetch argument list”. [FBX-10782]
  • The status of Content Inspection is now included in IMAP proxy log messages when viewed from the Fireware Web UI.[FBX-10822]
  • Log messages generated by the IMAP Proxy now include the TLS Profile name configured in the proxy. [FBX-10125]

Wireless

  • Gateway Wireless Controller updates of AP420 and AP325 no longer fail because of an AP reboot during the upgrade process. [FBX-11081]
  • This release resolves an issue that caused the Firebox T35-W model to crash when wireless is enabled. [FBX-9760]

 

Ansprechpartner in der SIEVERS-GROUP: Thomas Runte, ICT Security

Das könnte Sie auch interessieren