WatchGuard Fireware Version 12.4

WatchGuard Fireware Version 12.4

Ein weiteres wichtiges Update des Fire-Betriebssystems, welches viele neue Erweiterungen bietet.

Die wichtigsten neuen Features:

General

  • You can now configure the Firebox to automatically retrieve a new feature key after upgrade to a new Fireware OS version. [FBX-12257]
  • You can now use Command Line Interface and Web UI to add Blocked Sites entries that overlap existing entries. [FBX-3608]
  • Firebox M5600 devices no longer incorrectly send Warning:'VBat' is out of valid range log messages. [FBX-3399]
  • The Web UI Front Panel now loads correctly. [FBX-14174]
  • You can now modify a policy with Web UI after you press return in a comment you add to that policy with Policy Manager. [FBX-12328]
  • Policy Manager now consistently launches dialog boxes on the same monitor as the parent window. [FBX-15291]
  • This release resolves an issue that caused the retrieval of the support diagnostic file to time out. [FBX-14026]
  • This release reduces the occurrence of log messages that include netlink: 64 bytes leftover after parsing attributes. [FBX-15556]
  • The Firebox can now send log messages to two syslog servers. [FBX-9401]
  • This release resolves multiple crash issues:
    • An S0 fault on XTMv and FireboxV virtual platforms. [FBX-9758]
    • A Firebox kernel driver crash issue. [FBX-14267]
    • A crash that resulted in a kernel panic scheduling while atomic message. [FBX-15114, FBX-7483]
    • An issue that caused Firebox M440 devices to crash because of low available memory. [FBX-11497]
    • An issue that caused Firebox M200 devices to crash. [FBX-14455]

 

SD-WAN and Multi-WAN

  • You can now configure SD-WAN for traffic to leave any Firebox interface. [FBX-3849]
  • Policy Manager and Web UI now show the same interface status for Link Monitor. [FBX-14702]
  • You can now configure Link Monitor when the Firebox has only one external interface. [FBX-4325]
  • This release resolves an issue that caused the Firebox to incorrectly send TCP reset log messages when SD-WAN is configured. [FBX-14982]
  • Probing both TCP and ICMP no longer marks the interface down when the upstream link is down. [FBX-2413]
  • You can now configure a Virtual Interface as a failover option in Multi-WAN and SD-WAN. [FBX-4395]
  • This release resolves an issue that changed the order of interfaces in SD-WAN when you renamed a participating interface. [FBX-15093]
  • You can now modify the SD-WAN configuration after you change the name of a participating interface. [FBX-15092]
  • Policy Manager now consistently displays the configured Link Monitoring setting. [FBX-15026]

 

Networking

  • This release resolves an issue with Firebox Cloud for AWS in which multiple public or local IP addresses on an interface would break configured Static NATs. [FBX-14983]
  • You can now configure OSPF and BGP in Policy Manager on Firebox T15 devices. [FBX-15523]
  • This release improves the ability of the Firebox fqdnd process to handle DNS reply packets. [FBX-15213, FBX-15200]
  • You can now configure domains that begin with an underscore in DNS forwarding. [FBX-14233]
  • This release resolves an issue that caused the Firebox to drop Inter-VLAN traffic as spoofing when a different device handles the routing. [FBX-14837]
  • In this release, the FQDN limit is raised to 2048 for Firebox M200, M270, M300, M370, M400, M440, M470, M500, M570, M670, M4600, M5600, T55, T70, FireboxV, and Firebox Cloud. [FBX-14836]
  • You can now configure a Static NAT with more than 47 characters in a destination FQDN. [FBX-13502]
  • The Firebox no longer removes 1-to-1 NAT entries as duplicate because the interface names are too similar. [FBX-7601]
  • Web UI no longer shows double values in Interface Bandwidth Graphs. [FBX-3108]
  • This release resolves an issue that caused BGP to fail to advertise a network that includes a route map. [FBX-15436]
  • Policy Manager no longer incorrectly changes the Firebox default gateway metric to 20 when you modify the network configuration. [FBX-15687]
  • This release resolves an issue that caused slow VLAN throughput on Firebox M200/M300 devices. [FBX-15461]
  • This release resolves a compatibility issue in which the network monitoring system NetXMS does not receive interface information over SNMP. [FBX-10159]
  • Dynamic Routing no longer adds all learned routes with metric 20. [FBX-15085]
  • This release resolves a ripd process crash issue. [FBX-15199]

 

Authentication

  • RADIUS SSO configuration now supports shared secret values up to 64 characters in length. [FBX-13991]
  • RADIUS server configuration now supports shared secret values up to 64 characters in length. [FBX-13523]
  • The Firebox now uses the correct source IP address for connections when it switches between the primary and backup RADIUS servers. [FBX-14092]

 

VPN

  • This release resolves an issue that caused non-VPN traffic to use the wrong interface when a zero-route BOVPN over TLS is configured. [FBX-14835, FBX-14547]
  • The Firebox no longer disconnects Mobile VPN with SSL connections from users that share the same external IP address. [FBX-14628]
  • This release resolves several IKE process crashes. [FBX-14780, FBX-15359]
  • This release resolves a file descriptor leak issue in the iked process. [FBX-14679]
  • You can now successfully use a group name created with Mobile VPN IPSec in Mobile SSLVPN with Web UI. [FBX-13933]
  • You can now reconfigure L2TP from PSK to Certificate from Web UI. [FBX-3267]
  • This release resolves an issue that caused the Mobile VPN with SSL client to fail to retrieve the client profile on connection. [FBX-15432]

 

Proxies and Services

  • You can now add Geolocation exceptions that overlap with existing exceptions. [FBX-10187]
  • The HTTPS proxy can now inspect connections with TLS v1.3 [FBX-11152]
  • The Access Portal now supports TLS v1.2 encryption for RDP. [FBX-13084]
  • The SMTP proxy now replies to non-STARTTLS connections with a 530 error code when STARTTLS Sender Encryption is required. [FBX-15067]
  • The Explicit proxy now correctly handles and forwards URLs that include a port number, such as http://www.example.com:80[FBX-15209]
  • This release resolves an issue that caused IPS/Application Control to fail in environments with high traffic volume. [FBX-14649]
  • This release resolves an issue that caused the IKE process to become stuck and fail to respond. [FBX-15491]
  • This release improves IMAP proxy message handling to allow correct email retrieval instead of blank emails. [FBX-11892]
  • This release resolves an issue that caused RDP sessions to freeze in the Access Portal for Chrome users. [FBX-14843]
  • The OS Compatibility option in Policy Manager correctly removes legacy OCSP settings from HTTPS server proxy actions. [FBX-14602]
  • Users no longer need to re-authenticate when they resize the Access Portal RDP browser window. [FBX-10106]
  • All necessary domains are now added to the WatchGuard Threat Detection and Response policy when you enable first enable TDR. [FBX-7319]
  • The Firebox TDR configuration no longer accepts invalid UUID values. [FBX-12202]
  • The spamBlocker statistics Total messages processed value now includes the Messages on white/black list value. [FBX-14847]
  • The HTTPS proxy can now correctly override the global Geolocation settings with Content Inspection enabled. [FBX-14152]
  • Configuration options for RED are now cloned correctly for HTTP proxy actions. [FBX-14767]
  • Gateway AV and Intelligent AV can now correctly scan files larger than 10MB in size. [FBX-15215]

 

Centralized Management

  • You can now configure SD-WAN actions in a policy template. [FBX-14772]
  • Policy templates now include QoS options in the advanced tab. [FBX-3894]
  • You can now download the IKEv2 profile from Management Server with no invalid password error. [FBX-15218]
  • You can now save a configuration with Policy Manager for a device that has a configured Dimension Command VPN tunnel. [FBX-15138]

 

Certificates

  • This release resolves a crash issue with Web Server certificate imports. [FBX-15281]
  • This release removes the cn=Root Agency certificate from the Trusted CA for Proxies store. [FBX-15437]
  • A change to the Trusted CA for Proxies Certificate store no longer requires a reboot to take effect. [FBX-15537]
  • Log messages for HTTPS Proxy no longer have negative values in the rcvd_byte field. [FBX-15190]

 

Firebox Integrations

  • Autotask can now display company names that include non-US ASCII characters. [FBX-14979]
  • The Firebox now includes a required client identifier in all ConnectWise requests. [FBX-15527]

 

Gateway Wireless Controller and WatchGuard APs

  • Gateway Wireless Controller now displays the full wireless clients list. [FBX-15430]
  • With the release of AP firmware 8.6.0-646 (AP120, AP320, AP322, AP325, AP420) and 8.6.0-644.3 (AP125), your AP no longer reserves an IP address for each VLAN on each SSID. An IP address is reserved for the management VLAN. [AP-396]

 

Ihr Ansprechpartner in der SIEVERS-GROUP: Thomas Runte, ICT Security

Das könnte Sie auch interessieren