WatchGuard WSM und Fireware XTM 11.3.1

Dies ist die Bugfix-Liste für die aktuellen Versionen WatchGuard System Manager (WSM) und Fireware XTM 11.3.1, die im Download-Bereich der WatchGuard-Webseite zur Verfügung stehen:

General

• This release resolves an issue that caused the logging process on a Firebox or XTM device to crash. [55676]
• This release resolves an issue that caused the Firebox or XTM device to crash when used with PPPoE. [43811]
• Notification for blocked sites now works correctly. [45148]
• The unlock.exe program now supports non-ASCII characters in the file name. [42599]
• This release resolves an issue that caused authentication to fail with the log message: wgcgi timeout after prcs msg error. [44887]
• Traffic and management connections no longer stop when you retrieve a support.tgz file from a Firebox or XTM device running under a heavy connection load. [44956]

Fireware v10.x to Fireware XTM v11.x Upgrade Issues

• A problem that caused the error message “INTERNAL_ERROR: The element ‘backup-firebox-ip’ has a length of 19” to appear when you upgrade from Fireware v10.x to Fireware XTM v11.x has been resolved. [42653]
• When you upgrade a centrally managed Firebox X Edge from v10.x to Fireware XTM v11.x, the traffic control, WebBlocker custom profiles, and the Allow all traffic trusted<->optional settings are now correctly preserved during the upgrade. [43712]
• When you upgrade a Firebox X Edge from v10.x to v11.x, IKE Keep-Alive is no longer enabled during the upgrade if it was not previously enabled in your v10.x configuration. [44219]
• A problem that caused a Management Server upgrade from Fireware v10.x to Fireware XTM v11.x to fail because of long managed alias names has been resolved. [44232]

Fireware XTM Web UI

• You can now successfully open and use Bandwidth Meter from the Web UI with no syntax errors. [41911]
• You can now successfully add WebBlocker exceptions from the Fireware XTM Web UI with no “Code 8: Error 9” error message. [43744]
• The Fireware XTM Web UI login window now appears correctly when you use Safari on Mac OS X “Snow Leopard” without the need to refresh the browser. [42791]

WatchGuard System Manager

• You can now successfully install WatchGuard System Manager when Microsoft SQL Server 2008 Management Studio is running on your computer. [44981]

WatchGuard Servers

• Email released from the Quarantine Server is now correctly delivered to all recipients, instead of just the first recipient in the list. [43875]
• The Quarantine Server can now handle the apostrophe character (‘) in email addresses. [56221]
• The Quarantine Server can now handle the dash character (-) in email addresses. [45267]
• The Quarantine Server automatic scheduled user notification no longer stops after 2-3 days with a pyadapter exception error. [56109]
• A problem that caused the Report Server to occasionally fail to complete reports has been resolved. [45486]
• The default log level for WatchGuard System Manager server applications has been set back to “Warning” instead of “Debug” to keep unnecessary log messages from accumulating. [56290]
• The Reporting Web UI now works correctly after you upgrade WatchGuard Server Center from v11.2.x to v11.3.x [55879]
• We have resolved an issue that caused Report Server instability when you generate the Denied Packet by Client report for a large set of log messages. [56344]
• A problem that caused the WatchGuard Server Center restore function to sometimes fail to restore a backup file with an exception error has been resolved. [55984]
• You can now use the Reporting Web UI to access archived reports when the report generation time on the Report Server is set to a time later than 12:00 pm. [56286]
• The installation of WatchGuard Server components no longer fails with the error: “Management server failed during -unconfig mode 1”. [44238]
• The Management Server no longer fails to start after you restore a backup file on a computer on which the log directory specified in the WatchGuard Server Center configuration does not exist. If the log directory path does not exist, the default directory path will be used. [44380]
• The Log Server backup process no longer fails when you use a non-English OS and the default Log Server configuration settings. [44563]
• The Management Server no longer fails after you restore a backup file created with WatchGuard Server Center v10.2.x to a v11.x Management Server. [43201]

Policy Manager

• You can now successfully configure a bridge interface with a user-defined name. [55827]
• You can now connect to and make configuration changes to a Firebox or XTM device running Fireware XTM v11.1 from a management computer running WSM v11.3.x. [55834]
• The FTP proxy setting to restrict the maximum number of failed logins per connection now operates correctly. [55721]

Authentication

• Web Server certificates are now correctly imported and displayed in Firebox System Manager. [55758]

Firecluster

• The stability of an active/active FireCluster running under a heavy connection load has been improved. [55728]
• The passive device in an active/passive FireCluster no longer becomes unreachable when you change the management IP address of the backup master. [56064]
• In an active/active FireCluster, the Mobile VPN with SSL “Bridge VPN traffic” option now operates correctly. [40608]

Networking

• DF settings are now available when your Firebox or XTM device is configured in drop-in or bridge mode, in addition to routed mode. This setting is available on the Advanced tab of an interface configured as External. [44258]
• On the XTM 2 Series, traffic no longer fails across bridged interfaces when the bridge consists of Ethernet ports eth0-eth2 and eth3-eth5. [55737]
• You can now configure the Firebox X Edge e-Series and XTM 2 Series devices to forward DNS queries. Note that you can only enable this feature with the CLI; it is not available in Policy Manager or the Web UI. [42709]
• It is now possible to add up to 200 traffic management objects. [55796]
• A previously expired connection can no longer be re-opened when traffic matching the expired session is received. [45286]
• The blocked site limit has been increased from 154 to 1000. [40362]
• If a WINS server address is not defined in the configuration, the Firebox or XTM device now keeps the WINS server address blank when using DHCP. [41622]
• When using a dynamic NAT entry from one VLAN to another VLAN, the Source IP address is no longer the primary external IP address of the Firebox. [43838]
• After a proxy connection is closed, the Firebox or XTM device continues to accept and drop lingering connections from the remote server for a short period of time. This is done to prevent “auto-block packets not handled” from occurring due to a late reply packet from the server for a closed connection. [43866]
• 1-to-1 NAT now takes precedence when policy-based dynamic NAT is configured to use “Set source IP”. [44257]
• A Gratuitous ARP is now issued when you change the MAC address in the Network Interface setting to “override MAC address”. [55799]
• The Firebox or XTM device will now send a Gratuitous ARP (GARP) every hour for interface IP addresses. The GARP is performed each hour to make sure connected devices have correct ARP entries for the Firebox IP addresses. [55811]
• The Firebox or XTM device now correctly supports the number of allowed authenticated users per model. [56012]
• NAT loopback will now operate correctly when the connecting client uses a zero route branch office VPN tunnel. [45149]
• Connection rate limiting now operates correctly for inbound traffic. [43023]

Proxies

• We no longer support SSL v2 in the HTTPS proxy in order to better comply with PCI scans. [55908]
• This release resolves an issue that caused attachments sent through proxies to become corrupted. [40829, 55736, 56207]
• We have improved the stability of our proxy technology. These changes fix problems that caused some proxy processes to crash. [44786, 45209, 55601, 55663,55693,55794, 55813, 45458]
• This release resolves an issue that caused AV scans to fail after reboot. [56043]
• When an email is quarantined as spam by the SMTP proxy, a “200 OK” message is now sent to the sending server. [44224]
• The H.323 ALG media channel timeout no longer causes calls to be dropped after 900 seconds. [44945]
• The H.323 ALG now correctly deletes expired connections. [44573]

Security Services

• This release resolves several problems that caused spamBlocker to crash. [43787, 44194, 44518]
• This release resolves an issue that caused Internet Explorer to display “friendly HTTP error messages” instead of the WebBlocker deny message if the deny message did not have enough characters in it. [44893]
• The RED daemon no longer crashes on the passive device in an active/passive FireCluster. [56141]
• The IPS security service no longer adds IP addresses to the blocked sites list when it is configured only to drop traffic. [45281]
• The WebBlocker Override feature now operates correctly with VLAN interfaces. [43632]

Logging

• In proxy traffic log messages, the network interface name now appears correctly as the name you assign the interface and not as a network alias. [56243]
• A Firebox or XTM device now generates a log message when the maximum number of concurrent packet filter connections has been reached. [41801]