Neues Software Release Fireware 11.12.2 Update 1

Comment

Seit 08.05.2017 ist das Fireware Release  v11.12.2 Update 1 verfügbar.

Resolved Issues in Fireware v11.12.2 Update 1

  • This release resolves an issue that caused the IKED process to crash when the Firebox received a malformed SA payload in an IKEv2_SA_INIT message. When the IKED process crashed, IPSec Branch Office VPNs and Mobile VPN with IPSec tunnels restarted, and, if the Firebox was part of a FireCluster, failover occured. This issue affected Fireware v11.11 and newer. [FBX-5588]
  • This release resolves an issue on Firebox M400/M500 devices that prevented some SFP Transceivers from being correctly recognized after the Firebox was updated to Fireware v11.11 or newer. [FBX-4968]
  • When OCSP certificate validation is enabled, the HTTPS proxy now correctly disables certificates when the responder requires Host Header information in request. [FBX-5060]
  • This release resolves an issue that caused Single Sign-On authentication to stop working after a FireCluster failover. [FBX-5444]

Enhancements and Resolved Issues in AP 8.0.581

  • After a reset to factory default settings, the AP device operating region is now correctly configured based on the detected region of the AP device. [AP-46]
  • If an AP device is detected as operational in an unsupported region, the operating region for the AP device is set to the USA country code 841. [AP-31]
  • AP devices configured with a static IP address are now correctly discovered by Gateway Wireless Controller. [AP-47]

Wichtig – zur Beachtung:

  • PFS bei TLS und HTTPS-DPI wurde nun auch für T10/30/50 & XTM-33 konfigurierbar
  • verbesserter Support für VPN zu Amazon AWS
  • Für APs wurde ein Truststore eingeführt – neue APs müssen einzeln den “trusted” Status erhalten (Firebox System Manager => Gateway Wireless Controller => bei den Aktionen).
  • Längere Mindest-Länge der AP-Passphrases
  • Änderungen bei Port 4100 Authentication Policy, bitte nach Update prüfen, ob die Policy noch so eingetstellt ist, wie man Sie konfiguriert hat, insbesondere bei Verwendung von Any-External.

Enhancements and Resolved Issues in Fireware v11.12.2

General

  • Single TCP stream now provides the expected throughput on a Firebox M440. [FBX-380]
  • This release includes improvements to reduce CPU usage when Management Tunnels are established over SSL. [FBX-2087, FBX-2085, 93080]
  • This release resolves an issue that caused IKED to crash after internal hash table corruption. [FBX-1906, 92942]
  • Various process crashes have been fixed in this release. [92706, FBX-2751, 92684]
  • ConnectWise now creates new tickets when a user removes the default “Quick Response” priority type. [FBX-1821]
  • This release resolves a kernel crash that occurred after a FireCluster failover. [92667, 92230]
  • A Certd process crash has been fixed. [FBX-1167, 92526]
  • A problem that caused some websites to fail to load with a “content decoding error” has been resolved in this release. [FBX-2410]
  • Policies that include a VLAN name in the From or To field no longer fail after you change the VLAN name. [92966]
  • The Firebox XML-RPC agent no longer returns different responses to login requests that contain valid and invalid usernames. [FBX-1654]
  • This release resolves an issue that caused wgagent to crash while processing an invalid XML-RPC request. [FBX-1765]

Proxies and Services

  • Perfect Forward Secrecy (PFS) ciphers are now available in HTTPS and SMTP proxies for Firebox T10, T30, T50, XTM 25/26, and XTM 33 models. [FBX-2020, 93045]
  • The Blocked Sites Exceptions list now includes default FQDN exceptions for servers required for WatchGuard products and subscription services. [FBX-1416, 92658]
  • The HTTP proxy process no longer crashes when inflating data from web pages with content-encoding set to gzip or deflate. [93220, FBX-2729]

Authentication and Single Sign-On (SSO)

  • You can now configure lockout settings for all user accounts that use Firebox authentication to protect user accounts from brute force attempts to find the user account login credentials. [FBX-417, 45021, 67544, 45551]
  • You can now limit the number of devices that can connect to a Hotspot at the same time for each guest user account. [FBX-433, 82879]
  • The SSO client for Mac OS now supports nested groups. [FBX-1484, 92726]
  • WatchGuard Single Sign-On and Terminal Services components are now officially supported on Windows Server 2016. [FBX-1153, 92398]
  • The SSO Client installer now creates a Windows firewall exception. [FBX-1763, 91373]
  • Terminal Services support for manual Single Sign-On authentication now includes Citrix XenApp 7.12. [FBX-1628, 90170]
  • When you associate a user with more than 256 authentication groups, the Firewalld process no longer crashes. [93152, FBX-2681]

VPN

  • BOVPN Virtual Interface now supports an IPSec VPN tunnel to an Amazon AWS virtual private cloud (VPC). [FBX-110, 41534]
  • You can now specify a different pre-shared key for each gateway endpoint for the same branch office VPN gateway. [FBX-1290, FBX-1292]
  • In Fireware Web UI, the VPN Statistics System Status page has a new Statistics tab that shows bandwidth and tunnel statistics over time. [FBX-1728]
  • The Global VPN setting Enable TOS for IPSec is now correctly applied to BOVPN traffic configured to use a Virtual Interface (VIF). [FBX-2349]
  • Mobile VPN with IPSec no longer fails to reconnect after a non-graceful disconnection. [92935, FBX-2195]
  • The use of many BOVPN Virtual Interfaces no longer causes a kernel crash. [93193, FBX-2755]
  • This release resolves an issue with Mobile VPN with SSL that caused incorrect DNS resolution on Windows 10 clients. [88918]
  • This release updates the Mobile VPN with IPSec client for Mac OS X to add support for Mac OS Sierra.
  • This release updates the Mobile VPN with IPSec client to resolve an issue related to missing DNS server IP address information. [90324]

Wireless

  • Gateway Wireless Controller now supports management of AP322 outdoor AP devices. [FBX-100, FBX-1270]
  • The default wireless security mode for AP devices locally managed by a Gateway Wireless Controller and wireless-capable Firebox devices is now WPA2-only (PSK) with AES encryption. [FBX-1974, 93047]
  • This release includes several other important security-related enhancements to Gateway Wireless Controller. See the Upgrade Notes topic for important information related to these enhancements. [FBX-111]

Networking and Modem Support

  • In the Dynamic DNS configuration, you can select to have DynDNS use the IP address from your router or NAT device. [FBX-1998, 92780]
  • You can now enable conditional DNS forwarding from Fireware Web UI and Policy Manager. [FBX-559, 58214]
  • In Bridge Mode, you can now configure the Firebox to use DHCP to get an IP address. [FBX-375]
  • This release includes support for two new USB modems:
    • Franklin U772 4G USB modem [FBX-1232]
    • NetGear Beam 3G/4G USB modem [FBX-1676]
  • This release adds support for Spanning Tree Protocol support for VLAN interfaces. For specific information on supported scenarios, see Fireware Help or What’s New in Fireware v11.12.2. [FBX-753, 61035]
  • This release add spanning tree protocol support in Bridge mode. [FBX-991, 56764]
  • A dynamic routing daemon crash has been fixed. [92930, FBX-1744]
  • The PPPoE daemon now remains stable when Link Monitor probing cannot resolve a domain name. [92024]
  • The BGP routing process no longer crashes when MD5 encryption is used. [93038, FBX-1886]
  • BGP routes are now added correctly to the routing table after a FireCluster failover. [FBX-2749, 93095]

Hinterlasse eine Nachricht

Deine E-Mail-Adressse wird nicht veröffentlicht. Markierte Felder sind Pflichtfelder *