Neues Release Fireware 12.1.3

Jetzt verfügbar:

    • Fireware Release  v12.1.3
    • WatchGuard System Manager v12.1.3

Fireware 12.1.3 General Availability
WatchGuard is pleased to announce the General Availability (GA) of Fireware 12.1.3 and WSM 12.1.3. These maintenance releases don’t include new features, but they provide resolution to many issues that have been reported by customers. WatchGuard partners and customers should review the Release Notes to see a full list of fixed issues prior to upgrading.

Does this release pertain to me?
The Fireware 12.1.3 maintenance release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, XTM 505, 510, 520, and 530 which have reached the End of Life. Firebox 12.2 is only available for Firebox appliances.

Reminder: AV Signatures ending for 11.x releases
WatchGuard announced last July that we would end support for AV signatures for the older AVG engine in Fireware 11.x by April 15th 2018. WatchGuard may continue to deliver some signature updates for 11.x firmware versions for a few more weeks, but frequency will decline and security efficacy will not be guaranteed to the same levels as 12.x firmware.  Customers must upgrade to a 12.x version of Fireware to receive the signature updates for protection against the latest threats and to maintain adequate defense against malware using the GAV service.

Software Download Center
Firebox and XTM appliance owners with active support subscriptions can obtain the Fireware 12.1.3 update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

 

Enhancements and Resolved Issues in Fireware 12.1.3

General
  • This release removes weak ciphers that do not support forward secrecy from the Firebox web server. [FBX-10752]
  • Web pages served by the Firebox now include security headers outlined in the OWASP Secure Headers Project in HTTP responses. [FBX-9691]
  • This release resolves a vulnerability that made possible a SAML assertion replay attack against the Access Portal. [FBX-9731]
  • This release corrects the Japanese localization of FireCluster upgrade error messages in Fireware Web UI. [FBX-10941]
  • Firebox System Manager no longer reports an error when you view the Front Panel of a Firebox Cloud instance. [FBX-10910]
  • Firebox System Manager no longer frequently disconnects when you connect to a Firebox with an older version of Fireware. [FBX-11814]
  • This release resolves an issue that prevented certificate sync when the Firebox first joins a FireCluster. [FBX-11449]
  • This release resolves an issue that caused all authenticated sessions to terminate after configuration changes are made to authentication server settings with Fireware Web UI. [FBX-11263]
Integrations
  • This release resolves an issue that resulted in Autotask creating unintended duplicate configurations. [FBX-11533]
  • Fireware Web UI no longer allows invalid configuration options that cause AutoTask to fail. [FBX-11771]
Networking
  • This release resolves an issue that caused the Firebox to stop replying to DHCP requests. [FBX-9213, FBX-10643]
  • This release resolves an issue that caused DHCP relay to stop working after a Firebox reboot. [FBX-11464]
  • This release resolves an issue that caused the removal of the default route after PPPoE interface re-negotiation. [FBX-11668]
  • The Huawei E3372 modem now works correctly. [FBX-10888]
  • This release resolves an issue with the WebUI that prevented changing the Link Monitor settings on T10/T15 when using a Modem as external interface. [FBX-11040, FBX-10535]
  • The Enable Link-Monitor check box no longer re-selects itself after you disable it. [FBX-10214]
  • Policy Manager now correctly allows configuration of Multi-Wan for T15 Fireboxes with Fireware Pro. [FBX-11500]
Centralized Management
  • Management Server now correctly restricts configuration options for active Directory based on RBAC role.[FBX=9167]
VPN
  • Mobile VPN with SSL download page no longer fails to load for two-factor authentication users. [FBX-10085]
  • This release resolves an issue that caused the Mobile VPN with SSL process to crash when FIPS is enabled on Firebox. [FBX-2558]
  • BOVPN over TLS clients can now connect to a remote VPN server with its primary server configured as a domain name. [FBX-11556]
  • This release resolves a kernel crash that occurs when Mobile VPN with SSL traffic is sent through a Virtual Interface (VIF). [FBX-11800]
  • This release adds enhancements to BOVPN Dead Peer Detection when the Firebox is located behind a NAT device. [FBX-11192]
  • This release adds several IPSec BOVPN stability improvements for Fireboxes in a NAT environment. [FBX-11188]
  • This release resolves an issue that causes Managed Branch Office VPN tunnels to restart when the the Management server changes the Firebox configuration. [FBX-11400]
  • SLVPN Management tunnels can now use the # symbol as the first character of the password. [FBX-11271]
  • This release resolves an issue that caused packet loss through Branch Office VPN on M4600 and M5600 with large amounts of traffic. [FBX-11584]
Proxies and Services
  • This release reduces load on the Firebox processor caused by excessive proxy log messages.[FBX-10691]
  • The HTTP proxy no longer fails to get the MD5 hash during a file upload when the file exceeds the Gateway AV scan limit.[FBX-11577]
  • This release improves IPS and Application Control scanning when Content inspection is enabled on T15, T30 and XTM330 platforms.[FBX-11354]
  • IMAP proxy connection count is now correctly reported in Proxy Connection Statistics for connections handled by the TCP-UDP proxy. [FBX-10586]
  • This release resolves an issue that caused some websites to fail to load in the Chrome browser for connections through the HTTPS proxy with TCP MTU probing enabled. [FBX-11280]
  • A FireCluster member without a DNSWatch license will now correctly register to the DNSWatch service when it becomes Master. [FBX-10180]
  • This release resolves an issue that prevented HostWatch from correctly displaying data related to SIP and H323 proxies. [FBX-10238]
  • This release includes several improvements in Proxy memory usage. [FBX-11465, FBX-9256, FBX-10886]
  • This release resolves a memory leak that occurred when the IMAP proxy was enabled. [FBX-11255]
  • This release resolves an issue that prevented mail from downloading through the IMAP proxy with log messages that included: “fail to parse fetch argument list”. [FBX-10782]
  • The status of Content Inspection is now included in IMAP proxy log messages when viewed from the Fireware Web UI.[FBX-10822]
  • Log messages generated by the IMAP Proxy now include the TLS Profile name configured in the proxy. [FBX-10125]
Wireless
  • Gateway Wireless Controller updates of AP420 and AP325 no longer fail because of an AP reboot during the upgrade process. [FBX-11081]
  • This release resolves an issue that caused the Firebox T35-W model to crash when wireless is enabled. [FBX-9760]

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>