Seit heute verfügbar: Fireware 12.2 und WatchGuard System Manager 12.2

Die wichtigsten Änderungen/Verbesserungen:

• mit “Intelligent Antivirus”, einer weiteren zusätzlichen AV-Engine ab M370 und höher
• redundante SSO-Agent-Anbindung
• das zentrale Geolocation-Profil ist pro Policy an/abschaltbar
• Verbesserte Zertifikats-Verwaltung im FireboxSystem Manager
• POP3 und SMTP-Proxies unterstützen den TLS-Port 995/465
• BOVPNs können auf Secondary IP Adresses gebunden werden.
• Verbesserungen bei der APT-Hold Option für SMTP-Proxies
• HTTPS Inbound Proxy-Actions (Content-Action) kann unterschiedliche Zertifikate verwenden

Enhancements and Resolved Issues in Fireware 12.2

General

• The Firebox now correctly hashes dynamic DNS passphrases in the .xml configuration file, and does not display them in plain text. [FBX-10470, FBX-10849]
• The Firebox now correctly hashes SNMPv3 passphrases in the .xml configuration file, and does not display them in plain text. [FBX-10487]
• This release resolves an issue that caused the Firebox to sometimes fail to update. [FBX-12001]
• The Firebox System Manager certificates view has improved filter options. [FBX-11903]
• The Firebox default CA bundle now includes the Comodo CA. [FBX-12058]
• Policy Manager now prompts you to create a backup file before you upgrade on all Firebox models. [FBX-12135]
• This release resolves a memory management issue that caused Firebox T10 and T35 devices to crash. [FBX-10641]
• This release resolves a Fireware Web UI issue in which Javascript would crash when you sort certificates by type. [FBX-12234]
• When you edit a Policy Template, the Protocols list now resizes correctly when you resize the dialog box. [FBX-12235]
• An issue that caused policies to reorder has been resolved. [FBX-12330]
• Quick Setup Wizard can now connect to a Firebox in sysB recovery mode. [FBX-12650]
• The Master Control Panel shortcut no longer causes Policy Manager to crash on Windows 10 with Creators Update. [FBX-5931]
• The Fireware Web UI Front Panel now displays send and receive KB values for interfaces for a FireCluster. [FBX-3069]
• Fireware Web UI users can no longer reveal the log encryption key with the Chrome inspect command. [FBX-11008]
• You can now save a configuration file to the Firebox with Fireware Web UI. [FBX-10959]
• Firebox Cloud now supports WatchGuard System Manager. [FBX-8898]
• This release allows you to configure policies to manage traffic from the Firebox. [FBX-4714]
• This release features improvements to the certificate import process. [FBX-3905]
• This release resolves a memory leak with snmpd. [FBX-10994]

Authentication

• Single Sign-On now supports multiple redundant SSO Agents. [FBX-8944]
• Firebox Cloud now supports Single Sign-On. [SSO-163]
• The default port that shows in the RADIUS port tool tip in Policy Manager has been corrected. [FBX-12440]

Access Portal

• You can now successfully add an RDP host to the Access Portal for use with Firebox M270 devices. [FBX-12486]
• Access Portal now correctly allows image upload without false errors. [FBX-11968]

Integrations

• More contextual information has been added to the ticket and note titles in ConnectWise and AutoTask tickets. [FBX-6338]

Networking

• The Firebox now correctly routes traffic through a PPPoE connection after it is lost and then re-established. [FBX-11668]
• Multi-WAN no longer incorrectly exposes Policy-Based Routing and Sticky Connection options on BOVPN policies. [FBX-6634]
• You can now add FQDNs to Static NAT rules with Policy Manager. [FBX-10964, FBX-1304]
• This release resolves an issue in which the Firebox would use the incorrect policy for traffic when two FQDNs resolve to the same IP address. [FBX-6914]
• This release improves policy handling of FQDNs when a single hostname resolves to a large number of IP addresses. [FBX-11083]
• FQDN now supports wildcard subdomains. [FBX-4434]
• DHCP relay for VLAN interfaces no longer fails after you reboot a Firebox. [FBX-11464]
• This release adds support for FujiSoft FS040U, UX302NC LTE and UX302NC-R LTE USB modems. [FBX-10419, FBX-10421, FBX-10192]
• This release adds support for Netgear 341U modems. [FBX-7926]
• You can now modify modem Link Monitor settings for Firebox T10 and T15 devices. [FBX-11040]
• The Firebox now correctly sends log messages through the correct interface after a Multi-WAN failback event. [FBX-2380]
• Policy Manager no longer allows you to configure Multi-WAN Link Monitoring in a configuration with only a single external interface. [FBX-11840]
• This release allows you to configure loopback interface addresses for global dynamic NAT and per policy dynamic NAT. [FBX-11225, FBX-10760]
• You can now use the CLI to globally enable or disable the anti-replay window size. [FBX-9887]

VPN

• This release adds CLI support for BOVPN/VIF secondary IP addresses. [FBX-11045]
• This release resolves an issue that caused packet loss through BOVPN tunnels on Firebox M4600 and M5600 devices that handle large amounts of traffic. [FBX-11584]
• This release resolves an issue in which the Firebox sends decrypted BOVPN VIF tunnel traffic to the wrong interface. [FBX-11987]
• Connections from the Firebox to a Log Server on local network will no longer route through tunnel when the VPN remote network overlaps with local Subnet. [FBX-2416]
• This release resolves multiple iked process crash issues. [FBX-10289, FBX-12555]
• The Firebox no longer routes the SSLVPN-Management tunnel through the Zero-Route IPsec Tunnel. [FBX-4905, FBX-8273]
• Mobile VPN with SSL configured to use UDP data channel and TCP configuration port will now trigger an overlap warning if policies for the same ports exist. [FBX-7873]
• This release introduces AES-GCM ciphers for IKEv2 and TLS-based VPNs. [FBX-6340]
• You can now configure Branch Office VPN gateways with secondary IP addresses. [FBX-10580]
• This release removes the VPN portal. Features of the VPN portal now reside in the Access Portal or Mobile VPN with SSL configuration. [FBX-10703]

Proxies and Services

• This release introduces IntelligentAV, a supplemental AntiVirus service powered by Cylance. [FBX-8895]
• You can now configure Geolocation on a per-policy basis. [FBX-8610]
• You can now specify the minimum TLS or SSL version in the TLS profile. [FBX-3698]
• This release adds new HTTPS Content Exception entries for GoToMeeting, WatchGuard Cloud IoT endpoints, and Lastline. [FBX-11677, FBX-12067, FBX-11039]
• A FireCluster member without a DNSWatch license now correctly registers to the DNSWatch service when it becomes Master. [FBX-10180]
• You can now use the File Exceptions list to bypass some subscription services for specific files. [FBX-12300]
• The SMTP proxy no longer includes TCP port 465 when TLS support is not enabled. [FBX-12526]
• You can now use Fireware Web UI to disable Application Control when the license has expired. [FBX-10495]
• This release resolves file download issues for Firebox T10s with large files through the HTTP proxy. [FBX-10008]
• The POP3 proxy now correctly handles the x-microsoft-exchange-diagnostics header and does not inject additional text. [FBX-10083]
• APT scanning and caching for IMAP Proxy now works correctly. [FBX-12376]
• This release resolves a display issue in the TCP-UDP proxy configuration when a proxy action has a name longer than 34 characters. [FBX-9897]
• The POP3 and SMTP proxies now support TLS profiles. [FBX-4667, FBX-9919]
• Firebox Cloud now supports spamBlocker and Quarantine Server. [FBX-10745, FBX-11126]
• This release features enhancements to WebBlocker usability. [FBX-1258]
• You can now use inbound HTTPS content inspection with multiple servers with different certificates. [FBX-11793]
• Fireware Web UI and FSM Front Panel now display DNSWatch status. [FBX-10956, FBX-10435]
• Gateway AV scan errors for encrypted files now display the specific path and file name. [FBX-4025]
• This release resolves an issue in which files over the scan limit size would fail to pass with action set to Allow. [FBX-12046]
• The APT hold option no longer causes email delivery to fail. [FBX-12213]
• This release resolves an issue Firebox Cloud instances with Pay-As-You-Go signature updates. [FBX-11762]

Wireless

• This release adds the ability to configure the Band Steering RSSI in the Gateway Wireless Controller. [FBX-9862]
• This release enables SSH command line access to AP100, AP102, AP200, and AP300 devices. [FBX-10908]

Software Download Center

Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. Please read the Release Notes before you upgrade to understand what’s involved.