Fireware 12.2.1 + IPSec Mobile VPN Client für Windows 13.10 veröffentlicht

Seit 05. September ist die Fireware-Version 12.2.1 verfügbar. Zudem wurde der WatchGuard IPSec Mobile VPN-Client mit der Version 13.10 veröffentlicht.

Die Version 12.2.1 ist ein Maintenance-Release, es gibt nur kleine Änderungen.

Interessant sind aus meiner Sicht insbesondere die folgenden Änderungen:

  • eigene DNS-Einstellungen für Mobile VPNs: IKEv2 + IPSec + L2TP. Diese hatten bisher ja die zentralen DNS-Einstellungen der Box verwendet.
    Bei allen Mobile User VPNs gibt es jetzt nun konsistent eine Box für die DNS-Einstellungen, mit der je VPN-Art unterschiedliche Einstellungen getätigt werden können:
  • SD-WAN Features (Software-Defined WAN): Loss / Jitter / Latency Displays im Firebox System Manger und in der Web-UI
  • SNAT unterstützt nun Loopback IP Adressen
  • Weitere Verbesserungen beim Zertifikats-Import
  • Komplette Überarbeitung der Backup/Restore Funktionalität – Backups können nun auf der Firebox selbst gespeichert werden, kein USB-Stick mehr notwendig.
  • Bei Upgrades wird automatisch ein Backup erstellt – vor dem Upgrade. Dieses liegt auf der Firebox – und kann bzw. sollte(!)) natürlich auf den Arbeitsplatz oder ein Netzwershare exportiert werden (s.u.)
  • Backups enthalten keine Firmware mehr und sind dadurch wesentlich kleiner. Dies hängt vermutlich auch damit zusammen, daß die Firmware für die aktuellen Rack-Modelle M270/M370/M470/M570/M670 durch das mit 12.2 eingeführte neue Feature Intelligent-AV auf grob 300 MB angestiegen ist.
  • beim Downgrade kann man wählen, ob man danach einen Factory-Reset haben möchte oder ob ein gespeichertes, zur Firmware passendes Backup verwendet werden soll.
  • Backup Import-/Export- Möglichkeiten zum Speichern der Backups jenseits der Firebox runden das Feature ab.

Hier gehts zum Download aus dem WatchGuard Support Center.


Originaltext:

Enhancements and Resolved Issues in Fireware 12.2.1

General

  • This release resolves an issue that sometimes caused tabletop model Fireboxes to crash during times of heavy traffic. [FBX-12174]
  • This release resolves multiple crash issues related to FireCluster. [FBX-12265, FBX-13265, FBX-12746]
  • Traffic Monitor no longer fails to display log messages because of invalid bytes in UTF-8 sequences. [FBX-12268]
  • When you log in to Firebox System Manager with an AD account, you can now successfully launch Policy Manager from that Firebox System Manager session. [FBX-9651]
  • This release resolves a crash that sometimes occurred on boot for Firebox M370 devices. [FBX-9038]

Access Portal

  • This release eliminates an error with mouse detection on the right edge of the screen in Access Portal RDP sessions. [FBX-10121]

Networking

  • This release correctly allows you to set Link Monitor settings for modems on Firebox T10 and T15 devices. [FBX-11040]
  • Dynamic DNS no longer incorrectly fails with invalid response from server (-2) message with dnsdynamic.org. [FBX-11795]
  • This release resolves a dhcpd memory leak. [FBX-11633]
  • The oss-daemon on the Firebox no longer crashes when you change the DHCP server configuration. [FBX-12228]
  • You can now clear interface check boxes in the Routing Table configuration and they are not selected automatically. [FBX-13107]
  • You can now configure IP addresses assigned to a loopback interface in static NAT. [FBX-3734, 91091]

VPN

  • To improve IKEv2 interoperability with Cisco devices, this release supports IKE_Auth initiator request packets larger than 28674. [FBX-11644]
  • This release resolves an issue in a non-default profile name for L2TP clients could cause L2TP configurations to break if you use a combination of Web UI and Policy Manager for L2TP configuration. [FBX-12250]
  • This release resolves a crash issue that occurred when a user connected to Mobile VPN with SSL on a Firebox with Quotas configured. [FBX-12620]
  • The Firebox no longer generates a user space crash for IKE after multiple L2TP connection attempts. [FBX-12727]
  • This release resolves a Web UI issue in which the Firebox would re-enable the Allow SSLVPN-Users policy when you save configuration changes. [FBX-12224]
  • You can now configure the DF-bit options for any interface in a Branch Office VPN or Virtual Interface configuration. [FBX-4878]
  • You can now select the secondary network IP address of an External VLAN in the BOVPN Gateway settings from Policy Manager. [FBX-13102]
  • Mobile VPN with SSL no longer fails to connect when 1-to-1 NAT is configured for same external IP address. [FBX-12274]

Proxies and Services

  • The SMTP proxy now preserves mime headers when it locks attachments because of scan errors. [FBX-9042]
  • Web UI no longer allows you to leave the Quarantine Server IP Address text box blank when you configure a Quarantine proxy or APT action. [FBX-3635, FBX-3592]
  • The Firebox now correctly submits Office files with non-standard magic bytes for APT analysis. [FBX-10656]
  • DNS resolution no longer fails when the firewall global DNS server list contains more than one IP address on a network with DNSWatch enforcement enabled. [FBX-11560]
  • DNSWatch no longer fails on some interfaces when a Local DNS server appears first for DNSWatch on a different interface. [FBX-12272]
  • You can now configure the SMTP Proxy Gateway AV and VOD to deny connections. [FBX-4200]
  • In HTTP and Explicit proxy actions, you can now specify the level at which SafeSearch is enforced on YouTube. [FBX-10292]

Enhancements and Resolved Issues in WatchGuard IPSec Mobile VPN for Windows 13.10

  • This release features a 64-bit version of each component.
  • The Windows version now matches Windows 10 correctly.
  • You can now use the pre-connect login client to connect to a hotspot.

To learn more about new features and feature enhancements for this release, review the What’s New in Fireware v12.2.1 PowerPoint or recording.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>