{"id":2753,"date":"2017-02-23T21:45:56","date_gmt":"2017-02-23T20:45:56","guid":{"rendered":"https:\/\/www.boc.de\/watchguard-info-portal\/?p=2753"},"modified":"2017-06-27T14:38:14","modified_gmt":"2017-06-27T12:38:14","slug":"neues-software-release-fireware-11-12-1-und-wsm-11-12-1","status":"publish","type":"post","link":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/2017\/02\/neues-software-release-fireware-11-12-1-und-wsm-11-12-1\/","title":{"rendered":"Neues Software Release Fireware 11.12.1 und WSM 11.12.1"},"content":{"rendered":"<p>Seit heute ist das Fireware Release \u00a0v11.12.1 verf\u00fcgbar.<\/p>\n<h4>Weitere Infos:<\/h4>\n<ul>\n<li><a href=\"https:\/\/www.watchguard.com\/support\/release-notes\/fireware\/11\/en-US\/EN_ReleaseNotes_Fireware_11_12_1\/index.html\">Release-Notes<\/a><\/li>\n<li><a href=\"http:\/\/watchguardsupport.force.com\/SupportSearch#t=KB&amp;sort=relevancy&amp;f:@objecttype=[KBKnownIssues]\">Known Issues<\/a><\/li>\n<\/ul>\n<p>Bei Verwendung einer T50 oder kleiner mit aktivierten SSL-Proxy beachten Sie bitte unseren Artikel zu <a href=\"https:\/\/www.boc.de\/watchguard-info-portal\/2017\/02\/err_ssl_version_or_cipher_mismatch-https-proxy-dpi-t10-t30-t50-xtm-252633-11-12-1\/\">Fireware v11.12.1 und HTTPS-Proxy mit Deep-Inspection<\/a>.<\/p>\n<p><!--more--><\/p>\n<h3>Enhancements and Resolved Issues in Fireware v11.12.1<\/h3>\n<h4>General<\/h4>\n<ul>\n<li value=\"1\">When you enable TDR on a Firebox, a TDR policy is now automatically added to your configuration to allow connections from TDR Host Sensors on your trusted network to TDR FQDNs on TCP\u00a0port 443.<\/li>\n<li value=\"2\">This release resolves a Cross-Site Request Forgery vulnerability on the Fireware Web UI login page. <span class=\"NumContinued\">[92304]<\/span><\/li>\n<li value=\"3\">This release updates the lighttpd component used by Fireware to resolve several HTTP proxy port-related vulnerabilities (CVE-2016-5387, CVE-2106-5388, and CVE-2016-5386). <span class=\"NumContinued\">[92514]<\/span><\/li>\n<li value=\"4\">This release resolves a vulnerability in the Fireware Web UI that could allow an attacker to enumerate management user login IDs. <span class=\"NumContinued\">[92884]<\/span><\/li>\n<li value=\"5\">This release resolves an issue that caused session IDs to be sent in the URL for authenticated Fireware Web UI\u00a0sessions. <span class=\"NumContinued\">[92679]<\/span><\/li>\n<li value=\"6\">This release resolves kernel crashes on Firebox T70, M200 and M300 devices configured in drop-in mode. <span class=\"NumContinued\">[92760, 92677]<\/span><\/li>\n<li value=\"7\">The Turkish timezone settings have been adjusted to eliminate timezone changes throughout the year. <span class=\"NumContinued\">[92464, 92666]<\/span><\/li>\n<li value=\"8\">You can now successfully create a backup image for a Firebox T10 with multiple security subscriptions configured. <span class=\"NumContinued\">[92341]<\/span><\/li>\n<li value=\"9\">The French localization of hotspot vouchers has been updated. <span class=\"NumContinued\">[92716]<\/span><\/li>\n<li value=\"10\">This release resolves an issue that caused the Front Panel to fail to load from Firebox System Manager. <span class=\"NumContinued\">[92771]<\/span><\/li>\n<li value=\"11\">Policy Manager and Firebox System Manager now negotiate stronger TLS ciphers for managment connections. <span class=\"NumContinued\">[92530]<\/span><\/li>\n<li value=\"12\">This release resolves an issue that caused Policy Manager to fail to save configurations to Firebox M400, M500, and M440 devices. <span class=\"NumContinued\">[92826]<\/span><\/li>\n<li value=\"13\">This release resolves an issue that caused Fireware Web UI to fail to display policies after you upgrade your Firebox to Fireware v11.12. <span class=\"NumContinued\">[92932]<\/span><\/li>\n<li value=\"14\">You can now successfully save configurations that contain policies with IPv6 addresses to Fireboxes installed with Fireware v11.11.4 or earlier. <span class=\"NumContinued\">[92674]<\/span><\/li>\n<li value=\"15\">This release has optimized memory usage for Firebox T10 and XTM 25\/26 devices. <span class=\"NumContinued\">[92647, 92341]<\/span><\/li>\n<\/ul>\n<h4>Networking and VPN<\/h4>\n<ul>\n<li value=\"1\">PPPoE external interfaces no longer need to restart when you change the NTP, Log Server, or multi-WAN settings on your Firebox. <span class=\"NumContinued\">[90146]<\/span><\/li>\n<li value=\"2\">PPPoE\u00a0Link Monitor now works correctly when you use both Link Monitor Ping and TCP\u00a0with domain names selected.<span class=\"NumContinued\">[92506]<\/span><\/li>\n<li value=\"3\">The BOVPN <i>New Gateway Endpoint<\/i> menu now correctly displays the local External interface drop-down list as the first option, and includes a tooltip to indicate that only the primary IP\u00a0address of the selected External interface will be used for tunnel negotiations. <span class=\"NumContinued\">[87940]<\/span><\/li>\n<li value=\"4\">The BOVPN Gateway Endpoints list now displays columns in the correct order. <span class=\"NumContinued\">[92708]<\/span><\/li>\n<li value=\"5\">NAT rules now work correctly when you configure a BOVPN\u00a0tunnel host route using a \/32 subnet mask and 1-to-1 NAT configured. <span class=\"NumContinued\">[92700]<\/span><\/li>\n<li value=\"6\">This release resolves an issue that caused a Firebox to become unresponsive after a secondary IP\u00a0address configured as part of a Dynamic NAT rule was removed from the Firebox configuration. <span class=\"NumContinued\">[92727]<\/span><\/li>\n<li value=\"7\">DWM-221 modem interoperability has been improved. <span class=\"NumContinued\">[92809]<\/span><\/li>\n<li value=\"8\">BOVPN IKEv2 tunnels to CheckPoint devices now establish correctly.<\/li>\n<\/ul>\n<h4>FireCluster<\/h4>\n<ul>\n<li value=\"1\">To prevent FireCluster upgrade issues, you can no longer upgrade a single FireCluster member with Policy Manager. <span class=\"NumContinued\">[90999]<\/span><\/li>\n<li value=\"2\">Hotspot guest administrators can no longer get access to the backup member of a FireCluster. <span class=\"NumContinued\">[92462]<\/span><\/li>\n<li value=\"3\">This release resolves a FireCluster issue that caused a kernel crash and subsequent failover for some customers. <span class=\"NumContinued\">[92567]<\/span><\/li>\n<li value=\"4\">From Front Panel, you can now correctly expand FireCluster member details for a Firebox installed with Fireware v11.11.x or earlier. <span class=\"NumContinued\">[92633]<\/span><\/li>\n<li value=\"5\">FireCluster devices no longer produce <i>XML-RPC error: connection time out<\/i> messages when Gateway AV signatures are manually updated in Firebox System Manager. <span class=\"NumContinued\">[90792]<\/span><\/li>\n<\/ul>\n<h4>Proxies and Services<\/h4>\n<ul>\n<li value=\"1\">The Firebox now includes the host IP\u00a0address when it sends data to the WebBlocker Websense database for classification. <span class=\"NumContinued\">[90264]<\/span><\/li>\n<li value=\"2\">The IPS\u00a0signature ID is now included in LEEF syslog messages. <span class=\"NumContinued\">[92551]<\/span><\/li>\n<li value=\"3\">This release resolves an issue that caused the SMTP\/POP3 proxies to strip base64 message parts if the message parts contained the exclamation point character (!). <span class=\"NumContinued\">[92622]<\/span><\/li>\n<li value=\"4\">This release improves the detection of macro-enabled Microsoft Office documents. <span class=\"NumContinued\">[92408]<\/span><\/li>\n<li value=\"5\">The spamBlocker Virus Outbreak Control block function now correctly auto-blocks the source when a virus is detected. <span class=\"NumContinued\">[92021]<\/span><\/li>\n<li value=\"6\">The SMTP\u00a0proxy deny message has been improved to include different admin actions for Gateway AV Scan errors. <span class=\"NumContinued\">[92010]<\/span><\/li>\n<li value=\"7\">The HTTP\u00a0proxy now supports multiple Transfer-Encoding Methods carried in the same header. <span class=\"NumContinued\">[92476]<\/span><\/li>\n<li value=\"8\">An issue that caused some specific websites to fail to load through the HTTPS Proxy has been fixed. <span class=\"NumContinued\">[92363]<\/span><\/li>\n<li value=\"9\">When you use policy manual-order mode in Fireware Web UI, HTTPS-Proxy rule position no longer changes when Content Inspection is enabled. <span class=\"NumContinued\">[92560]<\/span><\/li>\n<li value=\"10\">An issue has been resolved that caused slow Google website access through links in MS Office products when using the HTTPS Proxy with Content Inspection enabled. <span class=\"NumContinued\">[92687]<\/span><\/li>\n<li value=\"11\">Content filtering within gzip-compressed websites has been improved. <span class=\"NumContinued\">[63563]<\/span><\/li>\n<li value=\"12\">In Fireware v11.11.4, we announced that PFS support was not available on Firebox T10, T30, T50, XTM 25\/26, or XTM 33 devices. Because of a bug, support for PFS-capable ciphers in the TLS handshake process was allowed in both Fireware v11.11.4 and v11.12 for this set of devices, but the restriction is now correctly enforced in v11.12.1. See this <a href=\"http:\/\/watchguardsupport.force.com\/publicKB?type=KBArticle&amp;SFDCID=kA22A000000HQ3dSAG&amp;lang=en_US\" target=\"_blank\" rel=\"noopener noreferrer\">Knowledge Base<\/a> article for more information. <span class=\"NumContinued\">[92504]<\/span><\/li>\n<\/ul>\n<h4>Authentication<\/h4>\n<ul>\n<li value=\"1\">Active Directory authentication no longer allows concurrent connections from user names that differ only in case. <span class=\"NumContinued\">[67433]<\/span><\/li>\n<li value=\"2\">The session table now correctly displays users that authenticate with SSO. <span class=\"NumContinued\">[92759]<\/span><\/li>\n<\/ul>\n<h4>Certificates<\/h4>\n<ul>\n<li value=\"1\">CA Manager now correctly prevents the generation of a certificate with an invalid lifetime setting. <span class=\"NumContinued\">[92803]<\/span><\/li>\n<li value=\"2\">The CLI command <b>Upgrade certificate<\/b> now regenerates the default self-signed certificates if they have been removed. <span class=\"NumContinued\">[92496]<\/span><\/li>\n<li value=\"3\">This release resolves an issue that prevented the certificate portal from providing the correct Proxy Authority certificate for download. <span class=\"NumContinued\">[92802]<\/span><\/li>\n<li value=\"4\">An issue that caused managed device templates to fail to apply to devices installed with Fireware v11.10.x because of the WG-Cert Portal Policy has been resolved. <span class=\"NumContinued\">[92755]<\/span><\/li>\n<li value=\"5\">You can now connect remotely to manage a Firebox configured with PPPoE that uses a third-party certificate as its Webserver Certificate. <span class=\"NumContinued\">[92489]<\/span><\/li>\n<\/ul>\n<h4>Logging and Monitoring<\/h4>\n<ul>\n<li value=\"1\">You can now resize the Traffic Monitor search input field. <span class=\"NumContinued\">[88613]<\/span><\/li>\n<li value=\"2\">You can now configure logging and notification settings for the blocked sites list in Fireware Web UI. <span class=\"NumContinued\">[90621]<\/span><\/li>\n<li value=\"3\">Failed authentication attempts from WatchGuard System Manager for the <i>status<\/i> user now produce a log message: <i>log in attempt was rejected &#8211; invalid credentials<\/i>. <span class=\"NumContinued\">[92445]<\/span><\/li>\n<\/ul>\n<h4>Wireless and AP<\/h4>\n<ul>\n<li value=\"1\">AP 100\/102\/200 firmware v1.2.9.11 and AP300 firmware v2.0.0.6 resolve several stability issues. <span class=\"NumContinued\">[88333, 91689, 91711, 92104, 92128, 92711, 92823]<\/span><\/li>\n<li value=\"2\">AP 100\/102\/200 firmware v1.2.9.11 and AP300 firmware v2.0.0.6 resolve issues with Remote VPN\u00a0deployment. <span class=\"NumContinued\">[92454, 92562, 92579, 92580, 92909]<\/span><\/li>\n<li value=\"3\">This release resolves several issues that caused crashes of the <i>gwcd<\/i> process. <span class=\"NumContinued\">[92840, 92863, 92864]<\/span><\/li>\n<li value=\"4\">Gateway Wireless Controller now supports wireless country settings of AP devices in New Caledonia. <span class=\"NumContinued\">[92851]<\/span><\/li>\n<li value=\"5\">Clients connected to AP120 and AP320 devices managed by Gateway Wireless Controller now show correct signal strength values. <span class=\"NumContinued\">[92805]<\/span><\/li>\n<li value=\"6\">The Gateway Wireless Controller Wireless Client List now shows a location that matches the location configured for the AP device. <span class=\"NumContinued\">[90228]<\/span><\/li>\n<li value=\"7\">Gateway Wireless Controller can now correctly manage an AP120 or AP320 located behind a routed network. <span class=\"NumContinued\">[92972]<\/span><\/li>\n<li value=\"8\">Gateway Wireless Controller can now discover unpaired AP300 devices installed with AP firmware v2.0.0.6 over-the-air. <span class=\"NumContinued\">[91318]<\/span><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Seit heute ist das Fireware Release \u00a0v11.12.1 verf\u00fcgbar. Weitere Infos: Release-Notes Known Issues Bei Verwendung einer T50 oder kleiner mit aktivierten SSL-Proxy beachten Sie bitte unseren Artikel zu Fireware v11.12.1 und HTTPS-Proxy mit Deep-Inspection.<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2753","post","type-post","status-publish","format-standard","hentry","category-watchguard-allgemeine-informationen"],"_links":{"self":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/2753"}],"collection":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/comments?post=2753"}],"version-history":[{"count":2,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/2753\/revisions"}],"predecessor-version":[{"id":2878,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/posts\/2753\/revisions\/2878"}],"wp:attachment":[{"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/media?parent=2753"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/categories?post=2753"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/wordpress.boc.de\/watchguard-info-portal\/wp-json\/wp\/v2\/tags?post=2753"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}