Enhancements and Resolved Issues in Fireware v12.0

This list may not include all resolved issues and enhancements included in this release. If you have questions about the status of a specific active or resolved issue, please contact WatchGuard Technical Support.

General

• Firebox Web UI now correctly uses the term Backup IP in the Mobile VPN with SSL configuration options instead of Secondary. [FBX-6597]
• This release suppresses excessive wrapper rsync log messages at the Error level. [FBX-6463]
• The Firebox now uses openvpn-2.3.17, which resolves multiple vulnerabilities that are described at https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243. [FBX-6486]
• This release improves Firebox stability in environments with a high volume of connections. [FBX-5232, FBX-2724, FBX-2748]
• This release resolves an issue that caused some Fireboxes to lock up and not pass traffic. [FBX-2202, FBX-2652]
• Web UI > Traffic Monitor now correctly displays protocol for ICMP connections that are denied as unhandled. [FBX-5547]
• Web Setup wizard now works correctly for Firebox Cloud on AWS for BYOL license users. [FBX-6567]
• This release improves the passphrase security of WSM role-based access control. [FBX-2334]
• This release resolves a Cross Site Scripting (XSS) vulnerability in the Fireware Web UI. [FBX-5313]
• This release resolves an issue that caused wgagent to crash while processing an invalid XML-RPC request. [FBX-5312]

Proxies and Services

• This release adds an IMAP proxy for email retrieved by IMAP clients. [FBX-91]
• The Firebox now uses BitDefender for Gateway AV. This replaces the previous AVG engine. [FBX-1675]
• This release adds a new larger signature set for IPS for higher model Fireboxes. [FBX-4807, 86471]
• The Firebox now correctly sends traffic messages for polices with Application Control enabled. [FBX-3324]
• The SMTP proxy no longer incorrectly drops emails with attachments over 2 megabytes in size. [FBX-2313]
• This release removes the erroneous Replace action from the SMTP proxy configuration. [FBX-2628]
• Policy Manager now correctly allows wildcards in spamBlocker exceptions. [FBX-5672]
• This release improves SIP-ALG handling of Ringing 180 messages. [FBX-6685]
• Default NAT settings are now correctly added to the WatchGuard Threat Detection and Response policy in Fireware Web UI. [FBX-6454]
• The presence of saved AP firmware and fault reports in XTM 25 and XTM 26 appliance storage no longer causes signature updates to fail. [FBX-5659]
• This release resolves an issue in which emails encrypted with TLS fail when sent with large attachments and large Gateway AV scan limit. [FBX-2620, FBX-2621]
• The SMTP proxy Lock action now correctly formats file name when the original name includes an umlaut character. [FBX-2644]
• The SMTP proxy can now delay email delivery to allow time for APT scans to complete and reduce risk of malicious emails. [FBX-4960]
• The Firebox now uses HTTPS to securely request website classification for WebBlocker with Websense cloud. [FBX-1356]

Authentication and Single Sign-On (SSO)

• This release improves the reliability of the SSO Agent service. [FBX-6234]
• SSO with Exchange Monitor will no longer try to authenticate users in the External network zone. [FBX-2617]
• This release resolves an issue that caused the Firebox to deny traffic from the Terminal Services Backend-Service user as unhandled. [FBX-6104]

VPN

• This release resolves an IKE process crash that occurred when IKEv2 VPN negotiation fails. [FBX-7050]
• This release resolves an IKE crash that occurred with IKEv2 negotiation. [FBX-7050]
• The Firebox no longer unexpectedly fragments ESP packets. [FBX-6307]
• The MacOS client for Mobile VPN with SSL now configures DNS servers in the same order as they appear in the Firebox configuration. [FBX-5052]

Networking and Modem Support

• The Firebox can now act as a local multicast router to forward multicast traffic from the source to receivers on your network. [FBX-1176]
• Policy Manager now correctly retrieves the Default Gateway from the configuration file when you do not have an external interface configured. [FBX-5734]
• The Firebox now correctly supports Huawei E3372h-153 USB LTE Modem. [FBX-2916]
• This release adds support for the D-Link DWM-222 modem. [FBX-3741]
• This release improves Bandwidth Guarantee performance in Traffic Management. [FBX-2515, FBX-2348]
• XTM 25 and XTM 26 devices no longer lose link after DHCP renewal. [FBX-5821]
• External interfaces configured for DHCP now correctly set the specified IP address in configuration. [FBX-5704]

FireCluster

• This release improves FireCluster stability during configuration changes in environments with a high volume of connections. [FBX-5887]

Wireless

• The Gateway Wireless Controller global passphrase is no longer corrupted when you upgrade from Fireware v11.12.1 or earlier release. As a result, AP devices no longer become stuck in an Authenticating state. [FBX-6552,FBX-6394]
• Gateway Wireless Controller in Firebox System Manager no longer clears selected objects on refresh. [FBX-5359]
• Policy Manager can now save to FireClusters with Gateway Wireless Controller and Fireware v11.12.1 and earlier. [FBX-6381]

Dimension and Centralized Management

• Management Server no longer allows users to access information outside their level of permissions. [FBX-2828]

ConnectWise Integration

• ConnectWise integration can now close tickets after you remove the default Close status type. [FBX-6504]
• ConnectWise can now create tickets when there is no contact defined in the account. [FBX-7193]
• You can now configure ConnectWise integration to set priority for tickets created by your Firebox. [FBX-1802]

Give us feedback  •   All product documentation  •   Technical Search

© 2017 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.