Watchguard veröffentlicht neue Fireware Version

Watchguard hat eine neue Version der Fireware veröffentlicht.

Untenstehend sind alle Änderungen und BugFixes aufgelistet.

General

• This release includes a localization update for WatchGuard System Manager and Fireware Web UI to match Fireware v11.11 functionality for our French, Japanese, and Spanish (LA) users.
• This release resolves a kernel crash on Firebox M400 and M500 appliances when using IPSec VPNs.[90930]
• This release includes multiple updates to the lighttpd service used by the Firebox web server to ensure best cipher suite compatibility with modern web browsers. [91311]
• This release resolves an issue that prevented changes from saving correctly from Fireware Web UI when using the localized French interface. [92008]
• Several Fireware Web UI pages have been updated to guard against XSS injection attempts. [86039]
• The Fireware Web UI Configuration Report now correctly displays all ports and protocols for a firewall policy when multiple ports and protocols are configured. [91347]

Proxies and Security Subscriptions

• The SMTP and HTTPS proxy now support Perfect Forward Secrecy (PFS). [82389, 90567]
• The HTTPS proxy with Content Inspection enabled no longer crashes when an HTTPS request is sent that uses an unsupported cipher. [91455]
• This release resolves an issue introduced in Fireware v11.11.1 that prevented traffic from passing through a proxy policy if the receiving interface has an MTU set below 1500. [91761]
• This release resolves an issue that caused some unhandled denied traffic to show as allowed in the traffic log message even though the traffic was denied. [91566]
• Mobile Security trial licenses now work correctly. [91754]
• The POP3 proxy now provides the ability to detect file extensions inside compressed attachments.[89078]
• This release improves the proxy detection of Visual Basic Script macros inside of Microsoft Office documents. [91388]
• This release resolves an issue that occurred when you edit an existing Explicit Proxy action where Content Inspection is not enabled in CONNECT Tunneling. [91887]
• The SMTP proxy Return-Receipt-To header rule now correctly matches the header field name. [91504]
• POP3 proxy log messages now correctly include the User field. [91493]
• HTTP Proxy Exceptions now save correctly from the French localized Fireware Web UI. [92008]
• The SIP ALG no longer crashes when referencing a pointer to a proxy connection structure that has already been freed and is no longer valid. [91563]
• This release updates the proxy handling of SSLv2 traffic. SSLv2 traffic will now pass through the HTTPS-Proxy if Allow only SSL compliant traffic is not enabled and Content Inspection is disabled. [91749]
• SSL unknown protocol event log messages no longer occur when incomplete SSL authentication connections are closed by the Firebox. An example of those log messages looks like this: SSL:1 error;140760FC:SSL routines;SSL23_GET_CLIENT_HELLO;unknown protocol. [91641]
• The proxy will now classify documents containing a file description of ‚Microsoft OOXML‘ as mime-type ‚application/vnd.openxmlformats-officedocument‘ when no definite mime-type exists within the file.[91853]
• This release resolves an issue that caused the file scanning process (scand) to crash. [89261]
• APT Blocker notification logging has been improved to more consistently capture the analysis results for files submitted to the Lastline data center’s next-generation sandbox. [91301]
• The correct set of DLP content rules is now displayed in Policy Manager for Firebox M200 and M300 appliances. [91044]
• APT Blocker reports no longer include information about clean objects in their summary details. [91628]
• The Firebox Configuration Report now correctly displays Denied WebBlocker categories when using the Websense Cloud. [91190]
• New WebBlocker profiles created manually in Policy Manager now have Log this action enabled by default for WebBlocker categories. [89834]

Networking

• This release resolves an issue that prevented DHCP relay from working correctly through a Branch Office Virtual Interface (VIF) tunnel when PPPoE is enabled. [91515]
• This release resolves an issue that prevented traffic from correctly matching a policy configured with FQDN in the From field when the Terminal Services Agent is also in use. [91583]
• This release resolves an issue that caused low throughput for Tagged VLAN traffic on Firebox M200 and M300 appliances. [90500]
• The throughput of the Firebox built-in wireless interfaces is no longer limited to 56 Mbps when Traffic Management and QoS features are enabled. [90954]
• A Japanese localization issue related to configuring NTP from Policy Manager has been resolved in this release. [72923]
• An issue has been resolved that caused the error Internal_Error: Unable to set config to display when saving a configuration from Policy Manager. [88214]
• Internet traffic is no longer allowed after you remove the 0.0.0.0/0 and Any-External entries from Mobile VPN with IPSec policies. [90205]
• The Firebox no longer requires a restart when you change the dynamic NAT value in a BOVPN tunnel configuration. [82116]
• Policy Manager no longer accepts invalid SNAT configurations created when you upgrade older configuration files to WSM v11.10.7 or higher. [90874]
• This release corrects an issue that caused SFP load failures for Olink adapters. [91844]
• When a configuration is saved that uses many nested aliases, firewall policies no longer take several minutes to correctly handle network traffic. [91078]
• This release resolves an issue that resulted in the default Unhandled External Packet-00 policy to be ordered incorrectly in the firewall policy list, denying legitimate traffic. [91514]
• This release resolves an issue that caused upgrades to fail when DNS forwarding is enabled. [91753]

Authentication

• You can now use certificates without IKE/IPSec extended key usage for certificate authentication of BOVPN tunnels. [81227]
• This release resolves a crash in the authentication process (admd) that occurred when you disabled the custom logo for hotspot authentication. [91302]

VPN

• WatchGuard System Manager now displays all active SSL VPN Management Tunnels above the section that shows inactive connections. [85587]
• PPPoE link stage changes no longer affect VIF VPN tunnels. [91272]

FireCluster

• This release resolves a FireCluster process crash in the CCD daemon. [88594]
• This release resolves an issue that resulted in high CPU usage by the FireCluster CAD daemon when Firebox System Manager is open on a FireCluster. [91089]
• A problem that caused a generic kernel crash on the backup master Firebox in a FireCluster has been resolved in this release. [91791]

Centralized Management

• Firewall policy icons now show correctly in Dimension Command. [91968]
• The WatchGuard Server Center Setup Wizard now correctly sets up the Log and Report Server components when using a log encryption key that contains special characters. [71687]

WatchGuard AP Devices and Gateway Wireless Controller

• Actions that you can perform on AP devices are now grouped in an Actions drop-down list. [91451]
• You can now remove AP firmware from your Firebox with Gateway Wireless Controller. [91412]
• A new packet filter template is available for WatchGuard Wi-Fi Cloud AP management. The packet filter template “WG-Cloud-Managed-WiFi“ defines the required ports (TCP 443 and UDP 3851) and destination domains to enable AP devices to communicate with cloud services. [91647]
• Domain names for WatchGuard Wi-Fi Cloud services are now included by default in the HTTP Proxy Exceptions, and now configured to bypass HTTPS content inspection by default. [91481, 91482]