Proxies And Services - Watchguard Firebox T10 Release Note

PPPoE Link Monitor now works correctly when you use both Link Monitor Ping and TCP with domain
l
names selected.
The BOVPN New Gateway Endpoint menu now correctly displays the local External interface drop-
l
down list as the first option, and includes a tooltip to indicate that only the primary IP address of the
selected External interface will be used for tunnel negotiations.
The BOVPN Gateway Endpoints list now displays columns in the correct order.
l
NAT rules now work correctly when you configure a BOVPN tunnel host route using a /32 subnet mask
l
and 1-to-1 NAT configured.
This release resolves an issue that caused a Firebox to become unresponsive after a secondary
l
IP address configured as part of a Dynamic NAT rule was removed from the Firebox configuration.
[92727]
DWM-221 modem interoperability has been improved.
l
BOVPN IKEv2 tunnels to CheckPoint devices now establish correctly.
l
FireCluster
To prevent FireCluster upgrade issues, you can no longer upgrade a single FireCluster member with
l
Policy Manager.
Hotspot guest administrators can no longer get access to the backup member of a FireCluster.
l
This release resolves a FireCluster issue that caused a kernel crash and subsequent failover for some
l
customers.
[92567]
From Front Panel, you can now correctly expand FireCluster member details for a Firebox installed with
l
Fireware v11.11.x or earlier.
FireCluster devices no longer produce XML-RPC error: connection time out messages when Gateway
l
AV signatures are manually updated in Firebox System Manager.

Proxies and Services

The Firebox now includes the host IP address when it sends data to the WebBlocker Websense
l
database for classification.
The IPS signature ID is now included in LEEF syslog messages.
l
This release resolves an issue that caused the SMTP/POP3 proxies to strip base64 message parts if
l
the message parts contained the exclamation point character (!).
This release improves the detection of macro-enabled Microsoft Office documents.
l
The spamBlocker Virus Outbreak Control block function now correctly auto-blocks the source when a
l
virus is detected.
The SMTP proxy deny message has been improved to include different admin actions for Gateway AV
l
Scan errors.
[92010]
The HTTP proxy now supports multiple Transfer-Encoding Methods carried in the same header.
l
An issue that caused some specific websites to fail to load through the HTTPS Proxy has been fixed.
l
[92363]
When you use policy manual-order mode in Fireware Web UI, HTTPS-Proxy rule position no longer
l
changes when Content Inspection is enabled.
An issue has been resolved that caused slow Google website access through links in MS Office
l
products when using the HTTPS Proxy with Content Inspection enabled.
Content filtering within gzip-compressed websites has been improved.
l
In Fireware v11.11.4, we announced that PFS support was not available on Firebox T10, T30, T50, XTM
l
25/26, or XTM 33 devices. Because of a bug, support for PFS-capable ciphers in the TLS handshake
process was allowed in both Fireware v11.11.4 and v11.12 for this set of devices, but the restriction is
now correctly enforced in v11.12.1. See this
Release Notes
[92506]
[92700]
[90999]
[92633]
[90264]
[92021]
Enhancements and Resolved Issues in Fireware v11.12.1
[87940]
[92809]
[90792]
[92551]
[92622]
[92560]
Knowledge Base article for more information.
[92708]
[92707]
[92408]
[92687]
[63563]
[92504]
[92462]
[92476]
21