WatchGuard Fireware v11.12 Update 1 released


Note: Fireware v12.1 is now available, see here for details.

WatchGuard Fireware v11.12 Update 1 was released on 21st December. This replaces the previous version of 11.12.

Full release notes can be found here. Please read them before upgrading! Your Firebox must be running, XTM v11.7.5, v11.8.4 or v11.9 or higher before upgrading.

The software can be downloaded from here.

Enhancements and resolved issues in 11.12 Update 1 (source: Fireware Release Notes)

  • This release resolves a vulnerability that could allow an attacker to hijack an existing management session. [EPA-1354]
  • This release reduces the Firebox memory storage data partition size to 1.2GB or less to prevent an issue that caused some Firebox M200, M300. M400, M440, and M500 devices to fail. [92556]
  • Support.tgz snapshots no longer include the BOVPN shared secret file in plain text in the ikemsg.log file. [92661]
  • The release patches the Firebox kernel to address the Dirty COW vulnerability (CVE-2016-5195). [92517]
  • BOVPN tunnel status for XTMv devices now displays correctly in Firebox System Manager and Fireware Web UI. [92479]
  • This release resolves a kernel crash that affected some Firebox M440 devices. [92609]
  • This release resolves an issue that caused Mobile VPN with PPTP to fail when your Firebox was configured with multiple external interfaces. [92528]
  • The Firebox now correctly blocks traffic from hosts that have been manually configured to be blocked using Firebox System Manager or Traffic Monitor. [92569]
  • YouTube SafeSearch is now correctly enforced for users that are logged in to Google accounts when the HTTPS proxy is configured with Content Inspection enabled. [80639]
  • Users can no longer evade YouTube SafeSearch by refreshing the web page when the HTTPS proxy is configured with Content Inspection enabled. [92159]

For more detailed information see the presentation below.
What’s New in Fireware v11.12

Related Posts:

1. How to display external bandwidth reports in WatchGuard Dimension

2. How to renew the WatchGuard default self signed web certificate

3. WatchGuard: How to resolve “Response denied by WatchGuard HTTP Proxy – Reason: header-line too large”


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.