WatchGuard Fireware v12.0.1 released


Note: Fireware v12.1 is now available, see here for details.

Update – 10/11/17 A new build of 12.0.1 (build 546110) has been released for M200 and M300 devices. If you haven’t updated already, maybe wait a week to make sure this build is ok before upgrading. Having a remote Firecluster die on you isn’t fun, as happened with our upgrade to the original 12.0.1 Fireware!

Fireware 12.0.1 builde 546110 M200 M300 issue

Update – 07/11/17 don’t install 12.0.1 on a M200 or M300 Firecluster yet. The download has been temporarily pulled from the WatchGuard website for these products only. 

WatchGuard Fireware v12.0.1 was released on 31 October 2017. This replaces the previous version of 12.0.0.

Full release notes can be found here. Please read them before upgrading! Your Firebox must be running, XTM v11.7.5, v11.8.4 or v11.9 or higher before upgrading.

There is a new Gateway AV Engine in Fireware 12.0 and beyond, so the first time you upgrade to 12.0.x a new signature definition will need to be downloaded which can take 7-10 minutes, future definitions are incremental and much quicker.

The software can be downloaded from here.

Enhancements and resolved issues in 12.0.1 (source: Fireware Release Notes)


  • This release resolves an issue that prevents configuration migration if the Geolocation feature is enabled in the configuration file. [FBX-8345]
  • Diagnostic Tools in the Web UI and Firebox System Manager DNS lookup tool no longer require a Firebox reboot to use an updated DNS server. [FBX-7671]
  • This release resolves an issue that caused Web UI Front Panel and FireWatch to intermittently fail to display. [FBX-5999]
  • Policy Manager can now successfully save configuration changes to Fireboxes that run Fireware v11.8 and lower. [FBX-7967]
  • Diagnostic Task now correctly displays an increase of file size when you stream TCP Dump output to a file. [FBX-8173]
  • This release adds support for Autotask integration from Policy Manager and Web UI. [FBX-1412]
  • This release adds several enhancements to ConnectWise integration. [FBX-6466]
    • You can now use a new or existing ConnectWise configuration.
    • You can now edit Firebox configuration question answers.
    • You can now specify the Service Board where new Firebox tickets are created.
  • This release adds a new UI option to allow WatchGuard Technical Support remote login access to work with you on support issues. [FBX-1834]
  • You can now import and export a list of alias members. This feature is only available in Fireware Web UI in this release. [FBX-5447]
  • The default settings configured by the Web Setup Wizard and Quick Setup Wizard have been updated for improved security and usability. [FBX-4462]
  • You can now use Policy Manager to save a configuration file for a specific version of Fireware. [FBX-7154]

Proxies and Services

  • The Proxy log message for channel closed by client is now more clear and readable. [FBX-8241]
  • You can now enable or disable Gateway AV in a Proxy Action configuration, instead of only at the individual policy level, so you can enable or disable the service in multiple policies at the same time. [FBX-4057]
  • Gateway AV now has a separate configurable action for encrypted files. [FBX-3839]
  • The Gateway AV scan size is now set automatically. [FBX-3796]
  • Gateway AV decompression is now enabled by default. [FBX-6865]
  • This release resolves an issue with the Firebox not connecting to TDR and Log Services after a DNS server change. [FBX-6651]
  • The Web UI Subscription Services dashboard now correctly displays the spamBlocker graph. [FBX-8272, FBX-3299]
  • This release improves the log message clarity for APT Blocker scores. [FBX-8063]
  • Calls that use SIP-Proxy and are on hold can now resume correctly without one-way audio. [FBX-2624]
  • SMTP and POP3 proxies now more accurately detect macros in MS Office files and generate fewer false-positive results. [FBX-5974]
  • This release resolves an issue that caused the SMTP proxy to fail to deliver emails when the session is encrypted with TLS. [FBX-8053]
  • This release resolves an issue that caused some websites to fail through the HTTPS proxy with Application Control and Content Inspection enabled. [FBX-7683]
  • The YouTube for Schools option has been removed from the HTTP proxy action General Settings because Google has discontinued this service. [FBX-6860]


  • The web server on the Firebox now correctly returns intermediate certificates in its response. [FBX-8221]
  • This release resolves an issue that prevented users on an internal interface from connecting to the Firebox authentication portal on port 4100 when Hotspot is configured for that interface. [FBX-6800]


  • Mobile VPN with IPSec policies in Firebox Web UI now have the Specify Users button to define users and groups for the policy. [FBX-7018, 77823]


  • FQDN diagnostic command output is no longer truncated in the CLI and diagnostic log file. [FBX-7755, FBX-6426]
  • UDP Flooding is now detected correctly on VLAN interface assigned to Link Aggregation interfaces [FBX-7700]
  • The NTP service no longer fails to start if the configuration contains multiple interfaces with the same IP address. [FBX-6437]


  • This release resolves a crash that occurred in some environments with FireCluster configured. [FBX-7483]


  • This release and the AP firmware provided with the release addresses these KRACK WPA/WPA2 vulnerabilities. [FBX-8418, FBX-8566, FBX-8417, FBX-8415]
    • CVE-2017-13077 through CVE-2017-13082
    • CVE-2017-13084
    • CVE-2017-13086 through CVE-2017-13088
  • Gateway Wireless Controller now operates correctly when a configured SSID includes special unicode characters. [FBX-6847]
  • This release resolves an issue that caused Gateway Wireless Controller to randomly send scheduled automatic reboot to AP devices while a user is connected to Web UI or WatchGuard System Manager. [FBX-7409]
  • Gateway Wireless Controller will more reliably display a list of connected wireless clients. [FBX-5510, FBX-7603]
  • This release removes TKIP encryption as an option when you configure WPA2 Only for AP device security. [FBX-6472]
  • This release adds support for AP225 devices to the UI. The AP225 is not yet available for purchase. [FBX-6689]

Dimension and Centralized Management

  • Management Server now supports Firebox passphrases that include an ampersand(&) character. [FBX-7901]
  • Users defined through Management Server Role-Based Access Control can now correctly manage passphrases for newly added devices. [FBX-8077]

For more detailed information see the presentation below.
What’s New in Fireware v12.0.1

Related Posts:

1.WatchGuard: How to resolve “Response denied by WatchGuard HTTP Proxy – Reason: header-line too large”

2. How to display external bandwidth reports in WatchGuard Dimension

3. How to renew the WatchGuard default self signed web certificate

4. WatchGuard Dimension: How to change the Logging Encryption Key


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.