Enhancements and Resolved Issues in Fireware v11.11.4
lThis release includes a localization update for WatchGuard System Manager and Fireware Web UI to
match Fireware v11.11 functionality for our French, Japanese, and Spanish (LA) users.
lThis release resolves a kernel crash on Firebox M400 and M500 appliances when using IPSec VPNs.
lThis release includes multiple updates to the lighttpd service used by the Firebox web server to ensure
best cipher suite compatibility with modern web browsers. [91311]
lThis release resolves an issue that prevented changes from saving correctly from Fireware Web UI
when using the localized French interface. [92008]
lSeveral Fireware Web UI pages have been updated to guard against XSS injection attempts. [86039]
lThe Fireware Web UIConfiguration Report now correctly displays all ports and protocols for a firewall
policy when multiple ports and protocols are configured. [91347]
Proxies and Security Subscriptions
lThe SMTP and HTTPS proxy now support Perfect Forward Secrecy (PFS). [82389, 90567]
lThe HTTPS-proxy log messages now contain application identification information when Content
Inspection is not enabled. [87532]
lFor a new WebBlocker action, the Log this action option is now always enabled by default. [89834,
lThe HTTPS proxy no longer crashes when Content Inspection is enabled and an HTTPS request is sent
that uses an unsupported cipher. [91455]
lThis release resolves an issue introduced in Fireware v11.11.1 that prevented traffic from passing
through a proxy policy if the receiving interface has an MTU set below 1500. [91761]
lThis release resolves an issue that caused some unhandled denied traffic to show as allowed in the
traffic log message even though the traffic was denied. [91566]
lMobile Security trial licenses now work correctly. [91754]
lThe POP3 proxy now provides the ability to detect file extensions inside compressed attachments.
lThis release improves the proxy detection of Visual Basic Script macros inside of Microsoft Office
documents. [91388]
lThis release resolves an issue that occurred when you edit an existing Explicit Proxy action where
Content Inspection is not enabled in CONNECT Tunneling. [91887]
lThe SMTP proxy Return-Receipt-To header rule now correctly matches the header field name. [91504]
lPOP3 proxy log messages now correctly include the User field. [91493]
lHTTP Proxy Exceptions now save correctly from the French localized Fireware Web UI. [92008]
lThe SIP ALG no longer crashes when referencing a pointer to a proxy connection structure that has
already been freed and is no longer valid. [91563]
lThis release updates the proxy handling of SSLv2 traffic. SSLv2 traffic will now pass through the
HTTPS-Proxy if Allow only SSL compliant traffic is not enabled and Content Inspection is disabled.
lSSL unknown protocol event log messages no longer occur when incomplete SSLauthentication
connections are closed by the Firebox. An example of those log messages looks like this: SSL:1
error;140760FC:SSL routines;SSL23_GET_CLIENT_HELLO;unknown protocol.[91641]
Enhancements and Resolved Issues in Fireware v11.11.4
22 WatchGuard Technologies, Inc.
Terms of Use | Privacy Policy | DMCA Policy
2006-2021 Rsmanuals.com