Release Notes 15
lWatchGuard Mobile VPN License Server (MVLS) v2.0, powered by NCP- Click here for more
information about MVLS. If you have a VPN bundle ID for macOS, it must be updated on the license
server to support the new macOS 3.00 client. To update your bundle ID, contact WatchGuard Customer
Support. Make sure to have your existing bundle ID available to expedite the update.
XTMAppliances do not support FIreware 12.2 and higher
WatchGuard continues to add new features and services to enhance our customers’ security. The continued
growth of the Fireware OS means it is no longer suitable for older generation appliances with more limited
resources. The new Fireware 12.2 release is only available on Firebox appliances. Fireware 12.2 and
subsequent releases greater than 12.2 will not be available on any XTM appliances. WatchGuard will continue
to provide updates to the 12.1.x firmware versions to provide bug fixes and important security updates as
Customers with XTM appliances may want to consider trade-up to the newer Firebox models. Full details about
the WatchGuard Trade-up program are available here: Customer Loyalty Trade Up Program.
WebBlocker Server with SurfControl End of Life
The local WebBlocker Server with SurfControl is not supported in Fireware v12.2. If you use Policy Manager
v12.2 to save a configuration file to a Firebox that runs v12.1.x or lower and uses a local WebBlocker Server
with SurfControl, the configuration file will be automatically updated to use WebBlocker Cloud.
If you want to continue to use the local WebBlocker Server with SurfControl, save your configuration file with
Fireware Web UI or Policy Manager v12.1.x.
It is important to understand that, after 30 November 2018, all new and cached queries made to the
WebBlocker Server with SurfControl will return uncategorized responses. This is because of our vendor
partner's license procedures for end-of-life products. We recommend that you upgrade to WebBlocker Cloud or
switch to the new on-premises WebBlocker Server when it is available.
SSL/TLS Settings Precedence and Inheritance
Four Firebox features use SSL/TLS for secure communication and share the same OpenVPN server:
Management Tunnel over SSL on hub devices, BOVPN over TLS in Server mode, Mobile VPN with SSL, and
the Access Portal. These features also share some settings. When you enable more than one of these
features, settings for some features have a higher precedence than settings for other features. Shared settings
are not configurable for the features with lower precedence. For more information, see this topic in Fireware
Modem Configurations Converted to External Interfaces with Failover Enabled
If your Firebox was configured for modem failover, when you upgrade your Firebox to Fireware v12.1 or higher,
the modem configuration is automatically converted to an external interface with modem failover enabled. If all
other external interfaces become unavailable, traffic automatically fails over to the modem interface. Modem
interfaces can also participate in multi-WAN on all devices except the Firebox T10, Firebox T15, and XTM 2
Series devices that do not have the Pro upgrade.