HTTPS Proxy Content Inspection with Fireware v12.1
With Fireware 12.1 we updated the HTTPS proxy action to include a Content Inspection Exceptions list, which
includes domains for services such as Dropbox, Skype, and Microsoft Office that are known to be incompatible
with content inspection. The HTTPS proxy does not perform content inspection for domains with enabled
exceptions on the Content Inspection Exceptions list.
When you upgrade your Firebox to Fireware v12.1 or higher the Content Inspection Exceptions list is
automatically enabled in all HTTPS proxy actions that have content inspection enabled. After the upgrade, we
recommend that you review the Content Inspection Exceptions list in your configured HTTPS proxy actions,
and disable the exception for any domain you do not want the HTTPS proxy to allow without content inspection.
For more information, see Which applications are on the default exception list in an HTTPS proxy action in the
Knowledge Base.
Gateway AV Engine Upgrade with Fireware v12.0
With Fireware v12.0, we updated the engine used by Gateway AV to a new engine from BitDefender. As a
result, any Firebox that upgrades from Fireware v11.x version to v12.0 or later must download a new signature
set, which can take 7-10 minutes for the first update. It can take an additional 5-7 minutes to synchronize a
FireCluster. We recommend that you upgrade to Fireware v12.x at a quiet time on your network. After the initial
update, signature updates are incremental and much faster than in previous versions.
While the new signature set is being downloaded, network users could experience issues related to Gateway
AVscan failures for several minutes after the update, and inbound emails sent through the SMTPproxy could
be locked.
WatchGuard updated the certificate used to sign the .ova files with the release of Fireware
v11.11. When you deploy the OVF template, a certificate error may appear in the OVF template
details. This error occurs when the host machine is missing an intermediate certificate from
Symantic (Symantec Class 3 SHA256 Code Signing CA), and the Windows CryptoAPI was
unable to download it. To resolve this error, you can download and install the certificate from
Upgrade Notes
16 WatchGuard Technologies, Inc.
Terms of Use | Privacy Policy | DMCA Policy