Tag Archives: 11.3.x

WatchGuard Releases Appliance Updates to Fix OpenSSL Flaws

WatchGuard has released several important updates to software for all product lines over the past couple of weeks to address reported vulnerabilities. Last month the OpenSSL team released an update for their popular SSL/TLS package, which fixes six security vulnerabilities in their product, including a relatively serious Man-in-the-Middle (MitM) flaw. More details about these vulnerabilities and their impact are available at the WatchGuard Security Center. If you are not already signed up, we recommend that you subscribe to the blog to get regular updates about security vulnerabilities, WatchGuard products, and general security news.

Here are the releases that have been posted to patch the vulnerable version of OpenSSL.  As always, maintenance releases also include many significant bug fixes. Full details are listed in the Release Notes for each release.

  • 11.3.8 for e-Series devices
  • 11.6.8 for XTM 21,22,and 23 devices
  • 11.7.5 for XTM devices
  • 11.8.4 for XTM and Firebox T10 devices, which is also localized into all of the WatchGuard supported languages.
  • 11.9.1 for XTM and Firebox T10 devices
  • Hotfixes for version 9.2 and 10.0 for XCS appliances
  • SSL 3.2 Update 2 for SSL 100 and 560 appliances.

Other highlights in the new Fireware 11.9.1 release include:

  • Support for default gateway on different subnet
  • Several improved warning and informational messages throughout the product

More information including screenshots are available in the What’s New presentation.

Do These Releases Pertain to Me?

The OpenSSL patch is available for all e-Series, XTM appliances, and Firebox T10. Please choose the version that is relevant for your environment and devices. Upgrade to 11.9.1 to get the latest enhancements to the product.

How Do I Get the Release?

e-Series, XTM, and Firebox appliances owners who have a current LiveSecurity Service subscription can obtain updates without additional charge by downloading the applicable packages from the Articles & Software section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button. Select the appropriate downloads for your devices. Please read the Release Notes before you upgrade, to understand what’s involved.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

Don’t have an active LiveSecurity subscription for your XTM appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a reseller ?

WatchGuard posts maintenance releases for e-Series and XTM 21/22/23 appliances.

WatchGuard has posted Fireware XTM OS 11.3.7 for e-Series and 11.6.7 for XTM 21/22/23 appliances. Along with providing significant bug fixes, these releases enable Commtouch as the anti spam solution provider. Both releases also include a fix for the buffer overflow vulnerability reported last week at WatchGuard Security Center. The Release Notes provide a complete list of all issues resolved in each software release.

Note: There is no corresponding update to WSM.

Does This Release Pertain to Me?

Customers with an XTM 21/21-W, 22/22-W, or 23/23-W appliance should upgrade to version 11.6.7. Customers with e-Series appliances should upgrade to 11.3.7.

Please read the 11.6.7 Release Notes and the 11.3.7 Release Notes before you upgrade, to understand what’s involved.

Note: These updates do not apply to customers with XTM 25 or higher appliances.

How Do I Get the Release?

XTM appliances owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Support section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

Don’t have an active LiveSecurity subscription for your XTM appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a reseller»

WatchGuard Releases Fireware XTM 11.3.6 for e-Series Appliances

Available for Firebox X Peak, Core, and Edge e-Series appliances

WatchGuard is pleased to announce the general release of Fireware XTM v11.3.6. This release demonstrates our continuing commitment to delivering high quality products to our customers, with a significant number of bug fixes. You can install Fireware XTM OS v11.3.6 on any Firebox X e-Series device. There is no WatchGuard System Manager v11.3.6. We recommend that you use a later version of WatchGuard System Manager to manage Fireware XTM 11.3.6.

Fireware XTM 11.3.6 includes a large number of bug fixes, covering many different areas of Fireware. For more information, see the Resolved Issues section of our Release Notes.

For users of the spamBlocker subscription service, WatchGuard has switched to Mailshell as our new provider of spam detection technology. Mailshell scored highly in the most recent VBSpam Comparative Test, the industry’s leading independent testing program. In the testing, Mailshell’s filter accurately detected 99.84% of spam without a single false positive. This release also includes updates to the Mailshell engine based on feedback submitted after its first release with 11.7.2 for XTM appliances.

Does This Release Pertain to Me?

If you have an e-Series appliance and wish to take advantage of the latest updates, you should upgrade to version 11.3.6. Please read the Release Notes before you upgrade, to understand what’s involved. Users with XTM appliances should consider upgrading to more recent releases like 11.6.5 or 11.7.2.

How Do I Get the Release?

XTM e-Series owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Support section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button. The 11.3.6 Release Notes include clear upgrade instructions.

As always, if you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

WatchGuard Releases IPS Signature Improvements for Older Fireware Versions

WatchGuard is pleased to announce a significant update to our Intrusion Prevention Service (IPS) that will apply to all Fireware XTM 10.x and 11.3 and earlier releases for XTM and e-Series appliances. IPS is one of the most important security functions in the system, and these changes are designed to provide even stronger security and usability to help protect your business. We are updating the IPS signature set with new signatures similar to those used in the new 11.4 release. It’s now easier to investigate attacks or potential false positives. And, along with the new signatures, we provide a portal where you can look up more detailed information, including links to third party vulnerability databases like NIST, Mitre, Secunia, and Bugtraq.

All of the new signatures in this database start with the prefix WG. Previous signatures that begin with ED are no longer used. Any exceptions that point to these old signature ids are not relevant now, but there is no need to remove them from the product. (Search tip: you need to remove the WG- prefix from the signature id before entering it into the search on this webpage).

The new signatures are distributed more evenly across the different proxies now with more http-client signatures. Server protection signatures have been consolidated, consistent with a general industry trend of writing more general purpose and higher quality signatures. For example, we now deliver more generic signatures to capture SQL injections, instead of including hundreds of very application-specific SQL injection signatures in the http-server. These changes are part of our ongoing commitment to provide the highest quality protection to our customers.

If you have an active Intrusion Prevention license (or UTM Bundle or Software Suite), and have enabled automatic updates, your appliance will download the new IPS signatures automatically, as part of its regular signature updates. Otherwise, you should use the signature update button in Firebox System Manager (FSM) or the Web UI to get this new signature update.

Does This Update Pertain to Me?

This IPS update affects all XTM and e-Series appliances owners running Fireware versions previous to 11.4 (11.3.x and 10.x), which have an active IPS service subscription.

How Do I Get the Update?

If you’ve enabled automatic IPS updates, your appliance will download the new IPS signatures automatically, as part of its regular signature updates. Otherwise, you should use the signature update button in Firebox System Manager (FSM) or the Web UI to get this new signature update. As always, if you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

Follow

Get every new post delivered to your Inbox.

Join 7,580 other followers

%d bloggers like this: