Print topic

Fireware XTM v11.3.2 Release Notes

Supported Devices XTM 2, 5, and 8 Series
XTM 1050
Firebox X Peak, Core and Edge e-Series
Fireware XTM OS Build 290779
WatchGuard System Manager Build 290753
Revision Date October 18, 2010

Introduction

Fireware XTM v11.3.2 is the newest software release for the WatchGuard XTM and Firebox e-Series appliances. Fireware XTM v11.3.2 demonstrates a continuing commitment to quality to WatchGuard customers, with a significant number of bug fixes and enhancements, including:

See the Resolved Issues section below for a complete list of resolved issues. For more information about the enhancements in the Fireware XTM v11.3.2 release, see What's New in Fireware XTM v11.3.2, available on our public documentation page.

If you have installed Fireware XTM v11.3.2 build 291323 on your Firebox X Edge e-Series, you must upgrade to the new Fireware XTM OS build 292057 to resolve a problem with AV scanning that occurred in the first posted Edge OS build. This new build resolves a problem that caused the HTTP proxy to stop passing traffic when Gateway AV is enabled.

Before You Begin

Before you install this release, make sure that you have:

Fireware XTM and WSM v11.3.2 Operating System Compatibility

Fireware XTM v11.3.2 and WSM v11.3.2 Operating System Compatibility table

System Requirements

  If you have WatchGuard System Manager client software only installed If you install WatchGuard System Manager and WatchGuard Server software

Minimum CPU

Intel Pentium IV

1GHz

Intel Pentium IV

2GHz

Minimum Memory

1 GB

2 GB

Minimum Available Disk Space

250 MB

1 GB

Minimum Recommended Screen Resolution

1024x768

1024x768

Localization

The Fireware XTM management user interfaces (WSM application suite and Web UI) have been localized for the v11.3 release. Changes made to the user interface since the release of v11.3 remain in English. Supported languages are:

In addition to these languages, we have introduced localized Web UI support for Korean and Traditional Chinese with the v11.3.1 release. Only the Web UI itself has been localized. WSM, and all help files and user documentation, remain in English.

Note that most data input must still be made using standard ASCII characters. You can use non-ASCII characters in some areas of the UI, including:

Any data returned from the device operating system (e.g. log data) is displayed in English only. Additionally, all items in the Web UI System Status menu and any software components provided by third-party companies remain in English.

Fireware XTM Web UI

The Web UI will launch in the language you have set in your web browser by default. The name of the currently selected language is shown at the top of each page. To change to a different language, click the language name that appears. A drop-down list of languages appears and you can select the language you want to use.

WatchGuard System Manager

When you install WSM, you can choose what language packs you want to install. The language displayed in WSM will match the language you select in your Microsoft Windows environment. For example, if you use Windows XP and want to use WSM in Japanese, go to Control Panel > Regional and Language Options and select Japanese from the language list.

Reporting Web UI, CA Manager, Quarantine Web UI, and Wireless Hotspot

These web pages automatically display in whatever language preference you have set in your web browser.

Downloading Software

  1. Go to the LiveSecurity web site’s Software Downloads page at http://www.watchguard.com/archive/softwarecenter.asp
  2. Log in to the LiveSecurity web site. Then, select the product line you use and look for the Fireware XTM software download section.

There are several software files available for download. See the descriptions below so you know what software packages you will need for your upgrade.

WatchGuard System Manager

All users can now download the WatchGuard System Manager software. With this software package you can install WSM and the WatchGuard Server Center software:

WSM11_3_2s.exe — Use this file to upgrade WatchGuard System Manager from v10.2.x or v11.x to WSM v11.3.2.  

Fireware XTM OS

Select the correct Fireware XTM OS image for your hardware.

If you have…. Select this Fireware XTM OS package

XTM 1050

XTM_OS_1050_11_3_2.exe

XTM 8 Series

XTM_OS_XTM8_11_3_2.exe

XTM 5 Series

XTM_OS_XTM5_11_3_2.exe

XTM 2 Series

XTM_OS_XTM2_11_3_2.exe

Firebox X Core or
Peak e-Series

XTM_OS_Core_Peak_11_3_2.exe

If you want to downgrade a Firebox X Core or Peak e-Series from Fireware XTM v11.3.2 to Fireware v10.2.x, you must download this file: utm_core_peakdown2fw.zip

Firebox X Edge e-Series

XTM_OS_Edge_11_3_2.exe — Use this file to upgrade your OS and configuration from v11.0.2 to v11.3.2.

edge_11_3_2.exe — Use this file to upgrade your OS and configuration from v10.2.9 or higher to Fireware XTM.

XTM_edge_11_3_2.zip — Use this file to upgrade your OS from v10.2.9 or higher to Fireware XTM. No configuration conversion is possible if you use this file. You can also use this file to upgrade from previous versions of XTM 11 to v11.3.2.

Recovery Mode Software

To use the USB automatic restore feature, you must download and install a v11.x recovery mode software image for your XTM device. The file name is utm_[Firebox_model]_sysb-dl.zip and you can find recovery mode upgrade instructions later in these release notes. There is no new Recovery Mode software for e-Series devices.

Single Sign-on Software

There are two files available for download if you use Single Sign-on:

For information about how to install and set up Single Sign-on, see the product documentation.

Mobile VPN with SSL Client for Windows and Macintosh

There are two files available for download if you use Mobile VPN with SSL:

Upgrade from Fireware XTM v11.x to v11.3.2

Before you upgrade from Fireware XTM v11.x to Fireware XTM v11.3.2, go to the WatchGuard Software Downloads Center. Download and save the file that matches the WatchGuard device you want to upgrade. You can use Policy Manager or the Web UI to complete the upgrade procedure. We strongly recommend that you back up your device configuration before you upgrade.

If you are currently running v11.0 or v11.0.1 on your Firebox X Edge e-Series, you must upgrade to v11.0.2 before you upgrade to v11.3.2 to avoid possible file system corruption. This issue does not apply to any other model.

From the Web UI:

  1. Go to System > Backup Image and back up your current configuration file.
  2. On your management computer, launch the OS executable file you downloaded from the WatchGuard Software Downloads Center. This installation extracts an upgrade file called utm_[Firebox_model].sysa-dl to the default location of C:\Program Files\Common files\WatchGuard\resources\FirewareXTM\11.3.2\[Firebox_model]
  3. Connect to your Firebox with the Web UI and select System > Upgrade OS.
  4. Browse to the location of the utm_[Firebox_model].sysa-dl file from Step 1 and click Upgrade.

From Policy Manager:

  1. From File > Backup, back up your current configuration file.
  2. On your management computer, launch the OS executable file you downloaded from the WatchGuard Software Downloads Center. This installation extracts an upgrade file called utm_[Firebox_model].sysa-dl to the default location of C:\Program Files\Common files\WatchGuard\resources\FirewareXTM\11.3.2\[Firebox_model]
  3. Open WatchGuard System Manager v11.3.2. Connect to your Firebox and launch Policy Manager.
  4. From Policy Manager, select File > Upgrade. When prompted, browse to and select the utm_[Firebox_model].sysa-dl file from Step 1.

Upgrade WatchGuard server software

It is not necessary to uninstall your v11.0.x server or client software when you update from v11.0.1 or higher to Fireware XTM v11.3.2. You can install the v11.3.2 server and client software on top of your existing installation to upgrade your WatchGuard software components.

Downgrade from Fireware XTM v11.3.x to v11.x

If you want to downgrade from Fireware XTM v11.3.x to an earlier version of Fireware XTM, you either:

Upgrade the Recovery Mode Software Image

To use the USB automatic restore feature, you must upgrade the recovery mode software image on your XTM device to v11.3. This upgrade is only necessary if you use the USB automatic restore feature, which is available only for XTM devices. If, for any reason, you downgrade the OS version on your XTM device from v11.3.2 to an earlier version of Fireware XTM OS, there is no need to downgrade the Recovery Mode Software Image. The v11.3.2 Recovery Mode Software image works with earlier versions of Fireware XTM OS.

If you upgraded the recovery mode software image on your XTM device for Fireware XTM v11.3, you do not need to upgrade it again for v11.3.2.

To upgrade the recovery mode image:

From the Web UI:

  1. Copy the Recovery Mode upgrade file for your model of XTM device from the Software Downloads Center to your management computer.
  2. Extract the contents of the .zip file.
  3. Connect to your XTM device with the Web UI and select System > Upgrade OS.
  4. Browse to the location of the utm_[Firebox_model].sysb-dl file you extracted in Step 2 and click Upgrade.

From Policy Manager:

  1. Copy the Recovery Mode upgrade file for your model of XTM device from the Software Downloads Center to your management computer.
  2. Extract the contents of the .zip file.
  3. Open WatchGuard System Manager v11.3.2. Connect to your XTM device and launch Policy Manager.
  4. From Policy Manager, select File > Upgrade. When prompted, browse to and select the utm_[Firebox_model].sysb-dl file you extracted in Step 2.

Mobile VPN Client Software

With Fireware XTM v11.3.1, WatchGuard is releasing new Mobile VPN with SSL clients.

Mobile VPN with IPSec

There is no new Mobile VPN with IPSec client available for v11.3.1. You can continue to use the Mobile VPN with IPSec v11.2.3 client available on the Software Downloads page.

Mobile VPN with SSL client for Windows and Mac

The v11.3.1 Mobile VPN with SSL client is integrated into the Fireware XTM v11.3.1 OS. When an SSL client computer running an earlier version of the client software connects to a Firebox running v11.3.1, the user sees a prompt to upgrade the SSL client version to 5.5 for Windows and 5.3 for Mac. Select Yes to upgrade the Mobile VPN client version to v11.3.1. 

There is a Known Issue for customers who upgrade from Fireware XTM v11.2.1 to v11.3.1. For v11.2.1 users, the upgrade process described above will fail. To upgrade the client software from v11.2.1 to v11.3.1, you have two options:

If you are running Fireware XTM, Mobile VPN with SSL continues to operate if the user chooses not to upgrade, however, the user does not receive the fixes available in the v11.3.1 Mobile VPN with SSL client. When you upgrade from Fireware or Edge OS to Fireware XTM, you must upgrade your Mobile VPN with SSL client.

Resolved Issues

The Fireware XTM v11.3.2 release resolves a number of problems found in earlier Fireware XTM v11.x releases.

General

Authentication

Mobile VPN with SSL

FireCluster

Logging and Reporting

WatchGuard System Manager

Web UI

Proxies and Services

SIP and H323

Branch Office VPN

Networking

Known Issues

These are known issues for Fireware XTM v11.3.2 and all management applications. Where available, we include a way to work around the issue.

General

Workaround
Do not use the "-" character as the first character in your status or configuration passphrase.

Upgrade Issues

Workaround
Add the DNS suffix and second DNS entries again after you upgrade to v11.x.

WatchGuard System Manager

Workaround
Make sure that Windows XP compatibility mode is not enabled on the WSM v11.x executable file. To verify, locate the wsm.exe file in Windows Explorer. Right-click on the executable file, select Properties, and click the Compatibility tab.

Workaround
Connect to the Management Server from WSM. Select the managed device and select Update Device. Select the radio button Reset server configuration (IP address/ Hostname, shared secret).

Workaround
Exit the WatchGuard Server Center before you start the uninstall WSM. You can then uninstall WatchGuard System Manager successfully.

Web UI

WatchGuard Server Center

Workaround
You can either upgrade your gateway Firebox or XTM device to WSM v11.3.2, or do not add the gateway Firebox device information when you run the v11.3.2 Management Server Setup Wizard.

Command Line Interface (CLI)

Logging and Reporting

Multi-WAN

Networking

Workaround
1. If your computer is directly connected to the XTM 2 Series device during the Web Setup Wizard, use a static IP address on your computer.
2. Use a switch or hub between your computer and the XTM 2 Series device when you run the Web Setup Wizard.

Firebox X Edge e-Series Wireless

FireCluster

Workaround
Do not use any of the default IP addresses as the Primary or Backup cluster interface IP address.

Authentication

Proxies

Workaround
You can use the H.323 protocol instead of SIP.

Security Subscriptions

Mobile VPN with SSL

Workaround
To upgrade your Mobile VPN with SSL client from v11.2.1 to v11.3, use your web browser to connect to https://<IP address of a Firebox or XTM device>/sslvpn.html. You can then download and install the new client software. Or, you can download the client software from the Software Downloads page and email it your users to install on their computer.

Mobile VPN with IPSec

Workaround
Increase the rekey byte count.

Branch Office VPN

Workaround
If you use multi-WAN and have problems with your branch office VPN tunnels failing to negotiate with their remote peers, you must open your multi-WAN configuration and select Configure adjacent to your chosen multi-WAN configuration mode. Make sure that the appropriate interfaces are included in your multi-WAN configuration.

Workaround
Do not use Any for the Local or the Remote part of the tunnel route. Change the Local part of your tunnel route. Type the IP addresses of computers behind the Firebox that actually participate in the tunnel routing. Contact the administrator of the remote IPSec peer to determine what that device uses for the Remote part of its tunnel route (or the Remote part of its Phase 2 ID).

Using the CLI

The Fireware XTM CLI (Command Line Interface) is fully supported for v11.x releases. For information on how to start and use the CLI, see the CLI Command Reference Guide, which has been updated for this release. You can download the CLI guide from the documentation web site at http://www.watchguard.com/help/documentation/xtm.asp.

Technical Assistance

For technical assistance, contact WatchGuard Technical Support by telephone or on the Web at http://www.watchguard.com/support. When you contact Technical Support, you must supply your registered Product Serial Number, LiveSecurity key or Partner ID.

 Phone Number
U.S. End Users877.232.3531
International End Users+1 206.613.0456
Authorized WatchGuard Resellers206.521.8375

Give us feedback  •   All product documentation  •   Knowledge Base