Fireware XTM v11.4.2 CSP11 For XTM 1050, 8-series, 5-series, 2-series Appliance Build # 328284 WSM Build # 328284 WSM v11.4.2 or higher is needed to manage a Firebox running Fireware XTM 11.4.2 CSP. 11.4.2 CSP releases are cumulative If you are installing WSM 11.4.2 CSP on a server which already has WSM 11.4.2 installed you will need to uninstall the existing 11.4.2 before installing 11.4.2 CSP. Make sure to choose to save your data during the uninstall and to also make a full backup before starting the uninstall. Resolved Issues: CSP1: BUG61760: Authentication failing or slow with hundreds of Firebox DB authentication at same time BUG62019: BOVPN tunnels would not establish after upgrade from 11.3.2 to 11.4.1 using IPSec Certificates BUG61916: XTM1050 xt_session module fails to add session due to limit of 1000 BUG61009: 1-to-1 NAT with SIP-ALG not working properly BUG59407, BUG62074: resolved several issues causing certificates to not sync properly when using FireCluster Active /Passive. Improper syncing resulted in missing certificates BUG62352: iOS PPTP connection may fail when connected from a 3G line CSP2: BUG61923: Proxy cfm worker1 spinning under high load BUG61924: Proxy cfm worker5 crash under high load BUG61807: GAV job open failed with scand stack traces BUG62104: Proxy cfm worker4 crash under high load BUG61325: "Any (0.0.0.0/0)" option in WebUI is different than actual zero route configured in WSM Improved TCP Selective ACK functionality added to proxies. The improved selective ACK should resolve reports of large file downloads stalling for http and ftp without GAV or IPS in use. The Selective ACK improvements may also help throughput through proxy policies on lossy networks with high latency. BUG60249, BUG42691, BUG60422,BUG39876, RFE39150, BUG60943 CSP3: BUG62624: Fixed Certd crash CSP4: BUG62693: Kernel crash - <0>EIP: 0060:[] Tainted: P VLI BUG61147: Multi-WAN PPPoE using the same default gateway now works properly RFE43777;RFE61727: SSLVPN client now supports 64bit Mac (10.6.x and 10.7) BUG60104;BUG61986; BUG59905; Fixed crashing of the GRED process used for Reputation Enabled Defense CSP5: BUG57523: Resolved kernel crash associated with EIP: f8ced295 BUG60036: unicast MAC is used for 1-1 NAT addresses on an A/P cluster BUG57440: Certain .xls files fail to transfer via FTP proxy BUG63009: GAV with FTP proxy unable to upload attached file BUG62787, Some default certificates are missing after FireCluster upgrade or failover BUG62581; BUG63152: FireCluster failovers caused Firebox to show inactive state CSP6: BUG61858: SSLVPN failed to complete connection after FireCluster Failover BUG60533: constant log messages from sslvpn_firecluster process after upgrade to 11.4.2 BUG61152: Issues with Multi-WAN DHCP using the same default gateway BUG56182: GAV scanning fails with logs: GAV job open failed () errors RFE41602: iPhone/iPad support for built in Cisco IPSec client BUG60378: Improved proxy connection clean up logic to remove some stale connections faster. CSP7: (build# 328158) BUG62966: file descriptor leak when running FireCluster causing management connections to the Firebox to fail. BUG62837: traffic monitor goes blank or update delay for 1 min due to invalid xml characters BUG62104: Proxy cfm worker4 crash during high load. CSP8: (build# 328728) BUG60697: Import of customer CA Root causing FSM to show java error message BUG63136; Improved proxy connection handling to prevent file transfers from stalling during periods of high proxy connections. BUG63222, BUG63468,BUG62925,BUG62934: Resolved issue resulting in proxy processes becoming stuck. As a result of the stuck proxy process a low memory state will occur causing the Firebox to stop passing all traffic. BUG62358: Resolved issue causing throughput degradation due to excessive ARPing from the Firebox when using FireCluster Active/Active. BUG63702: Firebox will not failover to secondary log server when log collector's cache is full. BUG62024,BUG63035: Resolved issue which caused a PPPoE process to stop responding resulting in the PPPoE connection not returning after down event from ISP. BUG56483,BUG62518: FC has to be rebooted every time for 3rd party cert to take effect after a failover event. CSP9: (build# 329167) BUG56592:SSL connection attempt causes frequent CPU spikes CSP10: (Build# 336603) BUG63867: SMTP proxy causes RFC5321 violation BUG63136: HTTP proxy downloads stalling with Selective ACK support and IPS enabled BUG65105: Generate incorrect iptable rule for setting of BOVPN 1 to 1 NAT with IP range object BUG62883: resolved certd crashing/failure issue. CSP11: (build# 338227) BUG63231: cluster should avoid been blocked more than cluster monitoring timeout BUG64201: Resolved firewalld stack trace WSM 11.4.2 CSP fixes: (build # 328284) BUG63377: WSC takes a long time to apply management server config changes BUG63676: WSC shows incorrect Log/Report server status, if Management Server is busy BUG63675: dvcp.status request processing taking a long time (> 5 seconds) on Radiant's management server BUG63385: dvcp.status request could cause all Management Server threads to be blocked BUG63708: wgpr dso limitation prevents log collector from accepting over 512 simultaneous connections BUG60411: Log viewer search fails to find any match on new install of 11.4 or 11.4.1 log server BUG62360: Log collector locks up RFE62327: Log Server: Option to disable email notifications when database tables are dropped BUG62184: Report server blocks the log server drop table command BUG61484: Search string with a single quote character in log viewer causes an error in SQL Description of v11.4.2 files available for download: XTM_OS_1050_11_4_2.exe -- appliance firmware to install 1050 sysa-dl file on your PC to upload to the 1050 using policy manager or the WebUI XTM_OS_XTM2_11_4_2.exe -- appliance firmware to install sysa-dl file on your PC to upload to the XTM 2-series using policy manager or the WebUI XTM_OS_XTM5_11_4_2.exe -- appliance firmware to install sysa-dl file on your PC to upload to the XTM 5-series using policy manager or the WebUI XTM_OS_XTM8_11_4_2.exe -- appliance firmware to install sysa-dl file on your PC to upload to the XTM 8-series using policy manager or the WebUI