User guide

ManualsBrandsWatchguard ManualsNetworkingV10

WATCHGUARD SYSTEM MANAGER AND FIREWARE WSM/FIREWARE 10.2.7

 The spamBlocker Proactive Patterns feature is not available for Firebox X Core models X500,

X700, X1000, and X2500. Policy Manager allows the user to configure the proactive patterns

feature for non e-Series Core Fireboxes, however, the feature does not work.

[21496]

Gateway AV/IPS

 The Firebox System Manager Security Services tab only updates the Available version

information for the AV engine, AV signatures, and IPS signatures once each hour. Because of

this, the displayed available version can show as older than the installed version after a

manual update. You must disconnect and reconnect FSM to the Firebox to refresh the Security

Services information.

[21639]

 When your Gateway AV configuration is configured to lock infected email messages, an email

attachment is greater than 100K bytes, and a virus is detected after the first 100K bytes, then

the attachment is truncated instead of locked, even though the log message shows that the file

was locked.

[21489]

WebBlocker

 You must download a new full WebBlocker database for your WebBlocker Server when you

upgrade from WSM 9.x or older to WSM v10.x. The WebBlocker Server database has been

upgraded from 40 to 54 categories. You must do this even if you chose to keep the

WebBlocker database and configuration files from the previous version of WSM. Verify your

WebBlocker profile configurations after the upgrade to make sure your profile to make sure

they take advantage of the new categories.

 No deny message is sent back to the client when an HTTPS connection is correctly blocked

because of your WebBlocker configuration. Blocked HTTPS connections are accurately

recorded in the log file.

[22515, all platforms]

 If you have a v9.1 WebBlocker configuration with the

Deny All Categories check box selected,

the check box is cleared when you upgrade to WSM/Fireware v10.x.

[23679]

Workaround

After you upgrade from v9.x or older to WSM/Fireware v10.x, you must select the Deny

All Categories check box again and save the change to the Firebox.

User Interface

 The WSM v10.2.x software includes many bug fixes that do not affect the user interface. Any

changes to the user interface included in the v10.2.x release are not localized. If you upgrade

from the localized v10.1 release to the v10.2.x release, note that new UI elements remain in

English. There are no updates to the localized help content.

Branch Office VPN

 If multiple IKE Phase 1 and Phase 2 proposals are configured in Policy Manager, Fireware

only sends the first IKE proposal when it initiates a VPN tunnel. If Fireware does not initiate the

VPN tunnel, Fireware cycles through the list of proposals until a match is found. Because of

this issue it is important to have the order of the phase 1 and phase 2 proposals match on both

sides of the VPN tunnel, if multiple proposals are used.

[24834]

 When a certificate is revoked or renewed, a managed Branch Office VPN tunnel with a valid

certificate does not appear when you start a Fireware device in drop-in mode.

[11409]

RELEASE NOTES JANUARY 22, 2009 PAGE 12