Fireware 12.9.3

WatchGuard has posted a new maintenance release Fireware 12.9.3.  This maintenance release addresses several issues resolved since the previous 12.9 release.  See details in the Release Notes for a full list of enhancements and resolved issues in this release.

In addition to Fireware, version 11.12 update 1 of the Terminal Services TOAgent is available, resolving a compatibility issue between the agent and Endpoint Security protection, as well as v15.14 of the WatchGuard IPSec Mobile VPN Client for Windows.

Does this release affect me?

Fireware 12.9.3 is available for:

• T Series: T55 and T70; T20, T40, and T80; T25, T45, and T85
• M Series: M400, M440, and M500; M270, M370, M470, M570, and M670;  M290, M390, M590, and M690; M4600 and M5600; M4800 and M5800
• Firebox NV5, FireboxV, and Firebox Cloud

How to upgrade

Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center.

Contact

For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

WatchGuard announced on 21 April 2023 that we temporarily disabled the process for automatically updating TDR Host Sensors to WatchGuard Endpoint Security. On 8 May 2023 at 12:00 UTC, we will resume that process.  

If you previously opted in to automatic upgrades, they will resume at that time. The upgrade page in WatchGuard Cloud will also become available again for those who want to initiate an upgrade or check the status of an existing upgrade.  

Thank you for your patience and understanding throughout this process. Have a nice rest of your day! 

The WatchGuard Product Team 

Fireware 12.9.2

WatchGuard has posted a new maintenance release Fireware 12.9.2.  This release allows configuration of link-local IPv6 default gateways, enables configurable DNS suffix for IKEv2 configuration, and addresses several issues resolved since the original 12.9 release.  See details in the Release Notes for a full list of enhancements and resolved issues in this release.

Additionally, this release includes support for the new Firebox T25, T45, and T85 models, including 802.11ax Wi-Fi 6 support, and dual-concurrent 2.4Ghz and 5Ghz in wireless models.

Does this release affect me?

Fireware 12.9.2 is available for:

• T Series: T55 and T70; T20, T40, and T80; and the recently released T25, T45, and T85 models
• M Series: M400, M440, and M500; M270, M370, M470, M570, and M670;  M290, M390, M590, and M690; M4600 and M5600; M4800 and M5800
• Firebox NV5, FireboxV, and Firebox Cloud

How to upgrade

Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center.

Contact

For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

What’s new: 

ThreatSync is a WatchGuard Cloud service that provides XDR technology for WatchGuard Network and Endpoint Security products that: 

• Provides a UX primarily for incident responders 
• Displays malicious detections as incidents 
• Correlates events to create new malicious detections 
• Enables responders to respond on-demand or configure automated responses to malicious detections and abnormal behaviors 
• Has service provider capabilities including aggregated dashboards, automation templates, and email notifications 

ThreatSync provides extended detection capabilities by correlating data from different WatchGuard security products that indicate the presence of threat actors in the organization. By using multiple products and correlating activities monitored from different security products, ThreatSync scores and detects malicious scenarios that could be indicators of compromise (IoCs), enabling mean-time-to-detect (MTTD) reduction and swift containment of the impact, severity, and scope. 

How do I get ThreatSync?

ThreatSync is a WatchGuard unified security feature included by default with any Firebox Total Security Suite (TSS) subscription and WatchGuard Endpoint Protection, Detection and Response (EPDR) and Endpoint Detection and Response (EDR) products. The more WatchGuard products you have, the more visibility and expanded XDR features you gain access to. And deployment is as easy as it gets. You simply browse to a ThreatSync page and click Enable to get ThreatSync to start using the products you already own. 

What about TDR?

With the arrival of ThreatSync as the WatchGuard Cloud service that correlates network and endpoint data to detect new malicious activity, it is time to start to phase out the use of Threat Detection and Response (TDR). We recently released EDR Core as a replacement for the TDR Host Sensor to provide you with equivalent or superior capabilities to those you have with Threat Detection and Response today. In conjunction with that release, we will mark specific Threat Detection and Response features end-of-sale and end- of-life. 

Here is the full schedule for this transition:

Find out more For more information about ThreatSync, go to About ThreatSync in the Help Center.

What’s new:

WatchGuard is excited to announce the general availability of EDR Core and the associated migration tool. The release of EDR Core further realizes our Unified Security vision by providing TDR functionality using Panda technology and the WatchGuard Cloud native XDR solution, ThreatSync (currently in Beta). Highlights of the new improvements based on WatchGuard Endpoint Security functionality include: 

1. Improved Threat Intelligence and Heuristics 
2. Improved Anti-tampering protection 
3. Contextual Detections and Anti-exploit technology (for fileless malware) 
4. Indicators of Attack (visible in ThreatSync only) 

Does this affect me?

EDR Core licenses are included with every Total Security Suite license with a WatchGuard Firebox. All accounts with existing TDR Host Sensor licenses now have equivalent EDR Core licenses added in WatchGuard Cloud.

How do I upgrade?

We have provided a migration tool that facilitates the transition from the TDR Host Sensor to EDR Core. The tool is available from the Administration menu in WatchGuard Cloud. After you follow the prompts on the screen and click Upgrade, all your TDR Host Sensors will automatically upgrade to the WatchGuard Endpoint Agent the next time they connect to the cloud.  All accounts can use TDR Host Sensors and EDR Core simultaneously, during migration.  

Upgrading to a WatchGuard Endpoint Security product later will be easy because the agent used for EDR Core is the same as other WatchGuard Endpoint Security products. Simply activate a license for the new Endpoint Security product and the WatchGuard Cloud UI will automatically convert to the new product. There is no need to redeploy the agent.   

Find out more

For more information, please refer to the Introduction to EDR Core document, the EDR Core documentation in WatchGuard Help Center and the EDR Core FAQ.  

Contact
For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.