WatchGuard Product Update Blog
  1. Supported Operating Systems for WSM

    Supported Operating Systems for WatchGuard System Manager (WSM)
    To determine when WatchGuard ends support for an operating system our applications run on, we follow the support lifecycle of the operating system vendor.  This post provides detail on how Microsoft's lifecycle affects this policy.

    In the release notes of Fireware 12.8, WatchGuard identified that the supported operating systems for WSM and Management Server software will follow Microsoft’s Mainstream Support end dates for Windows and Windows Server. When Mainstream Support ends for these operating systems, WSM and Management Server will no longer support them in the next feature release.

    Historically, we followed Microsoft’s Extended Support end dates for Windows and Windows Server operating systems, but this limited the ongoing updates we could make to WSM Client and Management Server software. By following the Mainstream Support end dates for these fixed lifecycle products, we can make updates that are not limited by the legacy development tools needed to support operating systems that no longer receive feature updates from Microsoft.

    For more information see the Microsoft Fixed Lifecycle Policy.

    How does this affect currently supported operating systems?
    WSM 12.8 and 12.8.x maintenance releases will continue to support currently-supported operating systems that previously ended Mainstream Support. This includes these operating systems which previously ended Mainstream Support:

    • Windows 8 - 12 Jan 2016
    • Windows 8.1 - 9 Jan 2018
    • Windows Server 2012 - 9 Oct 2018
    • Windows Server 2012 R2 - 9 Oct 2018
    • Windows Server 2016 - 11 Jan 2022

    Future feature releases for WSM, such as 12.9 and higher, will no longer support these operating systems.

    WSM will continue to support these operating systems through their Mainstream Support end dates:

    • Windows 10 – Final retirement 14 October 2025
    • Windows 11 – Final retirement not announced. 21H2 supported by Microsoft through 8 October 2024.
    • Windows Server 2019 – Supported through 9 January 2024
    • Windows Server 2022 – Supported through 13 October 2026

    For more information see Microsoft product lifecycle.

    Fireware Release Notes always include an Operating System Compatibility Matrix, identifying supported operating systems for features in each release.

  2. Log, Report, and Quarantine Server deprecation

    Deprecation of older WatchGuard Server components
    WatchGuard is announcing the deprecation of some older server components. WSM v12.8.x releases will still include these server components. Higher WSM releases, v12.9 and later, will include only the WSM Client and Management Server, and will not include the following: 

    • WatchGuard Log Server
    • WatchGuard Report Server
    • WatchGuard Quarantine Server  

    WSM Log and Report servers have served well since their introduction in Fireware 10, but they no longer represent the best options available to our customers. WatchGuard now provides superior logging and reporting solutions. WatchGuard Cloud, our cloud-based visibility solution, includes 30 days log and report storage with Total Security Suite. Dimension is available on VMware and Microsoft Hyper-V for those customers that want to maintain an on premises log and report server. 

    The Quarantine Server no longer aligns well with the email services our customers deploy and operate today, such as Office 365 and web-based email solutions. Customers can continue to use the quarantine server on existing installations, and the Fireware OS will keep the option to send email to quarantine. 

    WatchGuard continues to actively develop and support the WSM Management Server. The recent v12.8 release include new features to support management server templates for SD-WAN. 

    Contact
    For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

  3. Fireware v12.8 Update 1

    Key points:
    WatchGuard has posted a new maintenance update for Fireware v12.8. Update 1 includes several issues that have been fixed since the original 12.8 release. It also includes an update to the OpenSSL version to address CVE-2022-0778. See details  in the Release Notes

    Does this release affect me?
    Fireware 12.8 Update 1 is available for: 

    • T Series: T20, T40, T55, T70, and T80
    • M Series: M290, M390, M590, M690, M270, M370, M400, M440, M470, M500, M570, M670, M4600, M5600, M4800, and M5800
    • FireboxV and Firebox Cloud

    How to upgrade
    Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems (also works across multiple subscriber accounts). You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center

    Contact
    For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

  4. New Fireware v12.8 Releases for Fireboxes

    The latest release of Fireware v12.8 for Fireboxes delivers various enhanced features. Find out more about the release in the 12.8 Release Notes and What’s New in 12.8 Presentation.

    Key Features include:

    Networking:

    • SD-WAN Load Sharing:SD-WAN actions enables you to share traffic load across multiple SD-WAN interfaces. You can use this feature to distribute load across multiple ISPs or lines.
    • SD-WAN Actions in Device Configuration Templates: Management Server device configuration templates now support SD-WAN actions. This makes it easy to apply SD-WAN actions to multiple devices.
    • Support for IPv6 traffic in Bridge Mode
    • Firebox Cloud can now apply firewall policies to traffic that arrives and leaves by the same interface, enabling east-west inspection of traffic.
       

    VPN:

    • Mobile IKE for IKEv2:This enables the Firebox to use the original VPN tunnel when a mobile device moves from one network to another. Alsokeeps VPN connections active to minimize reauthorization of MFA.
       

    Do these releases affect me?

    Fireware 12.8 is available for: 

    • T Series: T20, T40, T55, T70, and T80
    • M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800
    • FireboxV and Firebox Cloud

     

    Action for Partners and Customers: Install the new version of Fireware 12.8! Upgrade to ensure your WatchGuard deployment is leveraging the best power, speed, reliability, and security available today.

    How to upgrade

    Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. HA Cluster pairs are now supported for upgrade from WatchGuard Cloud too. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center

    Contact

    For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

  5. Detection and Remediation for Cyclops Blink State-Sponsored Botnet

    Working closely with the FBI, CISA, DOJ, and UK NCSC1, WatchGuard has investigated and developed a remediation for Cyclops Blink, a sophisticated state-sponsored botnet, that may have affected a limited number (estimated at ~1%) of WatchGuard firewall appliances. WatchGuard customers and partners can eliminate the potential threat posed by malicious activity from the botnet by immediately enacting WatchGuard’s 4-Step Cyclops Blink Diagnosis and Remediation Plan. It is critical for all customers, whether infected or not, to upgrade the appliance to the latest version of Fireware OS.

    Scope of Potential Impact:

    Based on our own investigation, an investigation conducted jointly with Mandiant, and information provided by the FBI, WatchGuard has concluded the following:

    • Based on current estimates, Cyclops Blink may have affected approximately 1% of active WatchGuard firewall appliances; no other WatchGuard products are affected. 
    • Firewall appliances are not at risk if they were never configured to allow unrestricted management access from the internet. Restricted management access is the default setting for all WatchGuard’s physical firewall appliances.
    • There is no evidence of data exfiltration from WatchGuard or its customers.
    • WatchGuard’s own network has not been affected or breached.
       

    Detecting, Remediating, and Preventing Cyclops Blink Infection:

    WatchGuard, supported by the FBI, CISA, NSA2, and the UK NCSC, recommends that all customers immediately enact the 4-Step Cyclops Blink Diagnosis and Remediation Plan available here. The plan outlines simple and easy-to-use Cyclops Blink detection options in WatchGuard System Manager, WatchGuard Cloud, and a new Web Detector tool.  

    Remediation steps are only necessary if you have an infected appliance; however, the future protection steps are applicable to all customers.

    Visitdetection.watchguard.com to review and enact the 4-Step Cyclops Blink Diagnosis and Remediation Plan now.

    Please see the joint government advisory issued by the FBI, CISA, NSA, and the UK NCSC.

    Our corporate blog post includes additional information and updates about the botnet.

    New releases are now available to support the prevention step

    WatchGuard System Manager 12.7.2 update 3 is available to support all appliances and includes the detection tool that can be run against multiple appliances. (Note: Update 3 was released on Feb 24 to resolve known issue where scan did not complete successfully against latest firmware)

    Fireware 12.7.2 Update 2 (Release Notes) is available for:

    • T Series: T20, T40, T55, T70, and T80
    • M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800
    • FireboxV and Firebox Cloud

    Fireware 12.5.9 Update 2 (Release Notes) for:

    • Firebox T10, T15, T30, T35, T50, M200, M300

    Fireware 12.1.3 Update 8 (Release Notes) for: 

    • XTMv, 850, 860, 870,1520, 1525, 2520
    • XTM 25, 26, 33, 330, 515, 525, 535, 545, 810, 820, 8301050, 2050 – Given the criticality of the issue, WatchGuard has also released a build for appliances that are now past End of Life. Customers still running these appliances may upgrade to this build with an expired support license.

    How to upgrade

    The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems, even for systems managed in WSM. Admins may also download the applicable packages from the WatchGuard Software Download Center

    Contact

    For Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

    1 Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Justice, and UK National Cyber Security Centre.
    2 National Security Agency