Operational Defect Database
BugZero found this defect 1207 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA10H000000bqIrSAI
Application Control detects all applications as unknown
Last update date:
1/28/2021
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
12.x
12.6.x
Fixed releases:
v12.6.4 Update 1
Description:
Issue
In Fireware 12.6.x, the IPS/Application Control scan engine might sometimes detect all applications as unknown.When this issue occurs, you see logs that include the text "app_id="65535" app_name="unknown" app_cat_id="255" app_cat_name="unknown" app_beh_id="255" app_beh_name="unknown"" and "Failed to allocate IPS/AppID connection entry, pass proto".The impact depends on how you configured Application Control to handle unknown applications. When Application Control is configured to allow all unknown applications, the detection and reporting of applications is missing. When Application Control is configured to deny all unknown applications, the Firebox drops all traffic through the policy.
Workaround/Solution
To prevent policies from dropping all traffic, configure Application Control to allow all unknown applications.Because this issue only appears to occur after several continuous days of operation, you could also configure scheduled reboots to prevent the issue.
