Operational Defect Database
BugZero found this defect 900 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000SNhXSAW
Traffic Monitor fails to show traffic logs after 1 December 2021
Last update date:
12/15/2021
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.1.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
Fixed releases:
v12.7.2 Update 2
Description:
Issue
In Fireware Web UI and Firebox System Manager, Traffic Monitor can intermittently fail to show logs if non-ASCII characters are inserted into Firebox log messages. Typically, these are isolated events that do not impact all customers and can be worked around with the exclusion of traffic patterns from logs.On 1 December 2021, a certificate expired that is part of the built-in CAs for Proxies bundle. This certificate contains a non-ASCII character in the subject name. As a result, all Firebox systems that have this certificate installed will experience intermittent log display failures.In addition, Fireware Web UI sessions might expire prematurely when you stay on the Traffic Monitor page for more than 10 seconds.
Workaround/Solution
If the Enable automatic update of trusted CA certificates check box is selected, your Firebox will automatically download the new CA bundle (v1.22) that was published on 14 December 2021. To verify that you have this bundle, in the Certificates dialog box, select Trusted CA for Proxies Certificates from the drop-down list, and look at the Import Date of each certificate. If the Enable automatic update of trusted CA certificates check box is not selected, complete the workaround steps below.You can workaround this issue from Fireware Web UI or Firebox System Manager.From Fireware Web UI: Go to System > Certificates. From the drop-down list, select Trusted CA for Proxy Certificates.Delete the certificate with the subject name c=ES, st=Barcelona, l=Barcelona (see current address at https://www.anf.es/address/), o=ANF Autoridad de Certificación, ou=ANF Clase 1 CA,cn=ANF Server CA. From Firebox System Manager, Go to View > Certificates. From the Show drop-down list in the upper-right corner, select Trusted CA for Proxies Certificates.Delete the certificate with the subject name c=ES, st=Barcelona, l=Barcelona (see current address at https://www.anf.es/address/), o=ANF Autoridad de Certificación, ou=ANF Clase 1 CA,cn=ANF Server CA. Note: The list of Proxy CA certificates is long. To show the expired certificates first, sort the list by the Status column.After you delete the certificate, Traffic Monitor behavior does not return to normal immediately. Wait until the cache logs are purged or reboot the Firebox.For more information, see these Manage Device Certificates topics in WatchGuard Help Center: Web UI: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/cert_manage_with_webui_web.htmlWSM: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/certificates/cert_manage_with_fsm_wsm.html
