Earlier this month, WatchGuard released new firmware for their T- and M- series devices. JSCM Group is recommending that firewalls be upgraded to these versions.
12.1.3 Update 5
XTM 25, XTM 26, XTM 33, XTM 330,XTM 515, XTM 525, XTM 535, XTM 545, XTM 1050, XTM 2050,
XTM 8, 800, 1500, 2500 Series, and XTMv, WatchGuard AP12.5.7 Update 3
Firebox T10, T15, T30, T30, T35, T50, T55, T70, M200, M300, WatchGuard AP
12.7 Update 1
Firebox T20, T40, T80, M270, M370, M400, M440, M470, M500, M570, M670, M4600, M4800, M5600, M5800, FireboxV, Firebox Cloud, WatchGuard AP
12.7 has presented several new features for Firebox devices capable of running this version.
It is now possible to specify the max number of log messages generated each minute for traffic denied by Blocked Sites, Blocked ports, and other Default Packet Handling categories
The OpenSSL version used in Fireware is updated to 1.1.1k to address CVE-2021-3449 and CVE-2021-3450
AuthPoint can now be used directly for authenticating against the IKEv2 VPN, the SSLVPN and the web UI
There is no longer a limit on the number of FQDNs that can be configured
If using DPI, you can now allow the firewall to automatically update HTTPS exceptions when WatchGuard makes changes
The Firebox now supports 802.1p priority marking (tagging) for VLAN interfaces
For full details on 12.1.3 Update 5:
https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_1_3_U5/index.html
For full details on 12.5.7 Update 3:
For full details on 12.7 Update 1: