WatchGuard Scare tactics - really? I mean, really?
I assume that I am not the only one who got a whole new email from WG today about firmware and what not on devices I manage. They also send that email to everyone who is on our IT team and on and on - NOT OKAY. They indicate the last four digits of serial numbers (oh well) - and even have a device that says :
_"We have identified (**X**) Fireboxes with these serial numbers (last 4 digits displayed) that require a software upgrade: ---- | -4 | -4 | -5 | -7 | -B | -8 | -A | -A | -A | -7...............
We have identified 1 Firebox with this serial number (last 4 digits displayed) that requires a software upgrade AND has open management ports: -B "
_
Firmware, none of WG business. Heck we still have production T35's that have not had a real update in forever. Then, the one supposedly with open Managment Ports - false. I just looked at it. There are simply no ways to access that device that differs from any of my other devices.
I would love to know what the end game here is...more sales? More subscriptions? More cloud-based garbage? I don't get it -
Comments
Are any/all of these firewalls running a lower version than the free upgrades which address cyclops blink???
Supposedly there is a way from the Internet to determine that a WG firewall has open access from the Internet. Without knowing exactly - perhaps port 8080 is open, then that could be how this was determined.
Is an e-mail group for your IT team the recipient of other WG e-mails?
I have several offline units which qualify for the free cyclops blink upgrades, and I have yet to receive such an e-mail.
The one they claim is open is on 12.7.2. the lowest firmware is at 12.5.9 on a T35 - or, the most current firmware that is out....so, go figure.
As for access, the WebUI policy is available to Trusted and to two Firebox-DB users via SSLVPN (just like all the others).
All in all - odd.
Hi @TestingTester
The emails are an attempt to ensure that customers are aware management ports have been or are open to the entire world.
-12.7.2, 12.5.9, and 12.1.3 upgrades are provided for supported devices (even if they have expired support contract.)
-Emails are sent to WatchGuard account's email addresses that are linked to your account.
There's no scare tactic -- it's just simply ensuring that customers are aware of the potential exploit so that they can act on it.
-James Carson
WatchGuard Customer Support
The emails are patently incorrect. Period. I did unsubscribe and have my staff turning off all support access as well as device feedback and fault reports. Simply, in the current world we do not trust anyone with access to devices or reporting...WatchGuard included.
Would not be so troublesome but for the "this device in particular" aspect...and oddly, that is an older device on 12.5.9 and has a SOLID remote access policy, even had it been a way way way out of support XTM25.