Firebox with 12.10 and expired feature key behaves like no feature key

One of our clients has been delaying renewing a subscription and as they don't use "advanced" WGD features like Web Blocker, we allowed them some time to decide whether to renew or upgrade instead.

However, their key expired yesterday and this morning we got panicked calls - nothing appeared to be working properly.

From diagnostics, we could see that all their VLAN's were down and only one device appeared to have internet access.

It certainly looked as though the firebox was behaving as if it had no feature key at all, but when we looked we could see it still had the old key, but some of the parameters for "Expire Never" services had been seriously crippled - see the image below.

Apart from the VLAN issue, it looks like the "IP Addresses allowed outbound access" has been set to 1, pretty much rendering the device useless.

We have of course dealt with the issue with a temporary 30 day key while the client sorts out what to do, but its concerning the firebox has behaved like that - I am not sure if this is a change due to the Fireware OS version or a management decision at Watchguard that's pushed a changed key out via Feature Key synchronisation.

Comments

  • This seems to be a significant bug.
    All standard functions of a WG firewall SHOULD continue to run after a support license ends.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @DarrinSalt

    The behavior you're describing would suggest this may one of the MSSP type devices. I'd suggest creating a customer care type support case with the serial number of the device if that isn't the case, and we can get this fixed for you.

    -James Carson
    WatchGuard Customer Support

Sign In to comment.