How can I update my hardware firmware without active subscription?

I cannot get help from customer support personal. I purchased 1 month ago 2 older XTM810 devices from Ebay. Both have not been updated for long time per previous owner (2014 is the last licence date on the device). Customer service does not want to give me temp key to update firmware of these devices because "these devices have not been updated for past 5 years and unfortunately we cannot support you anyway, but you can buy an new devices from us".
Really!! You don't want to support your own firmware because it was more that 5 years ago? Lame, lame, lame - you don't care that much about your customers??? Not everyone is rich to buy your devices and maybe one day i can afford your newer device, but not allowing me to upgrade the firmware on the device that is still under support till February 2020 it makes me think twice before i really purchase your products again.
NO ONE operates like this in the business - DELL, HP, ASUS - all provide support for their older product without pushing people to purchase their new offerings. I would hate to switch to different firewall solution (i work with watcguard devices for past 10 years at my work) , but I will be forced to find different firewall if i don't find a normal person who will provide a temporary key so i can upgrade Firmware on the device that should be upgradebale before it reach end of its support life!!
Hope, that someone will respond to this.

Comments

  • edited November 2019

    If Customer Care refuses to help here, I do not think that there is anything that you can do, other than live with the XTM version which is on your XTM 810 devices, or possibly see if there is some sort of WG replace older firewalls with newer ones for just the 3 year support cost offer - often called Red for Red.

    Many other vendors require active support licenses in order to upgrade to a newer firmware version. Cisco is one example.

    Since you bought a used firewall (or 2) on Ebay - does the seller give you any recourse here? The seller was the one that didn't upgrade the firmware to a newer version, which suggests that they dropped WG support many years ago.

  • If you have used WatchGuard devices "for past 10 years at my work", you should know that at a minimum, a Live Security license is needed to get firmware updates. They DO support their firmware for old devices, but at a cost, which is perfectly reasonable in the firewall world.

    Note that any "XTM" Firebox cannot use the "latest" available firmware level, which is 12.2.x firmware. An XTM device only goes to 12.1.x level. XTM devices are limited to an older version because the hardware is not capable of doing the newer features.

    Also, an XTM 810 has a very pricey renewal (WG017647) that is $2275 on one site for a one-year renewal. I much smaller but current M-series box probably could run circles around the XTM 810; even an M270 nearly matches it. Man, I am glad that my clients all can use the T-series boxes! I just replaced an expired T50 with a T35...MUCH less costly and faster on all but one metric.

    Also, just because the firmware is not new does not mean that the box cannot function. Lots of its features still work, such as blocking executable file downloads.

    I hope you didn't spend more than a hundred bucks on such old equipment that goes EOL in four months.

    Gregg

    Gregg Hill

  • Thank you for your responses!
    Yes, this is old equipment. I would respectfully disagree with notion that "much smaller but current M-series box probably could run circles around the XTM 810" - just compare their performance numbers for: Firewall Throughput,VPN Throughput,AV Throughput,IPS Throughput,UTM Throughput and you will see that old 810 is better that shiny new T35/T35-W.
    People who sold me this device of ebay did not update this passed version 11.4.1.B316812. I know that I cannot afford $2275 price tag, but I simple firmware update is not much to ask for. Yes, I can use the old firmware, but again what manufacture these days charge for firmware update? You may disagree, but i think this way.
    Respectfully
    AP.

  • I did not bother to check all of the major brands of firewalls, but Fortinet, Palo Alto and Sonicwall require an active support contract in order to upgrade the firmware on their firewalls.
    AFAIK, this has been a long standing policy for the major firewall brands.

  • @SMBuser said:
    Thank you for your responses!
    Yes, this is old equipment. I would respectfully disagree with notion that "much smaller but current M-series box probably could run circles around the XTM 810" - just compare their performance numbers for: Firewall Throughput,VPN Throughput,AV Throughput,IPS Throughput,UTM Throughput and you will see that old 810 is better that shiny new T35/T35-W.
    People who sold me this device of ebay did not update this passed version 11.4.1.B316812. I know that I cannot afford $2275 price tag, but I simple firmware update is not much to ask for. Yes, I can use the old firmware, but again what manufacture these days charge for firmware update? You may disagree, but i think this way.
    Respectfully
    AP.

    "- just compare their performance numbers for: Firewall Throughput,VPN Throughput,AV Throughput,IPS Throughput,UTM Throughput and you will see that old 810 is better that shiny new T35/T35-W."

    I was not comparing the 810 to a T35 model. I said "...but current M-series box probably could run circles around the XTM 810; even an M270 nearly matches it." Compare the M270 I mentioned to the XTM 810. As a separate point, I mentioned "I just replaced an expired T50 with a T35...MUCH less costly and faster on all but one metric", but htat was a T50 being replaced by a T35, not an 810 being replaced by a T35 as you stated.

    For my Dell servers, they still supply free firmware for the servers that Moses used, but HP requires a contract to update my old ML350 G6 firmware. Ditto on what Bruce said...most firewall manufacturers (big brands, anyway) require current paid support to get firmware. Why would you expect them to give you free new features for nothing? It's not the same as updating a motherboard BIOS for a security patch; WatchGuard's newer firmware provides new abilities vs. what you have now.

    Gregg

    Gregg Hill

  • Thank Gregg. My apologies for misunderstanding you, I did re -read your post and agree with your comments. And yes, I did expect them to give me free new features for nothing like Dell (as you mention). It is there hardware after all... I have no need to continue this discussion. Take care...
    AP.

  • @SMBuser said:
    Thank Gregg. My apologies for misunderstanding you, I did re -read your post and agree with your comments. And yes, I did expect them to give me free new features for nothing like Dell (as you mention). It is there hardware after all... I have no need to continue this discussion. Take care...
    AP.

    Dell does NOT give free new features; they give newer versions of the same old functionality.

    Enjoy!

    Gregg Hill

  • edited October 2020

    This really sucks bigtime.
    We bought some T30 and T35 devices, without realizing that when Livesecurity license ends, so ends also firmware update support. Now those T30 devices Livesecurity ended on may. 2020 - Devices are just over three years 'old'.

    Hence recommend to buy other manufacturer device, where firmware updates is not tied to any feature licenses.
    fex. Previously we had Cisco ASA 5505 devices, and their firmware support were not tied to device features - in fact firmware support in said device - from circa 2006 to 2022.

    Best regards from Finland

  • You can purchase new LiveSecurity licenses to continue support & firmware updates, should you wish.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @Firebox_user_Fin
    Most of the updates, and items in firmware releases are releated to subscription services. Your T30 and T35s will continue to run as firewalls, and will have all the basic features of a firewall (like Mobile VPN, packet filters, proxies, Branch Office VPNs, default threat protection, and others.)

    You can read more about feature keys here:
    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/my_products/subscription_expiration.html#

    If you're looking at a device, you can see what licenses it has before you buy it if you can get the serial number from the seller. Use this page:
    https://www.watchguard.com/snlookup/snlookup.aspx

    -James Carson
    WatchGuard Customer Support

Sign In to comment.