WatchGuard has identified an issue that affects a small number of Firebox M400/M440/M500 appliances deployed at customer sites. Because of the intermittent and rare nature of the failures, it has taken us several weeks to identify the true nature of the issue and the best resolution path.
Which appliance does this apply to?
Only the Firebox M400, M440, and M500 appliances are affected. If you use any other WatchGuard appliance, you can stop reading now.
What type of failures can occur?
In Fireware v11.11.2, v11.11.4, and v11.11.4 Update 1, WatchGuard expanded the partition size on the Compact Flash card of Firebox M400/M440/M500 appliances. We have since identified that, on a very small percentage (less than 5%) of the Compact Flash cards, the repartitioning can cause the card to become unreadable. When the card is unreadable the Firebox stops working and cannot be recovered. This condition requires an RMA replacement of the appliance. Many of these appliances are deployed in Active/Passive FireClusters and, in such cases, the Passive unit would act as a redundant backup while the failed unit is replaced.
Is this fixed now?
Yes. In Fireware v11.11.4 Update 2 (build # 514824) and newer releases, we no longer expand the partition size. Specifically:
WatchGuard recommends that you upgrade your Firebox from a location that enables physical access to the default 10.0.1.1. IP address on Firebox Eth1 in the event that your Firebox M400/M440/M500 is affected. Also make sure you back up your Firebox configuration and feature key before you upgrade so you can restore the Firebox if necessary.
If I am on one of the affected releases, can I skip the upgrade to Fireware v11.12 U1/11.12.1 to avoid running into this issue?
Unfortunately, the potential for your Firebox to boot up in a default state after upgrade will persist through releases when you first upgrade from one of the impacted releases. For example, if your Firebox M440 runs Fireware v11.11.2 today, waiting for the release of Fireware v11.12.2 will not guarantee that you can avoid the problem.
Could this happen every time that I upgrade the appliance?
No. After the Firebox is successfully upgraded to Fireware v11.12 U1 (M400/M500) or Fireware v11.12.1 (M440) the partitioning changes are removed. Future upgrades will not result in a potential reset of your Firebox to factory-default settings. This is a one-time fix.