The growing network perimeter is a fact of life. Attacks on corporate networks can take many forms, such as viruses, backdoors, denial of service (DoS) attacks, macros, remote logins, phishing emails, social engineering, and spam. In this evolving threat landscape,...
WatchGuard - Recent WebBlocker Issue in Europe
WebBlocker Incident Report Users of the WebBlocker service in Europe experienced an outage late Thursday night that lasted into Friday morning, January 25 – 26, 2018. WatchGuard has worked closely with our partner Forcepoint over the last few days to analyze the failure and to put processes in place to ensure that events like this do not happen again. We are sharing details here so our partners and users are confident that we have addressed this issue. Background WebBlocker uses the Forcepoint ThreatSeeker Cloud URL database for web categorization, which is hosted in their ThreatSeeker Cloud Service. The URL database is hosted at 5 different locations around the world. The Firebox selects the appropriate location of the service based on the location of the DNS server that it uses. Unfortunately, there was an outage at the UK server last week that affected HTTPS lookups and led to our service outage. With Fireware version 12.0, WatchGuard switched to using the more secure HTTPS instead of HTTP for web category lookups, so only customers running Fireware version 12.0 or later were affected. Customers all over Europe use the UK server. Incident Summary & Root Cause Analysis
- Incident start time: Thursday January 25 2018 20:49 UTC
- Incident end time: Friday January 26 2018 08:35 UTC.
- Root Cause: As part of routine maintenance of firewall infrastructure in Heathrow (A) the active Virtual IP for the ThreatSeeker Cloud service was moved to another firewall device. During this process, the firewall for the HTTPS ThreatSeeker Cloud service did not start correctly on the new device. As a result, the ThreatSeeker cloud server in the UK was not accepting HTTPS lookups, causing our service to fail. The unavailability of the HTTPS ThreatSeeker Cloud service in Heathrow (A) was not immediately detected by WatchGuard. Sufficient monitoring was not in place to check for responses to both HTTP and HTTPS requests.
- Customer Impact: Users who have the server timeout in WebBlocker configured to deny access would have lost internet connectivity during this period. Users with the alternative “fail open” setting would have seen web connections allowed but no categorization would have been provided.
- Incident Tracking: Fireboxes were unable to connect to Heathrow London aka UK (A) ThreatSeeker Cloud service using HTTPS. The incident is tracked on the Forcepoint Cloud status page at https://status.forcepoint.net/ in the ThreatSeeker Cloud section.
Process Updates Forcepoint has increased monitoring from both HTTP and HTTPS connections to all ThreatSeeker servers around the world. WatchGuard is also planning to put more monitoring in place to supplement the Forcepoint efforts. WatchGuard and Forcepoint have reviewed our support escalation procedures and initiated a process to immediately elevate critical network impacting issues so they get immediate attention. The new and enhanced monitoring, combined with more streamlined support processes, will ensure this type of incident does not occur again, as well as better and faster escalations should any future issues occur. On behalf of WatchGuard, we apologise for any inconvenience this has caused our partners and customers.
More WatchGuard News Posts
Over the past few years, we have seen how cyberattacks have grown more frequent.Read now
According to a study published by Verizon, 80% of data breaches are due to stolen passwords. Hence credential managers have become key tools to protect against cyberattacks and data exfiltration, shielding MSPs and their customers.Read now
Original price $718.75 - Original price $2,630.00Original price$718.75 - $2,630.00$718.75 - $2,630.00Current price $718.75
Perfect as a stand-alone firewall solution or as a VPN gateway for centralized traffic inspection, Firebox T20 is a small appliance that brings bi...View full detailsOriginal price $718.75 - Original price $2,630.00Original price$718.75 - $2,630.00$718.75 - $2,630.00Current price $718.75
Original price $657.00 - Original price $2,490.00Original price $657.00$821.25 - $3,112.50$821.25 - $3,112.50Current price $821.25
ENTERPRISE-GRADE SECURITY FOR SMALL AND HOME OFFICES Perfect as a stand-alone firewall solution or as a VPN gateway for centralized traffic insp...View full detailsOriginal price $657.00 - Original price $2,490.00Original price $657.00$821.25 - $3,112.50$821.25 - $3,112.50Current price $821.25
Original price $1,151.25 - Original price $6,956.25Original price$1,151.25 - $6,956.25$1,151.25 - $6,956.25Current price $1,151.25
A customizable, high-performance tabletop firewall with optional port expansion modules to adapt to your changing needs. Businesses today are de...View full detailsOriginal price $1,151.25 - Original price $6,956.25Original price$1,151.25 - $6,956.25$1,151.25 - $6,956.25Current price $1,151.25
Original price $1,301.25 - Original price $4,921.25Original price$1,301.25 - $4,921.25$1,301.25 - $4,921.25Current price $1,301.25
A small-footprint security powerhouse that brings enterprise-level network security to small branch offices. WatchGuard’s Firebox T40 brings ent...View full detailsOriginal price $1,301.25 - Original price $4,921.25Original price$1,301.25 - $4,921.25$1,301.25 - $4,921.25Current price $1,301.25
Original price $1,043.00 - Original price $6,595.00Original price $1,043.00$1,303.75 - $8,243.75$1,303.75 - $8,243.75Current price $1,303.75
HIGH-PERFORMANCE SECURITY THAT EVOLVES WITH YOUR NETWORK A customizable, high-performance tabletop firewall with optional port expansion modules...View full detailsOriginal price $1,043.00 - Original price $6,595.00Original price $1,043.00$1,303.75 - $8,243.75$1,303.75 - $8,243.75Current price $1,303.75