1 / 31

What’s New in Fireware XTM v11.8.1

What’s New in Fireware XTM v11.8.1. What’s New in XTM 11.8.1. Networking Enhancements Secondary networks for VLANs [40123] Support for static NAT and server load balancing for traffic through an Optional interface [39793] PPPoE client IP address enforcement [73382]

wes
Télécharger la présentation

What’s New in Fireware XTM v11.8.1

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s New inFireware XTM v11.8.1

  2. What’s New in XTM 11.8.1 • Networking Enhancements • Secondary networks for VLANs [40123] • Support for static NAT and server load balancing for traffic through an Optional interface [39793] • PPPoE client IP address enforcement [73382] • DHCP Force Renew support on external interfaces [61383] • Sierra Wireless 320U 3G/4G modem support [74572] • Bridge XTM wireless Access Points to the same network [76381] • XTMv Enhancements • XTMv on ESXi now supports active/passive FireCluster [72105] • WatchGuard AP Device Management Enhancements • New AP status of Discovered in the Gateway Wireless Controller [77081] • Ability to upgrade an AP device from the Gateway Wireless Controller [73497] • Automatic AP device firmware upgrades are now staggered [77738]

  3. What’s New in XTM 11.8.1 • Authentication Enhancements • Customize the Authentication Portal page [42587] • Case-sensitivity disabled for Firebox-DB user names [61132] • HTTPS-Proxy Enhancements • Allow only SSL compliant traffic through the HTTPS-proxy [76197] • WebBlocker Enhancements • Improved WebBlocker local override page [66930] • Management Server Enhancements • Management Server Clustering [41220] • Compare versions of configuration files & force users to comment on changes to configuration files and templates [77204] • Monitoring & Reporting Enhancements • Download a diagnostic log file from the Web UI [77638] • New Web Traffic Summary report [76985]

  4. Networking Enhancements

  5. Secondary Networks for VLANs • You can now configure a secondary network for a VLAN interface. • Configure these settings on the Secondary tab in the VLAN configuration. • Supported for Trusted, Optional, and External VLAN interfaces. • Secondary IP addresses are often used for Static NAT on external interfaces or network migration and router consolidation on trusted or optional interfaces.

  6. SNAT from Optional to Trusted • In a Static NAT action or Server Load Balancing NAT action, you can now select an External or Optional interface. • This enables you to do static NAT or server load balancing for traffic from the optional network to the trusted network.

  7. PPPoE Client IP Address Enforcement • PPPoE advanced settings include an option to enforce the client static IP address. • When this option is selected: • The XTM device sends the configured PPPoE client IP address to the PPPoE server. • The XTM device uses the configured client IP address, even if another IP address is obtained from the server. • PPPoE client address enforcement is useful for clients of ISPs that provide multiple static IP addresses. This new option is useful if the ISP does not respond with the address included in the client request.

  8. DHCP Force Renew • When you configure the external interface as a DHCP client, you can optionally enable the XTM device to respond to DHCP Force Renew messages. • The FORCERENEW message requests the DHCP client to renew it's leased IP address sooner than it ordinarily would. • You can optionally specify a shared key that must match the key in the FORCERENEW request.

  9. Additional 3G/4G Modem Support • Sierra Wireless 320U 3G/4G USB modem is now supported for modem failover. • To see a complete list of supported modems, see this Knowledge Base article: http://customers.watchguard.com/articles/Article/Supported-3G-4G-USB-devices

  10. Bridge XTM Wireless Access Points to the Same Interface • On an XTM wireless device, you can now bridge Wireless Access Point 1 and Wireless Access Point 2 to the same XTM device interface.

  11. XTMv Enhancements

  12. FireCluster on XTMv • You can configure two XTMv devices as an active/passive FireCluster on VMware vSphere ESXi • vSwitch configuration requirements: • The vSwitch connected to anexternal interface must accept MAC address changes. • The vSwitch connected to theFireCluster management interface must have promiscuous mode enabled.

  13. AP Device Management Enhancements

  14. Staggered AP Device Firmware Automatic Upgrades • Automatic upgrades of AP device firmware are now staggered. • If automatic upgrade is enabled in the Gateway Wireless Controller settings, the automatic upgrade of AP devices does not occur simultaneously. • If there are multiple paired AP devices, the AP device firmware upgrades occur one at a time for each AP device, five minutes apart.

  15. Update AP Device Firmware for a Single AP Device • You can now upgrade the firmware on a single AP device from the Gateway Wireless Controller tab in Firebox System Manager. • You can see the versionof AP firmware availableon the XTM device. • You can see the versionof AP firmware currentlyinstalled on each APdevice. • Click Upgrade to upgradethe AP firmware to theavailable version. • In Fireware XTM Web UI,this option is available inthe Gateway Wireless Controller Dashboard.

  16. New AP Device Status — Discovered • The Gateway Wireless Controller now shows a status of Discovered for a paired AP device that is connected, but it not yet Online. • After an AP device restarts, the statusis Discoveredwhen the XTM device has successfully communicated to an AP device, butthe AP device isnot yet online.

  17. Authentication Enhancements

  18. Customize the Authentication Portal • You can now configure the look and feel of the Authentication Portal page from Fireware XTM Web UI and Policy Manager. • Add custom logo • Add custom welcome message or disclaimer • Specify the page title • Select custom colors • Select custom fonts

  19. Disable Case-Sensitivity for Firebox-DB User Names • For users created for Firebox Authentication (to the Firebox-DB Authentication Server), you can now disable case-sensitivity for user names • Users can type their user names with any capitalization and still authenticate

  20. HTTPS-Proxy Enhancements

  21. HTTPS-Proxy — Allow only SSL Compliant Traffic • By default, when you enable the HTTPS proxy, it allows SSL traffic matching any SSL version. • When this new option is selected, the HTTPS proxy allows only traffic that matches one of these SSL versions: • SSL_V2=0x200 • SSL_V3=0x300 • TLS_V1=0x301 • TLS_V11=0x302 • TLS_V12=0x303 • This new option can be useful if you want to deny traffic that is not HTTP over SSL. • This option is not necessary or available when deep packet inspection is enabled in your HTTPS proxy configuration.

  22. WebBlocker Enhancements

  23. WebBlocker Local Override Page • The Local Override authentication form that users see in the web browser when access to a web page is denied by WebBlocker has been formatted to match the deny message.

  24. Management Server Enhancements

  25. Management Server Clustering • Create clusters of WatchGuard Management Servers for failover and redundancy • Uses the native Microsoft Failover Cluster service support for high availability • Configure each WatchGuard Management Server independently and then use the command line to complete the setup of the servers in a failover cluster

  26. New Configuration Management Settings • In WatchGuard Server Center > Management Server, the setting to force users to make a comment before saving changes to a device or configuration template has been moved to a new Configuration Management tab. • In the Comment Template list, optionally type the instructions to appear in the Comments dialog box, which users see when they save the configuration file or a configuration template to the Management Server.

  27. Compare Configuration File Versions • In WSM, for a device configuration file, run a Difference Report to see the changes between versions of the configuration in the Configuration History. • The Difference Report includes all changes made to the configuration.

  28. Monitoring & Reporting Enhancements

  29. Download Diagnostic Log File from the Web UI • Fireware XTM Web UI now supports download of a diagnostic log file (support.tgz) • Enable diagnostic logging and download the support.tgz file • Select System > Configuration File. • Click Download the Support Logs. • Review the file for diagnostic, packet trace information about your XTM device

  30. Web Traffic Summary Report • The Web Traffic Summary report has been added to WatchGuard System Manager Log and Report Manager. This report (already available with Dimension) offers a high-level view of: • Top web sites visited by clients, in a bar chart • Top web categories visited by clients, in a pie chart

  31. Thank You!

More Related