520 likes | 631 Views
What’s New in WatchGuard XCS v9.2. WatchGuard XCS v9.2. New Feature Introduction Ease of use enhancements Frequent Tasks page DLP and QMS Wizards Improved Attachment Control pages Improved Message Details page Spam Rules Content Rules enhancements (Boolean operators, nested conditions)
E N D
WatchGuard XCS v9.2 • New Feature Introduction • Ease of use enhancements • Frequent Tasks page • DLP and QMS Wizards • Improved Attachment Control pages • Improved Message Details page • Spam Rules • Content Rules enhancements (Boolean operators, nested conditions) • Multiple software updates management • Internationalization of attachment names in message • New Web Proxy engine • Web configuration added to Install Wizard • FTP over HTTP scanning • URL Categorization HTTPS & “Uncategorized” category • Bypass URL Categorization • Flush URL from web cache • Web bandwidth usage on Dashboard and Reports • Traffic Accelerator improvements • WatchGuard XCS v9.2 Installation WatchGuard Training
Frequent Tasks • Appears as the default page when you log in to the WatchGuard XCS. • Provides direct links to the most frequent tasks you can perform to configure and manage the WatchGuard XCS. • Some tasks are important to run after installation, such as importing LDAP users, updating your software, or adding additional email routing domains. • If you want to display the Dashboard monitoring page after you log in, instead of the Frequent Tasks page, clear the Display at Login check box. WatchGuard Training
Frequent Tasks • Accept email for additional domains –Configure additional email domains for which you accept mail. Note: Make sure you also add a specific access pattern to trust the internal mail server you specify for the mail route. • Import users/groups from directory services –Configure a directory server to import user/group information for use with LDAP features. Note: Make sure you import Directory Users after you configure a directory server. • QMS Integration Wizard –This wizard guides you through the required configuration to integrate the WatchGuard XCS with the WatchGuard QMS (Quarantine Management Server). Note: Make sure your WatchGuard QMS is configured and running before starting the wizard. • Block or allow email using pattern filters –Pattern filters allow you to block or allow email messages based on message characteristics including the message header, sender, recipient, subject, attachment content, and message body text. • Block or allow attachment types –Attachment controls allow you to block, allow, or strip email attachments based on their file extension, MIME type, or attachment content. • Enable email encryption – SecureMail email encryption allows you to protect the confidentiality of messages by encrypting the message before it is delivered to the recipient. WatchGuard Training
Frequent Tasks • Data Loss Prevention Wizard –Guides you through the configuration of DLP rules for inbound and outbound email and web traffic. You can block credit cards, SSN/SIN numbers, or use a compliance dictionary to scan for specific words. Note: If you want to use a custom compliance dictionary with the DLP wizard, you must upload the dictionary using Dictionaries and Lists before you start the wizard. • Create and schedule backup –Use the local disk, or FTP/SCP to schedule a backup a remote server. • Update your software –Keep your system software up-to-date by installing any software updates available for your WatchGuard device. • Add an administrator account –Add additional administrator accounts for managing your WatchGuard device. • Create and schedule a report –The WatchGuard XCS reports provide a comprehensive range of detailed information about your system. You can create a report on demand or schedule a recurring report. • View a report –See your generated reports in HTML, PDF, or CSV format. • Search message history –Search the message history database to see how specific messages were processed and the final action performed on a message. WatchGuard Training
Data Loss Prevention Wizard • The Data Loss Prevention (DLP) wizard guides you through the configuration of DLP content controls and rules for inbound and outbound email and web traffic. • Available tasks: • Block credit card numbers • Creates Content Rules in the Default Policy to block the selected types of credit card patterns in email messages. • Block national identification numbers • Creates Content Rules in the Default Policy to block national identification numbers such as a Social Security Number (USA) or Social Insurance Number (Canada) in email messages. • Block based on compliance terms • Email: Creates Content Rules in the Default Policy to content scan email messages based on the selected dictionary, such as Medical, Financial, or a custom dictionary. • Web: Configures Content Scanning in the Default Policy to content scan web content based on the selected dictionary, such as Medical, Financial, or a custom dictionary. Note: If you want to use a custom compliance dictionary with the DLP wizard, you must upload the dictionary using Dictionaries and Lists before you start the wizard. WatchGuard Training
Data Loss Prevention Wizard WatchGuard Training
Data Loss Prevention Wizard WatchGuard Training
Data Loss Prevention Wizard • DLP Wizard creates new Content Rules in the Default Policy based on your selections. • When you use the DLP wizard, any previous settings (configured through a previous wizard session or configured manually) are displayed and maintained unless you modify the configuration. • Notifications are not configured using the wizard. After you complete the wizard, you can manually examine any content rules created by the wizard and modify the notification settings in the Default Policy. WatchGuard Training
QMS Wizard • The QMS Wizard guides you through the required configuration to integrate the WatchGuard XCS with the WatchGuard QMS (Quarantine Management Server). • This allows you to redirect spam messages from the WatchGuard XCS to the quarantine area on the WatchGuard QMS, where users can manage their quarantined spam. WatchGuard Training
QMS Wizard – QMS Configuration • You must configure your WatchGuard QMS before starting the QMS Wizard on the XCS: • Select Configuration > Quarantine > User Spam Quarantine to enable and configure spam quarantine services on the WatchGuard QMS. • Select Configuration > Mail > Delivery and set the Relay To field to the IP address of the WatchGuard XCS device. This makes sure that any notifications and released spam messages will be sent to the WatchGuard XCS for delivery. • Create local quarantine user accounts, or import user accounts from an LDAP directory. By default the WatchGuard QMS automatically creates new user accounts when new spam messages are received for a user. • Select Configuration > Quarantine > Trusted/Blocked Senders, enable Permit Downloads, and set the Allowed IPs text box to the IP address of the WatchGuard XCS. WatchGuard Training
QMS Wizard – Configuration Settings • When you have completed the wizard, the following configuration settings are applied on the WatchGuard XCS: • Mail Route –A mail route is created for the specific QMS address called ".quarantine_reroute". This special reroute option is used as the Intercept Anti-Spam action to redirect spam messages to the QMS. • Specific Access Pattern –A Specific Access Pattern is created to trust the address of the QMS to make sure that any mail from the QMS, such as spam digest notifications and released quarantine messages, are not scanned by the Intercept Anti-Spam or Content Control features. • Intercept Anti-Spam –Intercept is configured to redirect spam messages for the specified spam classifications to the QMS. • Pattern Filter –A Pattern Filter is created to prevent training on messages containing the subject 'Quarantined Email Summary". This prevents spam digest notifications messages from the QMS from being trained by Intercept Anti-Spam. • Trusted/Blocked Senders List –If enabled, the Trusted/Blocked Senders List is imported from the QMS using the specified source URL of the QMS. WatchGuard Training
Attachment Control Enhancements • Redesigned Attachment Control page: • Simplified main configuration page • Separate file type pages for Email File Extensions, Email Content Types, and Web Content types • Inbound/Outbound settings and actions • Collapsed notification settings WatchGuard Training
Attachment Control – Edit File Types • Edit File Types • Multi-page view or view all entries • Upload and download of file types • Inbound and outbound actions • Filter by action and search text • Ability to delete multiple items WatchGuard Training
Attachment Control – Add and Edit File Types page • Set inbound and outbound actions • Former “Scan” option renamed to “Check Inbound Archive” or “Check Outbound Archive” WatchGuard Training
Attachment Control – Attachment Size Limits • Attachment size limits now located on their own page: Security > Content Control > (More ) > Attachment Size Limits • You can configure separate actions for inbound and outbound mail. WatchGuard Training
Message Details Enhancements • The message details have been improved to provide these enhancements: • Results of processing are clear with less repetitive information • Only the most important message details displayed • Ability to add global pattern filters to accept or block messages based on the sender or domain • Scan result icons for quick analysis • Final action and reason clearly indicated • Any content rules and pattern filters that triggered for a message contain the rule name and number WatchGuard Training
Message Details Enhancements • You can add global pattern filters to accept or block messages based on the sender or domain of the message. • Allow Sender – Creates a pattern filter set to "Accept" for the sender Envelope From address. • Block Sender – Creates a pattern filter set to "Reject" for the sender Envelope From address. • Allow Domain – Creates a pattern filter to "Accept" the domain part of the sender Envelope From. • Block Domain – Creates a pattern filter to "Reject" any messages from the domain part of the sender Envelope From. • The system automatically checks for duplicate or conflicting pattern filters that already exist WatchGuard Training
Spam Rules • Spam Rules are a list of content rules generated by WatchGuard . • Helps detect new types of spam messages that are not easily detected by other Intercept Anti-Spam features. • Spam Rules are regularly updated by WatchGuard (through Security Connection) to make sure you are always protected from the latest variants of spam messages. • We recommend you enable this feature. • Select Security > Anti-Spam > Spam Rules. WatchGuard Training
Content Rules • Greater condition flexibility with powerful boolean operators (AND, OR, NOT) • Conditions can be nested using the +() button • No limit to the number of conditions in a rule • Per rule notifications • “In dictionary” search expanded to include Content Scanning WatchGuard Training
Multiple Software Updates Management WatchGuard Training
Multiple Software Updates Management • You can now install or remove multiple software updates at the same time. • Only need to reboot once to install multiple software updates. • The WatchGuard XCS determines any software dependency issues and installs/removes the updates in the correct order. • You get a warning if you are missing a software dependency. WatchGuard Training
Internationalization of Attachment Names in Message Database WatchGuard Training
Internationalization of Attachment Names • The WatchGuard XCS now supports internationalization of attachment names in message database views. • Message history • Message details • Logs and reports • The XCS also already supports internationalized subject headers . WatchGuard Training
Web Proxy Enhancements WatchGuard Training
Installation Wizard and Web Configuration • If you have enabled Web scanning with your feature key, the installation wizard displays a new page for Web configuration options. • HTTP/HTTPS – Enable or disable HTTP/HTTPS scanning. • Internal Mail Server – Type the address of your internal mail server that will receive notification messages. Note: The Internal Mail Server field only appears if you did not configure a mail server in the previous step in the Email configuration. • In the Security Settings section of the Web Configuration page, you can enable or disable URL Categorization, Reputation Enabled Defense, and the Anti-Virus features. Note: If you enable URL Categorization, the feature will not be enabled until the initial control list is downloaded. WatchGuard Training
FTP over HTTP Scanning • You can now scan FTP traffic that is passed over HTTP. For example, visiting an FTP site through an ftp:// URL such as ftp://ftp.example.com/ • All scanners that currently scan HTTP traffic can scan FTP traffic over HTTP. • Select Configuration > Web > HTTP/S Proxy. (HTTP/HTTPS scanning must be enabled) • Select the Enable FTP Proxy check box. FTP over HTTP Scanning Limitations • Only supports FTP over HTTP in a web browser. FTP clients or web browser extensions that use the “CONNECT” method are not supported. • FTP over HTTP scanning is not supported in Transparent mode. WatchGuard Training
URL Categorization: HTTPS and Uncategorized URLs • HTTPS URLs • The URL Categorization feature can now categorize and take action on HTTPS URLsFor example, https://secure.example.com/ • No additional configuration required. Enable URL Categorization to scan both HTTP and HTTPS URLs. • Uncategorized URLs • New category in the URL Categorization control list called Uncategorized. • Select the Uncategorized category to block web sites that cannot be classified in any specific category. • Available for selection from the category list on the Configuration > Web > URL Categorization page. (Not enabled by default) Note: Be careful when you enable this category as you could block legitimate sites or specific pages of those sites even if the primary page is part of a known category. WatchGuard Training
Bypass URL Categorization Scanning • Bypass URL Categorization (formerly Uncategorized Sites) allows specified domain to bypass URL Categorization scanning. • You can create a list of web sites to make sure they are not blocked by URL Categorization. • Upload a web domain list in a policy (each specified domain includes subdomains) For example:example.comexample2.comexample3.com WatchGuard Training
Web Proxy Traffic Accelerator • Additional Traffic Accelerator features help improve scanning efficiency • Preview Scanning • Preview scanning allows the web proxy to take action based on your configured policies by scanning only the initial header of the response. If an action is taken based on the header information, the rest of the content does not have to be scanned. • Only certain types of responses can be handled with a header preview scan, such as detection of MIME types for content control and streaming media bypass, or checks on maximum files sizes reported in the header. • Early Response • Early response scanning allows the web proxy to take action based on scanning only part of the downloaded content. • This early response is useful for detecting issues such as files beyond the maximum file size where the file should not be scanned. WatchGuard Training
Web Proxy Traffic Accelerator (continued) • Client Request • Many HTTP security features, such as URL Categorization, URL Block Lists, and Trusted/Blocked Lists can perform actions without scanning the actual downloaded content. • These Web scanning decisions are performed very quickly based on your configured policies. • Policy Caching • For greater efficiency, some common policy results are cached, such as those where continuous amounts of web traffic with the same content triggers the same policy. • In general, access of cached data is still sent to the Web Proxy content scanners because different users can have different HTTP content policies applied to them. • Efficiency can be improved by using fewer policies that are wider in scope.The more policies you have results in a higher probability that cached policy results are replaced by the scanning result of a different policy. • Web Site Content Caching • Web site content is cached if the web server does not send a non-caching directive in the response and the response data passes the requirements of the scanning policy. WatchGuard Training
Flush URL from Web Cache • Flush URL from Web Cache replaces the previous Flush Web Cache Domain feature. • Remove problematic URLs from the cache if they do not load or refresh correctly. • The URL must be specified exactly the way it is typed, including the protocol. For example: http://www.example.com/index.html or ftp://ftp.example.com • Select Activity > Status > Utilities. • Type the URL, then click Flush. WatchGuard Training
Web Bandwidth Usage on Dashboard • Appears on the Web Summary Dashboard page • Indicates the amount of bandwidth used (in megabytes) for non-cached inbound and outbound web traffic WatchGuard Training
Web Analysis Report – Bandwidth • New sections in the Web Analysis report indicate the amount of traffic (in megabytes) for web client and web server inbound and outbound traffic. WatchGuard Training
Upgrade to XCS v9.2 • Because Security Connection does not automatically download full releases, you must download the software from the LiveSecurity site • From the Software Downloads page, download the [xcs92.zip] file and extract the files WatchGuard Training
Upgrade to XCS v9.2 • After you extract the files, run btiweb.exe • BTIweb is a small web server on your computer that hosts the xcs-92.img file during the XCS upgrade process • Run btiweb.exe, then click Start to start the web server Notice the icon changes after you install btiweb WatchGuard Training
Upgrade to XCS v9.2 • Before you start the upgrade process, back up your existing configuration so that it can be restored after the upgrade • To upgrade the XCS device to a major release requires that you reboot the appliance and press F1 – Install at startup to install a new software image on the device • Choose one of three backup options • FTP • SCP • Local Disk • Use FTP or SCP backup when you back up a large reporting database WatchGuard Training
Upgrade to XCS v9.2 • Choose the items you want to back up • In most cases, we recommend that you select all backup options WatchGuard Training
Upgrade to XCS v9.2 • Save the backup to your computer’s local disk. • The MG-BCKUP file is given a time stamp for easy identification Year[11], month[04], day[30], and time[1437] WatchGuard Training
Upgrade to XCS v9.2 • After you complete the backup process, open a console connection to the XCS device. You need these items: • A monitor to connect to the VGA port on the back of the XCS • A PS2 or USB keyboard • With the monitor and keyboard connected, press the reset button located on the front of the appliance to reboot the XCS • Press the F1 key on the keyboard VGA port WatchGuard Training
Upgrade to XCS v9.2 • The WatchGuard Installation Program welcome page appears. • Press Enter to continue. • Choose your type of keyboard in the next page and press Enter. WatchGuard Training
Upgrade to XCS v9.2 • In the Installation Type window, select Auto and then press Enter. • On the next page, click OK to confirm the installation. WatchGuard Training
Upgrade to XCS v9.2 • On the Installation page, select Network to upgrade using the v9.2 .img file: • Type the appropriate network information for the XCS device. • In the Install Path field, type the IP address of the computer where you installed the btiweb.exe file. Press OK. This is the IP address of the computer where you installed btiweb. Remember the trailing “/” character. Press Enter to confirm WatchGuard Training
Upgrade to XCS v9.2 • On the Create Restore Image page, select Save Image to Hard Disk and press Enter. • Do not choose this option if you do not want to overwrite the previous XCS software image stored on the XCS device’s hard disk. WatchGuard Training