1 / 14

What’s New in Fireware XTM v11.3.2

What’s New in Fireware XTM v11.3.2. New Features in Fireware XTM v11.3.2. DHCP release and renew functionality in Web UI and CLI Updated default Body Content Types rule for Windows EXE/DLL files Updated CLI help text for wireless guest hotspot

dara
Download Presentation

What’s New in Fireware XTM v11.3.2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s New in Fireware XTM v11.3.2

  2. New Features in Fireware XTM v11.3.2 • DHCP release and renew functionality in Web UI and CLI • Updated default Body Content Types rule for Windows EXE/DLL files • Updated CLI help text for wireless guest hotspot • Ability to add an IP address range or subnet to the SSO Exceptions list • Support in Web UI to use a host range or network IP address when you add a Tunnel Address as a member of a policy • Ability to edit aliases from within a policy • Ability to send a log message when an SMTP command is denied • Updated default WebBlocker exception for watchguard.com in Policy Manager WatchGuard Training

  3. DHCP Release and Renew in Web UI and CLI Two new command options have been added to the dhcp command in Interface config mode. These options are available if the interface is configured to get the IP address through DHCP: release renew These options are available in the Web UI on the System Status > Interfaces page New CLI command options: WatchGuard Training WatchGuard Training 3

  4. Updated Default Body Content Types Rule New pattern: %0x4d5a% This new pattern successfully identifies a much larger class of executable Windows files, including DOS and OS/2 executables, and non-PE and PE Windows executables. This change applies only to new configurations created in Policy Manager using v11.3.2 or later. The existing configuration on your device does not change when you upgrade from a previous v11.x version. To correct the Body Content Types rule in your existing configuration, go to the Body Content Types category in your HTTP proxy action and edit the Windows EXE/DLL rule. (Note that in Policy Manager, you must be in Advanced View to edit the rule.) Use Pattern Match and for the pattern use: %0x4d5a%* WatchGuard Training WatchGuard Training 4

  5. Updated CLI Help Text for Wireless Guest Hotspot • The CLI help text was updated for wireless guest hotspot commands to indicate that the imported text file should be UTF-8 encoded. UTF-8 format is required to support languages that use double-byte character sets. This affects the CLI Help for these commands: • wireless guest hotspot welcome-message from • wireless guest hotspot terms-text from WatchGuard Training WatchGuard Training 5

  6. Add a Range or Subnet to the SSO Exceptions List • You can now add a range of IP addresses or a subnet to the SSO Exceptions list in Policy Manager, the Web UI, and the CLI Policy Manager Fireware XTM Web UI WatchGuard Training WatchGuard Training 6

  7. Add a Range or Subnet to the SSO Exceptions List • For the CLI, three options were added to the auth-setting single-sign-on except-ip command. These options allow users to add a host IP address, IP address range, or subnet to the SSO Exceptions list. Previously, you could only type one or more individual IP addresses. New parameters: • host • range • subnet WatchGuard Training WatchGuard Training 7

  8. Web UI — Flexibility in the Tunnel Address for a Policy Member • The Web UI now supports a host range or network IP address when you add a Tunnel Address as a member of a policy. Options include: • Host IP • Host Range • Network IP • Previously, the Web UI only enabled configuration of a single IP address for a Tunnel Address in a policy. WatchGuard Training 8

  9. Edit an Alias from a Policy • In previous releases, to make changes to the members of an alias, you had to open the Aliases dialog box. You can now select an alias in the New Policy Properties or Edit Policy Properties dialog boxes, and click Edit to add or delete members of the alias. WatchGuard Training

  10. Changes to Proxy Policy Logging Settings • You can now also send a log message when an SMTP command is denied. On the SMTP Proxy Action Configuration General Settings page, select the Send a log message when an SMTP command is denied check box. WatchGuard Training

  11. Updated Default WebBlocker Exception • Updated the default WebBlocker exception for watchguard.com in Policy Manager • Old: *.watchguard.com/* • New: ^[0-9a-zA-Z_\-.]{1,256}\.watchguard\.com/ • More closely matches the WatchGuard domain. • URLs that use www.watchguard.com as a path in the URL no longer match this WebBlocker Exception. For example, a URL such as www.example.com/www.watchguard.com/index.html no longer matches the default WebBlocker exception for WatchGuard. • Applies only to new configurations created in Policy Manager v11.3.2 or later. It does not apply to the Web UI. Your existing configuration does not change when you upgrade from a previous 11.x version. • To correct the WebBlocker Exception in your existing configuration: From Policy Manager, edit your WebBlocker action and go to the Exceptions tab. Edit the WatchGuard exception. Change the “Match Type” to Regular Expression and use this expression: • ^[0-9a-zA-Z_\-.]{1,256}\.watchguard\.com/ WatchGuard Training 11

  12. Summary

  13. Summary • Fireware XTM v11.3.2 includes many new features: • DHCP release and renew functionality in Web UI and CLI • Updated CLI help text for wireless guest hotspot • Ability to add an IP address range or subnet to the SSO Exceptions list • Support in Web UI to use a host range or network IP address when you add a Tunnel Address as a member of a policy • Edit an alias from within a policy • Ability to send a log message when an SMTP command is denied • Updated default WebBlocker exception for watchguard.com WatchGuard Training

  14. THANK YOU!

More Related