1 / 25

What’s New in Fireware XTM v11.5.2

What’s New in Fireware XTM v11.5.2. New Features in Fireware XTM v11.5.2. Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple authentication servers and Active Directory authentication domains Application Control HTTP Deny message

evan
Download Presentation

What’s New in Fireware XTM v11.5.2

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s New inFireware XTM v11.5.2

  2. New Features in Fireware XTM v11.5.2 • Major Changes • FireCluster with XTM 330 appliances • Mobile VPN with SSL using multiple authentication servers and Active Directory authentication domains • Application Control HTTP Deny message • Log and Report Manager advanced search functionality • Management Server Device Configuration Template changes WatchGuard Training

  3. New Features in Fireware XTM v11.5.2 • Minor Changes • SMTP-proxy TLS encryption rules now limited to a maximum of 200 bytes • Ability to specify the port used to send email notifications from the Log Server • Updated list of trusted Certificate Authorities for proxies • Diagnostic log messages for the Terminal Services Agent and TO Set Tool WatchGuard Training

  4. New Platforms Supported By Fireware XTM v11.5.2 • New 2 Series Platforms • XTM 25, 25-W • XTM 26, 26-W • New 3 Series Platforms • XTM 33, 33-W WatchGuard Training

  5. WatchGuard Training FireCluster

  6. FireCluster on XTM 330 • FireCluster is supported on XTM 330 devices with the Pro version of Fireware XTM OS. • All XTM 330 devices are licensed for a Pro version of Fireware XTM OS by default. WatchGuard Training

  7. Mobile VPN with SSL

  8. Mobile VPN with SSL Support for Multiple Active Directory Domains and Authentication Servers • You can now configure Mobile VPN with SSL to use multiple authentication servers. • The server at the top of the list is the default authentication server. • To change the default server, select a different server. • Click Make Default. • When you add Mobile VPN with SSL authentication users and groups, you can select a specific authentication server or Any. WatchGuard Training

  9. Mobile VPN with SSL Support for Multiple Active Directory Domains and Authentication Servers • In the Mobile VPN with SSL client, the user can specify the authentication server to use in the Username text box. • Username is specified servername\username • Examples: • ad1.example.com\j_smith — Use the ad1.example.com Active Directory domain • Firebox-DB\j_smith — Use Firebox-DB for authentication • Ldap\j_smith — Use the LDAP server for authentication • j_smith — Use the default authentication server • If the user does not specify anauthentication server, Mobile VPN with SSL uses the default authentication server specified in the Mobile VPN with SSL configuration. WatchGuard Training

  10. Application Control

  11. Application Control Deny Message • When a proxy or packet filter policy blocks HTTP content that matches an Application Control action, the user who requested the content sees a deny message in the browser. • The content of the deny message is not configurable. • The deny message appears for HTTP content only. It does not appear for HTTPS or any other protocol. WatchGuard Training

  12. Log and Report Manager Search

  13. Log and Report Manager Search Enhancements • Log and Report Manager now includes advanced search functionality for log messages. • Start a search from any device page or the main LOGS > Search page. WatchGuard Training

  14. Log and Report Manager Search Enhancements • Run simple or complex searches to find details in your device log messages. • Four types of search queries are available: • Any word matches • All word matches • Exact word matches • None matches • Search queries are not case sensitive. • Search types and queries can be combined to run complex searches. • Search results can be exported to a file that can be used outside of Log and Report Manager. • Search queries can be saved and run again for the same device. WatchGuard Training

  15. Device Configuration Templates

  16. Device Configuration Template Changes • You can now create a Device Configuration Template from an existing configuration file for a fully managed device. • Open Policy Manager for a fully managed device and select File > Create Template. • Configuration options that are not available in templates are automatically removed when the configuration file is saved as a new template. • When template objects are specified for deletion, any links to those objects are removed when the template is applied to a device. • When a template is in manual order mode and a fully managed device is in manual order mode, the policy order that you specify in the template is maintained when the template is applied to the device. WatchGuard Training

  17. Device Configuration Template Changes • In a template, you can now select the WatchGuard hosted WebBlocker serveroption for the WebBlocker server. • When the WatchGuard hosted WebBlocker server option is selected, the template can only be applied to XTM 2 Series and XTM 33 devices. WatchGuard Training

  18. Other Minor Features

  19. TLS Encryption, Log Server Notification Port, and Certificate Authority List • Rules for TLS Encryption now have a maximum length of 200 bytes. • Configure a proxy action for the SMTP-proxy and select the TLS Encryption category. • STARTTLS rules that you add can include no more than 200 bytes. • The port the Log Server uses to send email notifications can now be specified when you add the SMTP server information on the Log Server > Notification page in WSC. • Type the address of the SMTP server and include the port: smtp.mydomain.com:<port number> • The Certificate Authority List has been updated with all the current CAs recognized by the XTM device. • Updated certificates are available on your computer when you install WSM: • Windows 7 — C:\ProgramData\WatchGuard\wgca\certs • Windows XP — C:\Documents and Settings\WatchGuard\wgauth\certs\README WatchGuard Training

  20. Diagnostic Log Level for the Terminal Services Agent and TO Set Tool

  21. Diagnostic Log Level — Terminal Services Agent & TO Set Tool • From the TO Agent Settings dialog box, you can now set the Log Level for the Terminal Services Agent and the TO Set Tool. • In the Application section, from the drop-down list, selectTOAgent or TO Set Tool. • Slide the Settings control to select a log level and click Apply. • Review the log messages for the TOAgent or TO Set Tool: • In the Application section, from the drop-down list, selectTOAgent or TO Set Tool. • Click View Log to see the log messages for the selected application. WatchGuard Training

  22. New Platforms

  23. New XTM 2 Series and 3 Series Models WatchGuard Training

  24. XTM 2 Series and 3 Series Model Upgradeability • XTM 2 Series • You cannot upgrade an XTM 21, 22, or 23 to an XTM 25 or 26. • Available upgrades for all 2 Series models: • XTM 21/21-W — Model upgradeable to XTM 22/22-W or XTM 23-23-W • XTM 22/22-W — Model upgradeable to XTM 23/23-W • XTM 23/23-W — Not model upgradeable • XTM 25/25-W — Model upgradeable to XTM 26/26-W • XTM 26/26-W — Not model upgradeable • XTM 3 Series • XTM 3 Series models are not model upgradeable. • XTM 33 and XTM 330 have very different hardware. WatchGuard Training

  25. THANK YOU!

More Related