1 / 26

What’s New in Fireware XTM v11.7.3

What’s New in Fireware XTM v11.7.3. New & Updated Features in Fireware XTM & WSM v11.7.3. XTMv on Hyper-V WatchGuard AP device enhancements MAC access control whitelist AP device monitoring enhancements Station isolation No automatic AP device reboot after AP configuration change

fern
Download Presentation

What’s New in Fireware XTM v11.7.3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s New in Fireware XTM v11.7.3

  2. New & Updated Features in Fireware XTM & WSM v11.7.3 • XTMv on Hyper-V • WatchGuard AP device enhancements • MAC access control whitelist • AP device monitoring enhancements • Station isolation • No automatic AP device reboot after AP configuration change • See the AP device radio used by each wireless client • Set source IP address in static NAT and server load balancing actions • 3G / 4G modem support for failover

  3. New & Updated Features in Fireware XTM & WSM v11.7.3 • Quarantine Server end-user web UI improvements • New Websense categories • Configurable syslog server port • Set the diagnostic log level for the Gateway Wireless Controller • Updated hotspot policies • Log off hotspot user sessions • Send device feedback to WatchGuard

  4. XTMv on Hyper-V

  5. XTMv on Hyper-V • Fireware XTM v11.7.3 continues to support for XTMv on vSphere ESXi 4.1 and 5.0. • In v11.7.3, support is added for XTMv on Microsoft Hyper-V hypervisors. • Windows Server 2012 with a Hyper-V role • Hyper-V Server 2012 • Windows Server 2008 R2 with a Hyper-V role • Hyper-V Server 2008 R2

  6. XTMv Editions and Licensing • The four XTMv device editions are the same on VMware and Hyper-V. • The recommended resource requirements and feature key limits for each edition are the same for XTMv, whether it is deployed on VMware or Hyper-V.

  7. XTMv on Hyper-V — Limitations for Hyper-V (not ESXi) • The maximum number of configurable interfaces for an XTMv virtual machine (VM) in a Hyper-V environment is eight. • Hyper-V supports two types of virtual adapters: • Network adapters (Hyper-V supports a maximum of 8) • Legacy network adapters (Hyper-V supports a maximum of 4) • XTMv does not support the use of legacy network adapters. • You must assign a minimum of two network adapters to an XTMv VM. • The number of network adapters you add to your XTMv VM determines the number of interfaces you can configure. • These networking features are not supported for XTMv on Hyper-V because they require the virtual adapter to be configured in promiscuous mode, which is not supported in Hyper-V: • Bridge mode network configuration • Network bridge • Mobile VPN with SSL with the Bridged VPN Traffic setting

  8. XTMv Software Distribution and Installation on Hyper-V • For Hyper-V, XTMv is distributed as a zipped Virtual Hard Disk (.vhd) file. • The file name inside the zip file is xtmv_<xtm-version>.vhd. • Copy the .zip file to the Windows server where Hyper-V is installed. • Extract the .vhd file from the .zip file. • You cannot use the same .vhd file for more than one virtual machine. • To deploy multiple XTMv virtual machines: • Save a copy of the unzipped .vhd file with a unique name for each XTMv VM. • When you add the VM in Hyper-V, select a different .vhd file for each XTMv VM. • To install an XTMv VM on Hyper-V: • Use the Hyper-V New Virtual Machine Wizard to add the XTMv VM. • Add network adapters to the XTMv VM. • Power on the XTMv VM. • Use the Fireware XTM Web Setup Wizard to set up a basic configuration file. • Allocate additional resources to the XTMv VM.

  9. WatchGuard AP Enhancements

  10. AP MAC Access Control Whitelist • The MAC Access Control now supports two MAC Access Control lists: • Denied MAC Addresses (blacklist) • Allowed MAC Addresses (whitelist) • Configure MAC access control in the Gateway Wireless Controller settings • In each SSID, enable MAC access control and select which list to use.

  11. AP Device Station Isolation • You can now enable station isolation in the SSID configuration. • Station isolation prevents direct communication between wireless clients connected to the SSID on the same AP radio. • It does not prevent direct communication between wireless clients on different radios or different AP devices, even if they connect to the same SSID. • We recommended you enable station isolation for wireless guest networks, where the wireless clients should not trust each other.

  12. AP Device Monitoring • The LiveSecurity column shows the AP device activation status. • Click Network Statistics to see these network statistics for the selected AP device: • Interface statistics • Routing table • ARP table

  13. AP Device Radio Used by Wireless Clients • The Gateway Wireless Controller now includes a column that shows the radio channel on the AP device that is used by each wireless client. • Select the Wireless Clients tab in the Gateway Wireless Controller.

  14. AP Device Configuration Update Without a Reboot • Paired AP devices no longer automatically reboot after you save an AP configuration change to the XTM device.

  15. Other Enhancements

  16. Set Source IP Address in SNAT Actions • You can now set the source IP address in SNAT actions. • In a server load balancing SNAT action you can set one source IP address for all servers. • In a static NAT action you can set one source IP address for each server.

  17. 3G / 4G Modem Failover • In the Modem Configuration on XTM 2 Series, 3 Series, and 5 Series devices, you can now enable 3G/4G modem support. • When you enable 3G/4G modem support: • The telephone number is set to *99# by default. • All other account settings are optional. • The telephone number and account settingsrequired to connect vary by wireless carrier. • WatchGuard tested these 3G/4G modems: • ZTE MF683 (T-Mobile Rocket 3.0 4G) • Franklin U602 (Sprint 3G/4G Plug-in-Connect USB) • Sierra Wireless AirCard 250U (Sprint 3G/4G USB 250U)

  18. Updated UI for User Quarantine Message Management • The options in the Quarantine message management UI have been improved. • Send to Mailbox — Releases the selected messages from quarantine and sends them to the recipient. • Delete Selected — Deletes the selected spam or virus messages for this user from the Quarantine Server. • Delete All — Deletes all spam and virus messages for this user from the Quarantine Server.

  19. New Websense Categories • Added two new Websense security categories: • Compromised Websites • ID — 220 • Description — Site whose code indicates possible alteration by an external third-party to include hidden links, scripts, or iframe tags that download or redirect the user to malicious or unwanted content. • Newly Registered Websites • ID — 221 • Description — Sites with a recently registered domain name.

  20. Specify a Syslog Server Port • You can now specify the port for connections to a syslog server. • The default port (514) alwaysappears as the default setting.

  21. Set the Log Level for the Gateway Wireless Controller • When you configure the Diagnostic Log Level settings for your XTM device, you can specify the log level for the Gateway Wireless Controller. • In Policy Manager, select the Networking category and select a log level for the GWC option.

  22. Set the Log Level for the Gateway Wireless Controller • In Fireware XTM Web UI, select System > Diagnostic Log, and select a log level for the Gateway Wireless Controller option in the Networking section.

  23. Updated Hotspot Policies • When you enable a hotspot on your XTM device, these policies are automatically added to your configuration file: • Allow External Web Server — Allows TCP connections from users on the guest network to the external web server IP address and the port you use for hotspot external guest authentication. • Allow Hotspot Session Mgmt — Allows connections from the external web server IP address to the XTM device. • Allow Hotspot-Users — Allows connections from the hotspot to addresses external to the XTM device.

  24. Log Off Hotspot User Sessions • When a hotspot is configured for external guest authentication, the external hotspot authentication server can send a logoff URL to the XTM device to terminate a user hotspot session. • The logoff URL includes the MAC address of the user hotspot session to log off, and the shared secret configured in the hotspot settings on your XTM device. • Each logoff URL sent to the XTM device can log off only one session at a time.

  25. Device Feedback • The XTM device can now send device feedback to WatchGuard. • Device feedback includes information about how yourdevice is used, but does not include information aboutyour company, or company data. • The device feedback option is enabled by default. • You can enable or disable device feedback in the Global Settingsin your XTM device configuration files and device configuration templates, or in the Web Setup and Quick Setup wizards.

  26. Thank You!

More Related