260 likes | 493 Views
What’s New in Fireware XTM v11.7.3. New & Updated Features in Fireware XTM & WSM v11.7.3. XTMv on Hyper-V WatchGuard AP device enhancements MAC access control whitelist AP device monitoring enhancements Station isolation No automatic AP device reboot after AP configuration change
E N D
New & Updated Features in Fireware XTM & WSM v11.7.3 • XTMv on Hyper-V • WatchGuard AP device enhancements • MAC access control whitelist • AP device monitoring enhancements • Station isolation • No automatic AP device reboot after AP configuration change • See the AP device radio used by each wireless client • Set source IP address in static NAT and server load balancing actions • 3G / 4G modem support for failover
New & Updated Features in Fireware XTM & WSM v11.7.3 • Quarantine Server end-user web UI improvements • New Websense categories • Configurable syslog server port • Set the diagnostic log level for the Gateway Wireless Controller • Updated hotspot policies • Log off hotspot user sessions • Send device feedback to WatchGuard
XTMv on Hyper-V • Fireware XTM v11.7.3 continues to support for XTMv on vSphere ESXi 4.1 and 5.0. • In v11.7.3, support is added for XTMv on Microsoft Hyper-V hypervisors. • Windows Server 2012 with a Hyper-V role • Hyper-V Server 2012 • Windows Server 2008 R2 with a Hyper-V role • Hyper-V Server 2008 R2
XTMv Editions and Licensing • The four XTMv device editions are the same on VMware and Hyper-V. • The recommended resource requirements and feature key limits for each edition are the same for XTMv, whether it is deployed on VMware or Hyper-V.
XTMv on Hyper-V — Limitations for Hyper-V (not ESXi) • The maximum number of configurable interfaces for an XTMv virtual machine (VM) in a Hyper-V environment is eight. • Hyper-V supports two types of virtual adapters: • Network adapters (Hyper-V supports a maximum of 8) • Legacy network adapters (Hyper-V supports a maximum of 4) • XTMv does not support the use of legacy network adapters. • You must assign a minimum of two network adapters to an XTMv VM. • The number of network adapters you add to your XTMv VM determines the number of interfaces you can configure. • These networking features are not supported for XTMv on Hyper-V because they require the virtual adapter to be configured in promiscuous mode, which is not supported in Hyper-V: • Bridge mode network configuration • Network bridge • Mobile VPN with SSL with the Bridged VPN Traffic setting
XTMv Software Distribution and Installation on Hyper-V • For Hyper-V, XTMv is distributed as a zipped Virtual Hard Disk (.vhd) file. • The file name inside the zip file is xtmv_<xtm-version>.vhd. • Copy the .zip file to the Windows server where Hyper-V is installed. • Extract the .vhd file from the .zip file. • You cannot use the same .vhd file for more than one virtual machine. • To deploy multiple XTMv virtual machines: • Save a copy of the unzipped .vhd file with a unique name for each XTMv VM. • When you add the VM in Hyper-V, select a different .vhd file for each XTMv VM. • To install an XTMv VM on Hyper-V: • Use the Hyper-V New Virtual Machine Wizard to add the XTMv VM. • Add network adapters to the XTMv VM. • Power on the XTMv VM. • Use the Fireware XTM Web Setup Wizard to set up a basic configuration file. • Allocate additional resources to the XTMv VM.
AP MAC Access Control Whitelist • The MAC Access Control now supports two MAC Access Control lists: • Denied MAC Addresses (blacklist) • Allowed MAC Addresses (whitelist) • Configure MAC access control in the Gateway Wireless Controller settings • In each SSID, enable MAC access control and select which list to use.
AP Device Station Isolation • You can now enable station isolation in the SSID configuration. • Station isolation prevents direct communication between wireless clients connected to the SSID on the same AP radio. • It does not prevent direct communication between wireless clients on different radios or different AP devices, even if they connect to the same SSID. • We recommended you enable station isolation for wireless guest networks, where the wireless clients should not trust each other.
AP Device Monitoring • The LiveSecurity column shows the AP device activation status. • Click Network Statistics to see these network statistics for the selected AP device: • Interface statistics • Routing table • ARP table
AP Device Radio Used by Wireless Clients • The Gateway Wireless Controller now includes a column that shows the radio channel on the AP device that is used by each wireless client. • Select the Wireless Clients tab in the Gateway Wireless Controller.
AP Device Configuration Update Without a Reboot • Paired AP devices no longer automatically reboot after you save an AP configuration change to the XTM device.
Set Source IP Address in SNAT Actions • You can now set the source IP address in SNAT actions. • In a server load balancing SNAT action you can set one source IP address for all servers. • In a static NAT action you can set one source IP address for each server.
3G / 4G Modem Failover • In the Modem Configuration on XTM 2 Series, 3 Series, and 5 Series devices, you can now enable 3G/4G modem support. • When you enable 3G/4G modem support: • The telephone number is set to *99# by default. • All other account settings are optional. • The telephone number and account settingsrequired to connect vary by wireless carrier. • WatchGuard tested these 3G/4G modems: • ZTE MF683 (T-Mobile Rocket 3.0 4G) • Franklin U602 (Sprint 3G/4G Plug-in-Connect USB) • Sierra Wireless AirCard 250U (Sprint 3G/4G USB 250U)
Updated UI for User Quarantine Message Management • The options in the Quarantine message management UI have been improved. • Send to Mailbox — Releases the selected messages from quarantine and sends them to the recipient. • Delete Selected — Deletes the selected spam or virus messages for this user from the Quarantine Server. • Delete All — Deletes all spam and virus messages for this user from the Quarantine Server.
New Websense Categories • Added two new Websense security categories: • Compromised Websites • ID — 220 • Description — Site whose code indicates possible alteration by an external third-party to include hidden links, scripts, or iframe tags that download or redirect the user to malicious or unwanted content. • Newly Registered Websites • ID — 221 • Description — Sites with a recently registered domain name.
Specify a Syslog Server Port • You can now specify the port for connections to a syslog server. • The default port (514) alwaysappears as the default setting.
Set the Log Level for the Gateway Wireless Controller • When you configure the Diagnostic Log Level settings for your XTM device, you can specify the log level for the Gateway Wireless Controller. • In Policy Manager, select the Networking category and select a log level for the GWC option.
Set the Log Level for the Gateway Wireless Controller • In Fireware XTM Web UI, select System > Diagnostic Log, and select a log level for the Gateway Wireless Controller option in the Networking section.
Updated Hotspot Policies • When you enable a hotspot on your XTM device, these policies are automatically added to your configuration file: • Allow External Web Server — Allows TCP connections from users on the guest network to the external web server IP address and the port you use for hotspot external guest authentication. • Allow Hotspot Session Mgmt — Allows connections from the external web server IP address to the XTM device. • Allow Hotspot-Users — Allows connections from the hotspot to addresses external to the XTM device.
Log Off Hotspot User Sessions • When a hotspot is configured for external guest authentication, the external hotspot authentication server can send a logoff URL to the XTM device to terminate a user hotspot session. • The logoff URL includes the MAC address of the user hotspot session to log off, and the shared secret configured in the hotspot settings on your XTM device. • Each logoff URL sent to the XTM device can log off only one session at a time.
Device Feedback • The XTM device can now send device feedback to WatchGuard. • Device feedback includes information about how yourdevice is used, but does not include information aboutyour company, or company data. • The device feedback option is enabled by default. • You can enable or disable device feedback in the Global Settingsin your XTM device configuration files and device configuration templates, or in the Web Setup and Quick Setup wizards.