Upload
gillian-bruce
View
224
Download
2
Tags:
Embed Size (px)
Citation preview
What’s New in What’s New in Fireware v11.9.5Fireware v11.9.5
WatchGuard Training
©2015 WatchGuard Technologies, Inc.
What’s New in v11.9.5
Fireware now supports a maximum of 255 Active Directory user groups for authentication. [82846]
AP device firmware update — AP firmware v1.2.9.3 B150226 [84203]
Gateway Wireless Controller shows the AP firmware build number on the AP device [83289]
Global setting to enable support for TCP MTU probing. [77129] For Management Tunnels over SSL, managed Firebox devices can
reconnect to the first Distribution IP Address for the Management Server [81377]
IPSec VPN Client Updates
WatchGuard Training 22
Increased Maximum Number of AD User Groups Fireware now supports a maximum of 255 Active Directory user
groups for authentication.• Supported for Firebox-DB authentication, Single Sign-On, and Terminal
Services authentication. Previously, the maximum number of supported Active Directory
user groups was 64.
WatchGuard Training 33
AP Firmware & Gateway Wireless Controller Updates A new version of AP firmware is now available for WatchGuard AP
devices: version 1.2.9.3 B150226. The AP firmware version and build number that runs on each AP
device now appears in the Gateway Wireless Controller.
WatchGuard Training 44
TCP MTU Probing
In the Global Settings for your Firebox, there is a new Networking setting to enable support for TCP MTU probing.
You can now enable TCP MTU Probing to allow VPN traffic to pass through proxy policies on a central site when traffic was generated from a remote site through a zero route VPN tunnel, even when your Firebox has received an ICMP unreachable packet for the traffic sent through the BOVPN tunnel.
From Fireware XTM Web UI and Policy Manager, you can configure this feature to always be enabled or to be enabled automatically when ICMP fails.
WatchGuard Training 55
TCP MTU Probing
From the Fireware Command Line Interface, you can configure this feature to always be enabled or to be enabled automatically. • global-setting tcp-mtu-probing (dynamic-enable | enable)
• You cannot disable this feature from the CLI.
WatchGuard Training 77
Management Tunnel Enhancements
If more than one IP address is specified for the Management Server for a Firebox at the end of a Management Tunnel over SSL, and the Firebox has connected to an IP address other than the first IP address in the Distribution IP Address list, the Firebox can now reconnect to the Management Server with the first IP address in the list.
The Firebox reconnection occurs when the Lease Time on the Firebox expires.
This restores full management capabilities through a Management Tunnel over SSL when communication to the private IP address (first address in the list) in the tunnel is lost.
WatchGuard Training 88
IPSec VPN Client Updates
Shrew Soft VPN Client 2.2.2 WatchGuard IPSec VPN Client v12.00 • Windows XP is not supported.
• The new client has separate installers for Windows 32-bit and 64-bit platforms.
• You must uninstall the older client, before you install the new one. When you uninstall, do not select the option to remove personal data. This
preserves the existing client profile so the new client can use it.
• There is no update to the WatchGuard IPSec VPN Client for Mac OS X.
WatchGuard Training 99
WatchGuard IPSec VPN Client Updates
WatchGuard IPSec VPN Client v12.00 has these updates:• The updated client uses OpenSSL 1.0.1j, which resolves security
deficiencies in prior versions of OpenSSL.
• The client firewall settings include a new option: “Reject Outgoing Traffic”. When you select this check box, the client rejects outgoing traffic and returns an acknowledgement message to the sending application.
WatchGuard Training 1010