Embed Size (px)
Citation preview
What’s New inWhat’s New inFireware XTM v11.5.2Fireware XTM v11.5.2
New Features in Fireware XTM v11.5.2
Major Changes
• FireCluster with XTM 330 appliances
• Mobile VPN with SSL using multiple authentication servers and Active Directory authentication domains
• Application Control HTTP Deny message
• Log and Report Manager advanced search functionality
• Management Server Device Configuration Template changes
WatchGuard Training 22
New Features in Fireware XTM v11.5.2
Minor Changes
• SMTP-proxy TLS encryption rules now limited to a maximum of 200 bytes
• Ability to specify the port used to send email notifications from the Log Server
• Updated list of trusted Certificate Authorities for proxies
• Diagnostic log messages for the Terminal Services Agent and TO Set Tool
WatchGuard Training 33
New Platforms Supported By Fireware XTM v11.5.2
New 2 Series Platforms
• XTM 25, 25-W
• XTM 26, 26-W
New 3 Series Platforms
• XTM 33, 33-W
WatchGuard Training 44
FireClusterFireCluster
5WatchGuard Training
FireCluster on XTM 330
FireCluster is supported on XTM 330 devices with the Pro version of Fireware XTM OS.
All XTM 330 devices are licensed for a Pro version of Fireware XTM OS by default.
WatchGuard Training 66
Mobile VPN with SSLMobile VPN with SSL
Mobile VPN with SSL Support for Multiple Active Directory Domains and Authentication Servers
You can now configure Mobile VPN with SSL to use multiple authentication servers.
The server at the top of the list is the default authentication server.
• To change the default server, select a different server.
• Click Make Default.
When you add Mobile VPN with SSL authentication users and groups, you can select a specific authentication server or Any.
88WatchGuard Training
Mobile VPN with SSL Support for Multiple Active Directory Domains and Authentication Servers
In the Mobile VPN with SSL client, the user can specify the authentication server to use in the Username text box.
• Username is specified servername\username
• Examples: ad1.example.com\j_smith — Use the ad1.example.com Active Directory
domain Firebox-DB\j_smith — Use Firebox-DB for authentication Ldap\j_smith — Use the LDAP server for authentication j_smith — Use the default authentication server
If the user does not specify anauthentication server, Mobile VPN with SSL uses the default authentication server specified in the Mobile VPN with SSL configuration.
99WatchGuard Training
Application ControlApplication Control
Application Control Deny Message
When a proxy or packet filter policy blocks HTTP content that matches an Application Control action, the user who requested the content sees a deny message in the browser.
The content of the deny message is not configurable. The deny message appears for HTTP content only. It does not appear for
HTTPS or any other protocol.
1111WatchGuard Training
Log and Report Manager SearchLog and Report Manager Search
Log and Report Manager Search Enhancements
Log and Report Manager now includes advanced search functionality for log messages.
Start a search from any device page or the main LOGS > Search page.
WatchGuard Training 1313
Log and Report Manager Search Enhancements
Run simple or complex searches to find details in your device log messages.
Four types of search queries are available:
• Any word matches
• All word matches
• Exact word matches
• None matches
Search queries are not case sensitive. Search types and queries can be combined to run complex searches. Search results can be exported to a file that can be used outside of Log
and Report Manager. Search queries can be saved and run again for the same device.
WatchGuard Training 1414
Device Configuration TemplatesDevice Configuration Templates
Device Configuration Template Changes
You can now create a Device Configuration Template from an existing configuration file for a fully managed device.
• Open Policy Manager for a fully managed device and select File > Create Template.
• Configuration options that are not available in templates are automatically removed when the configuration file is saved as a new template.
When template objects are specified for deletion, any links to those objects are removed when the template is applied to a device.
When a template is in manual order mode and a fully managed device is in manual order mode, the policy order that you specify in the template is maintained when the template is applied to the device.
WatchGuard Training 1616
Device Configuration Template Changes
In a template, you can now select the WatchGuard hosted WebBlocker server option for the WebBlocker server.
When the WatchGuard hosted WebBlocker server option is selected, the template can only be applied to XTM 2 Series and XTM 33 devices.
WatchGuard Training 1717
Other Minor FeaturesOther Minor Features
TLS Encryption, Log Server Notification Port, and Certificate Authority List
Rules for TLS Encryption now have a maximum length of 200 bytes.
• Configure a proxy action for the SMTP-proxy and select the TLS Encryption category.
• STARTTLS rules that you add can include no more than 200 bytes.
The port the Log Server uses to send email notifications can now be specified when you add the SMTP server information on the Log Server > Notification page in WSC.
• Type the address of the SMTP server and include the port: smtp.mydomain.com:<port number>
The Certificate Authority List has been updated with all the current CAs recognized by the XTM device.
• Updated certificates are available on your computer when you install WSM: Windows 7 — C:\ProgramData\WatchGuard\wgca\certs Windows XP — C:\Documents and Settings\WatchGuard\wgauth\certs\README
WatchGuard Training 1919
Diagnostic Log Level for the Terminal Services Agent and TO Set Tool
Diagnostic Log Level — Terminal Services Agent & TO Set Tool
From the TO Agent Settings dialog box, you can now set the Log Level for the Terminal Services Agent and the TO Set Tool.
• In the Application section, from the drop-down list, selectTOAgent or TO Set Tool.
• Slide the Settings control to select a log level and click Apply.
Review the log messages for the TOAgent or TO Set Tool: In the Application section, from
the drop-down list, selectTOAgent or TO Set Tool.
• Click View Log to see the log messages for the selected application.
WatchGuard Training 2121
New PlatformsNew Platforms
XTM 25/25-W, XTM 26/26-W
XTM 33/33-W
Form Factor Desktop Desktop
Network Interfaces
5x GbE (RJ45) 5x GbE (RJ45)
Other Interfaces 1x USB1x RJ45 serial
1x USB1x RJ45 serial
Processor Power Architecture Single Core Power Architecture Dual Core
Flash / RAM 256 MB / 512 MB 512 MB / 1 GB
Weight 1.3 U.S. lbs (XTM 25, 26)1.55 U.S. lbs (XTM 25-W, 26-W)
1.3 U.S. lbs (XTM 33)1.55 U.S. lbs (XTM 33-W)
Power Supply 12V/2A 12V/2A
WatchGuard Training
New XTM 2 Series and 3 Series Models
2323
XTM 2 Series and 3 Series Model Upgradeability
XTM 2 Series
• You cannot upgrade an XTM 21, 22, or 23 to an XTM 25 or 26.
• Available upgrades for all 2 Series models: XTM 21/21-W — Model upgradeable to XTM 22/22-W or XTM 23-23-W XTM 22/22-W — Model upgradeable to XTM 23/23-W XTM 23/23-W — Not model upgradeable XTM 25/25-W — Model upgradeable to XTM 26/26-W XTM 26/26-W — Not model upgradeable
XTM 3 Series
• XTM 3 Series models are not model upgradeable.
• XTM 33 and XTM 330 have very different hardware.
WatchGuard Training 2424
THANK YOU!THANK YOU!
