Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v11.10.5.

Published byBathsheba Parker Modified over 8 years ago

Similar presentations

Presentation on theme: "Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v11.10.5."— Presentation transcript:

1 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v11.10.5

2 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in v11.10.5  New Features and Enhancements WatchGuard AP300 – AP firmware availability after upgrade – Fast Handover – Band Steering – Fast Roaming – Client Limits for each radio Wireless Scan Interval Wireless Event Alarms View Wireless Client Host Name and IP Address APT Blocker Support for the POP3-proxy Default Firebox Certificate Updates 3G/4G Modem Support – Support for Novatel U620L USB modem Send Log Messages for Reports for Packet Filter Allowed Traffic 2

3 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard AP300  Features: Concurrent 3x3 MIMO (Multiple Input Multiple Output) capability Dual radios for 2.4GHz and 5GHz 802.11ac capability on 5GHz, including 20/40/80MHz channel widths Auto channel selects more diverse channels on the 2.4GHz band 3

4 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training WatchGuard AP300  Requires Fireware OS v11.10.5 or higher  AP300 Firmware version — 2.0.0.1  LED indicator behavior changes (different than AP100, AP102, AP200): Power and wireless indicators alternately flash green — AP device is powered on and ready to be paired Power indicator slowly flashes green — A firmware upgrade is in progress 4

5 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training AP Firmware Availability after Upgrade  If you upgrade your Firebox to Fireware OS v11.10.5 from v11.10.3 or lower, the Firebox will not have the current AP firmware installed and available for all AP device models Starting in v11.10.4, AP device firmware is installed in a different partition on the Firebox because of increasing firmware image sizes Because of this change, when you upgrade to Fireware v11.10.5, you must run the upgrade process twice to correctly install the latest AP firmware on your Firebox.  AP device firmware is also not available after a factory reset of a Firebox. If you reset your Firebox, you must use the process to upgrade your Firebox to Fireware v11.10.5 again. 5

6 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Fast Handover  Encourages wireless clients that are roaming between WatchGuard AP devices to disconnect from their current AP devices and connect to an AP device with a stronger signal  Prevents wireless clients from maintaining their current AP device connection, even when the signal degrades as the wireless client moves farther away  Uses the RSSI (Received Signal Strength Indicator) as a threshold to indicate when a client should be encouraged to move to an AP device with a stronger RSSI level 6

7 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training  Fast Handover is only supported on WatchGuard AP300 devices  Configured on the general Access Point Settings tab  Disabled by default Fast Handover 7

8 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Fast Handover  Wireless clients can have very different RSSI strengths depending on the manufacturer; you must set your RSSI threshold accordingly  Fast Handover will disconnect a client when RSSI threshold is reached Check your environment to make sure APs are in range for handover based on your thresholds  We recommend that you only enable Fast Handover for AP devices in high-traffic density areas  Do not enable Fast Handover on adjacent AP devices that also have the Band Steering feature enabled Clients steered to the 5GHz band might have a drop in RSSI strength that can result in disconnections because of the Fast Handover RSSI threshold 8

9 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Band Steering  Encourages dual-band clients to move from 2.4GHz to 5GHz  Helps reduce congestion on the more widely-used 2.4GHz radio spectrum  Configured on the Access Point Settings tab  Disabled by default 9

10 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Band Steering  Only supported on WatchGuard AP300 devices  The same SSID and security mode must be configured on both 2.4GHz and 5GHz radios to enable wireless clients to switch frequency bands  Do not enable if the Fast Handover feature is enabled: Switching to the 5GHz band can result in a loss of RSSI strength for the client Disconnections because of the Fast Handover RSSI threshold can occur 10

11 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Band Steering  Band Steering is usually not required in an environment where most wireless devices are newer devices that are already optimized to choose the 5GHz band  In some cases, Band Steering can cause connectivity issues with older, legacy wireless clients that only support 2.4GHz  For these devices, we recommend that you disable Band Steering or have clients manually connect to the SSID 11

12 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Fast Roaming  Fast Roaming enables a wireless client to quickly handover wireless communications as it moves from one WatchGuard AP device to another  Helps provide a seamless communications transition and improves performance and stability of streaming-intensive applications such as VoIP and video streaming as you roam  Fast Roaming works by decreasing the re-authentication time for WPA2-Enterprise authentication for a wireless client on an SSID 12

13 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Fast Roaming  Configured in the security settings for an SSID  Only supported on WatchGuard AP300 devices  Disabled by default  Can only be enabled for WPA/WPA2 Enterprise mixed or WPA2-Enterprise protected SSIDs  Wireless client must support the 802.11k and 802.11r standards 13

14 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Client Limits Per Radio  Limit the number of concurrently-connected client devices for a specific radio on AP300 devices  Applied as a global limit for all configured SSIDs on a radio  Default is unlimited  You can specify a limit from 1 to 127 14

15 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Wireless Scan Interval  Configure the interval for automatic wireless scans for Wireless Deployment Maps and Rogue Access Point detection  Default is 1 hour  Increase the automatic scan interval to reduce wireless traffic and resource usage from scanning the wireless network 15

16 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Wireless Event Alarms  Enable alarms to notify you when these wireless events occur: An AP device goes offline – Causes include: network disruption, power loss, and firmware upgrades A rogue AP is detected  Configure notifications for alarms on the Notifications tab 16

17 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training View Wireless Client Hostname & IP Address  On the Dashboard > Gateway Wireless Controller > Wireless Clients page, if the clients connected to your AP device use the Firebox as a DHCP server, you can see the Hostname and IP Address of the wireless clients connected to your AP device 17

18 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training View Wireless Client Hostname & IP Address  To see more information about a wireless client, click the IP address to view the client in FireWatch or Traffic Monitor 18

19 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training View Wireless Client Hostname & IP Address  If your Firebox is a wireless model, on the System Status > Wireless Statistics page, if the clients connected to your wireless Firebox use the Firebox as a DHCP server, you can see the Hostname and IP Address of the wireless clients connected to your Firebox 19

20 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Other Wireless Enhancements  Automatic AP device firmware upgrades now occur from 00:00 (midnight) to 04:00 based on the local time of the Firebox You can manually upgrade an AP device at any time  Default 2.4Ghz mode is now 802.11g/n  TKIP-only mode support has been removed from the SSID security settings TKIP is still available in mixed TKIP or AES mode  Hotspot guest account authentication is now performed over HTTP to prevent web browser HTTPS certificate warnings 20

21 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training APT Blocker Support for the POP3-proxy  You can now enable APT Blocker for a POP3-proxy policy  Before you can enable APT Blocker for the POP3-proxy, you must enable Gateway AntiVirus on your Firebox  The Drop, Block, and Quarantine actions strip the attachment before the message is delivered 21

22 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Default Firebox Certificate Upgrades  SHA-1 is being deprecated by many popular web browsers, and WatchGuard recommends that you now use SHA-256 certificates  New certificate signing requests (CSR) now use SHA-256 as the default signature hash algorithm  Newly generated default Firebox certificates use the SHA-256 algorithm with a 2048-bit key length  Default certificates are not automatically upgraded after you install Fireware v11.10.5 To upgrade and regenerate any default Firebox certificate to use SHA-256 and a 2048-bit key length, delete the certificate and reboot the Firebox You can also use the CLI to manually upgrade specific certificates 22

23 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Default Firebox Certificate Upgrades  The Proxy Server certificate is used for inbound HTTPS with content inspection and SMTP with TLS inspection. The Proxy Authority certificate is used for outbound HTTPS with content inspection. The two certificates are linked because the default Proxy Server certificate is signed by the default Proxy Authority certificate.  You can upgrade the default Proxy Authority and Proxy Server certificates with the Fireware CLI. After you upgrade, you must redistribute the new Proxy Authority certificate to your clients. Without the new certificate, users will receive web browser warnings when they browse HTTPS sites, if content inspection is enabled. There are special considerations if you use a third-party Proxy Server certificate: – The CLI command will not work unless you first delete the Proxy Authority certificate. The CLI command will regenerate both the Proxy Server and Proxy Authority default certificates. – If you originally used a third-party tool to create the CSR, you can simply re- import your existing third-party certificate and private key. – If you originally created your CSR from the Firebox, you must create a new CSR to be signed, and then import a new third-party certificate. 23

24 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Default Firebox Certificate Upgrades  To upgrade the default Proxy Authority and Proxy Server certificates for use with HTTPS content inspection, you can use the CLI command: upgrade certificate proxy  To upgrade the Firebox web server certificate, use the CLI command: upgrade certificate web  To upgrade the SSLVPN certificate, use the CLI command: upgrade certificate sslvpn  To upgrade the 802.1x certificate, use the CLI command: upgrade certificate 8021x 24

25 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training 3G/4G Modem Support  New 3G/4G USB modem supported for modem failover Modem — Novatel U620L modem Carrier — Verizon 25

26 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Log Messages for Reports  For traffic that is allowed through Packet Filter policies, you can now enable the Firebox to send log messages that are only used in reports  These log messages do not appear in Traffic Monitor or Log Manager  To see log messages in Traffic Monitor or Log Manager from a Firebox that runs Fireware OS v11.10.5 or higher, you must also select the Send a log message check box 26

27 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Send Log Messages for Reports  To enable your Firebox to send log messages that are included in reports: 1. Add or edit a packet filter policy 2. Select Logging > Send log message for reports 27

28 Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Thank You! 28

Download ppt "Copyright ©2015 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v11.10.5."

Similar presentations

Whats New in Fireware XTM v11.5.2. New Features in Fireware XTM v11.5.2 Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.

Whats New in Fireware XTM v New Features in Fireware XTM v Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.
What’s New in Fireware XTM v11.3.4

What’s New in Fireware XTM v11.3.4
Introduction to the WatchGuard AP Device

Introduction to the WatchGuard AP Device
What’s New in Fireware XTM v11.7.3

What’s New in Fireware XTM v11.7.3
What’s New in Fireware XTM

What’s New in Fireware XTM
What’s New in Fireware XTM v11.3.2

What’s New in Fireware XTM v11.3.2
What’s New in Fireware XTM v11.8.3

What’s New in Fireware XTM v11.8.3
What’s New in Fireware XTM v11.9.1

What’s New in Fireware XTM v11.9.1
What’s New in WatchGuard Dimension v1.2

What’s New in WatchGuard Dimension v1.2
Application Guide For Mesh AP – MAP-3120

Application Guide For Mesh AP – MAP-3120
DSL-2730B, DSL-2740B, DSL-2750B.

DSL-2730B, DSL-2740B, DSL-2750B.
Filtering and Security By Mohammad Shanehsaz June 2004.

Filtering and Security By Mohammad Shanehsaz June 2004.
Altai Certification Training Operation & Maintenance

Altai Certification Training Operation & Maintenance
DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.

DSL-2870B How to Change ADSL Username and Password in your modem router How to Change Wireless Channel in your modem router How to Open Ports in your modem.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Updated for Fireware XTM v11.9.4

Updated for Fireware XTM v11.9.4
© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0—5-1 111 © 2003, Cisco Systems, Inc. All rights reserved.

© 2003, Cisco Systems, Inc. All rights reserved. FWL 1.0— © 2003, Cisco Systems, Inc. All rights reserved.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
1 Configuring Linksys Wireless Router Prof. Valencia Community College.

1 Configuring Linksys Wireless Router Prof. Valencia Community College.
1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.

1. A router is a device in computer networking that forwards data packets to their destinations, based on their addresses. The work a router does it called.

Similar presentations

Ads by Google