Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v11.11.1.

Published byGregory Kelly Modified over 7 years ago

Similar presentations

Presentation on theme: "Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v11.11.1."— Presentation transcript:

1 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v11.11.1

2 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v11.11.1  All HTTP Request and Response header rules now allowed in predefined HTTP and Explicit Proxy actions  SSLv2 support removed from HTTPS/SMTP proxies and other proxy enhancements  See passphrases set for managed devices from the Management Server  New ciphers for managed security templates  Dashboard > Interfaces Enhancements 2

3 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v11.11.1  See Application Control statistics in Fireware Web UI and Firebox System Manager  See status of rogue AP detection in Policy Manager 3

4 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training HTTP Request & Response Rules Allowed  In previous versions of Fireware OS, the default HTTP proxy action would only allow a limited list of HTTP headers in HTTP Request and HTTP Response messages  Any header not present in this list would be stripped by the HTTP proxy  Stripping unknown headers was designed to limit the amount of information leaked by a client or a server protected by the HTTP proxy, such as the operating system or software versions  Many modern websites use custom HTTP “X-” headers, and the default action stripped these custom headers from an HTTP Request or Response message affecting the usability of these websites 4

5 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training HTTP Request & Response Rules Allowed  All HTTP Request and Response header rules in the predefined HTTP-Client.Standard and Explicit-Web.Standard proxy actions are now disabled and the If matched and None matched actions are both set to Allow  This configuration enables you to choose what headers you want to block or allow and prevents the default configuration from blocking legitimate traffic 5

6 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training HTTP Request & Response Rules Allowed 6

7 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training SSLv2 Removed from HTTPS/SMTP Proxies  In previous versions of Fireware OS, to maintain compatibility with legacy systems, you could enable SSLv2 support when you configured an HTTPS or SMTP proxy action with content inspection enabled  SSLv2 is an older protocol that contains several known security vulnerabilities  To maintain the best security standards, as of Fireware OS v11.11.1, you can no longer select SSLv2 in the HTTPS and SMTP proxies when you enable content inspection  If you still need to enable SSLv2 support in the HTTPS proxy for legacy systems, you must use Polices by Domain Name (FQDN) to bypass the HTTPS Proxy with a separate HTTPS policy 7

8 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Other Proxy Enhancements  The FTP Proxy now sends an error response to the client when the action is Block, Drop, or Deny In previous versions, a response was only sent for a Deny action  In Policy Manager, the If Matched action menu now appears in the Simple View of the Mail From and Rcpt To sections of the SMTP Proxy Action settings 8

9 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training See Passphrases for Managed Devices  Users with Device Administrator credentials can select to see the passphrases configured for managed devices, when they log in to the WSM Management Server  Connect to the Management Server, view the properties for a managed device, and select the Show Passphrase check box 9

10 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training See Passphrases for Managed Devices  The Status Passphrase, Configuration Passphrase, and Shared Secret are unmasked 10

11 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training New Managed Security Template Ciphers  In previous versions of WSM, the Management Server included three pre-defined Security Templates for Managed VPN tunnels  WSM v11.11.1 adds two new default Security Templates to provide stronger security options for Managed VPN tunnels  Both new templates provide stronger encryption and authentication, with these ciphers: Encryption — AES-256 Authentication — SHA-1 or SHA-256 Perfect Forward Secrecy (PFS) — Diffie-Hellman group 5 11

12 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training New Managed Security Template Ciphers  The Phase 1 & Phase 2 Ciphers for managed Security Templates have been updated to use the SHA1-AES256-DH5 and SHA2-AES256-DH5 encryption algorithms  New installations of the WSM Management Server include these encryption algorithms in these new Security Templates: SHA1-AES256-DH5 (Predefined) SHA2-AES256-DH5 (Predefined) The Medium, Medium with Authentication, Strong with Authentication templates are not included in new installations  Upgraded installations of the Management Server keep all existing Security Templates and include the new templates after the upgrade process completes 12

13 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training New Managed Security Template Ciphers  New Management Server installations include only the new Security Templates, which have a red key icon in the Security Templates tree 13

14 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training New Managed Security Template Ciphers  Upgraded Management Server installations include both the new and old Security Templates New templates have a red key icon in the Security Templates tree Previous version templates have a gold key icon in the Security Templates tree 14

15 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training New Managed Security Template Ciphers 15

16 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Dashboard > Interfaces Enhancements  The Fireware Web UI System Status > Interfaces > Detail page includes these changes: New Link Speed column The IPv4 Address column now includes both the IPv4 address and the network mask in this format: For example, 10.139.44.155/20 The order of the columns on the Interfaces page has been changed to: Link Status, Enabled, Multi-Wan, Alias, Name, Zone, IPv4 Address, Gateway, MAC Address, Link Speed 16

17 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Dashboard > Interfaces Enhancements 17

18 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Dashboard > Interfaces Enhancements The details dialog box for each interface now includes the Link Speed information, as well as the IPv4 address in this format: 18

19 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Dashboard > Interfaces Enhancements  The Multi-WAN status appears on the Interfaces > Detail page when more than one External interface is configured on your Firebox 19

20 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training See Application Control Statistics  You can now see these statistics for Application Control in Fireware Web UI and Firebox System Manager: Installed version of Application Control signatures Date that Application Control signatures were last updated Latest available version of Application Control signatures Number of scans performed Number of applications detected by Application Control scans Number of applications blocked by Application Control scans  Statistics are reset when the Firebox restarts 20

21 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training See Application Control Statistics  Fireware Web UI Application Control statistics appear in the Application Control widget on the Dashboard > Subscription Services page Application Control signatures can be updated from the widget 21

22 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training See Application Control Statistics  Firebox System Manager Application Control statistics appear in the Application Control Service section of the Subscription Services tab Application Control signatures can be updated from the section 22

23 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training See Application Control Statistics You can also see the Application Control and IPS signature update history and the list of signatures on your Firebox 23

24 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training See Status of Rogue AP Detection in PM  In Policy Manager, you can now see the status of rogue AP device detection on the Gateway Wireless Controller SSIDs tab 24

25 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training Thank You! 25

26 Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training

Download ppt "Copyright ©2016 WatchGuard Technologies, Inc. All Rights Reserved WatchGuard Training What’s New in Fireware v11.11.1."

Similar presentations

Whats New in Fireware XTM v11.5.2. New Features in Fireware XTM v11.5.2 Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.

Whats New in Fireware XTM v New Features in Fireware XTM v Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.
What’s New in Fireware XTM v11.3.4

What’s New in Fireware XTM v11.3.4
Introduction to the WatchGuard AP Device

Introduction to the WatchGuard AP Device
What’s New in Fireware XTM

What’s New in Fireware XTM
What’s New in Fireware XTM v11.3.2

What’s New in Fireware XTM v11.3.2
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
What’s New in Fireware XTM v11.8.3

What’s New in Fireware XTM v11.8.3
What’s New in Fireware XTM v11.9.1

What’s New in Fireware XTM v11.9.1
What’s New in WatchGuard Dimension v1.2

What’s New in WatchGuard Dimension v1.2
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
What’s New in WatchGuard XCS 10.0 Update 2 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 2 WatchGuard Training.
What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 3 WatchGuard Training.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
What’s New in Fireware XTM v11.8.1 WatchGuard Training.

What’s New in Fireware XTM v WatchGuard Training.
1 Enabling Secure Internet Access with ISA Server.

1 Enabling Secure Internet Access with ISA Server.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.

1 Advanced Application and Web Filtering. 2 Common security attacks Finding a way into the network Exploiting software bugs, buffer overflows Denial of.
1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.
Course 201 – Administration, Content Inspection and SSL VPN

Course 201 – Administration, Content Inspection and SSL VPN

Similar presentations

Ads by Google