Presentation is loading. Please wait.

Presentation is loading. Please wait.

What’s New in Fireware XTM v11.7.3

Similar presentations

Presentation on theme: "What’s New in Fireware XTM v11.7.3"— Presentation transcript:

1 What’s New in Fireware XTM v11.7.3
WatchGuard Training

2 New & Updated Features in Fireware XTM & WSM v11.7.3
XTMv on Hyper-V WatchGuard AP device enhancements MAC access control whitelist AP device monitoring enhancements Station isolation No automatic AP device reboot after AP configuration change See the AP device radio used by each wireless client Set source IP address in static NAT and server load balancing actions 3G / 4G modem support for failover WatchGuard Training

3 New & Updated Features in Fireware XTM & WSM v11.7.3
Quarantine Server end-user web UI improvements New Websense categories Configurable syslog server port Set the diagnostic log level for the Gateway Wireless Controller Updated hotspot policies Log off hotspot user sessions Send device feedback to WatchGuard WatchGuard Training

4 XTMv on Hyper-V WatchGuard Training

5 XTMv on Hyper-V Fireware XTM v continues to support for XTMv on vSphere ESXi 4.1 and 5.0. In v11.7.3, support is added for XTMv on Microsoft Hyper-V hypervisors. Windows Server 2012 with a Hyper-V role Hyper-V Server 2012 Windows Server 2008 R2 with a Hyper-V role Hyper-V Server 2008 R2 WatchGuard Training

6 XTMv Editions and Licensing
The four XTMv device editions are the same on VMware and Hyper-V. The recommended resource requirements and feature key limits for each edition are the same for XTMv, whether it is deployed on VMware or Hyper-V. Product CPU (Min rec) Memory (Min rec) Feature Key Limits Small Office Edition 1 Core 1 GB 200 Mbps throughput 50 VPN Tunnels 30K Connections 10 Interfaces Medium Office Edition 2 Cores 2 GB 2.5 Gbps throughput 600 VPN Tunnels 350K Connections Large Office Edition 4 Cores 4 GB 5 Gbps throughput 6K VPN Tunnels 1M Connections Datacenter Edition 8 or more Cores 4 GB or more Unlimited throughput 10K VPN Tunnels 2.5M Connections WatchGuard Training

7 XTMv on Hyper-V — Limitations for Hyper-V (not ESXi)
The maximum number of configurable interfaces for an XTMv virtual machine (VM) in a Hyper-V environment is eight. Hyper-V supports two types of virtual adapters: Network adapters (Hyper-V supports a maximum of 8) Legacy network adapters (Hyper-V supports a maximum of 4) XTMv does not support the use of legacy network adapters. You must assign a minimum of two network adapters to an XTMv VM. The number of network adapters you add to your XTMv VM determines the number of interfaces you can configure. These networking features are not supported for XTMv on Hyper-V because they require the virtual adapter to be configured in promiscuous mode, which is not supported in Hyper-V: Bridge mode network configuration Network bridge Mobile VPN with SSL with the Bridged VPN Traffic setting WatchGuard Training

8 XTMv Software Distribution and Installation on Hyper-V
For Hyper-V, XTMv is distributed as a zipped Virtual Hard Disk (.vhd) file. The file name inside the zip file is xtmv_<xtm-version>.vhd. Copy the .zip file to the Windows server where Hyper-V is installed. Extract the .vhd file from the .zip file. You cannot use the same .vhd file for more than one virtual machine. To deploy multiple XTMv virtual machines: Save a copy of the unzipped .vhd file with a unique name for each XTMv VM. When you add the VM in Hyper-V, select a different .vhd file for each XTMv VM. To install an XTMv VM on Hyper-V: Use the Hyper-V New Virtual Machine Wizard to add the XTMv VM. Add network adapters to the XTMv VM. Power on the XTMv VM. Use the Fireware XTM Web Setup Wizard to set up a basic configuration file. Allocate additional resources to the XTMv VM. WatchGuard Training

9 WatchGuard AP Enhancements
WatchGuard Training

10 AP MAC Access Control Whitelist
The MAC Access Control now supports two MAC Access Control lists: Denied MAC Addresses (blacklist) Allowed MAC Addresses (whitelist) Configure MAC access control in the Gateway Wireless Controller settings In each SSID, enable MAC access control and select which list to use. WatchGuard Training

11 AP Device Station Isolation
You can now enable station isolation in the SSID configuration. Station isolation prevents direct communication between wireless clients connected to the SSID on the same AP radio. It does not prevent direct communication between wireless clients on different radios or different AP devices, even if they connect to the same SSID. We recommended you enable station isolation for wireless guest networks, where the wireless clients should not trust each other. WatchGuard Training

12 AP Device Monitoring The LiveSecurity column shows the AP device activation status. Click Network Statistics to see these network statistics for the selected AP device: Interface statistics Routing table ARP table WatchGuard Training

13 AP Device Radio Used by Wireless Clients
The Gateway Wireless Controller now includes a column that shows the radio channel on the AP device that is used by each wireless client. Select the Wireless Clients tab in the Gateway Wireless Controller. WatchGuard Training

14 AP Device Configuration Update Without a Reboot
Paired AP devices no longer automatically reboot after you save an AP configuration change to the XTM device. WatchGuard Training

15 Other Enhancements WatchGuard Training

16 Set Source IP Address in SNAT Actions
You can now set the source IP address in SNAT actions. In a server load balancing SNAT action you can set one source IP address for all servers. In a static NAT action you can set one source IP address for each server. WatchGuard Training

17 3G / 4G Modem Failover In the Modem Configuration on XTM 2 Series, 3 Series, and 5 Series devices, you can now enable 3G/4G modem support. When you enable 3G/4G modem support: The telephone number is set to *99# by default. All other account settings are optional. The telephone number and account settings required to connect vary by wireless carrier. WatchGuard tested these 3G/4G modems: ZTE MF683 (T-Mobile Rocket 3.0 4G) Franklin U602 (Sprint 3G/4G Plug-in-Connect USB) Sierra Wireless AirCard 250U (Sprint 3G/4G USB 250U) WatchGuard Training

18 Updated UI for User Quarantine Message Management
The options in the Quarantine message management UI have been improved. Send to Mailbox — Releases the selected messages from quarantine and sends them to the recipient. Delete Selected — Deletes the selected spam or virus messages for this user from the Quarantine Server. Delete All — Deletes all spam and virus messages for this user from the Quarantine Server. WatchGuard Training

19 New Websense Categories
Added two new Websense security categories: Compromised Websites ID — 220 Description — Site whose code indicates possible alteration by an external third-party to include hidden links, scripts, or iframe tags that download or redirect the user to malicious or unwanted content. Newly Registered Websites ID — 221 Description — Sites with a recently registered domain name. WatchGuard Training

20 Specify a Syslog Server Port
You can now specify the port for connections to a syslog server. The default port (514) always appears as the default setting. WatchGuard Training

21 Set the Log Level for the Gateway Wireless Controller
When you configure the Diagnostic Log Level settings for your XTM device, you can specify the log level for the Gateway Wireless Controller. In Policy Manager, select the Networking category and select a log level for the GWC option. WatchGuard Training

22 Set the Log Level for the Gateway Wireless Controller
In Fireware XTM Web UI, select System > Diagnostic Log, and select a log level for the Gateway Wireless Controller option in the Networking section. WatchGuard Training

23 Updated Hotspot Policies
When you enable a hotspot on your XTM device, these policies are automatically added to your configuration file: Allow External Web Server — Allows TCP connections from users on the guest network to the external web server IP address and the port you use for hotspot external guest authentication. Allow Hotspot Session Mgmt — Allows connections from the external web server IP address to the XTM device. Allow Hotspot-Users — Allows connections from the hotspot to addresses external to the XTM device. WatchGuard Training

24 Log Off Hotspot User Sessions
When a hotspot is configured for external guest authentication, the external hotspot authentication server can send a logoff URL to the XTM device to terminate a user hotspot session. The logoff URL includes the MAC address of the user hotspot session to log off, and the shared secret configured in the hotspot settings on your XTM device. Each logoff URL sent to the XTM device can log off only one session at a time. WatchGuard Training

25 Device Feedback The XTM device can now send device feedback to WatchGuard. Device feedback includes information about how your device is used, but does not include information about your company, or company data. The device feedback option is enabled by default. You can enable or disable device feedback in the Global Settings in your XTM device configuration files and device configuration templates, or in the Web Setup and Quick Setup wizards. WatchGuard Training

26 Thank You! WatchGuard Training

Download ppt "What’s New in Fireware XTM v11.7.3"

Similar presentations

Ads by Google