Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presenter Date What’s New in WSM 10 and Fireware 10.

Similar presentations


Presentation on theme: "Presenter Date What’s New in WSM 10 and Fireware 10."— Presentation transcript:

1 Presenter Date What’s New in WSM 10 and Fireware 10

2 2 What’s New in WSM/Fireware 10 WSM 10 Overview New in WSM 10 New SQL-based logging and reporting architecture WatchGuard Management Server enhancements Firebox System Manager enhancements New help system with search and Table of Contents

3 3 What’s New in WSM/Fireware 10 Fireware 10 Overview New in Fireware 10 Mobile VPN with SSL New proxies for VoIP support New TCP/UDP proxy for multiple protocol detection Enhancements to security subscriptions Single Sign-On More integration with LiveSecurity BOVPN and Mobile VPN with IPSec enhancements New notifications Networking enhancements

4 New in WSM 10

5 5 New Logging and Reporting Architecture

6 6 The new logging and reporting architecture includes: New SQL-based Log Server Totally redesigned LogViewer application New Report Server New Report Manager (replaces Historical Reports) New Logging and Reporting Architecture Overview One change to the WatchGuard Toolbar: New Report Server icon

7 7 New Logging and Reporting Architecture About the SQL Database Uses PostgreSQL Postgres is installed during either: Log Server Setup Wizard Report Server Setup Wizard The server you set up first (Report Server or Log Server) installs Postgres Because Postgres does not install over an RDP session, do not run the Log Server or Report Server Setup Wizard over RDP PostgreSQL installation creates the data directory and its structure There is no UI option to change the location of the data directory after Postgres is installed Installs a non-admin user account watchguard_pg_user Do not alter this account; it is for the Postgres service In this release, you must use command line for: Importing old XML log files into the database Restoring a backup of the database

8 8 Advantages to using SQL database for logs Much more scalable Logs from multiple appliances now stored in one database No more discrete XML log files Faster and more powerful log file search Faster report generation Report can be run on data stored in different Log Servers Automatic maintenance jobs are user-configurable: Automatic daily deletion of old logs Automatic daily backup New Log Server SQL-based

9 9 New Log Server Log Server Setup Wizard Click once on the Log Server icon to start the Log Server Setup Wizard

10 10 New Log Server Setup Wizard PostgreSQL is installed and the database directory is created when you run either: The Log Server Setup Wizard or The Report Server Setup Wizard

11 11 New Log Server Setup Wizard Pay close attention to this screen of the Setup Wizard To change the log data directory after PostgreSQL is installed, you must run the Setup Wizard again.

12 12 New Log Server - Admin User Interface Configure the Log Server To configure the Log Server, left-click once on the Log Server icon in the WatchGuard toolbar. Or, right-click and select Configure

13 13 New Log Server - Log Server Configuration Server Settings Tab The Log Server can send notifications about itself to this address. Firebox Event Notifications also go to this address

14 14 New Log Server - Log Server Configuration Expiration Settings Tab Automatically purge old logs Automatically back up logs Send appliance notifications

15 15 New Log Server - Log Server Configuration Logging/Monitoring Settings tab All Firebox appliances that send logs show here Send log messages about the Log Server itself to: The Windows Event Viewer A text file

16 16 New LogViewer Total Redesign for Maximum Usability All-new enhanced LogViewer gives powerful new features

17 17 New LogViewer Launch and Connect to a Log Server Start LogViewer from the WatchGuard System Manager. Then, connect to a Log Server.

18 18 New Log Viewer Select the appliance or server to view logs Select one or more devices to see their logs All devices logging to this Log Server (including other servers) show here Report Server and Management Server can also send logs to Log Server!

19 19 New LogViewer Arrange the windows for the different devices’ logs Cascade the windows Or tile them

20 20 New Log Viewer Category View View: All logs Only traffic logs Only alarms Only events Only debug logs Only bandwidth statistics messages

21 21 New LogViewer Date Range View Select a preconfigured range Or make a custom time filter

22 22 New LogViewer – Search String Search Simple string search is very useful Search for: An IP address Blocked sites / blocked ports All messages with a key word, for example: IKE Type of or HTTP header A username

23 23 New Log Viewer – Search Put context to the message When Search finds an interesting log message, you can show the log messages before and after it. Right-click the message and select Show Log Excerpt Or press F5 You see 50 messages before and after the target log message

24 24 New LogViewer Preferences Store general preferences Your primary Log Server How many messages before and after the target in Log Excerpt How many searches to remember

25 25 New LogViewer Preferences Store viewing preferences Default log type Font size Which columns to display for the different log types

26 26 New LogViewer Search Manager Tools  Search Manager Create powerful searches and save them for later use Advanced Search shows why a SQL database is better

27 27 New LogViewer Multiple export options Export logs as: CSV (comma- separated value) file HTML page PDF XML file Instantly logs as: CSV file PDF Select and copy as plain text

28 28 New Report Server - Overview What it does Collects and presents log data Periodic collection from Log Server Periodic generation of reports Provides reports to Report Manager via XMLRPC Reports are immediately viewable and automatically refresh

29 29 New Report Server - Overview What It Does Log Data Log Server Consolidated Log Data Reports

30 30 New Report Server – Configuration Expiration Settings tab Server Settings tab is identical to same tab in Log Server Expiration Settings tab: Automatically delete old reports Turn on notification of events about the Report Server itself

31 31 New Report Server – Configuration Report Generation tab Tell the Report Server where to get data This is the server management passphrase, not the log encryption key!

32 32 New Report Manager Overview Report Manager is the client application that connects to the Report Server Replaces old Historical Reports The left-hand pane shows the available reports The right-hand pane is a browser (based on Internet Explorer) showing the selected report

33 33 New Report Manager Launch and Connect to a Report Server Start Report Manager from WSM. Then, connect to a Report Server.

34 34 Report Server Available Reports Denied Packet Summary Denied Packet Detail Incoming Outgoing SMTP Summary SMTP Server Summary SMTP Detail SPAM Summary Firebox Statistics POP3 Summary POP3 Detail Alarms Packet Filter Host Summary Proxy Host Summary HTTP Most Popular Domain HTTP Summary HTTP URL Detail IPS Packet IPS Summary and its detail subreports: Protocol Severity Source Signature AV Summary and its detail subreports: Protocol Host Virus Sender WebBlocker Detail Reports carried forward from earlier Historical Reports:

35 35 Report Server Available Reports New Reports in 10: HTTP Most Active Client Web Surfing External Interface Bandwidth Report Management Server Audit Trail Management Server Audit Trail Detail Management Server Authentication BUM “Boxes Under Management”

36 36 Management Server Enhancements

37 37 What’s New in WSM/Fireware 10 Management Server Enhancements - Overview Multi-user support Record locking Configuration passphrase caching Force comments on Config Change Folders with lockout Notification enhancements LiveSecurity Alerts

38 38 Management Server Enhancements Multi-user support Add users on new Users tab of Management Server Configuration

39 39 Management Server Enhancements Multi-user support Management Server user accounts: Admin privileges Can create new user accounts on the Management Server Can administer all devices under management with WSM connection to Management Server Read-Write privileges Can administer all devices under management with WSM connection to Management Server Read-Only privileges Can view all devices under management This user connects to the Management Server in Monitoring Mode

40 40 Management Server Enhancements Multi-user support Users must now provide username and passphrase when connecting Provides audit trail in Management Server report Default account is admin This account uses the server management passphrase This is the same password you used before to connect to your Management Server from WSM

41 41 Management Server Enhancements Record locking and caching passphrases When you bring up Policy Manager for a managed device: WSM prevents others from using Policy Manager for that device when they connect to the Management Server Reduces the chance that conflicting edits are made at the same time by different users Policy Manager automatically enters the device’s configuration passphrase when you save the configuration back to the Firebox No need to remember the configuration passphrases for all your managed devices No need to share managed devices’ configuration passphrases with others For this to work: Firebox you manage must be running Fireware 10 You must launch Policy Manager via a connection to the Management Server (not a connection to the device itself)

42 42 Management Server Enhancements Record locking Connect to Management Server using WSM  Launch Policy Manager for an appliance The device record is locked When a different user connects to the Management Server at the same time: A “Maintenance Alert” shows for that device Policy Manager is not available for that device

43 43 Management Server Enhancements Configuration passphrase caching When you use that instance of Policy Manager to save the configuration, Policy Manager automatically puts the appliance’s configuration passphrase into the entry field When you close Policy Manager (or use it to File > Open a different Firebox) the lock is released

44 44 Management Server Enhancements Force comments Force comments on config change Turn this on in Management Server Configuration Users must add comment when saving config via a connection to Management Server

45 45 Management Server Enhancements Folders with lockout Right-click Management Server and select Add New Folder

46 46 Management Server Enhancements Folders with lockout You can make a VPN between two devices inside the same locked folder You cannot make a VPN tunnel between a device in a locked folder and a device not in the same locked folder Prevent “mistake” VPNs Those can cost the managed security provider $$ and reputation Locked folder has a padlock on the folder’s icon

47 47 Management Server Enhancements Notification enhancements Get notified if a managed device does not contact the Management Server when its DVCP lease expires From: Subject: Notice from Management Server Host: dc01 Time: Fri Feb 08 09:15: Process: 3848:3900 Message: Information (8249), no contact from device with name Miami_X6500e, id , and IP address

48 48 Management Server Enhancements LiveSecurity Alerts WSM displays LiveSecurity broadcasts when you select the Management Server Alerts that will appear: New software updates available WatchGuard vulnerabilities

49 49 Quarantine Server Enhancements

50 50 Quarantine Server Enhancements Quarantine based on virus classification You can now send SMTP mail to the Quarantine Server based on whether Gateway AntiVirus detected a virus

51 51 Quarantine Server Enhancements Quarantine mail based on virus classification You can send SMTP mail to the Quarantine Server based on whether spamBlocker’s Virus Outbreak Detection detected a virus

52 52 Firebox System Manager Enhancements

53 53 What’s New in WSM/Fireware 10 Firebox System Manager Enhancements - Overview Front Panel tab updated for Mobile VPN with SSL Search Traffic Monitor Display logs by type of message Multiple-line select (ctrl-click or shift-click) and copy Select notifications from entire event catalog Service Watch graph by bandwidth

54 54 Firebox System Manager Enhancements Front Panel Tab Mobile VPN with SSL sessions displayed on Front Panel tab

55 55 Firebox System Manager Enhancements Front Panel Tab Log off remote users from Front Panel tab

56 56 Firebox System Manager Enhancements Traffic Monitor Tab Search Traffic Monitor

57 57 Firebox System Manager Enhancements Traffic Monitor Tab View: All logs Only traffic logs Only alarms Only events Only debug logs Only bandwidth statistics messages

58 58 Firebox System Manager Enhancements Traffic Monitor Tab Multiple-line select (ctrl-click or shift-click) and copy

59 59 Firebox System Manager Enhancements Traffic Monitor Tab Select Notifications from Event Catalog Right-click an event in Traffic Monitor Instantly set up notification for the next time that event happens

60 60 Firebox System Manager Enhancements Service Watch Tab Use Service Watch to: Graph the traffic going through each policy by bandwidth See the number of sessions going through each policy

61 61 New Help System

62 62 New Help System Searchable, with Table of Contents

63 63 New in Fireware 10

64 64 Mobile VPN with SSL

65 65 Mobile VPN with SSL Overview PC and Mac compatible – one download page for both

66 66 Mobile VPN with SSL URL for users to get the software URL to authenticate and get the client software: https://[firebox.ip.address]:4100/sslvpn.html Note the /sslvpn.html at the end URL to authenticate only remains the same https://[firebox.ip.address]:4100

67 67 Mobile VPN with SSL Configuration in Policy Manager Simple straightforward configuration Policy Manager: VPN  Mobile VPN  SSL Use any authentication server Specify which WAN users connect to first and second (failover) Allow granular access or access to all connected networks

68 68 New Proxies for VoIP Support

69 69 New Proxies for VoIP H.323 and SIP These proxies work to allow some VoIP/Videoconferencing through the Firebox: SIP Proxy H.323 Proxy H.323 proxy supports NAT-traversal for voice and video traffic H.323 Gatekeeper (“PBX” hosting/trunking) and T.120 multimedia support not in this release. H.323 support is limited to point-to-point connections SIP proxy supports NAT-traversal for voice and video traffic Does not provide the PBX registration capabilities of a typical standalone SIP Registrar-Proxy Must have your own Registrar-Proxy server to route these connections SIP proxy has only been tested with PBX’s located on the external segment of the Firebox (hosted scenario, no trunking).

70 70 New Proxies for VoIP H.323 and SIP Simple to configure SIPH323

71 71 New Proxies for VoIP TFTP Trivial File Transfer Protocol For more than just VoIP Typically for: Sending updates to VoIP devices under management Sending configuration files Sending ROM images or firmware updates TFTP Proxy lets you allow or deny content by matching file name patterns for: Downloads Uploads

72 72 New TCP-UDP Proxy Multiple Protocol Detection TCP-UDP Proxy detects what protocol the traffic is: HTTP HTTPS SIP FTP

73 73 New HTTPS Proxy What it can do HTTPS Proxy Block objectionable HTTPS sites using WebBlocker Allow or deny access to web sites based on Domain Names Fireware matches Domain Name patterns against the Subject field in the web site’s SSL certificate

74 74 Enhancements to Security Subscriptions

75 75 What’s New in WSM/Fireware 10 Enhancements to Security Subscriptions Intrusion Prevention (IPS) Enhancements New signature set Broader range of signatures Botnet protection for servers Updated signature scanning engine Approximately 40% increase in IPS performance Simpler IPS Configuration P2P and IM now integral part of Fireware (no IPS license required) WebBlocker Enhancements Expanded Category List WebBlocker for HTTPS spamBlocker Enhancements Virus Outbreak Detection

76 76 WebBlocker Enhancements 40 Category to 54 Category Mapping 40-Category List name54-Category List name Arts & EntertainmentArtsEntertainment Drugs, Alcohol, TobaccoIllegal DrugsAlcohol & Tobacco Violence Tasteless & Offensive Hacking Spyware Computing & Internet DownloadsRingtones / Mobile Phone Downloads Criminal SkillsCriminal ActivityPhishing & Fraud Glamour & Intimate ApparelIntimate Apparel & Swimwear Fashion & Beauty Government & PoliticsGovernmentPolitics Lifestyle & CultureSociety & CulturePhilanthropic & Professional Organizations Remote ProxiesProxies & TranslatorsPeer-to-Peer NOT REPRESENTEDSpam URLs NOT REPRESENTEDInfrastructure NOT REPRESENTEDBusiness

77 77 Single Sign-On

78 78 Single Sign-On Requirements Only for Active Directory domains Install WatchGuard Authentication Gateway software on a domain computer This computer called the SSO Agent The domain account under which the agent software runs must: Have “Log on as a service” permission granted (for the service to run automatically) Be a member of Domain Admins group (to query PCs running Vista) All domain PCs must allow connections over 139 and 445 Add exceptions to Windows Firewall for File and Printer Sharing, or turn off Windows Firewall

79 79 Single Sign-On Settings IP address of the PC running WatchGuard Authentication Gateway software (the SSO agent) How long the SSO agent should cache responses it gets from PCs it queries IP addresses that the Firebox will not ask about Policy Manager: Setup  Authentication  Authentication Settings

80 80 Single Sign-On How it works 1 Firebox sees traffic come from a trusted or optional or VLAN interface SSO does not work for traffic coming from an external interface Firebox sends query to SSO agent (PC running WatchGuard Authentication Gateway software) This is a port 4114 connection. Command is get user SSO agent checks its cache. If it has an entry for this IP address, it returns an answer to the Firebox If not in cache, SSO agent queries that IP address Uses Windows NetWkstaUserEnum() call Windows Networking connection over port 139 and/or 445 If SSO agent PC gets no reply, send error message to Firebox The IP address is not added to authentication list

81 81 Single Sign-On How it works 2 SSO agent sends query to Active Directory server to find what groups the user is a member of PC returns answer to SSO agent. There can be more than one answer SSO agent uses only the first answer it gets from the PC Firebox puts,, and in its internal list of authenticated users Authentication List tab of Firebox System Manager displays the IP address and user name of authenticated users Active Directory returns all values of memberOf attribute tied to that user object SSO agent PC returns answer to Firebox User name logged in to that PC and groups of which the user is a member

82 82 Single Sign-On How it works 3 Use user names and Active Directory groups in your policies to restrict access

83 83 BOVPN and Mobile VPN with IPSec Enhancements

84 84 What’s New in WSM/Fireware 10 VPN Enhancements Selective Auto-start of BOVPN Tunnels Dead Peer Detection Mobile VPN with IPSec Policies More Configurable Notification of BOVPN Events

85 85 VPN Enhancements Selective auto-start of BOVPN tunnels At the bottom of the General Settings tab of the Gateway

86 86 VPN Enhancements Mobile VPN with IPSec more configurable You can now edit the Mobile VPN/IPSec policy to change the allowed access. The policy is no longer tied to the “allowed resources” assigned to the Mobile VPN/IPSec Group

87 87 VPN Enhancements Dead Peer Detection On the Phase 1 Settings tab of the Gateway

88 88 VPN Enhancements Notification of BOVPN events VPN > VPN Settings > BOVPN Notification button

89 89 New Notification Options

90 90 New Logging and Reporting Architecture Notification enhancements SNMPv3 Support New WebBlocker Alarm Options The Firebox can now send notifications for: Multi-WAN Events BOVPN Down Lost contact with WebBlocker Server

91 91 Networking Enhancements

92 92 What’s New in WSM/Fireware 10 Networking Enhancements Static MAC/IP Address Binding Edit an interface  Advanced tab Select Only allow traffic sent from or to these MAC/IP Addresses to lock out all other traffic on this interface Keep the box cleared to add only Static ARP entries

93 93 More Integration with LiveSecurity®

94 94 What’s New in WSM/Fireware 10 LiveSecurity Integration Quick Setup Wizard pulls feature key from LiveSecurity Appliance must be registered before you can use the QSW to get the Feature Key If the appliance is not registered, you can get to the Internet during the Quick Setup Wizard to register it You can skip this step of the Wizard if you have not registered the device yet If there is no Feature Key, one user can get to the Internet after it is configured

95 95 What’s New in WSM/Fireware 10 LiveSecurity Integration Updated feature key display Easier to understand Easier to see when features expire Old New

96 96 Thank You!


Download ppt "Presenter Date What’s New in WSM 10 and Fireware 10."

Similar presentations


Ads by Google