1 / 19

What’s New in Fireware XTM v11.3.4

What’s New in Fireware XTM v11.3.4. What’s New in Fireware XTM v11.3.4. Mobile VPN with IPSec Support for the Shrew Soft VPN client Branch Office VPN New gateway endpoint setting to specify whether the device attempts to resolve the domain name in the remote gateway ID Fireware XTM Web UI

lulu
Download Presentation

What’s New in Fireware XTM v11.3.4

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s New in Fireware XTM v11.3.4

  2. What’s New in Fireware XTM v11.3.4 • Mobile VPN with IPSec • Support for the Shrew Soft VPN client • Branch Office VPN • New gateway endpoint setting to specify whether the device attempts to resolve the domain name in the remote gateway ID • Fireware XTM Web UI • Release or renew a DHCP lease for an external VLAN in the Web UI • Proxies • Global setting for TCP connection idle timeout • Option to enable SSLv2 for the HTTPS-proxy WatchGuard Training

  3. Mobile VPN with IPSec

  4. Changes to Mobile VPN with IPSec • As of April 20th, WatchGuard no longer distributes the WatchGuard Mobile VPN with IPSec client on the Software Downloads Center. • Technical Support will continue to support the WatchGuard Mobile VPN with IPSec client • With Fireware XTM v11.3.4, we have added support for the Shrew Soft VPN Client • Supported on Windows only • Download the Shrew Soft VPN Client from the Shrew Soft web site • See the product documentation for a list of differences between the WatchGuard IPSec client and the Shrew Soft VPN client WatchGuard Training

  5. Mobile VPN with IPSec — Shrew Soft VPN Client • WatchGuard supports the use of the Shrew Soft VPN client for Windows as a Mobile VPN with IPSec client. • Profile for the Shrew Soft VPN client has a .vpn extension. • .vpn file is not encrypted and cannot be set to read-only • Policy Manager v11.4.1 generates the .vpn file when it generates the .wgx and .ini files • In the Web UI you can choose to generate a Shrew Soft VPN (.vpn) or WatchGuard Mobile VPN (.ini) configuration file. • In the CLI, use the newexport muvpnclient-typeoption to export a .vpn file. WatchGuard Training

  6. Mobile VPN with IPSec — Shrew Soft VPN Client • Download the Shrew Soft VPN client from http://www.shrew.net/download or the WatchGuard Software Downloads web site • Use Shrew Soft VPN Access Manager to configure and connect. • Select File > Import to import the generated .vpn profile. • Select the imported profile, and click Connect. • Use Shrew Soft VPN Traceto troubleshoot your connection. WatchGuard Training

  7. Shrew Soft VPN Client Limitations • The Shrew Soft VPN client does not support some Mobile VPN with IPSec configuration settings and features: • IKE keep-alive is not supported. • Configuration of multiple VPN gateways for multi-WAN failover is not supported. • Line management configuration settings Connection mode and Inactivity timeout are not supported. • The Dead Peer Detection (DPD) Traffic idle timeout and Max retries configuration settings do not apply to the Shrew Soft VPN client. If DPD is enabled, Shrew Soft VPN supports DPD with a traffic idle timeout value of 15 seconds. • RADIUS 2-factor authentication is not supported. • The Shrew Soft VPN client does not support a read-only profile. • The Shrew Soft VPN client does not store the user name and password. Users must type the user name and password each time they connect. WatchGuard Training

  8. Branch Office VPN

  9. Branch Office VPN Enhancements • New gateway endpoint setting specifies whether the device attempts to resolve the domain name in the Remote Gateway ID. • Select this if the remote gateway uses dynamic DNS to maintain a mapping between a dynamic IP address and a domain name. WatchGuard Training

  10. Fireware XTM Web UI

  11. Renew or Release a DHCP Lease • Fireware XTM Web UI includes a new option to release or renew a DHCP lease for an external VLAN. • Select System Status > Interfaces. • Select an external interface with DHCP enabled and click DHCP Release or DHCP Renew. WatchGuard Training

  12. Global TCP Timeout

  13. Global TCP Connection Idle Timeout • New global setting in Fireware XTM Web UI in System > Global Settings. • This setting specifies the amount of time a TCP session can remain idle. • Policy-based override is available on the Properties tab of a policy. • Select the Specify Custom Idle Timeoutcheck box to override the global timeout setting and select another time. • The new default setting is 3600 seconds (1 hour). • Pre-v11.3.4 global TCP timeout default is 43205 seconds (12 hours 5 seconds). • Previously, this setting could not be modified globally, except by editing the raw XML file. • It was also necessary to use a policy-based override. • The shorter default timeout value frees up resources faster. WatchGuard Training

  14. Global TCP Connection Idle Timeout • Set globally in Fireware XTM Web UI:System > Global Settings Override the global timeout setting on the Properties tab WatchGuard Training

  15. Enable SSLv2 — HTTPS-Proxy

  16. Enable SSLv2 in the HTTPS-Proxy • New check box in the HTTPS-Client and HTTPS-Server proxy actions to allow connections that negotiate the SSLv2 protocol. • Enables users to connect to client or server applications that only support SSLv2. WatchGuard Training

  17. Summary

  18. Summary • Fireware XTM v11.3.4 is a release of the Fireware XTM OS only • To connect to and manage a v11.3.4 device, you can use: • Fireware XTM Web UI v11.3.4 • WatchGuard System Manager v11.4.1 or v11.3.2 • Fireware XTM v11.3.4 includes these new features: • Support for Shrew Soft VPN client • New BOVPN gateway endpoint setting to specify whether the device attempts to resolve the domain name in the remote gateway ID • Release or renew a DHCP lease for an external VLAN in the Web UI • Configure a global setting for TCP connection idle timeouts • Allow SSLv2 connections through the HTTPS-proxy WatchGuard Training

  19. THANK YOU!

More Related