1 / 47

What’s New in WatchGuard XCS v9.2 Update 3

Explore the latest updates in WatchGuard XCS v9.2 Update 3, including Web Proxy Single Sign On, more data sources for Reputation Enabled Defense, improved DLP features, and interface updates.

sherlock
Download Presentation

What’s New in WatchGuard XCS v9.2 Update 3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s New in WatchGuard XCS v9.2 Update 3

  2. Overview • Web Proxy • Single Sign-On for Web Proxy authentication • More data sources for Reputation Enabled Defense (RED) • Data Loss Prevention (DLP) • New data match types for DLP (Data Loss Prevention) Wizard • Improved data validation for Data Loss Prevention features • Mail Processing • SMTP Recipient verification • Virtual interface sharing for multiple domains • Interface Updates • Improved user interface for dictionaries management • Quarantine message preview • Acknowledge All Alarms • System Updates • Kaspersky, Content Scanning, and Web Server engine upgrades • Perform XCS Software Upgrades from the Web UI • Installing XCS v9.2 update 3 WatchGuard Training

  3. Web Proxy

  4. Single Sign-On for the Web Proxy • To simplify the authentication process for web users, you can use Single Sign-On (SSO). • With SSO, your users provide their credentials one time (when they log on to their computers on an Active Directory domain). The users are then automatically authenticated to your XCS device when they use the Web Proxy. WatchGuard Training

  5. Single Sign-On Components SSO Agent • Install the SSO Agent on one computer in your domain, such as your domain controller. • The agent queries the client or the Event Log Monitor for the correct user credentials and provides those user credentials to your XCS device. SSO Client • You can install the SSO Client software on your client computers. • The SSO Client receives the call from the SSO Agent and returns accurate information about the user who is currently logged in to the computer and to which Active Directory groups the user belongs. Event Log Monitor • If you do not want to install the SSO Client on each client computer, you can install the Event Log Monitor on your domain controller, and configure the SSO Agent to get user login information from the Event Log Monitor. This is known as clientless SSO. • The Event Log Monitor collects login information from the domain controller for users that have already logged on to the domain. WatchGuard Training

  6. Single Sign-On Requirements • The WatchGuard SSO solution requires the following: • You must have an Active Directory server configured on your network. • Your XCS device must be configured to use Active Directory authentication. • Each user must have an account set up on the Active Directory server. • Each user must log on to a domain account for Single Sign-On (SSO) to operate correctly. If users log on to an account that exists only on their local computers, their credentials are not checked and the XCS device does not recognize that they are logged in. Note: Clientless SSO is not supported in a TLS-Enabled Active Directory environment. WatchGuard Training

  7. Single Sign-On Requirements (continued) • Make sure that TCP port 445 (SMB/Windows Networking) is open on the client computers. If you use third-party firewall software on your network computers, make sure that TCP port 445 is open on each client. • Make sure that TCP port 4116 (used for connections to the SSO Agent) is open on the client computers. This is not required for clientless SSO. • Make sure that TCP port 4114 is open on the computer where you install the SSO Agent. • Make sure that TCP port 4135 is open on the domain controller computer where you install the Event Log Monitor. • Make sure that the Microsoft .NET Framework 2.0 or higher is installed on the computer where you install the SSO Agent and the Event Log Monitor. • Make sure that all computers from which users authenticate with SSO are members of the domain with unbroken trust relationships. WatchGuard Training

  8. Single Sign-On Requirements (continued) WatchGuard Training

  9. Enable Single Sign-On on the Web Proxy • In the HTTP/HTTPS Proxy configuration, select Single Sign-On from the Authentication Type drop-down list. WatchGuard Training

  10. Download WatchGuard SSO Software • To download the WatchGuard SSO Agent/Event Monitor and Client: • Go to http://www.watchguard.com/archive/softwarecenter.asp. • Log in to the WatchGuard Portal and click the Articles & Software tab. • Search to see all available Software Downloads articles and find the WatchGuard XCS Software Downloads article. • Download the WatchGuard Single Sign-On Agent and Client software and save the files to a convenient location. WatchGuard Training

  11. Configure the WatchGuard SSO Agent • To log in to the WatchGuard SSO Agent configuration tool: • Select Start > WatchGuard > WatchGuard SSO Agent Configuration Tool. • In the User Name text box, type the administrator user name: admin • In the Password text box, type the administrator password: readwrite WatchGuard Training

  12. Configure the WatchGuard SSO Agent (continued) • To configure your SSO Agent, you add information about your Active Directory domains. • Select Edit > Add Domain. • In the Domain Name text box, type the name of the domain. For example, type example.com. • In the NetBIOS Domain Name text box, type the first part of your domain name, without the top level extension. For example, type example. • In the IP Address of Domain Controller text box, type the IP address of the Active Directory server for this domain. • In the Port text box, type the port to use to connect to this server. (Default is 389). WatchGuard Training

  13. Configure the WatchGuard SSO Agent (continued) • In the Searching User section, select an option: • Distinguished Name (DN) (cn=username,cn=users,dc=example,dc=com) • User Principal Name (UPN) username@example.com • Pre-Windows 2000 (netbiosDomain\username) • In the corresponding text box, type the user information for the option you selected. Make sure to specify a user who has permissions to search the directory on your Active Directory server. • In the Password of Searching User and Confirm password text boxes, type the password for the user you specified. • Repeat the procedure for additional domains. WatchGuard Training

  14. Configure Clientless SSO • You can configure the SSO Agent to use clientless SSO to get user login information from the Event Log Monitor, which is installed on your domain controller. • If you have more than one domain, you must install the Event Log Monitor on each of your domain controllers. • When a user tries to authenticate, the SSO Agent sends the user name and IP address of the client computer to the Event Log Monitor. • The Event Log Monitor then uses this information to query the client computer over TCP port 445 and retrieve the user credentials from the logon events on the client computer. • The Event Log Monitor gets the user credentials from the client computer and contacts the domain controller to get the user group information for the user. • The Event Log Monitor then provides this information to the SSO Agent. WatchGuard Training

  15. Configure Clientless SSO (continued) • After you install the SSO Agent, you must add the domain information of the domains where the Event Log Monitors are installed to the SSO Agent configuration in the Event Log Monitor Contact Domains list. • If you have only one domain and the SSO Agent is installed on the domain controller, or if you have more than one domain and the Event Log Monitor is on the same domain as the SSO Agent, you do not have to specify the domain information for the domain controller. WatchGuard Training

  16. Configure Clientless SSO (continued) • On your domain controller computer: • Open the Group Policy Object Editor and edit the Default Domain Policy. • Make sure the Audit Policy (Computer Configuration > Windows Settings > Security Settings > Local Policies > Audit Policy) has the Audit account logon events and Audit logon events policies enabled. • At the command line, run the command gpupdate/force /boot. When the command runs, this message string appears:Updating Policy… User Policy update has completed successfully. Computer Policy update has completed successfully. • Reboot the domain controller computer. WatchGuard Training

  17. Configure Clientless SSO (continued) • From the SSO Agent Configuration Tools: • Select Edit > Clientless Settings. • In the SSO Agent Contact list, select the check box for each contact for the SSO Agent: • SSO Client • Event Log Monitor • Active Directory Server Active Directory Server is always enabled but cannot be the first option in the list. WatchGuard Training

  18. Configure Clientless SSO (continued) • To change the order of the SSO Agent Contacts, select a contact and click Up or Down. WatchGuard Training

  19. Configure Clientless SSO (continued) • You can specify one or more domains for the Event Log Monitor to contact for user login information. • From the Clientless Settings dialog box, click Add. • In the Domain Name text box, type the name of the domain that you want the Event Log Monitor to contact for login credentials. • In the IP Address of Domain Controller text box, type the IP address for the domain. • Click OK. WatchGuard Training

  20. Data Loss Prevention(DLP)

  21. New Data Match Types for DLP Wizard • The DLP Wizard now provides a wider range of default data match types for financial, banking, and health care identification numbers. • National Identification Numbers • SIN – Social Insurance Number (Canada) • SSN – Social Security Number (U.S.) • INSEE – Social Insurance Number (France) • Health Identification Numbers • DEA – Drug Enforcement Administration Number (U.S.) • NPI – National Provider Number (U.S.) • NHS – National Health Service number (U.K.) • Financial Information Numbers • Credit Card Number – Includes VISA, MasterCard, American Express, Discover, Diners Club, or other credit cards • CUSIP – Committee on Uniform Security Identification Number • IBAN – International Bank Account Number • RTN – Routing Transit Number WatchGuard Training

  22. New Data Match Types for DLP Wizard WatchGuard Training

  23. Improved Data Validation for DLP Features • Improved validation when scanning messages for regular expressions that search for financial, banking, health care, and other types of data. • Helps prevent false positives when you match regular expression patterns during message processing. • All existing and new financial, banking, and health care numbers supported in this release for the DLP Wizard include this validation. WatchGuard Training

  24. Improved Data Validation for DLP Features • For example, you can create a pattern filter or content rule with a regular expression that searches for a specific credit card pattern. • As part of the rule, you can specify "Credit Card" validation to use with the regular expression. • When the message is processed, the system validates the pattern filter match to make sure that it has matched a known credit card number type. WatchGuard Training

  25. Mail Processing and Security

  26. SMTP Recipient Verification • The Reject on Unknown Recipient feature has been enhanced to include SMTP Recipient Verification as a method to determine if a recipient address is valid. • Rejects inbound mail messages based on a recipient address probe to the nearest MTA (Mail Transfer Agent) to ensure that the recipient address is verified to be deliverable. • The WatchGuard XCS initiates an SMTP probe to the mail server to check that the recipient address exists without delivering the mail message. If the address does not exist, the message is rejected. • To configure Recipient Verification, from the Web UI, select Security > Anti-Spam > Connection Control. You can choose between SMTP or LDAP. Note: If you use LDAP in your organization, we recommend that you use the LDAP method for the most efficient and accurate method of recipient verification. WatchGuard Training

  27. More Data Sources for Reputation Enabled Defense • The reputation score for a URL is based on feedback collected from devices around the world. • It has previously used scan results from two leading anti-malware engines (AVG and Kaspersky), based on data collected from XCS and XTM devices. • Reputation Enabled Defense (RED) now uses additional data feeds from other leading sources of malware intelligence, such as Phishtank and malwaredomainlist.com, to improve the accuracy of URL reputation scores. WatchGuard Training

  28. Virtual Interface Sharing for Multiple Domains • Multiple domains can now share the same virtual interface IP address. • Previously, only one domain could be configured and recognized for each virtual interface. • When you upload a list of domains and their corresponding virtual interfaces on the Virtual Interfaces page, use this format: [Domain],[IP Address],[Banner Message] For example: domain1,example.com,10.1.100.10,domain1.example.com ESMTPdomain2,example.com,10.1.100.10,domain2.example.com ESMTP domain3,example.com,172.16.1.100,domain3.example.com ESMTP domain4,example.com,172.16.1.100,domain4.example.com ESMTP • The banner displayed to a connecting client corresponds to the last entry uploaded for the shared IP address of the virtual interface. WatchGuard Training

  29. User Interface Updates

  30. Improved UI for Dictionaries Management • The user interface for Dictionaries has been reworked and improved to provide more efficient management of your dictionaries and lists. • You can now enter dictionary contents manually through the Web UI or upload a dictionary from a file. • When you add a dictionary, the system can automatically detect the dictionary type and character set used. WatchGuard Training

  31. Improved UI for Dictionaries Management • Use filters and search text box to search for dictionaries. • You can clone the contents of existing dictionaries and copy them to a new dictionary. WatchGuard Training

  32. Improved UI for Dictionaries Management • Add, edit, and manage dictionaries directly within specific scanning features and policy configurations. WatchGuard Training

  33. Improved UI for Dictionaries Management • Dictionaries are now sorted into these categories: • Phrase List – This file type of words and phrases is used with the policy-based Content Scanning, OCF, and Spam Words features, and can also be used for any type of general dictionary. • Document Fingerprinting – This file type of words and phrases is used with the Document Fingerprinting feature. • IP – A list of IP addresses. For example, 192.168.1.128. • Email – A list of email addresses. For example, user@example.com. • Domain – A list of domains. For example, example.com. Domain lists can also include IP addresses. For example, 192.168.1.10. • Domain & Email – A list of domains and corresponding email addresses. For example, example.com,admin@example.com. This type is used for the Hosted Domains reporting feature. WatchGuard Training

  34. Improved UI for Dictionaries Management • Upgrade Notes • Any dictionaries previously identified as type Any, Spam , OCF, and ACS are automatically converted to the Phrase List type. • If you used an Any type dictionary with Web User Reporting, you must change the list to an Email or IP type dictionary. WatchGuard Training

  35. Quarantined Message Preview • You can now preview the content of quarantined messages in the Message Quarantine area to help determine why the message was quarantined. • To preview a message in the quarantine, select Activity > Queue/Quarantine > Message Quarantine. Each message in the quarantine contains a subject preview link. Click the link to view a text version of the message. WatchGuard Training

  36. Quarantined Message Preview • Quarantined messages can contain malicious code such as a virus. You will be prompted before you open a message preview. • Do not click on any message links or open any message attachments within the quarantine message preview. WatchGuard Training

  37. Acknowledge All Alarms • You can now acknowledge multiple alarms at the same time. • To acknowledge and close all active alarms, click the Acknowledge All link on the Alarms page. WatchGuard Training

  38. System Updates

  39. Scanning and Web Server Engine Upgrades • Kaspersky Advanced Emulator Mode –The Kaspersky Anti-Virus engine has been upgraded to support Kaspersky's emulator (EMU) option that can improve scanning effectiveness for the latest emerging virus threats. • Content Scanning Engine Upgrade – The Content Scanning engine has been upgraded to improve scanning support for the most recent document types. • Web Server Engine Upgrade – The Web Server engine has been updated to the latest version for improved stability and security. WatchGuard Training

  40. Perform XCS Software Upgrades from the Web UI • You can now perform a full upgrade of your WatchGuard XCS system software using a software image without the use of the system console. • All full XCS software upgrades and software updates can now be performed directly with the Web UI. • When you download an XCS software upgrade image, you can upload the file to your XCS on the Administration > Software Updates > Updates page. WatchGuard Training

  41. Perform XCS Software Upgrades from the Web UI • The upgrade will appear in a new System Upgrades section on the Software Updates page. You can install the full upgrade just as you install a software update. • The upgrade process will prompt you to back up your system configuration if you do not have a recent backup before you upgrade. When the system reboots and the upgrade is complete, you can restore your configuration from the backup file. WatchGuard Training

  42. Install XCS v9.2 Update 3

  43. Install XCS v9.2 Update 3 • If enabled, Security Connection automatically downloads update releases. • Install the update in Administration > Software Updates > Updates. • The update appears in the Available Updates section. • Select the update, then click Install. • The device restarts. This process can take several minutes to complete! WatchGuard Training

  44. Install XCS v9.2 Update 3 (continued) • You can also download software from the WatchGuard Portal, Articles & Software tab. WatchGuard Training

  45. Install XCS v9.2 Update 3 (continued) • Upload the software update in Administration > Software Updates > Updates. • Click Browse to find the downloaded file on your computer. • Click Upload. WatchGuard Training

  46. Install XCS v9.2 Update 3 (continued) • The update appears in the Available Updates section. • Select the update, then click Install. • The device restarts. This process can take several minutes to complete! WatchGuard Training

  47. Thank You!

More Related