Presentation is loading. Please wait.

Presentation is loading. Please wait.

What’s New in Fireware XTM v11.3.4

Published byAaron Ryan Modified over 11 years ago

Similar presentations

Presentation on theme: "What’s New in Fireware XTM v11.3.4"— Presentation transcript:

1 What’s New in Fireware XTM v11.3.4
WatchGuard Training

2 What’s New in Fireware XTM v11.3.4
Mobile VPN with IPSec Support for the Shrew Soft VPN client Branch Office VPN New gateway endpoint setting to specify whether the device attempts to resolve the domain name in the remote gateway ID Fireware XTM Web UI Release or renew a DHCP lease for an external VLAN in the Web UI Proxies Global setting for TCP connection idle timeout Option to enable SSLv2 for the HTTPS-proxy WatchGuard Training WatchGuard Training

3 Mobile VPN with IPSec WatchGuard Training

4 Changes to Mobile VPN with IPSec
As of April 20th, WatchGuard no longer distributes the WatchGuard Mobile VPN with IPSec client on the Software Downloads Center. Technical Support will continue to support the WatchGuard Mobile VPN with IPSec client With Fireware XTM v11.3.4, we have added support for the Shrew Soft VPN Client Supported on Windows only Download the Shrew Soft VPN Client from the Shrew Soft web site See the product documentation for a list of differences between the WatchGuard IPSec client and the Shrew Soft VPN client WatchGuard Training WatchGuard Training

5 Mobile VPN with IPSec — Shrew Soft VPN Client
WatchGuard supports the use of the Shrew Soft VPN client for Windows as a Mobile VPN with IPSec client. Profile for the Shrew Soft VPN client has a .vpn extension. .vpn file is not encrypted and cannot be set to read-only Policy Manager v generates the .vpn file when it generates the .wgx and .ini files In the Web UI you can choose to generate a Shrew Soft VPN (.vpn) or WatchGuard Mobile VPN (.ini) configuration file. In the CLI, use the new export muvpn client-type option to export a .vpn file. WatchGuard Training WatchGuard Training

6 Mobile VPN with IPSec — Shrew Soft VPN Client
Download the Shrew Soft VPN client from or the WatchGuard Software Downloads web site Use Shrew Soft VPN Access Manager to configure and connect. Select File > Import to import the generated .vpn profile. Select the imported profile, and click Connect. Use Shrew Soft VPN Trace to troubleshoot your connection. WatchGuard Training WatchGuard Training

7 Shrew Soft VPN Client Limitations
The Shrew Soft VPN client does not support some Mobile VPN with IPSec configuration settings and features: IKE keep-alive is not supported. Configuration of multiple VPN gateways for multi-WAN failover is not supported. Line management configuration settings Connection mode and Inactivity timeout are not supported. The Dead Peer Detection (DPD) Traffic idle timeout and Max retries configuration settings do not apply to the Shrew Soft VPN client. If DPD is enabled, Shrew Soft VPN supports DPD with a traffic idle timeout value of 15 seconds. RADIUS 2-factor authentication is not supported. The Shrew Soft VPN client does not support a read-only profile. The Shrew Soft VPN client does not store the user name and password. Users must type the user name and password each time they connect. WatchGuard Training WatchGuard Training

8 Branch Office VPN WatchGuard Training

9 Branch Office VPN Enhancements
New gateway endpoint setting specifies whether the device attempts to resolve the domain name in the Remote Gateway ID. Select this if the remote gateway uses dynamic DNS to maintain a mapping between a dynamic IP address and a domain name. WatchGuard Training WatchGuard Training

10 Fireware XTM Web UI WatchGuard Training

11 Renew or Release a DHCP Lease
Fireware XTM Web UI includes a new option to release or renew a DHCP lease for an external VLAN. Select System Status > Interfaces. Select an external interface with DHCP enabled and click DHCP Release or DHCP Renew. WatchGuard Training WatchGuard Training

12 Global TCP Timeout WatchGuard Training

13 Global TCP Connection Idle Timeout
New global setting in Fireware XTM Web UI in System > Global Settings. This setting specifies the amount of time a TCP session can remain idle. Policy-based override is available on the Properties tab of a policy. Select the Specify Custom Idle Timeout check box to override the global timeout setting and select another time. The new default setting is 3600 seconds (1 hour). Pre-v global TCP timeout default is seconds (12 hours 5 seconds). Previously, this setting could not be modified globally, except by editing the raw XML file. It was also necessary to use a policy-based override. The shorter default timeout value frees up resources faster. Side effect of setting global TCP timeout too low (say 3 minutes) means the TCP connection will be timed-out if no activity in 3 minutes. For Telnet/SSH or any other remote terminal style applications, user will find the session is timed-out and has to login again after 3 minutes being idle. Side effects of setting global TCP timeout too high (say 12 hours) means idled TCP connection will remain in system, and occupies system resource. WatchGuard Training WatchGuard Training

14 Global TCP Connection Idle Timeout
Set globally in Fireware XTM Web UI: System > Global Settings Override the global timeout setting on the Properties tab WatchGuard Training WatchGuard Training

15 Enable SSLv2 — HTTPS-Proxy
WatchGuard Training

16 Enable SSLv2 in the HTTPS-Proxy
New check box in the HTTPS-Client and HTTPS-Server proxy actions to allow connections that negotiate the SSLv2 protocol. Enables users to connect to client or server applications that only support SSLv2. WatchGuard Training WatchGuard Training

17 Summary WatchGuard Training

18 Summary Fireware XTM v11.3.4 is a release of the Fireware XTM OS only
To connect to and manage a v device, you can use: Fireware XTM Web UI v11.3.4 WatchGuard System Manager v or v11.3.2 Fireware XTM v includes these new features: Support for Shrew Soft VPN client New BOVPN gateway endpoint setting to specify whether the device attempts to resolve the domain name in the remote gateway ID Release or renew a DHCP lease for an external VLAN in the Web UI Configure a global setting for TCP connection idle timeouts Allow SSLv2 connections through the HTTPS-proxy WatchGuard Training WatchGuard Training

19 THANK YOU! WatchGuard Training

Download ppt "What’s New in Fireware XTM v11.3.4"

Similar presentations

What’s New in Fireware XTM

What’s New in Fireware XTM
Whats New in Fireware XTM v11.5.2. New Features in Fireware XTM v11.5.2 Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.

Whats New in Fireware XTM v New Features in Fireware XTM v Major Changes FireCluster with XTM 330 appliances Mobile VPN with SSL using multiple.
Introduction to the WatchGuard AP Device

Introduction to the WatchGuard AP Device
What’s New in Fireware XTM v11.7.3

What’s New in Fireware XTM v11.7.3
What’s New in Fireware XTM

What’s New in Fireware XTM
What’s New in Fireware XTM v11.3.2

What’s New in Fireware XTM v11.3.2
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
What’s New in Fireware XTM v11.8.3

What’s New in Fireware XTM v11.8.3
What’s New in Fireware XTM v11.9.1

What’s New in Fireware XTM v11.9.1
What’s New in WatchGuard Dimension v1.2

What’s New in WatchGuard Dimension v1.2
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.

1 Objectives Configure Network Access Services in Windows Server 2008 RADIUS 1.
70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 11: Planning Network Access.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.
Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.

Hands-On Microsoft Windows Server 2003 Administration Chapter 11 Administering Remote Access Services.
70-270, 70-290 MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.

70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Twelve Implementing Terminal.
What’s New in WatchGuard XCS 10.0 Update 2 WatchGuard Training.

What’s New in WatchGuard XCS 10.0 Update 2 WatchGuard Training.
Introduction to XTMv WatchGuard Training.

Introduction to XTMv WatchGuard Training.

Similar presentations

Ads by Google