Download presentation
Presentation is loading. Please wait.
1
What’s New in Fireware XTM v11.3.4
WatchGuard Training
2
What’s New in Fireware XTM v11.3.4
Mobile VPN with IPSec Support for the Shrew Soft VPN client Branch Office VPN New gateway endpoint setting to specify whether the device attempts to resolve the domain name in the remote gateway ID Fireware XTM Web UI Release or renew a DHCP lease for an external VLAN in the Web UI Proxies Global setting for TCP connection idle timeout Option to enable SSLv2 for the HTTPS-proxy WatchGuard Training WatchGuard Training
3
Mobile VPN with IPSec WatchGuard Training
4
Changes to Mobile VPN with IPSec
As of April 20th, WatchGuard no longer distributes the WatchGuard Mobile VPN with IPSec client on the Software Downloads Center. Technical Support will continue to support the WatchGuard Mobile VPN with IPSec client With Fireware XTM v11.3.4, we have added support for the Shrew Soft VPN Client Supported on Windows only Download the Shrew Soft VPN Client from the Shrew Soft web site See the product documentation for a list of differences between the WatchGuard IPSec client and the Shrew Soft VPN client WatchGuard Training WatchGuard Training
5
Mobile VPN with IPSec — Shrew Soft VPN Client
WatchGuard supports the use of the Shrew Soft VPN client for Windows as a Mobile VPN with IPSec client. Profile for the Shrew Soft VPN client has a .vpn extension. .vpn file is not encrypted and cannot be set to read-only Policy Manager v generates the .vpn file when it generates the .wgx and .ini files In the Web UI you can choose to generate a Shrew Soft VPN (.vpn) or WatchGuard Mobile VPN (.ini) configuration file. In the CLI, use the new export muvpn client-type option to export a .vpn file. WatchGuard Training WatchGuard Training
6
Mobile VPN with IPSec — Shrew Soft VPN Client
Download the Shrew Soft VPN client from or the WatchGuard Software Downloads web site Use Shrew Soft VPN Access Manager to configure and connect. Select File > Import to import the generated .vpn profile. Select the imported profile, and click Connect. Use Shrew Soft VPN Trace to troubleshoot your connection. WatchGuard Training WatchGuard Training
7
Shrew Soft VPN Client Limitations
The Shrew Soft VPN client does not support some Mobile VPN with IPSec configuration settings and features: IKE keep-alive is not supported. Configuration of multiple VPN gateways for multi-WAN failover is not supported. Line management configuration settings Connection mode and Inactivity timeout are not supported. The Dead Peer Detection (DPD) Traffic idle timeout and Max retries configuration settings do not apply to the Shrew Soft VPN client. If DPD is enabled, Shrew Soft VPN supports DPD with a traffic idle timeout value of 15 seconds. RADIUS 2-factor authentication is not supported. The Shrew Soft VPN client does not support a read-only profile. The Shrew Soft VPN client does not store the user name and password. Users must type the user name and password each time they connect. WatchGuard Training WatchGuard Training
8
Branch Office VPN WatchGuard Training
9
Branch Office VPN Enhancements
New gateway endpoint setting specifies whether the device attempts to resolve the domain name in the Remote Gateway ID. Select this if the remote gateway uses dynamic DNS to maintain a mapping between a dynamic IP address and a domain name. WatchGuard Training WatchGuard Training
10
Fireware XTM Web UI WatchGuard Training
11
Renew or Release a DHCP Lease
Fireware XTM Web UI includes a new option to release or renew a DHCP lease for an external VLAN. Select System Status > Interfaces. Select an external interface with DHCP enabled and click DHCP Release or DHCP Renew. WatchGuard Training WatchGuard Training
12
Global TCP Timeout WatchGuard Training
13
Global TCP Connection Idle Timeout
New global setting in Fireware XTM Web UI in System > Global Settings. This setting specifies the amount of time a TCP session can remain idle. Policy-based override is available on the Properties tab of a policy. Select the Specify Custom Idle Timeout check box to override the global timeout setting and select another time. The new default setting is 3600 seconds (1 hour). Pre-v global TCP timeout default is seconds (12 hours 5 seconds). Previously, this setting could not be modified globally, except by editing the raw XML file. It was also necessary to use a policy-based override. The shorter default timeout value frees up resources faster. Side effect of setting global TCP timeout too low (say 3 minutes) means the TCP connection will be timed-out if no activity in 3 minutes. For Telnet/SSH or any other remote terminal style applications, user will find the session is timed-out and has to login again after 3 minutes being idle. Side effects of setting global TCP timeout too high (say 12 hours) means idled TCP connection will remain in system, and occupies system resource. WatchGuard Training WatchGuard Training
14
Global TCP Connection Idle Timeout
Set globally in Fireware XTM Web UI: System > Global Settings Override the global timeout setting on the Properties tab WatchGuard Training WatchGuard Training
15
Enable SSLv2 — HTTPS-Proxy
WatchGuard Training
16
Enable SSLv2 in the HTTPS-Proxy
New check box in the HTTPS-Client and HTTPS-Server proxy actions to allow connections that negotiate the SSLv2 protocol. Enables users to connect to client or server applications that only support SSLv2. WatchGuard Training WatchGuard Training
17
Summary WatchGuard Training
18
Summary Fireware XTM v11.3.4 is a release of the Fireware XTM OS only
To connect to and manage a v device, you can use: Fireware XTM Web UI v11.3.4 WatchGuard System Manager v or v11.3.2 Fireware XTM v includes these new features: Support for Shrew Soft VPN client New BOVPN gateway endpoint setting to specify whether the device attempts to resolve the domain name in the remote gateway ID Release or renew a DHCP lease for an external VLAN in the Web UI Configure a global setting for TCP connection idle timeouts Allow SSLv2 connections through the HTTPS-proxy WatchGuard Training WatchGuard Training
19
THANK YOU! WatchGuard Training
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.