Fireware 11.11 – Nouvelles Fonctionnalités Dimensions 2.1
www.watchguard.com Page 1
Fireware 11.11 – Nouvelles Fonctionnalités
- Network Discovery — Discover devices on your internal network and display them on a network
map.
- Mobile Security — Set security requirements for Android and iOS devices that connect to your
network.
- Botnet Detection — The Botnet Detection service, enabled as part of the RED security
subscription, uses a feed of known botnet site IP addresses from Kaspersky and adds these
addresses to the Blocked Sites list.
- Explicit proxy — The explicit proxy enables the Firebox to accept direct requests from clients and
then connect to specified servers and retrieve the information on behalf of the client.
- Allowed Google Apps domains — Use the HTTPS Proxy with content inspection enabled to allow
domains used for Google for Work services and block users from logging into Google Gmail or
other personal Google service accounts.
- Multiple hotspot portals — Configure multiple hotspot portals for different Firebox interfaces.
- RADIUS Single Sign-On (RSSO) — RSSO enables single sign-on for wireless users who have
authenticated to a RADIUS server with 802.1x authentication.
- BOVPN virtual interface interoperability — Configure a BOVPN virtual interface to connect to a
third party VPN gateway that supports IPSec over GRE.
- WatchGuard AP device automatic deployment — Configure the Gateway Wireless Controller to
automatically configure an unpaired AP device when it connects to the network.
- APT Blocker Clean threat level — The new Clean threat level enables the Firebox to send log
messages for files that were scanned and allowed with no malware detected.
- Loopback interface — Use the loopback interface to improve reliability and performance in
multi-path dynamic routing environments.
Dimensions 2.1 – Nouvelles Fonctionnalités
Dimension Administration
- Dimension v2.1 includes a new Anonymize Reports feature to replace user names, IP addresses,
host names, and mobile device names that appear in reports and dashboards.
- The User Management page has been renamed to Access Management and expanded to include
Configuration and Diagnostics pages for Dimension.
- You can now configure Lockout settings to lock user accounts if users specify the wrong
credentials when they log in to Dimension.
- You can now specify the host or network addresses that can be used to connect to Dimension.
- You can now run authentication diagnostics tasks from the Access Management page. Tasks
include testing the connection to the Active Directory server and verifying authentication server
credentials.
- You can now use your RADIUS server for authentication to Dimension.
- You can now enable users to be able to change their own passwords for their accounts.
www.watchguard.com Page 2
- Dimension now includes an audit report that shows all database events and Dimension
configuration changes.
- You can now export the Web Server Certificate used by Dimension.
- When you schedule a report you can select the language for the report
- You can now configure Dimension to disable automatic logging connections from new, unknown
Fireboxes.
- You can enable or disable the acceptance of diagnostic log messages globally or for specific
Fireboxes.
- TheDeviceSummaryHealthstatusinformationisupdatedmorequicklyafteraFireClusterfailover.
- Users with account passphrases that contain "£" or "€" can now correctly view tools and
reports.
- You can now successfully delete a FireCluster entry from the Device list.
- You can now correctly add Active Directory group names that include double dash characters "--
".
Reports
- The Application Usage report now includes Bandwidth and Hits pivots for each selected view.
- The Policy Map Dashboard page now includes column labels.
- A new Subscription Services Dashboard page is now available.
Dimension Command
- You can now add a Firebox to Dimension that is already configured and can be managed from a
known IP address.
- Policy Usage log messages and reports are now available for Fireboxes managed by Dimension
that run Fireware OS v11.11 and later.
- The Configuration History feature has been improved to enable users to export configuration
revisions to a file, add explanatory comments to each revision, and preserve revisions so they
are not overwritten. [87381]
- You can now use a virtual interface with your managed VPNs to support dynamic routing.
Licensing
Mobile Security : Module soumis à licence. Cette dernière sera basée sur le nombre d’utilisateur et non
d’équipements
Network Discovery : Module soumis à licence et intégré dans la Sécurity Suite - aujourd’hui tous les
clients qui ont la Security Suite sur leur boitier verront automatiquement intégrer le module Network
Discovery à leur Feature Key
Botnet Detection : Module rattaché au RED donc pas de mise à jour de la Feature Key nécessaire.
Si vous possédez un ou plusieurs boitiers NFR, la Feature Key sera automatiquement mise à jour sur
votre portail.
Il sera juste nécessaire de la récupérer puis de l’intégrer dans le boitier.
www.watchguard.com Page 3
Autres informations
WebBlocker
Nous avions recommandé il y a quelques semaines suite à la première vague d’attaque de Locky,
d’activer le blocage des sites web non catégorisés dans le WebBlocker.
Après plusieurs retours et vérifications, il s’avère qu’un grand nombre de sites légitimes soit non
catégorisé et que par conséquent l’accès se trouve refusé.
Afin de pallier à cette problèmatique, 2 solutions peuvent être apportées à vos clients :
- Maintenir les sites non catégorisés bloqués puis créer des exceptions dans l’action WebBlocker -
Nous sommes conscients que cela peut être chronophage mais ça permet de maintenir un
niveau de sécurité relativement élevé
- Autoriser les sites non catégorisés mais mettre en place le déchiffrement HTTPS afin de détecter
les éventuelles menaces sur ces mêmes sites web.
Vous trouverez ci-dessous le lien vers notre base de connaissance qui traite de la mise en place du
déchiffrement HTTPS
http://www.watchguard.com/help/docs/fireware/11/en-US/Content/en-
US/proxies/https/https_proxy_about_c.html
1
/
3
100%
