Fireware 11.11 – Nouvelles Fonctionnalités - Network Discovery — Discover devices on your internal network and display them on a network map. Mobile Security — Set security requirements for Android and iOS devices that connect to your network. Botnet Detection — The Botnet Detection service, enabled as part of the RED security subscription, uses a feed of known botnet site IP addresses from Kaspersky and adds these addresses to the Blocked Sites list. Explicit proxy — The explicit proxy enables the Firebox to accept direct requests from clients and then connect to specified servers and retrieve the information on behalf of the client. Allowed Google Apps domains — Use the HTTPS Proxy with content inspection enabled to allow domains used for Google for Work services and block users from logging into Google Gmail or other personal Google service accounts. Multiple hotspot portals — Configure multiple hotspot portals for different Firebox interfaces. RADIUS Single Sign-On (RSSO) — RSSO enables single sign-on for wireless users who have authenticated to a RADIUS server with 802.1x authentication. BOVPN virtual interface interoperability — Configure a BOVPN virtual interface to connect to a third party VPN gateway that supports IPSec over GRE. WatchGuard AP device automatic deployment — Configure the Gateway Wireless Controller to automatically configure an unpaired AP device when it connects to the network. APT Blocker Clean threat level — The new Clean threat level enables the Firebox to send log messages for files that were scanned and allowed with no malware detected. Loopback interface — Use the loopback interface to improve reliability and performance in multi-path dynamic routing environments. Dimensions 2.1 – Nouvelles Fonctionnalités Dimension Administration - Dimension v2.1 includes a new Anonymize Reports feature to replace user names, IP addresses, host names, and mobile device names that appear in reports and dashboards. The User Management page has been renamed to Access Management and expanded to include Configuration and Diagnostics pages for Dimension. You can now configure Lockout settings to lock user accounts if users specify the wrong credentials when they log in to Dimension. You can now specify the host or network addresses that can be used to connect to Dimension. You can now run authentication diagnostics tasks from the Access Management page. Tasks include testing the connection to the Active Directory server and verifying authentication server credentials. You can now use your RADIUS server for authentication to Dimension. You can now enable users to be able to change their own passwords for their accounts. www.watchguard.com Page 1 - Dimension now includes an audit report that shows all database events and Dimension configuration changes. You can now export the Web Server Certificate used by Dimension. When you schedule a report you can select the language for the report You can now configure Dimension to disable automatic logging connections from new, unknown Fireboxes. You can enable or disable the acceptance of diagnostic log messages globally or for specific Fireboxes. TheDeviceSummaryHealthstatusinformationisupdatedmorequicklyafteraFireClusterfailover. Users with account passphrases that contain "£" or "€" can now correctly view tools and reports. You can now successfully delete a FireCluster entry from the Device list. You can now correctly add Active Directory group names that include double dash characters "-". Reports - The Application Usage report now includes Bandwidth and Hits pivots for each selected view. The Policy Map Dashboard page now includes column labels. A new Subscription Services Dashboard page is now available. Dimension Command - You can now add a Firebox to Dimension that is already configured and can be managed from a known IP address. Policy Usage log messages and reports are now available for Fireboxes managed by Dimension that run Fireware OS v11.11 and later. The Configuration History feature has been improved to enable users to export configuration revisions to a file, add explanatory comments to each revision, and preserve revisions so they are not overwritten. [87381] You can now use a virtual interface with your managed VPNs to support dynamic routing. Licensing Mobile Security : Module soumis à licence. Cette dernière sera basée sur le nombre d’utilisateur et non d’équipements Network Discovery : Module soumis à licence et intégré dans la Sécurity Suite - aujourd’hui tous les clients qui ont la Security Suite sur leur boitier verront automatiquement intégrer le module Network Discovery à leur Feature Key Botnet Detection : Module rattaché au RED donc pas de mise à jour de la Feature Key nécessaire. Si vous possédez un ou plusieurs boitiers NFR, la Feature Key sera automatiquement mise à jour sur votre portail. Il sera juste nécessaire de la récupérer puis de l’intégrer dans le boitier. www.watchguard.com Page 2 Autres informations WebBlocker Nous avions recommandé il y a quelques semaines suite à la première vague d’attaque de Locky, d’activer le blocage des sites web non catégorisés dans le WebBlocker. Après plusieurs retours et vérifications, il s’avère qu’un grand nombre de sites légitimes soit non catégorisé et que par conséquent l’accès se trouve refusé. Afin de pallier à cette problèmatique, 2 solutions peuvent être apportées à vos clients : - Maintenir les sites non catégorisés bloqués puis créer des exceptions dans l’action WebBlocker Nous sommes conscients que cela peut être chronophage mais ça permet de maintenir un niveau de sécurité relativement élevé - Autoriser les sites non catégorisés mais mettre en place le déchiffrement HTTPS afin de détecter les éventuelles menaces sur ces mêmes sites web. Vous trouverez ci-dessous le lien vers notre base de connaissance qui traite de la mise en place du déchiffrement HTTPS http://www.watchguard.com/help/docs/fireware/11/en-US/Content/enUS/proxies/https/https_proxy_about_c.html www.watchguard.com Page 3