Whats New in Dimension v 2 1 Watch

What’s New in Dimension v 2. 1 Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

2 What’s New in Dimension v 2. 1 § Add an online Firebox to Dimension § Access Management pages for user management & authentication configuration and diagnostics § Audit Report § RADIUS authentication § Run Authentication diagnostics § Limit Dimension access to a specific network or address § Enable user lockout & passphrase change § Export the Web Server Certificate Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

3 What’s New in Dimension v 2. 1 § Web Server Auto-Tuning § Anonymized Mode for reports § Policy Usage log messages and reports for PCI compliance § New Subscription Services Dashboard & Reports § Device Summary page Refresh button § Policy Map column labels § Executive & Security Dashboard Reports progress bar § New AP Devices Dashboard legend Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

4 What’s New in Dimension v 2. 1 § New Mobile Security & Botnet Detection Dashboards § New Bandwidth pivot for Application Usage Report § Advanced Malware (APT Blocker) report updates § New reports for Network Visibility, Mobile Security, and Botnet Detection § Select language for PDF reports § Log Collector updates § Device Management & Managed VPN enhancements Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

5 Add an Online Firebox Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

6 Add an Online Firebox to Dimension § You can now add a Firebox to Dimension that is already configured and can be managed from a known IP address § The Firebox must not already be managed by another instance of Dimension or by a WSM Management Server Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

7 Add an Online Firebox to Dimension § Specify these details for the Firebox: • IP address • User credentials for a user account on the Firebox with Device Administrator (readwrite) privileges • Select the authentication server where the user credentials are stored • Select whether the Firebox sends log messages to Dimension Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

8 Access Management Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

9 New Access Management Pages § The User Management page has been renamed to Access Management and expanded to include Configuration and Diagnostics pages for Dimension authentication § On the Users & Groups tab, you can specify the users and groups that can connect to Dimension Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

10 Access Management — Configuration § The Configuration pages include: • Authentication • Lockout • Access Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

11 Access Management — Configuration § On the Authentication tab, configure the settings to use either an Active Directory server or a RADIUS server for authentication Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

12 Access Management — Configuration § On the Lockout tab, configure the settings to lock user accounts if users specify the wrong credentials when they log in to Dimension § Helps prevent brute force attacks Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

13 Access Management — Configuration § Unlock user accounts • Users with Super Administrator privileges can unlock user accounts • Lockout counters are specific to each user • When an admin unlocks a user account, the lockout counter is reset for only that user account Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

14 Access Management — Configuration § On the Access tab, specify the host or network addresses that can be used to connect to Dimension • The IP address of the connected user appears below Access Control list • Make sure to add this IP address to the list § If the Access Control list is empty, users can connect to Dimension from any network Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

15 Access Management — Diagnostics § On the Diagnostics page, you can run these authentication diagnostic tasks: • Test the connection to the Active Directory server • Verify the user credentials for the Active Directory server are correct • Verify the user credentials for the RADIUS server are correct Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

16 Access Management — Diagnostics Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

17 Access Management — Diagnostics Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

18 Access Management — Diagnostics Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

19 RADIUS Authentication for Dimension § You can now use your RADIUS server for authentication to Dimension § Configure the RADIUS server information on the Access Management > Configuration > Authentication page § Only PAP authentication is supported § Default group attribute is 11, Filter-ID § When you enable RADIUS authentication, the Dimension Login page also changes: • The challenge/response option for RADIUS is supported • If both Active Directory and RADIUS are configured, the Authentication Server drop-down list appears on the Login page Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

20 Enable Users to Change Their Passphrases § When you add or edit a user account, you can select the option to enable the user to change the passphrase for his or her own user account Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

21 Enable Users to Change Their Passphrases § After logging in, a user can click the User icon to change the account passphrase § Users must specify the current passphrase and the new passphrase for their own user accounts Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

22 Audit Report See a report of log messages generated for events that occur on Dimension Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

23 Audit Report § Dimension automatically generates audit log messages for events that occur on Dimension § Events that generate a log message occur • In the database • When an administrator changes a setting • When an administrator selects a page in Dimension § Log messages are always generated for database events and when an administrator changes a setting § To generate a log message when an administrator selects a page, you must enable Administrator Logging in Dimension Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

24 Audit Report § Select Server Management > Configuration > Visibility tab § Select the Send an audit log message when an administrator selects any page in Dimension check box § To only send messages when Anonymized Mode is enabled and temporarily disabled by an Anonymization Officer, select the Only send audit log messages when Anonymized Mode is enabled and the Anonymization Officer has also logged in to disable Anonymized Mode check box Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

25 Audit Report § To review the Audit Report, select System Settings > Audit § Select the Start and End date and time for log messages to include in the report • Calendar dates are not highlighted for dates on which log messages were generated § Select a Filter option: • Device, Servers, and Groups • VPN Configuration • Server Configuration • Users and Authentication • System Configuration and Actions • Administrative Sessions • Dimension Instances • All Audit Events Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

26 Audit Report § The Audit Report is updated with the log messages generated for the selected dates and filter parameters Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

27 Audit Report § The Audit Report includes these details about each log message: • Date-Time that the log message was generated • User account that generated the log message • IP Address of the connected user that generated the log message • Type of user session that generated the log message • Event type that generated the log message Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

28 Audit Report § You can export the Audit Report to a. CSV file • On the Audit Report page, select Actions > Export logs (. csv) • The default. CSV file name is: Audit_Report_[start-date_start_time]_to_[enddate_end-time]. csv Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

29 Web Server Import and export the Web Server Certificate and auto-tune the Web Server Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

30 Export the Web Server Certificate § Dimension verifies the purpose of a certificate when you Import it, to make sure it is intended to be used as a web server certificate § You can Export the Web Server certificate to manually import it to a Firebox instead of regenerating and importing the. wgd file Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

31 Authentication Diagnostics Run diagnostic reports for authentication server connections to Dimension Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

32 Authentication Diagnostics § You can run diagnostic tests to verify the connection to the Active Directory server or RADIUS server you have configured to authenticate users to Dimension § Diagnostic test options include: • Active Directory Server Connection • Active Directory Server User Credentials • RADIUS Server User Credentials Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

33 Authentication Diagnostics § Active Directory Server Connection • Specify the domain name of your Active Directory server Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

34 Authentication Diagnostics § Active Directory Server User Credentials § Specify these parameters: • Domain Name where the server is located • User Principal Name of the user credentials to test • Passphrase of the user credentials to test Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

35 Authentication Diagnostics § RADIUS Server User Credentials § Specify these parameters: • IP Address / Host Name • • of the RADIUS server Port to connect to the RADIUS server User Name of the user credentials to test Passphrase of the user credentials to test Secret for the RADIUS server Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

36 Anonymize Reports Anonymize data in reports Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

37 Anonymize Reports § Enable the Anonymize Reports feature to replace user names, IP addresses, host names, and mobile device names that appear in reports and dashboards, with anonymized placeholder text § When users log in to Dimension while Anonymized Mode is enabled, log messages and detail reports are not available § In Anonymized Mode, users only see a restricted view of the pages their assigned user roles allow them to see Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

38 Anonymize Reports § Anonymized placeholders use a standard pattern for each type of data, are randomly generated, and are different for each session § Placeholders begin with these prefixes: • USER • DEVICE • HOST • IP-ADDRESS § Placeholders include a randomly generated sequence of letters and numbers Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

39 Anonymize Reports § Example of anonymized IP address on the Security Dashboard Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

40 Anonymize Reports § Dashboards available in Anonymized Mode: • Executive Dashboard • Security Dashboard • Subscription Services • Threat. Map • Fire. Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

41 Anonymize Reports § Only Summary reports are available in Anonymized Mode • View Details links are removed from Summary reports • Client reports and filtered Detail reports are not available Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

42 Anonymize Reports § Other Dimension pages with content changes in Anonymized Mode: • Device Summary • Home > Devices • Home > Groups • Home > VPNs Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

43 Anonymize Reports § You can enable Anonymized Mode and create the Anonymization Officer user account when you run the Dimension Setup Wizard § For an existing instance of Dimension, you can enable Anonymized Mode on the Server Management > Configuration > Visibility page, and add an Anonymization Officer on the Access Management > Users & Groups page Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

44 Anonymize Reports § Customize the message the Anonymization Officer sees when logging in to temporarily disable Anonymized Mode § Add a message title and message body text • Information can include instructions and any compliance information for the Anonymization Officer Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

45 Anonymize Reports § To temporarily disable Anonymization Mode so that the real data can be viewed for only the current user session, create a local account with Anonymization Officer privileges • Select Access Management > Users & Groups • On the Policies tab, add a role and select Anonymization Officer Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

46 Anonymize Reports § To disable Anonymized Mode for only the current session, the Anonymization Officer logs in § Anonymized data in reports is replaced with real data § When the current user logs out and logs in again, data is anonymized once more Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

47 Dashboards & Reports Enhancements to the Dimension Dashboard pages and Reports Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

48 Mobile Security — Dashboard & Reports § New Executive Dashboard sections • Top Mobile Devices • Top Blocked Mobile Devices § New Mobile Devices Dashboard § New Mobile Device Reports Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

49 Botnet Detection — Dashboard & Reports § Dimension Dashboard and reports • Source and destination addresses • Top Blocked Botnet Sites and Clients • Botnet activity trends Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

50 Botnet Detection — Dashboard & Reports § Dimension Threat Map Dashboard § Detail Reports Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

51 Dashboard Updates § The Executive Dashboard & Security Dashboard pages are now more responsive and include an indicator that shows the progress of updates to the page data Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

52 Dashboard Updates § The Policy Map Dashboard page now includes column labels Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

53 Dashboard Updates § The AP Devices Dashboard page now includes a legend Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

54 Policy Usage Reports § Policy Usage log messages and reports are now available for Fireboxes managed by Dimension that run Fireware OS v 11. 11 and higher § These reports fulfill the PCI compliance requirement to identify all firewall policies that have not been used for a specific time period § Log messages are used to generate reports and populate information in widgets § Reports show Policy Usage information for a managed Firebox over a specified time range § Policy Usage Reports can also be scheduled Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

55 Policy Usage Reports § The Most Active Policies widget appears on the Device Summary page • Includes the top five policies for the latest updated time period • Can select to view all the policies • Export the Policy Usage list to a. CSV file report Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

56 Application Usage Report § The Application Usage Summary report is now available • Select Reports > Services > Application Usage • This report can also be scheduled § See application usage details by: • Application (User) • Application (Host) • Application (Mobile Device) • Top Users • Top Hosts • Top Mobile Devices Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

57 Application Usage Report Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

58 Application Usage Report § Includes Bandwidth and Hits pivots for each selected view Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

59 Advance Malware (APT) Report § Advance Malware (APT) reports include new data for the POP 3 proxy and other proxies that scan archive files § POP 3 proxy — Log messages now include the user name • <Proxy. Match d="2015 -07 -15 T 20: 22: 11" orig="gary_xtmv" cname="" proc_id="pop 3 -proxy" pri="6" rc="594" seq="4767" disp="Deny" msg_id="21 FF-001 F" src_intf="1 -Trusted" dst_intf="0 -External" policy="POP 3 -proxy-00" src_ip="10. 0. 1. 2" dst_ip="100. 3" src_port="47229" dst_port="110" pr="pop 3/tcp" msg="Proxy. Drop: POP 3 APT detected" proxy_act="POP 3 -Client. Standard. 1" user="wg" filename="971 dc 6 ddf 66833 d 3 d 172 f 0 fd. apk"md 5="7 abebcf 53 e 97 b 586 c 92 a 9 ce 5 b 9985 cd 4"task_uuid="e 8 a 3730 d 1 f 88491 c 882171 2 e 85 d 94929" threat_level="high" log_type="tr"/> • The user name appears in Detail reports in the Recipient column Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

60 Advance Malware (APT) Report § When the content scanned is part of an archived file, the log message includes the archive member name in the new file_in_archive attribute • <Proxy. Match d="2015 -12 -09 T 14: 28: 40" orig="XTM 510" cname="" proc_id="http-proxy" pri="6" rc="593" seq="30938" disp="Deny" msg_id="1 AFF-0034" src_intf="1 -Trusted" dst_intf="0 -External" policy="HTTP-OUT. 1 -00" src_ip="10. 0. 1. 2" dst_ip="100. 3" src_port="59254" dst_port="80" pr="http/tcp" msg="Proxy. Drop: HTTP APT Detected" proxy_act="HTTP-Client. 1" host="100. 3" path="/apt_samples/multi_submit. zip" file_in_archive="multi_submit/test. exe" md 5="7 abebcf 53 e 97 b 586 c 92 a 9 ce 5 b 9985 cd 4" task_uuid="e 8 a 3730 d 1 f 88491 c 8821712 e 85 d 94929" threat_level="high" log_type="tr"/> Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

61 Advance Malware (APT) Report § The archive member name also appears in the reports in this format: • <path>(<file_in_archive>) • Example: /apt_samples/multi_submit. zip(multi_submit/test. exe) § This report can also be scheduled Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

62 Subscription Services Dashboard & Reports § A new Subscription Services Dashboard page is now available • Select Tools > Dashboard > Subscription Services § Subscription Services Summary reports are also available • To see individual Activity Trend Summary reports, select Reports > Services > <Service Name> Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

63 Subscription Services Dashboard & Reports § The Firebox must have logging enabled for Subscription Services before information appears in the Dashboard page and reports • From Fireware Web UI, select System >Logging > Settings and select the Send Security Services Statistics to log file check box • From Policy Manager, select Setup > Logging Setup > Performance Statistics and select the Security Services Statistics check box Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

64 Subscription Services Dashboard & Reports § The Firebox sends log messages with Subscription Services statistics to Dimension approximately every 10 minutes • If your Firebox runs Fireware OS v 11. 10. x or lower, it sends proxy Security Services Statistics log messages to Dimension – Includes only Intrusion Prevention Service statistics from HTTPS Content Inspection traffic • If your Firebox runs Fireware OS v 11. 11 or higher, it sends two types of log messages for Subscription Services: – Proxy Security Services Statistics log messages — Include Web. Blocker and Advanced Malware (APT) statistics – Firewall Security Services Statistics log messages — Include Intrusion Prevention Service and Botnet Detection statistics • These reports can also be scheduled Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

65 Subscription Services Dashboard § The Subscription Services Dashboard page includes widgets for each Subscription Service enabled on your Firebox: • Blocked Websites • Virus (GAV) • Intrusions (IPS) • Malware (APT) • Botnet Detection • Reputation Enabled Defense • Data Loss Violations (DLP) • spam Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

66 Subscription Services Dashboard Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

67 Subscription Services Reports § From the Subscription Services Dashboard page, you can go to the Summary report for each service • In the widget for each service, click View Summary • Available reports: – Blocked Websites – Virus (GAV) – Intrusions (IPS) – Advanced Malware (APT) – Botnet Detection – Reputation Enabled Defense – Data Loss Violations (DLP) – spam Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

68 Languages for PDFs Specify a language to use in report PDFs Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

69 Specify a Language for PDF Reports § When you schedule a report you can select the language for the report: • English • Spanish • French • Japanese Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

70 Log Collector Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

71 Dimension Log Collector. Enhancements § The log collector now accepts log messages from new, unknown Fireboxes • On the Server Management > Visibility page, you can select whether the log collector can automatically add unknown Fireboxes and accept log messages from them § Manages diagnostic log messages from Fireboxes • The Purge Diagnostic Log Messages function now also deletes all diagnostic debug log messages • You can enable or disable the acceptance of diagnostic log messages globally or for specific Fireboxes Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

72 Dimension Log Collector. Enhancements § The log collector uses TTL for reverse DNS (PTR) lookup results • Eliminates the need for simultaneous forward lookups with some DNS configurations • Improves performance by reducing the number of DNS queries by half Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

73 Manage Devices & VPNs Enhancements to Device Management & Managed VPNs Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

74 Device Management Enhancements § The Device Summary page now includes a refresh button Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

75 Device Management Enhancements § The Configuration History > Revert process has been improved for Fireboxes that run Fireware OS v 11. 10. 4 and higher: • The Dimension managed device configuration is now preserved • The Dimension managed VPN configuration and objects are preserved Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

76 Device Management Enhancements § The Configuration History > Diff process has been updated to include these details: • Mobile Device • Quota Settings • Dimension Managed Client Settings • Mobile Device Global Settings • Mobile Device Group • Traffic Flow Settings • Authentication Portal • APT Blocker Settings • Quota Action • Certificate Settings • Quota Rule • IPv 6 Prefix • DLP Custom Rule • RADIUS SSO Settings • Logon Banner • Network Discovery Settings • Endpoint Security Settings • Botnet Detection Settings Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

77 Device Management Enhancements § Other Configuration History enhancements: • Include a descriptive annotation with a revision – 0 -128 character description – Device Summary page only shows the first 50 characters • Export a configuration file in the history to a local file: <Firebox. Name>|<Cluster. Name>-Rev#YYYYMMDDYYHHSS. xml. gz Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

78 Device Management Enhancements § Edit a file in the Configuration History list to preserve the configuration § Preserved configuration files are not overwritten when new revisions are saved and the revision limit is reached Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

79 Dimension Managed VPN Enhancements § You can now use a virtual interface with your managed VPNs • Used to support dynamic routing • Supported for managed VPNs between Fireboxes that run Fireware OS v 11. 10. 7 or higher • The Hub device can support both static and dynamic routing options • The Spoke devices can be configured for only one routing option • Both the Hub and Spoke devices must be configured in Mixed Routing Mode § Dimension does not manage the dynamic routing configuration; it must be configured on each Firebox Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

80 Thank You! Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved

Watch. Guard Training Copyright © 2016 Watch. Guard Technologies, Inc. All Rights Reserved