Whats New in WSM 10 and Fireware 10
- Slides: 96
What’s New in WSM 10 and Fireware 10 Presenter Date
What’s New in WSM/Fireware 10 WSM 10 Overview New in WSM 10 • New SQL-based logging and reporting architecture • Watch. Guard Management Server enhancements • Firebox System Manager enhancements • New help system with search and Table of Contents 2
What’s New in WSM/Fireware 10 Overview New in Fireware 10 • Mobile VPN with SSL • New proxies for Vo. IP support • New TCP/UDP proxy for multiple protocol detection • Enhancements to security subscriptions • Single Sign-On • More integration with Live. Security • BOVPN and Mobile VPN with IPSec enhancements • New notifications • Networking enhancements 3
New in WSM 10 4
New Logging and Reporting Architecture 5
New Logging and Reporting Architecture Overview The new logging and reporting architecture includes: • New SQL-based Log Server • Totally redesigned Log. Viewer application • New Report Server • New Report Manager (replaces Historical Reports) One change to the Watch. Guard Toolbar: New Report Server icon 6
New Logging and Reporting Architecture About the SQL Database Uses Postgre. SQL • Postgres is installed during either: • Log Server Setup Wizard • Report Server Setup Wizard • The server you set up first (Report Server or Log Server) installs Postgres • Because Postgres does not install over an RDP session, do not run the Log Server or Report Server Setup Wizard over RDP • Postgre. SQL installation creates the data directory and its structure • There is no UI option to change the location of the data directory after Postgres is installed • Installs a non-admin user account watchguard_pg_user • Do not alter this account; it is for the Postgres service • In this release, you must use command line for: • Importing old XML log files into the database • Restoring a backup of the database 7
New Log Server SQL-based Advantages to using SQL database for logs • Much more scalable • Logs from multiple appliances now stored in one database • No more discrete XML log files • Faster and more powerful log file search • Faster report generation • Report can be run on data stored in different Log Servers Automatic maintenance jobs are user-configurable: • Automatic daily deletion of old logs • Automatic daily backup 8
New Log Server Setup Wizard Click once on the Log Server icon to start the Log Server Setup Wizard 9
New Log Server Setup Wizard Postgre. SQL is installed and the database directory is created when you run either: • The Log Server Setup Wizard or • The Report Server Setup Wizard 10
New Log Server Setup Wizard Pay close attention to this screen of the Setup Wizard • To change the log data directory after Postgre. SQL is installed, you must run the Setup Wizard again. 11
New Log Server - Admin User Interface Configure the Log Server To configure the Log Server, left-click once on the Log Server icon in the Watch. Guard toolbar. Or, right-click and select Configure 12
New Log Server Settings Tab Log Server Configuration The Log Server can send notifications about itself to this address. Firebox Event Notifications also go to this address 13
New Log Server - Log Server Configuration Expiration Settings Tab Automatically purge old logs Automatically back up logs Send appliance notifications 14
New Log Server - Log Server Configuration Logging/Monitoring Settings tab All Firebox appliances that send logs show here Send log messages about the Log Server itself to: • The Windows Event Viewer • A text file 15
New Log. Viewer Total Redesign for Maximum Usability All-new enhanced Log. Viewer gives powerful new features 16
New Log. Viewer Launch and Connect to a Log Server Start Log. Viewer from the Watch. Guard System Manager. Then, connect to a Log Server. 17
New Log Viewer Select the appliance or server to view logs Select one or more devices to see their logs All devices logging to this Log Server (including other servers) show here Report Server and Management Server can also send logs to Log Server! 18
New Log. Viewer Arrange the windows for the different devices’ logs Cascade the windows Or tile them 19
New Log Viewer Category View: • All logs • Only traffic logs • Only alarms • Only events • Only debug logs • Only bandwidth statistics messages 20
New Log. Viewer Date Range View Select a preconfigured range 21 Or make a custom time filter
New Log. Viewer – String Search Simple string search is very useful Search for: • An IP address • Blocked sites / blocked ports • All messages with a key word, for example: • IKE • Type of email or HTTP header • A username 22
New Log Viewer – Search Put context to the message When Search finds an interesting log message, you can show the log messages before and after it. Right-click the message and select Show Log Excerpt Or press F 5 You see 50 messages before and after the target log message 23
New Log. Viewer Preferences Store general preferences • Your primary Log Server • How many messages before and after the target in Log Excerpt • How many searches to remember 24
New Log. Viewer Preferences Store viewing preferences • Default log type • Font size • Which columns to display for the different log types 25
New Log. Viewer Search Manager Tools Search Manager Create powerful searches and save them for later use Advanced Search shows why a SQL database is better 26
New Log. Viewer Multiple export options Export logs as: • CSV (comma- separated value) file • HTML page • PDF • XML file Instantly email logs as: • CSV file • PDF Select and copy as plain text 27
New Report Server What it does Overview Collects and presents log data • Periodic collection from Log Server • Periodic generation of reports • Provides reports to Report Manager via XMLRPC • Reports are immediately viewable and automatically refresh 28
New Report Server What It Does Overview Log Data Log Server Consolidated Log Data Reports 29
New Report Server – Expiration Settings tab Server Settings tab is identical to same tab in Log Server Expiration Settings tab: • Automatically delete old reports • Turn on notification of events about the Report Server itself 30 Configuration
New Report Server – Report Generation tab Tell the Report Server where to get data This is the server management passphrase, not the log encryption key! 31 Configuration
New Report Manager Overview Report Manager is the client application that connects to the Report Server Replaces old Historical Reports The left-hand pane shows the available reports The right-hand pane is a browser (based on Internet Explorer) showing the selected report 32
New Report Manager Launch and Connect to a Report Server Start Report Manager from WSM. Then, connect to a Report Server. 33
Report Server Available Reports carried forward from earlier Historical Reports: • Denied Packet Summary • Denied Packet Detail • Incoming • Outgoing • SMTP Summary • SMTP Server Summary • SMTP Detail • SPAM Summary • Firebox Statistics • POP 3 Summary • POP 3 Detail • Alarms • Packet Filter Host Summary • Proxy Host Summary 34 • HTTP Most Popular Domain • HTTP Summary • HTTP URL Detail • IPS Packet • IPS Summary and its detail subreports: • Protocol • Severity • Source • Signature • AV Summary and its detail subreports: • Protocol • Host • Virus • Sender • Web. Blocker Detail
Report Server Available Reports New Reports in 10: • HTTP Most Active Client • Web Surfing • External Interface Bandwidth Report • Management Server Audit Trail Detail • Management Server Authentication • BUM “Boxes Under Management” 35
Management Server Enhancements 36
What’s New in WSM/Fireware 10 Management Server Enhancements - Overview Multi-user support Record locking Configuration passphrase caching Force comments on Config Change Folders with lockout Notification enhancements Live. Security Alerts 37
Management Server Enhancements Multi-user support Add users on new Users tab of Management Server Configuration 38
Management Server Enhancements Multi-user support Management Server user accounts: • Admin privileges • Can create new user accounts on the Management Server • Can administer all devices under management with WSM connection to Management Server • Read-Write privileges • Can administer all devices under management with WSM connection to Management Server • Read-Only privileges • Can view all devices under management • This user connects to the Management Server in Monitoring Mode 39
Management Server Enhancements Multi-user support Users must now provide username and passphrase when connecting • Provides audit trail in Management Server report Default account is admin • This account uses the server management passphrase • This is the same password you used before to connect to your Management Server from WSM 40
Management Server Enhancements Record locking and caching passphrases When you bring up Policy Manager for a managed device: • WSM prevents others from using Policy Manager for that device when they connect to the Management Server • Reduces the chance that conflicting edits are made at the same time by different users • Policy Manager automatically enters the device’s configuration passphrase when you save the configuration back to the Firebox • No need to remember the configuration passphrases for all your managed devices • No need to share managed devices’ configuration passphrases with others For this to work: • Firebox you manage must be running Fireware 10 • You must launch Policy Manager via a connection to the Management Server (not a connection to the device itself) 41
Management Server Enhancements Record locking Connect to Management Server using WSM Launch Policy Manager for an appliance • The device record is locked When a different user connects to the Management Server at the same time: • A “Maintenance Alert” shows for that device • Policy Manager is not available for that device 42
Management Server Enhancements Configuration passphrase caching When you use that instance of Policy Manager to save the configuration, Policy Manager automatically puts the appliance’s configuration passphrase into the entry field When you close Policy Manager (or use it to File > Open a different Firebox) the lock is released 43
Management Server Enhancements Force comments on config change • Turn this on in Management Server Configuration 44 Users must add comment when saving config via a connection to Management Server
Management Server Enhancements Folders with lockout Right-click Management Server and select Add New Folder 45
Management Server Enhancements Folders with lockout You can make a VPN between two devices inside the same locked folder You cannot make a VPN tunnel between a device in a locked folder and a device not in the same locked folder • Prevent “mistake” VPNs • Those can cost the managed security provider $$ and reputation Locked folder has a padlock on the folder’s icon 46
Management Server Enhancements Notification enhancements Get notified if a managed device does not contact the Management Server when its DVCP lease expires From: mgt-server@your. business Subject: Notice from Management Server Host: dc 01 Time: Fri Feb 08 09: 15: 34 2008 Process: 3848: 3900 Message: Information (8249), no contact from device with name Miami_X 6500 e, id 50. 50. 254, and IP address 50. 50. 254 47
Management Server Enhancements Live. Security Alerts WSM displays Live. Security broadcasts when you select the Management Server Alerts that will appear: • New software updates available • Watch. Guard vulnerabilities 48
Quarantine Server Enhancements 49
Quarantine Server Enhancements Quarantine email based on virus classification You can now send SMTP mail to the Quarantine Server based on whether Gateway Anti. Virus detected a virus 50
Quarantine Server Enhancements Quarantine mail based on virus classification You can send SMTP mail to the Quarantine Server based on whether spam. Blocker’s Virus Outbreak Detection detected a virus 51
Firebox System Manager Enhancements 52
What’s New in WSM/Fireware 10 Firebox System Manager Enhancements - Overview Front Panel tab updated for Mobile VPN with SSL Search Traffic Monitor Display logs by type of message Multiple-line select (ctrl-click or shift-click) and copy Select notifications from entire event catalog Service Watch graph by bandwidth 53
Firebox System Manager Enhancements Front Panel Tab Mobile VPN with SSL sessions displayed on Front Panel tab 54
Firebox System Manager Enhancements Front Panel Tab Log off remote users from Front Panel tab 55
Firebox System Manager Enhancements Traffic Monitor Tab Search Traffic Monitor 56
Firebox System Manager Enhancements Traffic Monitor Tab View: • All logs • Only traffic logs • Only alarms • Only events • Only debug logs • Only bandwidth statistics messages 57
Firebox System Manager Enhancements Traffic Monitor Tab Multiple-line select (ctrl-click or shift-click) and copy 58
Firebox System Manager Enhancements Traffic Monitor Tab Select Notifications from Event Catalog Right-click an event in Traffic Monitor • Instantly set up notification for the next time that event happens 59
Firebox System Manager Enhancements Service Watch Tab Use Service Watch to: • Graph the traffic going through each policy by bandwidth • See the number of sessions going through each policy 60
New Help System 61
New Help System Searchable, with Table of Contents 62
New in Fireware 10 63
Mobile VPN with SSL 64
Mobile VPN with SSL Overview PC and Mac compatible – one download page for both 65
Mobile VPN with SSL URL for users to get the software URL to authenticate and get the client software: • https: //[firebox. ip. address]: 4100/sslvpn. html • Note the /sslvpn. html at the end URL to authenticate only remains the same • https: //[firebox. ip. address]: 4100 66
Mobile VPN with SSL Configuration in Policy Manager Simple straightforward configuration • Policy Manager: VPN Mobile VPN SSL • Use any authentication server • Specify which WAN users connect to first and second (failover) • Allow granular access or access to all connected networks 67
New Proxies for Vo. IP Support 68
New Proxies for Vo. IP H. 323 and SIP These proxies work to allow some Vo. IP/Videoconferencing through the Firebox: • SIP Proxy • H. 323 Proxy H. 323 proxy supports NAT-traversal for voice and video traffic • H. 323 Gatekeeper (“PBX” hosting/trunking) and T. 120 multimedia support not in this release. • H. 323 support is limited to point-to-point connections SIP proxy supports NAT-traversal for voice and video traffic • Does not provide the PBX registration capabilities of a typical standalone SIP Registrar-Proxy • Must have your own Registrar-Proxy server to route these connections • SIP proxy has only been tested with PBX’s located on the external segment of the Firebox (hosted scenario, no trunking). 69
New Proxies for Vo. IP H. 323 and SIP Simple to configure H 323 70 SIP
New Proxies for Vo. IP TFTP Trivial File Transfer Protocol • For more than just Vo. IP Typically for: • Sending updates to Vo. IP devices under management • Sending configuration files • Sending ROM images or firmware updates TFTP Proxy lets you allow or deny content by matching file name patterns for: • Downloads • Uploads 71
New TCP-UDP Proxy Multiple Protocol Detection TCP-UDP Proxy detects what protocol the traffic is: • HTTPS • SIP • FTP 72
New HTTPS Proxy What it can do HTTPS Proxy Block objectionable HTTPS sites using Web. Blocker Allow or deny access to web sites based on Domain Names • Fireware matches Domain Name patterns against the Subject field in the web site’s SSL certificate 73
Enhancements to Security Subscriptions 74
What’s New in WSM/Fireware 10 Enhancements to Security Subscriptions Intrusion Prevention (IPS) Enhancements • New signature set • Broader range of signatures • Botnet protection for servers • Updated signature scanning engine • Approximately 40% increase in IPS performance • Simpler IPS Configuration • P 2 P and IM now integral part of Fireware (no IPS license required) Web. Blocker Enhancements • Expanded Category List • Web. Blocker for HTTPS spam. Blocker Enhancements • Virus Outbreak Detection 75
Web. Blocker Enhancements 40 Category to 54 Category Mapping 40 -Category List name 54 -Category List name Arts & Entertainment Arts Entertainment Drugs, Alcohol, Tobacco Illegal Drugs Alcohol & Tobacco Violence Tasteless & Offensive Hacking Spyware Computing & Internet Downloads Criminal Skills Criminal Activity Phishing & Fraud Glamour & Intimate Apparel & Swimwear Fashion & Beauty Government & Politics Government Politics Lifestyle & Culture Society & Culture Philanthropic & Professional Organizations Remote Proxies & Translators Peer-to-Peer NOT REPRESENTED Spam URLs NOT REPRESENTED Infrastructure NOT REPRESENTED Business 76 Ringtones / Mobile Phone Downloads
Single Sign-On 77
Single Sign-On Requirements Only for Active Directory domains • Install Watch. Guard Authentication Gateway software on a domain computer • This computer called the SSO Agent • The domain account under which the agent software runs must: • Have “Log on as a service” permission granted (for the service to run automatically) • Be a member of Domain Admins group (to query PCs running Vista) • All domain PCs must allow connections over 139 and 445 • Add exceptions to Windows Firewall for File and Printer Sharing, or turn off Windows Firewall 78
Single Sign-On Settings Policy Manager: Setup Authentication Settings • IP address of the PC running Watch. Guard Authentication Gateway software (the SSO agent) • How long the SSO agent should cache responses it gets from PCs it queries • IP addresses that the Firebox will not ask about 79
Single Sign-On How it works 1 • Firebox sees traffic come from a trusted or optional or VLAN interface • SSO does not work for traffic coming from an external interface • Firebox sends query to SSO agent (PC running Watch. Guard Authentication Gateway software) • This is a port 4114 connection. Command is get user <ip. address> • SSO agent checks its cache. • If it has an entry for this IP address, it returns an answer to the Firebox • If not in cache, SSO agent queries that IP address • Uses Windows Net. Wksta. User. Enum() call • Windows Networking connection over port 139 and/or 445 • If SSO agent PC gets no reply, send error message to Firebox • The IP address is not added to authentication list 80
Single Sign-On How it works 2 • PC returns answer to SSO agent. There can be more than one answer • SSO agent uses only the first answer it gets from the PC • SSO agent sends query to Active Directory server to find what groups the user is a member of • Active Directory returns all values of member. Of attribute tied to that user object • SSO agent PC returns answer to Firebox • User name logged in to that PC and groups of which the user is a member • Firebox puts <IP address>, <user name>, and <groups of which the user is a member> in its internal list of authenticated users • Authentication List tab of Firebox System Manager displays the IP address and user name of authenticated users 81
Single Sign-On How it works 3 Use user names and Active Directory groups in your policies to restrict access 82
BOVPN and Mobile VPN with IPSec Enhancements 83
What’s New in WSM/Fireware 10 VPN Enhancements Selective Auto-start of BOVPN Tunnels Dead Peer Detection Mobile VPN with IPSec Policies More Configurable Notification of BOVPN Events 84
VPN Enhancements Selective auto-start of BOVPN tunnels At the bottom of the General Settings tab of the Gateway 85
VPN Enhancements Mobile VPN with IPSec more configurable You can now edit the Mobile VPN/IPSec policy to change the allowed access. The policy is no longer tied to the “allowed resources” assigned to the Mobile VPN/IPSec Group 86
VPN Enhancements Dead Peer Detection On the Phase 1 Settings tab of the Gateway 87
VPN Enhancements Notification of BOVPN events VPN > VPN Settings > BOVPN Notification button 88
New Notification Options 89
New Logging and Reporting Architecture Notification enhancements SNMPv 3 Support New Web. Blocker Alarm Options The Firebox can now send notifications for: • Multi-WAN Events • BOVPN Down • Lost contact with Web. Blocker Server 90
Networking Enhancements 91
What’s New in WSM/Fireware 10 Networking Enhancements Static MAC/IP Address Binding • Edit an interface Advanced tab • Select Only allow traffic sent from or to these MAC/IP Addresses to lock out all other traffic on this interface • Keep the box cleared to add only Static ARP entries 92
More Integration with Live. Security® 93
What’s New in WSM/Fireware 10 Live. Security Integration Quick Setup Wizard pulls feature key from Live. Security • Appliance must be registered before you can use the QSW to get the Feature Key • If the appliance is not registered, you can get to the Internet during the Quick Setup Wizard to register it • You can skip this step of the Wizard if you have not registered the device yet • If there is no Feature Key, one user can get to the Internet after it is configured 94
What’s New in WSM/Fireware 10 Live. Security Integration New Updated feature key display • Easier to understand • Easier to see when features expire Old 95
Thank You! 96
- Wsm ciechanów
- Whats hot whats not
- New york pennsylvania new jersey delaware
- New oil and new wineskin
- Strengths of the articles of confederation
- New consumer capabilities and new company capabilities
- New classical macroeconomics
- Chapter 16 toward a new heaven and a new earth
- Neil thisse is a loyalist who fled the colonies
- New classical and new keynesian macroeconomics
- Fall creators update whats new
- Examples of inverted commas
- Marquee cinema new hartford ny
- New-old approach to creating new ventures
- Njbta
- Comparing progressive presidents
- Introducing and naming new products and brand extensions
- Introducing and naming new products and brand extensions
- Write difference between mitosis and meiosis
- Difference between geocentric and heliocentric
- Whats the difference between main idea and theme
- Whats the difference between a chemical and physical change
- Whats the difference between mood and tone
- Meaning of bc and ad
- Famous introverts in the bible
- Difference between organic and inorganic
- Homozygous and heterozygous
- Lcm of 11 and 15
- Whats the difference between animal and plant cells
- Whats the difference between chemical and physical change
- Sunbathing on the beach convection
- Whats mood and tone
- Whats a stem and leaf plot
- Scale and proportion
- Whats the difference between renewable and nonrenewable
- Communication goes both ways
- Whats the difference between physical and chemical changes
- What is radiation examples
- Describe incomplete dominance
- Whats the difference between weather and climate
- Whats direct characterization
- Whats the difference between endocrine and exocrine glands
- Tone vs mood
- Difference between simple and complex carbohydrates
- Difference between rocks and stones
- Defintion of matter
- Difference between saber and conocer
- Tenor and vehicle practice
- Whats the difference between phrases and clauses
- Httpkahoot
- Odd and even numbers objectives
- Anything that has mass and volume is what
- Difference between atomic number and atomic mass
- Whats internal conflict
- Whats a stem and leaf plot
- Whats the difference between a monomer and a polymer
- Label the organelles in the composite cell
- Whats the difference between habitat and niche
- Phases of matter foldable
- Whats the difference between kinetic and potential energy
- Sample cause and effect sentences
- The relationship between mass volume and density
- Whats the difference between plant and animal cells
- Muckrakers definition
- Oblate sheroid
- Whats reflexive
- The difference between reflexive and intensive pronouns
- Theme examples in poetry
- Literary devices in ode on a grecian urn
- Difference between plant cell and bacterial cell
- Difference between linux and unix
- Two main clauses
- How are conduction convection and radiation alike
- Conduction convection radiation diagram
- Lord you are good israel houghton
- Difference between old covenant and new covenant
- Dimitri and linda are trying to learn a new routine
- New and navigation schemes selection of window
- Great depression vocabulary
- Kendall's and marzano's new taxonomy level of processing
- Lesson 4 the new order and the holocaust
- New jersey appalachian mountains
- Site:slidetodoc.com
- Superman and paula brown's new snowsuit
- Paula brown's new snowsuit
- New product development and product life cycle strategies
- Ability of two or more waves to combine and form a new wave
- Formalism/new criticism
- Formalism and new criticism example
- Formalism and new criticism
- Map boston to philadelphia
- New zealand vs australian accent
- New jersey center for teaching and learning
- New jersey center for teaching and learning
- New historicism
- Historicism
- New hire policy and procedure