Professional Documents
Culture Documents
WatchGuard
Training
Hotspot Enhancements
Create custom hotspot page settings & manage Guest Administrator accounts
Support for Guest Administrators to manage guest user accounts and create
custom vouchers
WatchGuard
Training
A BOVPN Virtual Interface now supports any interface as the local gateway
New BOVPN Configuration Reports for easier VPN troubleshooting
Renamed Enable IPSec Pass-through VPN setting
Monitoring Enhancements
Web UI VPN Statistics page includes statistics for Mobile VPN types on one
tab
Clear the WebBlocker cache from Firebox System Manager
Support for NAT connections through the SNMP application layer gateway
Other Enhancements
Support for new Firebox models
Firebox M400
Firebox M500
Fireware XTM OS update for Firebox M440 and FireboxT10-D
Authentication Enhancements
WatchGuard
Training
Hotspot Enhancements
The Hotspot feature now includes these new features:
WatchGuard
Training
WatchGuard
Training
WatchGuard
Training
WatchGuard
Training
WatchGuard
Training
WatchGuard
Training
10
WatchGuard
Training
11
WatchGuard
Training
12
WatchGuard
Training
13
Account Lifetime
The amount of time that each guest user account can be used after it is
activated for the first time.
When the guest user logs in with the guest user account credentials, the
countdown starts.
The default account lifetime is 24 hours.
Account Expiration
The amount of time after which the guest user account expires and is
removed from the Guest Accounts list.
If the guest user account has not been activated before the account
expiration time is reached, the guest user account still expires.
WatchGuard
Training
14
WatchGuard
Training
15
Business Name
The name of the company where the hotspot is located.
The name you specify is included in the voucher text.
Contact Information
The contact information for the company.
This text can include instructions to get hotspot connection help as well as
contact numbers or addresses.
WatchGuard
Training
16
WatchGuard
Training
17
WatchGuard
Training
18
WatchGuard
Training
19
WatchGuard
Training
20
If multiple Event Log Monitors are installed and included in the SSO
Agent Configuration, and the first Event Log Monitor is unable to
resolve the authentication request, the SSO Agent will fail over to the
next Event Log Monitor to attempt to resolve the request.
The SSO Agent can also contact the Event Log Monitors from other
domains in your network, if they are specified in the SSO Agent
configuration.
WatchGuard
Training
21
WatchGuard
Training
22
What is SNI?
SNI (Server Name Indication), is an extension of the TLS protocol that
indicates the specific server name while making a TLS/SSL connection.
SNI is supported by most modern web browsers.
SNIis more accurate than the certificate CN (Common Name) for a
site because it can determine the actual server name from the
HTTPS traffic headers.
Many web servers host several web sites that share the same IP address
and multiple certificates, and these sites can share the same certificate CN
(Common Name).
WatchGuard
Training
23
WatchGuard
Training
24
WatchGuard
Training
25
WatchGuard
Training
26
WatchGuard
Training
WatchGuard
Training
28
WatchGuard
Training
30
WatchGuard
Training
31
You cannot use a modem for failover from a BOVPN virtual interface if a
local gateway endpoint uses an interface that is not external.
WatchGuard
Training
32
Types:
VLAN
Bridge
Link Aggregation
PPPoE
Zone:
Trusted
Optional
Custom
External
WatchGuard
Training
33
WatchGuard
Training
WatchGuard
Training
WatchGuard
Training
WatchGuard
Training
37
WatchGuard
Training
This is the same report available from the System > Configuration
File page.
38
WatchGuard
Training
39
Enable/Disable SSLv3 in
HTTPS and SMTP Proxy Actions
WatchGuard
Training
40
WatchGuard
Training
41
/31 and /32 addresses are used to conserve IPv4 address space.
Supported in Mixed Routing mode only.
WatchGuard
Training
42
WatchGuard
Training
43
WatchGuard
Training
44
WatchGuard
Training
45
WatchGuard
Training
46
WatchGuard
Training
47
WatchGuard
Training
48
Monitoring Enhancements
WatchGuard
Training
49
50
WatchGuard
Training
51
Select System
Status > VPN
Statistics.
Select the Mobile
VPN tab.
Select the Mobile VPN
type to show:
WatchGuard
Training
All
IPSec
SSL
PPTP
L2TP
52
WatchGuard
Training
53
WatchGuard
Training
54
WatchGuard
Training
55
WatchGuard
Training
56
WatchGuard
Training
57
SNMP Enhancements
WatchGuard
Training
58
SNMP Enhancements
You can now enable
your
device to use NAT for
connections through the
SNMP application layer
gateway.
When you enable this
option, all SNMP
connections are forced to
use NAT.
In the Web UI, select
System > SNMP and
select the Use NAT for
connections through
the SNMP application
layer gateway check box.
WatchGuard
Training
59
SNMP Enhancements
In Policy Manager, select
WatchGuard
Training
60
Other Enhancements
WatchGuard
Training
61
Other Enhancements
You can now set the maximum time interval for failed FTP logins per
connection in the FTP client and server proxy actions.
You can now manage the Gateway Wireless Controller from the Command
Line Interface (CLI).
MAC address reservations for AP wireless devices are now limited
to 256.
WatchGuard
Training
62
WatchGuard
Training
63
Firebox M400
Firebox M500
WatchGuard
Training
Firebox
Firebox
Firebox
Firebox
M400
M500
M440
T10-D
64
6x 1 Gb interfaces
2x 1 Gb SFP ports
150 to 350 users
Replaces XTM 525
Firebox M500
6x 1 Gb interfaces
2x 1 Gb SFP ports
350 to 750 users
Replaces XTM 535 and XTM 545
WatchGuard
Training
65
WatchGuard
Training
66
Firebox T10-D
The Firebox T10-D is a DSL device.
WatchGuard
Training
67
VPI = 8, VCI =
VPI = 0, VCI =
35
32
VPI = 0, VCI =
VPI = 8, VCI =
38
35
VPI = 0, VCI =
VPI = 8, VCI =
If the connection
100 fails with these VPI/VCI
36 settings, the Firebox automatically
polls the ISPVPI
to =
try1,
additional
0/32, 0/33, 0/34, 0/50,
combinations:
VCI = VPI/VCI
VPI = 8, VCI =
0/67, 1/33, 32
1/39, 1/50, 2/32, 8/67, 8/81,
4814/24.
If the ISP disables ATM OAM F5 ping responses, automatic polling cannot use these
alternate VPI/VCI combinations to establish a connection.
Work with your local WatchGuard Sales Engineer if you are interested in
exploring and testing DSL configurations that are not supported by default.
For a list of VPI and VCI settings required by some service providers see:
Firebox T10-D VDSL and ADSL requirements by service provider
WatchGuard
Training
68
Add an external VLAN, with the VLAN ID and external network settings
(PPPoE, static IP address, or DHCP).
Configure Interface 0 to send and receive tagged traffic for the external VLAN.
69
WatchGuard
Training
70
WatchGuard
Training
71
WatchGuard
Training
Tips to help resolve the most common mobile VPN configuration issues.
Find them in the WatchGuard System Manager Help and Fireware XTM
Web UI Help for each mobile VPN type.
72
Additional Resources
WatchGuard
Training
73
Additional Resources
Information about the new and enhanced features included in this
release is available from these resources on the Product
Documentation pages of the WatchGuard website:
WatchGuard
Training
74
Thank You!
WatchGuard
Training
75