WatchGuard Dimension and Fireware XTM 11.8

Oct

17

October 17 , 2013 | Posted by Nachreiner | 22 Comments

WatchGuard Dimension and Fireware XTM 11.8

WatchGuard is pleased to announce two major new software releases.

WatchGuard Dimension is a public and private cloud-ready network security visibility solution that provides reporting tools that instantly distill key issues and trends, speeding the ability to set meaningful security policies across the network. Available for download from the support center today, key features include:

  • Executive Dashboards provide a high-level view of network activity, and with just a click, users can drill all the way down to individual log data.
  • ThreatMap instantly shows by location where threats are coming from.
  • FireWatch filters traffic in a way that instantly brings your eye to the most critical information on active users and connections.
  • E-mail delivery of reports.
  • A single Executive Summary report that provides an overview of network traffic and security events.

Please read the Release Notes to get a deeper understanding of the new capabilities and options. An interactive demo is also available on the product page.

Fireware XTM 11.8 is also available now and provides powerful new features. Highlights include:

  • Data Loss Prevention prevents costly data breaches by scanning and detecting the transfer of sensitive information over email, web, and FTP.
  • All-new Web UI has enhanced ease of use, and includes popular WatchGuard tools such as Traffic Monitor and the new FireWatch. It supports mobile devices, including iOS.
  • Routed VPNs in 11.8 add tremendous flexibility to the configuration of VPNs in today’s more complex network environments. Many new use cases are supported through the ability to add VPN on a virtual interface.
  • Wireless Access Point enhancements, including manual channel selection.
  • YouTube for Schools.

A more complete list is available online, and a detailed “What’s New in 11.8” presentation is also available.

Note: 11.8 also includes important security updates to fix a buffer overflow flaw, and cross-site scripting (XSS) vulnerabilities in our products. For more details on these issues, see our WatchGuard Security Center post.

Does This Release Pertain to Me?

If you or your customers have an XTM 25/25-W/26/26-W, 3 Series, 5 Series, 8 Series, 800 Series, 1500 Series, 2500 Series, 1050 or 2050 device and wish to use the new enhancements, you should upgrade to version 11.8. Please read the Release Notes before you upgrade, to understand what’s involved.

Note: Fireware XTM 11.8 does not apply to XTM 21/22/23 appliance owners, or Firebox X e-Series owners.

WatchGuard Dimension is compatible with all XTM appliances.

How Do I Get the Release?

XTM appliances owners who have a current LiveSecurity Service subscription can obtain the XTM OS update or Dimension without additional charge by downloading the applicable packages from the Articles & Support section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

Don’t have an active LiveSecurity subscription for your XTM appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a reseller ?

Comments (22)

  1. WatchGuard’s XTM 11.8 Software Fixes Buffer Overflow & XSS Vulnerabilities | WatchGuard Security Center

      1. Andrew,

        Did you happen to let support know? I haven’t experience that issue myself. I run it in my lab (very simple config), but I do port forward traffic to internal web, ftp, and email servers. All my port forwarding policies continue to work fine (and I’ve run many versions of 11.8, as we’ve gone through our beta and preview process).

        That’s not to say you’re not experiencing the issue, just that we aren’t having many cases of port forwarding failing, as far as I can tell, so the issue may be unique. Might be worth a support call?

        Cheers,
        Corey

      2. I had the same issue, contacted Watchguard support and it was because I had policy based routing set on an incoming port forward which although worked fine in 11.7.x was obviously unnecessary and unchecking the PBR box made it work fine in 11.8

    1. WatchGuard Dimension is pretty cool, if I say so myself. If you already have a XTM appliance, it’s a no cost addition too. So you can grab it as soon as you like.

      If you don’t have our product, you can still check out the demo. In past predictions, I’ve said, “visibility is defense,” and WatchGuard Dimension helps deliver the visibility! ^_^

      Cheers,
      Corey

  2. D-Link Backdoor – WSWiR Episode 81 | WatchGuard Security Center

  3. VU#233990: Watchguard Extensible Threat Management (XTM) appliance version 11.7.4 contains a buffer overflow vulnerability

  4. Installed 11.8 and it started blocking all incoming smtp traffic to Exchange server. 2 other boxes experiencing a host of problems. Went back to 11.7.4 and problems went away.

  5. Youtube for schools thing sounds neat, but in practice it is near useless for us. The user can just access the https version of Youtube and get to all the videos. HTTPS DPI is useless also (for us anyway) as it does not allow filtering based off the domain, only IP, so it kills things like Gmail, Apple App store, etc as they don’t like certificate resigning AND since they utilise NUMEROUS subnets and third party subnets (like Akamai), so filtering is pretty much impossible, unless you want to watch the traffic monitor every minute to identify when the iPad decides to use a different IP, and then filter it, etc. Not a viable solution. Watchguard HAS to allow domain based filtering (Even in your proxies and other rules, not only DPI) for any of this to be remotely useful

    1. Daniel,

      Good feedback. I¹m not in Product Management, so I¹m not sure exactly where all this is, but I know they¹ve talked many times about when various HTTPS domain inspection, provided by WebBlocker or other tools, works with and without the HTTPS ALG. They also have plans for something called ³Names not numbers² to create domain based rules (not just one time domain lookups)Š Wish I could tell you were all this was at, but my focus is mostly around security research and education. When the forum comes back, you can check the feature request area.

      Cheers, Corey

      On 11/19/13, 4:56 PM, “WatchGuard Security Center”

    2. That is because you do not have your firewall setup correctly… You need to install a certificate from a trusted CA and then inspect you https traffic. Firewall does a great job of doing “man in the middle” inspection.

  6. Dimension is a long needed improvement in device visibility and analytics. For quite some time inside of our organization we have grumbled about the reporting features from watchguard and this goes a long way to alleviating that. Actually quite impressed for a first release of functional and thought out it is. Some notes though I think more could be done with helping the users scale storage needed for retention periods. Also we are pretty much a MS shop it wasn’t difficult to convert the OVA to VHD files for hyper-v but was a step wish someone else would have done for me. We have recently been using the syslog output with logstash, kibana, and elastisearch to get visibility on our firewall data. Dimension was considerably easier then that setup to get going and get meaningfull content. With that said I think a strait custom query input for the database might be nice and easy to implement in Dimension.

  7. Waist trimmers are often called “sauna belts”, and they are made out of neoprene – this is the stuff wetsuits are made out of. Diet pills that work will provide a customer service and a money-back guarantee of a few months or maybe more.

  8. While Acer Sync lets you transfer content between the tablet and PC, Acer Clear. Underrated is perhaps the better term for this netbook because it boasts of the usual netbook specs including a 10.

  9. Whats up very nice website!! Guy .. Beautiful .. Superb ..
    I’ll bookmark your blog and take the feeds additionally?
    I am satisfied to seek out so many useful info right here within
    the put up, we want work out extra techniques in this regard, thanks for sharing.
    . . . . .

  10. It is a known formula which when combined with little bit of exercise and diet works for almost all the fat people. I took the pills while cutting back on the amount of food I ate and exercising more often and it still only helped me lose 2 pounds.

  11. Hi Corey,

    I have upgraded my XTM 515 OS to 11.8.3. However i am facing issues that its not blocking our HTTPS packets. Like if i block “Facebook.com”, the http packet is blocked, but user can open by using https, i.e. https://facebook.com
    Had a chat with watchguard specialists here, they checked & told its known issue of 11.8.3 & i will have to wait till next release. is it true?
    Please help.
    Thanks & regards,
    Mandeep

  12. If possibly you paint your head’s hair, you may obtain a cost-effective hair painting for any couple of bucks, its
    surely not high-priced in any way, then you may really
    start off searching great! . In the event you
    have the very frizzy hair color then that is a plus as well as a concern considerably less to worry about.
    After you might wish to get the critical naruto costume, because of any additional frizzy hair which it truly is
    received all around the the neck and throat, you can find a thing sort a sibling or maybe a cosing or likely some girl you realize looks to get obtained a sweater or some matter much like that which has
    got the distinct head of hair element, than the only concern leftover might be to get quite a few orange
    gown put on more than this to make sure the hair go across the leading
    in this orange tee shirts or outfits producing
    it seem and also feel as though this were definitely a single.

  13. We are a bunch of volunteers and opening a new scheme in our community.
    Your website provided us with helpful info
    to work on. You have done a formidable job and our entire group will be thankful
    to you.

Add Comment

Your email address will not be published. Required fields are marked *