What’s New inWhat’s New inFireware XTM 11.7.2Fireware XTM 11.7.2
Updates in Fireware XTM v11.7.2
Support for the new WatchGuard AP100 and AP200 wireless access points
spamBlocker updated to use anti-spam technology from Mailshell Other changes:• New serial number variable support in the HTTP-proxy deny message• New setting in SMTP-proxy action configuration
Set the maximum email header size TLS encryption not enabled by default
See the v11.7.2 Release Notes for a list of resolved issues in v11.7.2.
22WatchGuard Training
WatchGuard APWatchGuard AP
Introducing the New WatchGuard AP100 and AP200
WatchGuard now offers two types of wireless devices that you can use separately or together to add secure wireless access points to your network:
WatchGuard Training 44
WatchGuard XTM Wireless Device WatchGuard Access Point
NEW!
Gateway Wireless Controller
You can connect multiple WatchGuard APs to the trusted or optional network of an XTM device, and manage them from any wired or wireless XTM device.
You configure the Gateway Access Controller on your XTM device to manage the WatchGuard APs.
The settings to configure WatchGuard APs are in the Network > Gateway Access Controller menu.
55WatchGuard Training
AP100 and AP200
WatchGuard AP100• Single Radio• 2.4/5GHz switchable• 2x2:2 MIMO 802.11a/b/g/n• Up to 300Mbps• 8 SSIDs
WatchGuard AP200• Dual Radio• 2.4GHz and 5GHz• 2x2:2 MIMO 802.11a/b/g/n• Up to 600Mbps• 8 SSIDs per radio• Plenum rated
66WatchGuard Training
Learn More about the WatchGuard AP Devices
For more information about the how to use the Gateway Wireless Controller to configure and centrally manage new WatchGuard AP devices, see:• WatchGuard System Manager or Web UI v11.7.2 Help• WatchGuard AP Setup Guide or Deployment Guide
77WatchGuard Training
spamBlockerspamBlocker
spamBlocker with Mailshell
Starting with Fireware XTM OS v11.7.2, spamBlockeruses anti-spam technology from Mailshell.
Mailshell uses a combination of rules, pattern matching, and sender reputation to accurately identify and block spam messages.
Most existing spamBlocker configuration settings do not change.• Spam threshold settings are added.• Settings for Proactive Patterns, Virus Outbreak Detection, and Bulk email do
not apply to Fireware XTM OS versions that use Mailshell.
99WatchGuard Training
spamBlocker Spam Thresholds
Mailshell assigns each email message a spam score from 1 to 99. A message with a higher score is more likely to be spam. You can configure the spam thresholds in spamBlocker Settings.• Confirmed spam threshold:
If a message has a spam score equal to or higher than this threshold, it is classified as confirmed spam.
The default value is 90.
• Suspected spam threshold: If a message spam score
is equal to or higher than this threshold, but lower than the confirmed spam threshold, it is classified as suspected spam.
The default value is 60.
1010WatchGuard Training
spamBlocker General Settings
Policy Manager still has configurable settings for Virus Outbreak Detection and Proactive Patterns in spamBlocker Settings.• These settings do not apply to spamBlocker with Mailshell. • These settings apply only to versions of Fireware XTM that use Commtouch.
These settings remain in Policy Manager, to enable Policy Manager to configure devices that use older versions of Fireware XTM.
These settings are removed from the Fireware XTM Web UI and CLI.
The Connection String Overrideoption is also removed from theGeneral Settings tab.• It was used for troubleshooting by
WatchGuard technical support.• It is still available in the CLI.
1111WatchGuard Training
spamBlocker Actions
Mailshell does not have a bulk spam category.• Action settings for the
Bulk category are removed from the v11.7.2 Web UI
1212WatchGuard Training
spamBlocker Actions
• Action settings for the Bulk category remain in Policy Manager, to enable Policy Manager to manage older versions of Fireware XTM.
• Messages marked as bulk email option no longer appears in Firebox System Manager or the Web UI.
1313WatchGuard Training
Fireware XTM OS Versions that Use Mailshell
Fireware XTM OS Commtouch Mailshellv11.3.0–v11.3.5 v11.4.x, v11.5.x v11.6.0–v11.6.4 v11.7 v11.3.6–v11.3.x (for e-Series devices) v11.6.5–v11.6.x (for XTM 21, 22, 23 devices) v11.7.2 and higher (for all other XTM devices)
1414WatchGuard Training
spamBlocker uses Mailshell only in newer versions of Fireware XTM OS.• Fireware XTM OS versions released after February 2013 use Mailshell.• All earlier versions of Fireware XTM OS use Commtouch.
The table below shows which Fireware XTM versions support Mailshell.
Send spamBlocker Feedback to WatchGuard
You can send feedback to WatchGuard about spamBlocker false positives or missed spam.• False Positives — Send the messages as attachments, including the full
headers, to [email protected].• Missed Spam — Send the messages as attachments, including the full
headers, to [email protected]. To create the feedback message in Microsoft Outlook:• Drag and drop the missed spam or false positive email to a new message.
You can attach more than one message to the same feedback message.• Send the new message to the appropriate feedback email address.
1515WatchGuard Training
ProxiesProxies
SMTP Proxy — Set Maximum Email Header Size
In the SMTP proxy action General Settings, you can now specify the maximum size for email headers.
1717WatchGuard Training
SMTP Proxy — TLS Encryption Setting Change
In the SMTP proxy action TLS encryption settings, the Enable deep inspection of SMTP with TLS option is no longer enabled by default for new configuration files.
Existing configuration files are not affected by this change after an OS upgrade.
1818WatchGuard Training
HTTP Proxy — Serial Number in Deny Message
With Fireware XTM OS and WSM v11.7.2, you can add two new variables to the body of the HTTP proxy deny message to include the serial number and XTM device name in the deny message:• Serial number — %(serial)%• XTM device name — %(firewall)%
1919WatchGuard Training
HotspotHotspot
XTM Device Hotspot
With the v11.7.2 release, you can enable a hotspot for any wired or wireless network.
You can enable a hotspot any XTM device running v11.7.2. The Hotspot feature has moved from the Wireless menu to the
Authentication menu.
SelectSetup > Authentication > Hotspot.
2121WatchGuard Training
THANK YOU!THANK YOU!