WatchGuard Blog: Network Security https://www.watchguard.com/ WatchGuard Product Update Blog en Fireware v12.9 Update 1 https://www.watchguard.com/wgrd-blog/fireware-v129-update-1 <h3>Fireware 12.9u1</h3> <p>WatchGuard has posted a new maintenance update for Fireware 12.9.  This update addresses several issues that have been resolved since the original 12.9 release, including an issue affecting SSLVPN connections to the Firebox from internal networks, as well as a disconnection from WatchGuard Cloud from devices that previously connected successfully.  See details in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_9/index.html#Fireware/en-US/EN_Release_Notes_Fireware.html">Release Notes</a> for a full list of enhancements and resolved issues in this release.</p> <h3>Does this release affect me?</h3> <p>Fireware 12.9u1 is available for:</p> <ul><li>T Series: T20, T40, T55, T70, and T80</li> <li>M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800</li> <li>Firebox NV5, FireboxV and Firebox Cloud</li> </ul><h3>How to upgrade</h3> <p>Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the <a href="https://software.watchguard.com/SoftwareHome">WatchGuard Software Download Center</a>.</p> <h4>Contact</h4> <p>For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Wed, 25 Jan 2023 14:06:56 -0800 Ben Brobak 77441 at https://www.watchguard.com Fireware 12.9 Available Now https://www.watchguard.com/wgrd-blog/fireware-129-available-now <h2>Fireware 12.9</h2> <p>This release resolves several issues and includes the following enhancements:</p> <ul><li>Multi-factor authentication (MFA) support for the WSM Management Server</li> <li>Client certificate authentication support for LDAPS</li> <li>Split tunneling support for Mobile VPN with IKEv2</li> <li>New configurable DNS Forwarding policy</li> <li>Updated user interface for endpoint enforcement</li> <li>Streamlined identification of spamBlocker false positives and false negatives</li> <li>Updated WatchGuard IPSec Mobile VPN Client for Windows (64-bit) software</li> </ul><p>Please look at the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_9/index.html">Release Notes</a> for a complete list of enhancements and resolved issues. </p> <h2>Which products are affected by this release?</h2> <ul><li> <p>T Series: T20, T40, T55, T70, and T80</p> </li> <li> <p>M Series: M270, M290, M370, M390, M400, M440, M500, M590, M690, M4600, M4800, M5600, and M5800</p> </li> <li> <p>Firebox NV5, FireboxV, and Firebox Cloud</p> </li> </ul><h2>Upgrade Process</h2> <p>Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The most straightforward approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly within the WebUI. Admins may also download the applicable packages from the <a href="https://software.watchguard.com/SoftwareHome">WatchGuard Software Download Center</a>.</p> <h2>Contact</h2> <p>For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available. </p> Thu, 15 Dec 2022 12:11:42 -0800 Kirk Jensen 73721 at https://www.watchguard.com Fireware 12.8.2u1 Available Now https://www.watchguard.com/wgrd-blog/fireware-1282u1 <h3>Fireware 12.8.2u1</h3> <p>This maintenance release updates the version of OpenSSH used by the Firebox to version 9.0p1s, resolves an issue that prevented VPN tunnels to AWS from recovering following a FireCluster failover, and addresses an issue where addresses configured in Blocked Sites Exceptions could be blocked if triggered immediately following a reboot.  See details in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_8_2_U1/index.html">Release Notes</a> for a full list of enhancements and resolved issues in this release.</p> <h3>Does this release affect me?</h3> <p>Fireware 12.8.2u1 is available for:</p> <ul><li>T Series: T20, T40, T55, T70, and T80</li> <li>M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800</li> <li>FireboxV and Firebox Cloud</li> </ul><h3>How to upgrade</h3> <p>Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the <a href="https://software.watchguard.com/SoftwareHome">WatchGuard Software Download Center</a>.</p> <h4>Contact</h4> <p>For Sales or Support questions, you can find phone numbers for your region <a href="/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> <p> </p> Mon, 17 Oct 2022 10:00:00 -0700 Ben Brobak 71316 at https://www.watchguard.com Enabling MSPs in WatchGuard Cloud with Service Provider-level Firmware Upgrade https://www.watchguard.com/wgrd-blog/enabling-msps-watchguard-cloud-service-provider-level-firmware-upgrade <p>WatchGuard Cloud allows Managed Service Providers (MSPs) the ability to allocate and manage their WatchGuard devices to their customers with simplicity and ease. With our recent <a href="https://www.watchguard.com/wgrd-blog/fireware-1281-12510-and-1214-and-mobile-vpn-client-releases">post about Fireware 12.8.1's release</a>, it's time to re-introduce and extremely useful feature in WatchGuard Cloud. Back in January, we brought forward the ability to view and update firmware for all WatchGuard devices, Fireboxes and Access Points, which are managed under the MSP umbrella to add to that simplicity.</p> <p>This page should be familiar for those already using firmware upgrades in WatchGuard Cloud. On the Overview level, devices are listed with the account they belong to. Access Points, Fireboxes, and Firebox Cluster devices are accessible here, and the list can be filtered as desired. </p> <div class="align-center"> <div class="field field--name-field-media-image field--type-image field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/blog_large/public/blog-images/SPUpgrades1.png?itok=6JRxWGgx" width="588" height="293" alt="View the firmware status of all devices on one page." typeof="foaf:Image" class="image-style-blog-large" /></div> </div> <p> </p> <p>Clicking "Upgrade Firmware" provides the same firmware upgrade experience as the Subscriber/Account level, and now the ability is available to select or deselect all devices under specific accounts.</p> <div class="align-center"> <div class="field field--name-field-media-image field--type-image field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/blog_large/public/blog-images/SPUpgrades2.png?itok=Amx3uYEU" width="399" height="293" alt="Select multiple devices across multiple subscriber accounts." typeof="foaf:Image" class="image-style-blog-large" /></div> </div> <p> </p> <p>MSPs no longer need to go down the line on each subscriber account, one at a time, to upgrade the firmware for the devices which makes this capability a great time saver for our partners!</p> <div class="align-center"> <div class="field field--name-field-media-oembed-remote-video field--type-string field--label-hidden field__item"><iframe src="/media/oembed?url=https%3A//youtu.be/Ux4SeEq4nsY&amp;max_width=600&amp;max_height=400&amp;hash=f5Vr_Nlky89a3GbCLE5MDRTkZIY8Pzy7mTEJeDKaMtk" frameborder="0" allowtransparency="" width="600" height="400" class="media-oembed-content" title="Demo: Firmware Upgrades"></iframe> </div> </div> <p> </p> <p><strong>Test Drive WatchGuard Cloud!</strong><br /><a href="https://www.watchguard.com/wgrd-products/watchguard-cloud-demo">Explore our free online demo</a> to see how easy it is to manage and report on AuthPoint, Threat Detection and Response, WatchGuard Firebox, and so much more.</p> <p><strong>Keep Up with What's New in WatchGuard Cloud</strong><br /> WatchGuard regularly updates and improves on the WatchGuard Cloud platform. To learn more about the developments to WatchGuard Cloud, please refer to our resources: <a href="https://www.watchguard.com/help/docs/WG_Cloud/en-US/whats-new_WG_Cloud.pptx">"What is New In WatchGuard Cloud" presentation</a> and <a href="https://www.watchguard.com/support/release-notes/WatchGuard_Cloud/en-US/index.html">most recent Release Notes</a>.</p> <p><strong>Contact</strong><br /> For Sales or Support questions, feel free to explore <a href="https://www.watchguard.com/wgrd-support/overview">WatchGuard's support page</a>. When contacting WatchGuard's Technical Support, please have the registered appliance Serial Number or Partner ID available</p> Thu, 01 Sep 2022 11:02:25 -0700 Mike Deichman 67536 at https://www.watchguard.com Fireware 12.8.2 and 12.5.11 https://www.watchguard.com/wgrd-blog/fireware-1282-and-12511 <h3>Fireware 12.8.2</h3> <p>This maintenance release includes support for a new 8x1Gb copper network module, resolves an issue that caused traffic to stop on M390, M590, and M690 appliances, and addresses other issues fixed since previous releases. See details in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_8_2/index.html">Release Notes</a> for a full list of enhancements and resolved issues in this release.</p> <h3>8x1Gb Copper Network Module</h3> <p>In addition to the resolved issues, Fireware 12.8.2 adds support for a new 8x1Gb copper network module (WG9022) for Firebox M290, M390, M590, and M690 models.  This module provides additional port density for those in need of up to 8x additional interfaces on these Firebox models.</p> <h3>Fireware 12.5.11</h3> <p>This release updates the version of the SSLVPN client available for download from the Firebox to v12.7.2 of the Mobile VPN with SSL Client software and provides support for windows 11 in the IKEv2 client profile, and includes an important security update for advisory WGSA-2022-00020.  See details in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_11/index.html">Release Notes</a> for a full list of resolved issues in this release, and for information on security updates in these releases review the advisories at <a href="https://psirt.watchguard.com">psirt.watchguard.com</a>.</p> <h3>Does this release affect me?</h3> <p><strong>Fireware 12.8.2 is available for:</strong></p> <ul><li>T Series: T20, T40, T55, T70, and T80</li> <li>M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800</li> <li>FireboxV and Firebox Cloud</li> </ul><p><strong>Fireware v12.5.11 applies to:</strong></p> <ul><li>Firebox T10, T15, T30, T35, T50, M200, and M300</li> </ul><h3>How to upgrade</h3> <p>Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the <a href="https://software.watchguard.com/SoftwareHome">WatchGuard Software Download Center</a>.</p> <p><strong>Contact</strong></p> <p>For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Thu, 25 Aug 2022 16:44:34 -0700 Ben Brobak 69576 at https://www.watchguard.com Dimension 2.2.1 is now available https://www.watchguard.com/wgrd-blog/dimension-221-now-available <p>We are pleased to announce the availability of WatchGuard Dimension 2.2.1. This maintenance release is now available from the <a href="https://software.watchguard.com/SoftwareDownloads?current=true&amp;familyId=a2RF00000009On4MAE">Software Download Center</a>, together with <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Dimension_v2_2_1/index.html">Release Notes</a> and update instructions. WatchGuard Dimension 2.2.1 provides the following fixes:</p> <h3>General</h3> <ul type="disc"><li>An issue where the system root partition filled with backup data has been resolved.</li> </ul><h3>Logging and Reporting</h3> <ul type="disc"><li>We've resolved invalid UUID errors when threat information is retrieved from the APT service.</li> </ul><h3>Security</h3> <ul type="disc"><li>OpenSSL has been updated to v1.1.1n to address CVE-2022-0778 and CVE-2020-1971.</li> <li>The Dimension web server now supports HSTS headers and TLS v1.2 as the minimum protocol version.</li> <li>Fixes a jquery-ui v1.9.2 vulnerability to address CVE-2010-5312 and CVE-2012-6662.</li> </ul><p>See details in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Dimension_v2_2_1/index.html">Release Notes</a> for issues addressed in these releases, and for information on security updates in these releases review the advisories on our <a href="https://www.watchguard.com/wgrd-psirt/advisories">PSIRT page</a>.</p> <p>WatchGuard’s Product Security Incident Response Team (PSIRT) recently <a href="https://www.secplicity.org/2022/05/26/watchguard-launches-psirt-page/">launched our public PSIRT page</a> to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as WatchGuard’s investigations into industry-wide security issues that may impact our products or services.</p> <h4>Does this release pertain to me?</h4> <p>This release applies to all users of the WatchGuard Dimension network security visibility solution.  We recommend that any administrators using WatchGuard Dimension upgrade their solution to 2.2.1 to take advantage of the security improvements available in the release.   </p> <h4>Software Download Center</h4> <p>Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard <a href="https://watchguardsupport.secure.force.com/software/">Software Download Cente</a><a href="https://software.watchguard.com/SoftwareHome">r</a>.</p> <h4>Contact Us</h4> <p>Please <a href="https://www.watchguard.com/wgrd-about/contact">contact the WatchGuard team</a> if you have any additional questions about Dimension 2.2.1. We're happy to help.</p> Mon, 25 Jul 2022 16:00:41 -0700 Ben Brobak 68851 at https://www.watchguard.com Fireware 12.8.1, 12.5.10, 12.1.4, and Mobile VPN client releases https://www.watchguard.com/wgrd-blog/fireware-1281-12510-and-1214-and-mobile-vpn-client-releases <p><strong>Fireware 12.8.1, 12.5.10, 12.1.4, and Mobile VPN client releases</strong><br /> WatchGuard has posted maintenance releases for Fireware 12.8.1, and earlier branches, 12.5.10 and 12.1.4.   These maintenance releases include some minor enhancements, address issues fixed since previous releases, and also include important security updates.  See details in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_8_1/index.html">Release Notes</a> for issues addressed in these releases, and for information on security updates in these releases review the advisories on our <a href="https://www.watchguard.com/wgrd-psirt/advisories">PSIRT page</a>.</p> <p>WatchGuard’s Product Security Incident Response Team (PSIRT) recently <a href="https://www.secplicity.org/2022/05/26/watchguard-launches-psirt-page/">launched our public PSIRT page</a> to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact our products or services.</p> <p><strong>Tor Exit Node Blocking</strong><br /> In addition to the resolved issues, Fireware 12.8.1 and 12.5.10 provides the capability to block inbound traffic from Tor Exit Nodes.  If your configuration has Botnet Detection enabled, after you upgrade to Fireware 12.8.1 or 12.5.10, Tor Exit Node Blocking is enabled in all policies by default.  More information about using Tor Exit Node Blocking can be found in our <a href="https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tor/tor_intro_c.html">product documentation</a>.</p> <p><strong>WatchGuard IPSec Mobile VPN Clients</strong><br /> For users of the WatchGuard Mobile VPN Clients, v15.04 is available for installation on Windows 10 and 11 (up to and including 21H2), as well as v4.61 available for macOS 11 (Big Sur) and macOS 12 (Monterey).  New features and issues addressed in these updates are included in the release notes for the Fireware.</p> <p><strong>Does this release affect me?</strong><br /> Fireware 12.8.1 is available for:</p> <ul><li>T Series: T20, T40, T55, T70, and T80</li> <li>M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800</li> <li>FireboxV and Firebox Cloud</li> </ul><p>Fireware v12.5.10 applies to:</p> <ul><li>Firebox T10, T15, T30, T35, T50, M200, and M300 (<a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_10/index.html">Release Notes</a>)</li> </ul><p>Finally Fireware 12.1.4 is also provided for:</p> <ul><li>XTM 800, 1500, 2500, and XTMv (<a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_1_4/index.html">Release Notes</a>)</li> </ul><p>WSM 12.8.1 is available for management of Fireboxes running Fireware 12.8.1, 12.5.10, and 12.1.4.</p> <p><strong>How to upgrade</strong><br /> Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the <a href="https://software.watchguard.com/SoftwareHome">WatchGuard Software Download Center</a>.</p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Fri, 08 Jul 2022 10:13:48 -0700 Ben Brobak 68396 at https://www.watchguard.com Supported Operating Systems for WSM https://www.watchguard.com/wgrd-blog/supported-operating-systems-wsm <p><strong>Supported Operating Systems for WatchGuard System Manager (WSM)</strong><br /> To determine when WatchGuard ends support for an operating system our applications run on, we follow the support lifecycle of the operating system vendor.  This post provides detail on how Microsoft's lifecycle affects this policy.</p> <p>In the release notes of <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_8/index.html#Fireware/en-US/introduction.html?Highlight=supported%20operating%20systems">Fireware 12.8</a>, WatchGuard identified that the supported operating systems for WSM and Management Server software will follow Microsoft’s Mainstream Support end dates for Windows and Windows Server. When Mainstream Support ends for these operating systems, WSM and Management Server will no longer support them in the next feature release.</p> <p>Historically, we followed Microsoft’s Extended Support end dates for Windows and Windows Server operating systems, but this limited the ongoing updates we could make to WSM Client and Management Server software. By following the Mainstream Support end dates for these fixed lifecycle products, we can make updates that are not limited by the legacy development tools needed to support operating systems that no longer receive feature updates from Microsoft.</p> <p>For more information see the <a href="https://docs.microsoft.com/en-us/lifecycle/policies/fixed">Microsoft Fixed Lifecycle Policy</a>.</p> <p><strong>How does this affect currently supported operating systems?</strong><br /> WSM 12.8 and 12.8.x maintenance releases will continue to support currently-supported operating systems that previously ended Mainstream Support. This includes these operating systems which previously ended Mainstream Support:</p> <ul type="disc"><li>Windows 8 - 12 Jan 2016</li> <li>Windows 8.1 - 9 Jan 2018</li> <li>Windows Server 2012 - 9 Oct 2018</li> <li>Windows Server 2012 R2 - 9 Oct 2018</li> <li>Windows Server 2016 - 11 Jan 2022</li> </ul><p>Future feature releases for WSM, such as 12.9 and higher, will no longer support these operating systems.</p> <p>WSM will continue to support these operating systems through their Mainstream Support end dates:</p> <ul type="disc"><li>Windows 10 – Final retirement 14 October 2025</li> <li>Windows 11 – Final retirement not announced. 21H2 supported by Microsoft through 8 October 2024.</li> <li>Windows Server 2019 – Supported through 9 January 2024</li> <li>Windows Server 2022 – Supported through 13 October 2026</li> </ul><p>For more information see <a href="https://docs.microsoft.com/en-us/lifecycle/products/">Microsoft product lifecycle</a>.</p> <p><a href="https://www.watchguard.com/wgrd-help/documentation/release-notes/fireware">Fireware Release Notes</a> always include an Operating System Compatibility Matrix, identifying supported operating systems for features in each release.</p> Fri, 10 Jun 2022 10:49:41 -0700 Ben Brobak 67391 at https://www.watchguard.com Log, Report, and Quarantine Server deprecation https://www.watchguard.com/wgrd-blog/wsm-log-report-and-quarantine-server-deprecation <p><strong>Deprecation of older WatchGuard Server components</strong><br /> WatchGuard is announcing the deprecation of some older server components. WSM v12.8.x releases will still include these server components. Higher WSM releases, v12.9 and later, will include only the WSM Client and Management Server, and will not include the following: </p> <ul type="disc"><li>WatchGuard Log Server</li> <li>WatchGuard Report Server</li> <li>WatchGuard Quarantine Server  </li> </ul><p>WSM Log and Report servers have served well since their introduction in Fireware 10, but they no longer represent the best options available to our customers. WatchGuard now provides superior logging and reporting solutions. WatchGuard Cloud, our cloud-based visibility solution, includes 30 days log and report storage with Total Security Suite. Dimension is available on VMware and Microsoft Hyper-V for those customers that want to maintain an on premises log and report server. </p> <p>The Quarantine Server no longer aligns well with the email services our customers deploy and operate today, such as Office 365 and web-based email solutions. Customers can continue to use the quarantine server on existing installations, and the Fireware OS will keep the option to send email to quarantine. </p> <p>WatchGuard continues to actively develop and support the WSM Management Server. The recent <a href="https://www.watchguard.com/wgrd-blog/new-fireware-v128-releases-fireboxes">v12.8 release</a> include new features to support management server templates for SD-WAN. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Fri, 29 Apr 2022 09:40:31 -0700 Brendan Patterson 64651 at https://www.watchguard.com Fireware v12.8 Update 1 https://www.watchguard.com/wgrd-blog/fireware-v128-update-1 <p><strong>Key points:</strong><br /> WatchGuard has posted a new maintenance update for Fireware v12.8. Update 1 includes several issues that have been fixed since the original 12.8 release. It also includes an update to the OpenSSL version to address CVE-2022-0778. See details  in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_8/index.html#Fireware/en-US/resolved_issues.html">Release Notes</a>. </p> <p><strong>Does this release affect me?</strong><br /> Fireware 12.8 Update 1 is available for: </p> <ul><li>T Series: T20, T40, T55, T70, and T80</li> <li>M Series: M290, M390, M590, M690, M270, M370, M400, M440, M470, M500, M570, M670, M4600, M5600, M4800, and M5800</li> <li>FireboxV and Firebox Cloud</li> </ul><p><strong>How to upgrade</strong><br /> Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems (also works across multiple subscriber accounts). You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from <a href="https://software.watchguard.com/SoftwareHome">the WatchGuard Software Download Center</a>. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Mon, 25 Apr 2022 08:52:41 -0700 Brendan Patterson 64391 at https://www.watchguard.com New Fireware v12.8 Releases for Fireboxes https://www.watchguard.com/wgrd-blog/new-fireware-v128-releases-fireboxes <p>The latest release of Fireware v12.8 for Fireboxes delivers various enhanced features. Find out more about the release in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_8/index.html">12.8 Release Notes</a> and <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-8.pptx">What’s New in 12.8 Presentation</a>.</p> <h4><strong>Key Features include:</strong></h4> <h3>Networking:</h3> <ul><li><strong>SD-WAN Load Sharing</strong><strong>: </strong>SD-WAN actions enables you to share traffic load across multiple SD-WAN interfaces. You can use this feature to distribute load across multiple ISPs or lines.</li> <li><strong>SD-WAN Actions in Device Configuration Templates:</strong> Management Server device configuration templates now support SD-WAN actions. This makes it easy to apply SD-WAN actions to multiple devices.</li> <li>Support for IPv6 traffic in Bridge Mode</li> <li>Firebox Cloud can now apply firewall policies to traffic that arrives and leaves by the same interface, enabling east-west inspection of traffic.<br />  </li> </ul><h3>VPN:</h3> <ul><li><strong>Mobile IKE for IKEv2: </strong>This enables the Firebox to use the original VPN tunnel when a mobile device moves from one network to another.<em> </em>Also<em> </em>keeps VPN connections active to minimize reauthorization of MFA.<br />  </li> </ul><h4><strong>Do these releases affect me?</strong></h4> <h3>Fireware 12.8 is available for: </h3> <ul><li>T Series: T20, T40, T55, T70, and T80</li> <li>M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800</li> <li>FireboxV and Firebox Cloud</li> </ul><p> </p> <p><strong>Action for Partners and Customers: </strong>Install the new version of Fireware 12.8! Upgrade to ensure your WatchGuard deployment is leveraging the best power, speed, reliability, and security available today.</p> <h3>How to upgrade</h3> <p> Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. HA Cluster pairs are now supported for upgrade from WatchGuard Cloud too. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from <a href="https://software.watchguard.com/SoftwareHome">the WatchGuard Software Download Center</a>. </p> <h4>Contact</h4> <p>For Sales or Support questions, you can find phone numbers for your region <a href="/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Mon, 21 Mar 2022 09:00:00 -0700 Kayla Myrhow 60191 at https://www.watchguard.com Detection and Remediation for Cyclops Blink State-Sponsored Botnet https://www.watchguard.com/wgrd-blog/detection-and-remediation-cyclops-blink-state-sponsored-botnet <p>Working closely with the FBI, CISA, DOJ, and UK NCSC<sup>1</sup>, WatchGuard has investigated and developed a remediation for Cyclops Blink, a sophisticated state-sponsored botnet, that may have affected a limited number (estimated at ~1%) of WatchGuard firewall appliances. WatchGuard customers and partners can eliminate the potential threat posed by malicious activity from the botnet by immediately enacting WatchGuard’s 4-Step Cyclops Blink Diagnosis and Remediation Plan. It is critical for all customers, whether infected or not, to upgrade the appliance to the latest version of Fireware OS.</p> <h2>Scope of Potential Impact:</h2> <p>Based on our own investigation, an investigation conducted jointly with Mandiant, and information provided by the FBI, WatchGuard has concluded the following:</p> <ul><li>Based on current estimates, Cyclops Blink may have affected approximately 1% of active WatchGuard firewall appliances; no other WatchGuard products are affected. </li> <li>Firewall appliances are not at risk if they were never configured to allow unrestricted management access from the internet. Restricted management access is the default setting for all WatchGuard’s physical firewall appliances.</li> <li>There is no evidence of data exfiltration from WatchGuard or its customers.</li> <li>WatchGuard’s own network has not been affected or breached.<br />  </li> </ul><h2>Detecting, Remediating, and Preventing Cyclops Blink Infection:</h2> <p>WatchGuard, supported by the FBI, CISA, NSA<sup>2</sup>, and the UK NCSC, recommends that all customers immediately enact the 4-Step Cyclops Blink Diagnosis and Remediation Plan available <a href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA16S000000SNyiSAG&amp;lang=en_US">here</a>. The plan outlines simple and easy-to-use Cyclops Blink detection options in WatchGuard System Manager, WatchGuard Cloud, and a new Web Detector tool.  </p> <p>Remediation steps are only necessary if you have an infected appliance; however, the future protection steps are applicable to <em>all</em> customers.</p> <p><strong>Visit </strong><a href="https://detection.watchguard.com/">detection.watchguard.com</a><strong> to review and enact the 4-Step Cyclops Blink Diagnosis and Remediation Plan now.</strong></p> <p>Please see the <a href="https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter">joint government advisory</a> issued by the FBI, CISA, NSA, and the UK NCSC.</p> <p>Our <a href="/wgrd-news/blog/important-detection-and-remediation-actions-cyclops-blink-state-sponsored-botnet">corporate blog post</a> includes additional information and updates about the botnet.</p> <h2>New releases are now available to support the prevention step</h2> <p>WatchGuard System Manager 12.7.2 update 3 is available to support all appliances and includes the detection tool that can be run against multiple appliances. (Note: Update 3 was released on Feb 24 to resolve known issue where scan did not complete successfully against latest firmware)</p> <p>Fireware 12.7.2 Update 2 (<a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html">Release Notes</a>) is available for:</p> <ul><li>T Series: T20, T40, T55, T70, and T80</li> <li>M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800</li> <li>FireboxV and Firebox Cloud</li> </ul><p>Fireware 12.5.9 Update 2 (<a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_9/index.html">Release Notes</a>) for:</p> <ul><li>Firebox T10, T15, T30, T35, T50, M200, M300</li> </ul><p>Fireware 12.1.3 Update 8 (<a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_1_3_U8/index.html">Release Notes</a>) for: </p> <ul><li>XTMv, 850, 860, 870,1520, 1525, 2520</li> <li>XTM 25, 26, 33, 330, 515, 525, 535, 545, 810, 820, 8301050, 2050 – Given the criticality of the issue, WatchGuard has also released a build for appliances that are now past End of Life. Customers still running these appliances may upgrade to this build with an expired support license.</li> </ul><h2>How to upgrade</h2> <p>The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems, even for systems managed in WSM. Admins may also download the applicable packages from <a href="https://software.watchguard.com/SoftwareHome">the WatchGuard Software Download Center</a>. </p> <h2>Contact</h2> <p>For Support questions, you can find phone numbers for your region <a href="/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> <p><sup>1</sup> Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Justice, and UK National Cyber Security Centre.<br /><sup>2</sup> National Security Agency</p> Wed, 23 Feb 2022 06:48:16 -0800 Brendan Patterson 62491 at https://www.watchguard.com New Fireware update releases https://www.watchguard.com/wgrd-blog/new-fireware-update-releases-0 <p>In our last blog post of 2021, Corey shared <a href="https://www.watchguard.com/wgrd-blog/five-cybersecurity-new-years-resolutions-you-can-achieve-today">5 cybersecurity New Year's resolutions.</a> Now is a great time to put one of those into practice: update to the latest version of Fireware!</p> <p>WatchGuard has posted new maintenance updates for Fireware 12.7.2 and earlier branches, 12.5.9 and 12.1.3. WatchGuard is moving away from providing customer specific (CSP) builds, and we prefer to issue generally available update releases that are provided to all for download.These releases include fixes to resolve internally detected security issues that were found by our engineers. </p> <p><strong>Do these releases affect me?</strong><br /> Fireware 12.7.2 Update 1 (<a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_2/index.html">Release Notes</a>) is available for: </p> <ul><li>T Series: T20, T40, T55, T70, and T80</li> <li>M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800</li> <li>FireboxV and Firebox Cloud</li> </ul><p>WatchGuard has also released Fireware 12.5.9 Update 1 (<a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_9/index.html">Release Notes</a>) for:</p> <ul><li>Firebox T10, T15, T30, T35, T50, M200, M300.</li> </ul><p>And there is also Fireware 12.1.3 Update 7 (<a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_1_3_U7/index.html">Release Notes</a>) for: </p> <ul><li>XTMv, XTM 25, 26, 33, 850, 860, 870,1520, 1525, 2520</li> </ul><p><strong>How to upgrade</strong><br /> Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. HA Cluster pairs are now supported for upgrade from WatchGuard Cloud too. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from <a href="https://software.watchguard.com/SoftwareHome">the WatchGuard Software Download Center</a>. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Mon, 03 Jan 2022 09:31:08 -0800 Brendan Patterson 60506 at https://www.watchguard.com Five Cybersecurity New Year’s Resolutions You Can Achieve Today! https://www.watchguard.com/wgrd-blog/five-cybersecurity-new-years-resolutions-you-can-achieve-today <p>The beginning of a new year marks a time of reflection and planning, and for making New Year’s Resolutions. Unfortunately, many resolutions are quickly forgotten once post-holiday life gets busy. At WatchGuard, we’d like to help you make <em>and keep</em> five important cybersecurity resolutions that you can complete <strong>today</strong>, and let you focus on the rest of your resolutions. Doesn’t it feel great to cross some resolutions off your list right away!</p> <h2>Five cybersecurity resolutions you can cross off your list today!</h2> <ol><li><strong>Close firewall management interfaces to the internet. </strong>It is very common to want to manage your Firebox remotely, and you can do this securely. However, exposing your Firebox management interfaces to the internet is not an industry best practice, and is not recommended by WatchGuard either. <a href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000XeAtSAK&amp;lang=en_US">Use this Knowledge Base article for three recommendations for enabling secure remote management</a>.</li> <li><strong>Update to the latest version of Fireware. </strong>Start the new year right, with the latest version of Fireware (12.7.2, or the latest of whichever branch your Firebox uses) to ensure your WatchGuard deployment is leveraging the best power, speed, reliability, and security available today. Release notes can be found <a href="https://www.watchguard.com/wgrd-help/documentation/release-notes/fireware">here.</a></li> <li><strong>Change your passwords (now and regularly). </strong>Another easy-to-implement industry best practice is to change your passwords regularly. On <a href="https://www.secplicity.org/">Secplicity.org</a>, we all too frequently cover breaking news regarding data breaches involving stolen credentials, and how those stolen credentials are utilized by adversaries. Using strong credentials, and changing them often, helps prevent lost or stolen credentials from being useful to the bad guys. You should equally follow this advice on your hardware appliances, for example regularly changing your Firebox credentials.   </li> <li><strong>Implement Multi-factor Authentication (MFA).</strong> Using strong passwords, and changing them regularly, is a vital step, but you should also consider adding <a href="https://www.watchguard.com/wgrd-products/authpoint-multi-factor-authentication">MFA</a>, too! Implementing MFA to verify identities renders lost or stolen user credentials worthless to adversaries.</li> <li><strong>Read our 2022 Predictions!</strong> In this year’s Cybersecurity Predictions, the WatchGuard Threat Lab suits up at the news desk to update you on the top security-related headlines that we could see in 2022. Watch to learn how hackers might target space, what will happen with cyber insurance, Zero Trust, and more! You can find them <a href="https://www.watchguard.com/wgrd-resource-center/cyber-security-predictions">here</a>.</li> </ol> Tue, 21 Dec 2021 09:00:00 -0800 Corey Nachreiner 59246 at https://www.watchguard.com LTE Module Now Available for WatchGuard Firebox T80 https://www.watchguard.com/wgrd-blog/lte-module-now-available-watchguard-firebox-t80 <p>With a growing demand for connectivity to Cloud-based applications and services, the need for multiple connection options is higher than ever. Network environments are getting more diverse with a vast array of options to choose from. WatchGuard’s expandable network modules offer room to grow for the future. If the need for more network ports into the Firebox grows, you don’t have to do a costly rip-and-replace. Network administrators can simply add a new module to the existing appliance to increase port density.</p> <p>WatchGuard continues to expand connection options for our Firebox appliances. With the addition of the T80 LTE Module from WatchGuard, customers can leverage the integrated LTE connections to be sure they can stay connected to the applications and services they need to run their businesses.</p> <p><strong>Key Features:</strong></p> <ul><li>Easily integrate LTE connectivity without adding a new appliance</li> <li>Adds additional Internet option for failover</li> <li>Minimizes risk of Internet outages</li> <li>Works with a variety of cell vendors</li> <li>Simplified management to a single gateway appliance</li> </ul><p>Visit the <strong><a href="/wgrd-products/tabletop/firebox-t80">Firebox T80 page</a></strong> or <strong><a href="/wgrd-resource-center/docs/firebox-t80">Download the datasheet</a></strong> to learn more.</p> <h2>Contact</h2> <p>For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance serial number or Partner ID available.</p> Thu, 12 Aug 2021 08:53:22 -0700 Stephen Helm 53691 at https://www.watchguard.com Fireware and WatchGuard Cloud Release Updates https://www.watchguard.com/wgrd-blog/fireware-and-watchguard-cloud-release-updates <p>WatchGuard has released Fireware 12.7.1 and Fireware 12.5.8. The new releases include some enhancements, important security updates, and also support some new updates to the Firebox management capabilities in WatchGuard Cloud.</p> <h2>Key Enhancements:</h2> <p><strong>FireCluster System Actions</strong>. FireCluster is the high availability solution for WatchGuard Fireboxes and allows clustering of multiple appliances to improve network performance and scalability. Along with the new Fireware releases, you can now <strong>upgrade</strong>, <strong>reboot</strong>, and <strong>fail over </strong>your locally-managed FireCluster.</p> <div class="align-center"> <div class="field field--name-field-media-image field--type-image field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/blog_large/public/2021-08/FireCluster%20System%20v1.png?itok=294b2PxT" width="500" height="183" alt="FireCluster System" typeof="foaf:Image" class="image-style-blog-large" /></div> </div> <p> </p> <p><strong>Cloud Management for Virtual Fireboxes.</strong> WatchGuard Cloud enables you to simply set up your devices, and to configure security and manage networking across multiple Fireboxes with templates. You can now manage the configuration of FireboxV and Firebox Cloud in WatchGuard Cloud with Fireware v12.7.1.</p> <div class="align-center"> <div class="field field--name-field-media-image field--type-image field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/blog_large/public/2021-08/FireboxV%20WGC%20v1.png?itok=GclbtqkO" width="354" height="293" alt="WGC Firebox V and Firebox Cloud" typeof="foaf:Image" class="image-style-blog-large" /></div> </div> <p><strong>Support for Azure Active Directory for Fireware integration with Authpoint.</strong> The AuthPoint authentication server on the Firebox now supports Azure Active Directory users for Mobile VPN with SSL, Mobile VPN with IKEv2, and the Firebox Authentication Portal.</p> <p><strong>Does this release affect me?</strong></p> <p>Fireware 12.7.1 is available for:</p> <ul><li>T Series: T20, T40, T55, T70, T80</li> <li>M Series: M270, M370, M400, M440, M470, M500, M570, M670, M4600, M4800, M5600, M5800</li> <li>FireboxV and Firebox Cloud</li> </ul><p><a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7_1/index.html">Release Notes</a> and <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-7-1.pptx">What’s New</a> Presentation (and webinar!) provide more details.  </p> <p>Fireware 12.5.8 is available for:</p> <ul><li>T Series: Firebox T10, T15, T30, T35, and T50</li> <li>M Series: Firebox M200, and M300</li> </ul><p><a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_8/index.html">Release Notes</a> provide more details. </p> <p>WatchGuard has also ported all applicable security updates to any XTM appliance that is still supported. Customers are recommended to continue to upgrade these old platforms to latest firmware where those appliances are still in use.</p> <p>Fireware 12.1.3 Update 6 is available for:</p> <ul><li>XTM Series: XTM 800, 1500, 2500, and XTMv</li> </ul><p><a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_1_3_U6/index.html">Release Notes</a> provide more detail.</p> <p>WSM v12.7.1 is available to manage all supported Firebox and XTM models.</p> <p><strong>How to upgrade</strong><br /> Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the <a href="https://software.watchguard.com/SoftwareHome">WatchGuard Software Download Center.</a></p> <p><strong>Keep Up with What’s New in WatchGuard Cloud</strong><br /> WatchGuard regularly updates and improves on the WatchGuard Cloud platform. To learn more about the developments to WatchGuard Cloud, please refer to the <a href="https://www.watchguard.com/help/docs/WG_Cloud/en-US/whats-new_WG_Cloud.pptx">“What’s New In WatchGuard Cloud” presentation</a>, and <a href="https://www.watchguard.com/support/release-notes/WatchGuard_Cloud/en-US/index.html">most recent Release Notes.</a></p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Tue, 10 Aug 2021 09:00:00 -0700 Stephen Helm 53621 at https://www.watchguard.com UPDATE: Legacy TDR UI no longer available as of 19 July 2021 https://www.watchguard.com/wgrd-blog/update-legacy-tdr-ui-no-longer-available-19-july-2021 <p>Greetings!</p> <p>We would like to provide an update on the Legacy TDR UI. We will be discontinuing the Legacy TDR UI on 19 July 2021. After this date, all existing direct links to the Legacy TDR UI will be removed from the watchguard.com portal and existing bookmarks directly referencing your regional TDR will be redirected to WatchGuard Cloud. </p> <p>This change requires everyone to begin using the TDR UI that is integrated in WatchGuard Cloud. Before you can manage accounts and licenses for TDR, you are required to perform a one-time migration procedure. During this migration, you will manually link an existing WatchGuard Cloud Tier-2 account to an existing TDR managed child account. When you first browse to the Migrate TDR page in WatchGuard Cloud, you are presented with a wizard explaining the migration process, step-by-step. While we suggest using the wizard to complete your migration, you can also follow the steps in this <a href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000bq1bSAA&amp;lang=en_US">knowledgebase article</a>. Please perform this migration as soon as possible to avoid being unable to manage your TDR Accounts.  </p> <p>Thank you, </p> <p>The WatchGuard Product Team </p> Mon, 28 Jun 2021 05:49:05 -0700 Ricardo Arroyo 52761 at https://www.watchguard.com Organize and Secure Accounts with Account Groups in WatchGuard Cloud https://www.watchguard.com/wgrd-blog/organize-and-secure-accounts-account-groups-watchguard-cloud <p><strong>Account Groups are now available in WatchGuard Cloud</strong></p> <p>WatchGuard Cloud’s newest platform feature, Account Groups, enables service providers to create groups with their existing managed accounts. Account groups can be used to assign operator permissions. On the Account Groups page, Account Groups are represented by folders you can add, delete, and move to organize your accounts. By default, a service provider’s My Account cannot be sorted into an account group and is only visible to operators with permissions to all accounts. Account groups created in WatchGuard Cloud are also available in Service Provider Endpoint Manager where you can quickly apply endpoint policies to groups of accounts.</p> <div class="align-center"> <div class="field field--name-field-media-image field--type-image field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/blog_large/public/2021-06/Account%20Groups%20Image%20Smaller%20v1.png?itok=aI4M6u7V" width="571" height="293" alt="Account Groups Image Smaller " typeof="foaf:Image" class="image-style-blog-large" /></div> </div> <p> </p> <p><strong>Benefits of Account Groups</strong></p> <ul><li>Quickly organize accounts into folders based on customer characteristics that make sense for your business</li> <li>Apply different endpoint policies to Account Groups based on the customer’s security needs</li> <li>Restrict Helpdesk and Auditor operators to see only the accounts you choose (for example: restrict Helpdesk and Auditor operators from seeing activity on your My Account)</li> </ul><p>Service providers with an Owner role can now restrict access for operators with Helpdesk and Auditor roles to specific groups of managed accounts. This allows service providers to easily keep their managed accounts organized, while also restricting their operators to only the necessary accounts.</p> <div class="align-center"> <div class="field field--name-field-media-image field--type-image field--label-hidden field__item"> <img loading="lazy" src="/sites/default/files/styles/blog_large/public/2021-06/operators.png?itok=bFFsEYat" width="527" height="293" alt="Account Operators" typeof="foaf:Image" class="image-style-blog-large" /></div> </div> <p> </p> <p>To get started with <strong>Account Groups</strong>, navigate to <strong><em>Administration &gt; Account Groups</em></strong> in WatchGuard Cloud.</p> <p><strong>Keep Up with What’s New in WatchGuard Cloud</strong></p> <p>WatchGuard regularly updates and improves on the WatchGuard Cloud platform. To learn more about the developments to WatchGuard Cloud, please refer to the <a href="https://www.watchguard.com/help/docs/WG_Cloud/en-US/whats-new_WG_Cloud.pptx">“What’s New In WatchGuard Cloud” presentation</a>, and <a href="https://www.watchguard.com/support/release-notes/WatchGuard_Cloud/en-US/index.html">most recent Release Notes.</a></p> Tue, 08 Jun 2021 12:52:08 -0700 Stephen Helm 52411 at https://www.watchguard.com New Fireware update releases https://www.watchguard.com/wgrd-blog/new-fireware-update-releases <p><strong>Key points:</strong><br /> WatchGuard has posted new maintenance updates for Fireware 12.7 and earlier branches, 12.5.7 and 12.1.3. The new releases address some issues that have been fixed since the original 12.7 release. See details  in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7/index.html">Release Notes</a>. WatchGuard is moving away from providing customer specific (CSP) builds, and we prefer to issue generally available Update releases that are provided to all for download.</p> <p>These releases also include fixes to resolve internally detected security issues. These issues were found by our engineers, and not actively found in the wild. For the sake of not guiding potential threat actors toward finding and exploiting these internally discovered issues, we are not sharing technical details about these flaws. </p> <p><strong>Does this release affect me?</strong><br /> Fireware 12.7 Update 1 is available for: </p> <ul><li>T Series: T20, T40, T55, T70, and T80</li> <li>M Series: M270, M370, M400, M440, M470, M500, M570, M670, M4600, M5600, M4800, and M5800</li> <li>FireboxV and Firebox Cloud</li> </ul><p>WatchGuard has also released Fireware 12.5.7 Update 3 for:</p> <ul><li>Firebox T10, T15, T30, T35, T50, M200, M300. (<a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_7/index.html">Release Notes</a>)</li> </ul><p>And there is also Fireware 12.1.3 Update 5 for: </p> <ul><li>XTMv, XTM 25, 26, 33, 1520, 1525, 2520 (<a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_1_3_U5/index.html">Release Notes</a>)</li> </ul><p><strong>How to upgrade</strong><br /> Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from <a href="https://software.watchguard.com/SoftwareHome">the WatchGuard Software Download Center</a>. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Wed, 12 May 2021 01:06:22 -0700 Brendan Patterson 50941 at https://www.watchguard.com Fireware and Authpoint: The power couple. https://www.watchguard.com/wgrd-blog/fireware-and-authpoint-power-couple <p><strong>Fireware 12.7</strong> is now generally available, with a new simple integration between Authpoint and the Firebox. This new integration of two key products in the WatchGuard portfolio makes it easier to set up strong multi-factor authentication for VPNs through the Firebox. Security and convenience make this bundle a powerful tool for zero-trust implementations.</p> <p><strong>Direct Integration with Authpoint</strong><br /> We can’t trust passwords. They can be shared. Written down. Captured. Guessed. Cracked. Stolen. 80% of breaches involve lost or stolen credentials. Systems should be secured with strong authentication that requires more than one factor. The Firebox has been able to use Authpoint for MFA previously but the new direct integration with WatchGuard Cloud in Fireware 12.7 makes it simpler to setup and configure, since a Radius server is no longer required.</p> <p>Find out more about the release in the <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-7.pptx">What’s New</a> presentation and the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_7/index.html">Release Notes</a>.</p> <p><strong>Other key points: </strong><br /> Fireware 12.7 includes other notable new features:</p> <ul><li>Automatic updates of HTTPS exceptions. WatchGuard can add new entries to the general exception list without requiring firmware updates.</li> <li>802.1p marking for VLAN interfaces, which is often required by ISPs to set up Quality of Service on internet connections.</li> <li>APT Blocker HTTP proxy server settings: Allows use of APT Blocker in environments where HTTP traffic is going through a general proxy server</li> <li>APT Blocker control over pdf files: Enables admins to have more granular control of file types sent to cloud. </li> <li>DHCP lease counts - Provides more information so that the admin can understand the current network status.</li> </ul><p><strong>Does this release affect me? </strong><br /> Fireware 12.7 is available for: </p> <ul><li>T Series: T20, T40, T55, T70, and T80</li> <li>M Series: M270, M370, M400, M440, M470, M500, M570, M670, M4600, M5600, M4800, and M5800</li> <li>FireboxV and Firebox Cloud</li> </ul><p>WatchGuard has also released Fireware 12.5.7 Update 2 for:</p> <ul><li>Firebox T10, T15, T30, T35, T50, T55, T70, M200, M300.</li> </ul><p>Update 2 includes a new SSL version to address vulnerabilities, CVE-2021-3449 and CVE-2021-3450, that is also included in v12.7. <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_7/index.html">Release Notes</a> have full detail. </p> <p><strong>How to upgrade</strong><br /> Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. Individual systems can be upgraded directly from within the WebUI. Admins may also download the applicable packages from <a href="https://software.watchguard.com/SoftwareHome">the WatchGuard Software Download Center</a>. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Tue, 27 Apr 2021 12:33:41 -0700 Brendan Patterson 50201 at https://www.watchguard.com New Fireware releases available https://www.watchguard.com/wgrd-blog/new-fireware-releases-available <p>WatchGuard has posted new maintenance releases in the Software Download Center. These updates introduce several key bug fixes, as well as ongoing improvements to support Firebox configuration from WatchGuard Cloud. Release Notes provide details of all the resolved issues (link in version name below). </p> <p><strong>Fireware <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_7/index.html">12.5.7 Update 1</a> is available for: </strong></p> <ul><li>T Series: T10, T15, T30, T35, T50, T55, and T70</li> <li>M Series: M200 and M300</li> </ul><p>These appliances (except T55 and T70) will not be capable of running v12.7 and subsequent new feature releases. For more information, see this <a href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000bpK3SAI&amp;lang=en_US">Knowledge Base article</a>.</p> <p><strong>Fireware <a href="//www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_6_4/index.html">12.6.4 Update 1</a> is available for: </strong></p> <ul><li>T Series: T20, T40, T80</li> <li>M Series: M270, M370, M400, M440, M470, M500, M570, M670, M4600, and M5600</li> <li>FireboxV and Firebox Cloud</li> </ul><p>Note that Fireware v12.7 is currently in Beta and expected to release later in April. It includes a similar set of bug fixes along with many new features, including a simple integration between Authpoint and Fireware. Find out more, and sign up to participate in the <a href="https://www.watchguard.com/wgrd-support/beta-program">Beta here</a>. </p> <p>Use WSM v12.6.4 to manage Fireboxes that run Fireware v12.5.7 or v12.6.4. </p> <p><strong>How to upgrade</strong><br /> Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. Individual systems can be upgraded directly from within the WebUI. Admins may also download the applicable packages from <a href="https://software.watchguard.com/SoftwareHome">the WatchGuard Software Download Center</a>. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Wed, 07 Apr 2021 15:21:04 -0700 Brendan Patterson 49796 at https://www.watchguard.com Legacy TDR UI no longer available as of 1 July 2021 https://www.watchguard.com/wgrd-blog/legacy-tdr-ui-no-longer-available-1-july-2021 <p>Greetings WatchGuard Partners and customers!  </p> <p>Earlier this year, I <a href="https://www.watchguard.com/wgrd-blog/tdr-600-now-integrated-watchguard-cloud">shared</a> the exciting news that TDR is now integrated with WatchGuard Cloud. Partners and customers migrated their existing accounts to WatchGuard Cloud with very positive reviews. </p> <p>Now I want to inform you that WatchGuard will retire the legacy TDR UI on 1 July 2021. All TDR management going forward must be performed in WatchGuard Cloud.  </p> <p>Before you can manage accounts and licenses for TDR in WatchGuard Cloud, you must perform a one-time migration procedure. During this migration, you will manually link an existing WatchGuard Cloud Tier-2 account to an existing TDR managed child account. When you first navigate to the Migrate TDR page, you are presented with a wizard explaining the migration process, step-by-step. You can also follow the steps in this <a href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000bq1bSAA&amp;lang=en_US">knowledge base article</a> to complete the migration.  </p> <p>Remember, after 1 July 2021 you will no longer be able to use the legacy TDR UI to manage TDR accounts and licenses. The sooner you perform the required migration, the faster you can learn about TDR in WatchGuard Cloud. </p> <p>Thank you, </p> <p>The WatchGuard Product Team </p> Thu, 01 Apr 2021 10:35:42 -0700 Ricardo Arroyo 49676 at https://www.watchguard.com DNSWatchGo for Chromebooks Beta https://www.watchguard.com/wgrd-blog/dnswatchgo-chromebooks-beta <p lang="EN-GB" xml:lang="EN-GB" xml:lang="EN-GB">Greetings WatchGuard Beta community! We are proud to announce the open Beta for the DNSWatchGO Chrome extension for Chromebooks. With the DNSWatchGO Chrome extension, you can extend the protection of DNSWatch to provide consistent policy enforcement and security protection when your users leave the safety of your network. Similar to the DNSWatchGO Client on Windows devices, the DNSWatchGO Chrome extension provides DNS-level protection for users with Chrome. When the Chrome browser opens a site, the Chrome extension queries the DNSWatch servers to check if the site is malicious. </p> <p lang="EN-GB" xml:lang="EN-GB" xml:lang="EN-GB">To participate in this beta test, you must have: </p> <ul><li> <p lang="EN-GB" xml:lang="EN-GB" xml:lang="EN-GB">A DNSWatchGO license (or trial license) </p> </li> <li> <p lang="EN-GB" xml:lang="EN-GB" xml:lang="EN-GB">A Google Workspace (formerly known as G Suite) administrative account. This gives you access to the Google Admin Console where you manage Google services for people in an organization, school, or group.  </p> </li> </ul><p lang="EN-GB" xml:lang="EN-GB" xml:lang="EN-GB">At a high level, to get started: </p> <ol><li> <p lang="EN-GB" xml:lang="EN-GB" xml:lang="EN-GB">Download the DNSWatchGO Chrome extension file from the DNSWatch web UI. </p> </li> <li> <p lang="EN-GB" xml:lang="EN-GB" xml:lang="EN-GB">From the Google Admin Console, configure and deploy the DNSWatchGO Chrome extension. </p> </li> </ol><p lang="EN-GB" xml:lang="EN-GB" xml:lang="EN-GB">To participate in the Beta just click <a href="https://watchguard.centercode.com/key/DNSWatchChromeOSExtensionBeta">here</a> to visit the Beta Site for further instructions.  </p> <p lang="EN-GB" xml:lang="EN-GB" xml:lang="EN-GB">Again, we appreciate your help in beta testing this new feature. Thanks for your help in making our products better! </p> <p lang="EN-GB" xml:lang="EN-GB" xml:lang="EN-GB">The WatchGuard Beta Team   </p> Thu, 25 Mar 2021 12:21:02 -0700 Ricardo Arroyo 49486 at https://www.watchguard.com Migration action for TDR Integration into WatchGuard Cloud https://www.watchguard.com/wgrd-blog/migration-action-tdr-integration-watchguard-cloud <p>Greetings, WatchGuard Partners!</p> <p>We would like to inform you that before you can manage accounts and licenses for Threat Detection and Response (TDR), you are required to perform a one-time migration procedure. During this migration, you manually link an existing WatchGuard Cloud Tier-2 account to an existing TDR Managed child account. During these first few weeks of releasing TDR 6.0.0, we have had reports of usability issues in the migration process, which we have greatly improved with the 6.0.1 and 6.0.2 releases that are now available. When you first browse to the Migrate TDR page, you are presented with a wizard which will guide you through the migration process. While we suggest leveraging the wizard to complete the migration, you can also follow the steps in <a href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000bq1bSAA&amp;lang=en_US">this article</a> to consolidate your accounts. We highly recommend completing this migration as soon as possible in order to take advantage of all of the improvements planned to both WatchGuard Cloud and ThreatSync throughout 2021!</p> <p>Thank you,</p> <p>WatchGuard Product Team</p> Mon, 22 Feb 2021 06:13:11 -0800 Ricardo Arroyo 49161 at https://www.watchguard.com Introducing WatchGuard Firebox Policy Management in WatchGuard Cloud https://www.watchguard.com/wgrd-blog/introducing-watchguard-firebox-policy-management-watchguard-cloud <p>We are excited to announce the release of Firebox Policy Management in WatchGuard Cloud. Our goal with WatchGuard Cloud has always been to build a powerful, cloud-hosted security platform that directly supports the way MSPs do business, and our latest release takes WatchGuard Firebox management to a new level. Now WatchGuard Cloud consolidates the management of network security, multi-factor authentication, and threat intelligence to an easy-to-learn Cloud platform.</p> <p>Designed for operational efficiency, policy creation and VPN deployment are a breeze with WatchGuard Cloud. Create policy templates for easy and repeatable deployment across many clients. Policies can even be built offline and scheduled for deployment when the time is right, so you can make changes and build policy in advance before spending costly time at customer sites.</p> <p><strong>10 Things to Love About Firebox Management in WatchGuard Cloud:</strong></p> <ol><li><strong>Increased efficiency and compliance</strong> mean you can get your Firebox up and running in minutes</li> <li><strong>Policy templates </strong>that can apply configurations to multiple appliances across multiple tiers and tenants</li> <li><strong>Streamlined configuration </strong>and deployment of security policy</li> <li><strong>Offline configuration, </strong>and the ability to schedule deployment in advance</li> <li><strong>Policy Map and Policy Usage Reports </strong>can be used for automated audits, to find active and misconfigured policies, and to free up teams</li> <li><strong>Role-based access control </strong>to ensure that only appropriate IT admins have access to Firebox rules</li> <li><strong>Less stressful and more rewarding policy management, </strong>cutting time in day- to-day operations</li> <li><strong>Easily define networks </strong>for VoIP systems or other IOT devices with intent-based network set-up</li> <li><strong>Consolidated traffic types </strong>when firewall rules cut down on the number of rules to manage</li> <li><strong>Firmware upgrades made easy </strong>from the WatchGuard Cloud platform when downloaded on schedule around the world from a Content Delivery Network (CDN)</li> </ol><p><strong>Test Drive WatchGuard Cloud for yourself!</strong><br /><a href="https://www.watchguard.com/wgrd-products/watchguard-cloud-demo">Try our FREE online demo</a> and see how easy it is to manage and report on AuthPoint, Threat Detection and Response, and WatchGuard Firebox.</p> <h2>Keep Up with What’s New in WatchGuard Cloud</h2> <p>WatchGuard regularly updates and improves on the WatchGuard Cloud platform. To learn more about the developments to WatchGuard Cloud, please refer to the <a href="https://www.watchguard.com/help/docs/WG_Cloud/en-US/whats-new_WG_Cloud.pptx">“What’s New In WatchGuard Cloud” presentation</a>, and <a href="https://www.watchguard.com/support/release-notes/WatchGuard_Cloud/en-US/index.html">most recent Release Notes.</a></p> <h2>Contact</h2> <p>For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Thu, 11 Feb 2021 10:20:38 -0800 Stephen Helm 49001 at https://www.watchguard.com End of Life of old versions of spamBlocker engine https://www.watchguard.com/wgrd-blog/end-life-cyren-spamblocker <p><strong>Important spamBlocker Update</strong><br /> In June 2020, WatchGuard released a new version of Fireware that provided an <a href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000bpSHSAY">updated spamBlocker engine</a> which uses Cloudmark technology to replace the old Cyren engine. Response has been very positive and many customers and partners report significantly improved detection rates and fewer false positives after they upgraded to Fireware v12.5.4 or higher. We are now announcing that the old Cyren engine will be retired later this year. </p> <p><strong>Does this notice apply to me? </strong><br /> This notice only applies to customers that use spamBlocker. If you do not use the spamBlocker service, you do not need to read further.</p> <p>Affected models: Firebox T10, T15, T30, T35, T50, T55, T70, M200, M270, M300, M370, M400, M440, M470, M500, M570, M670, M4600, M5600, FireboxV, and Firebox Cloud. All XTM models will reach end of life before WatchGuard retires the old spamBlocker engine. </p> <p><strong>Key Detail</strong><br /> All spamBlocker users should update to current firmware to take advantage of the improvements. By <strong>31 July 2021</strong>, WatchGuard will retire the old spamBlocker detection. To continue to get spam detection with spamBlocker, customers must upgrade to Fireware v12.5.4 or higher.  If you are a spamBlocker customer and do not upgrade to Fireware v12.5.4 or higher, you will still receive all emails if the "<strong>When spamBlocker service is unavailable"</strong> setting is set to <strong>Allow</strong> in your spamBlocker configuration. However, the emails will no longer get scored for spam.</p> <p>More details about what to expect on upgrade are available in this <a href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000bpSHSAY">Knowledge Base article</a>. </p> <p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can download updated Fireware releases without additional charge from <a href="https://watchguardsupport.secure.force.com/software/">the WatchGuard Software Download Center</a>, from Fireware Web UI, and now in WatchGuard Cloud.</p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Wed, 03 Feb 2021 09:55:13 -0800 Brendan Patterson 48891 at https://www.watchguard.com TDR 6.0.0 is now integrated into WatchGuard Cloud https://www.watchguard.com/wgrd-blog/tdr-600-now-integrated-watchguard-cloud <p>We have listened to you and unification has arrived! The Threat Detection and Response (TDR) UI is now integrated into WatchGuard Cloud with the release of TDR 6.0.0. We have moved and mapped all Operator, Account, and License management into WatchGuard Cloud, while providing the familiar TDR UI directly in WatchGuard Cloud. Here are some features to look for:</p> <ul><li>Account Management - TDR will now use the accounts you create and manage from WatchGuard Cloud. You will no longer have to maintain two different account trees between WatchGuard Cloud and TDR.</li> <li>Inventory Management – You can assign TDR licenses from your Service Provider account into a child Subscriber account in the same UI you use to assign AuthPoint licenses and perform all other Inventory management in WatchGuard Cloud.</li> <li>Tier-2+ Operators - With the WatchGuard Cloud integration, you will now have the ability to create operators for tier-2 accounts with access to TDR.</li> <li>Account Delegation - With the WatchGuard Cloud integration, you can now delegate accounts that have TDR licenses to another Service Provider.</li> <li>Tier-3 TDR accounts - Because Tier-2 Service Providers are allowed to allocate inventory to their Tier-3 accounts, they will be able to allocate Host Sensors to Tier-3 accounts. TDR will be fully accessible in that Tier-3 account.</li> <li>Legacy TDR UI - You will still be able to use the legacy TDR UI for all Tier-1 accounts and all Tier-2 accounts that were originally created in TDR.</li> <li>TDR Host Status and Indicator Subscriber Tiles - The Host Status and Indicator tiles are the first dashboard tiles available in WatchGuard Cloud . These are the first of more tiles to come.</li> </ul><p>As exciting as this is, there are a few things all TDR users should be aware of:</p> <ul><li>All top-level Customers (Tier-1 Subscribers) can start using the integrated TDR UI Immediately.</li> <li>All top-level Partners (Tier-1 Service Providers) will have to perform a one-time migration and mapping procedure. You will manually link an existing WatchGuard Cloud Tier-2 account to an existing Tier-2 TDR account. While this is not required immediately, as you can still use the Legacy UI to manage existing accounts, it is required to access a Tier-2 TDR account in WatchGuard Cloud. For more information, see <a href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000bq1bSAA&amp;lang=en_US">this KB article</a>.</li> <li>New TDR license allocations created after creating a new Tier-2+ account in WatchGuard Cloud will not be available in the legacy TDR UI.</li> </ul><p>This is the first of many product integrations to come. We continue to work towards a vision where WatchGuard Cloud is a single pane of glass for management of all WatchGuard products.</p> <h3>Contact</h3> <p>If you experience any issues with the integration or mapping and migration process, please contact WatchGuard Support. For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered Firebox appliance Serial Number or Partner ID available.</p> <p> </p> <p> </p> <p> </p> Mon, 04 Jan 2021 06:27:14 -0800 Ricardo Arroyo 48421 at https://www.watchguard.com Now Available: Firebox M4800 & M5800 https://www.watchguard.com/wgrd-blog/now-available-firebox-m4800-m5800 <p>We are excited to announce the availability of two new Firebox M Series appliances—M4800 and M5800, delivering top-of-the-line performance and serious security in a flexible, modular platform. With firewall throughput of up to 87 Gbps and UTM throughput up to 11.3 Gbps, the Firebox® M4800 and M5800 are our fastest Firebox appliances ever. This level of performance paired with powerful security, flexible high-port density, and affordability makes these the ideal solutions for distributed, hub-and-spoke type deployment scenarios.</p> <h2>Key Features:</h2> <ul><li><strong>Throughput:</strong> With firewall throughput of up to 87 Gbps and UTM throughput up to 11.3 Gbps, the Firebox® M4800 and M5800 are our fastest Firebox appliances ever.</li> <li><strong>Optional Interface Modules:</strong> Customize your port configuration to meet current needs, knowing you have the flexibility to adapt as the network evolves. This is how to future-proof your network and eliminate costly rip-and-replace scenarios.</li> <li><strong>A Clouds-Eye View of Your Network: </strong>WatchGuard Cloud Visibility provides full visibility into your network so that you can make timely, informed, and effective decisions about your network security anywhere, anytime.</li> <li><strong>Secure Remote Access Made Easy: </strong>Access Portal is a clientless VPN solution that comes standard with every M4800/M5800 and provides secure remote access to remote users.  And, since the new appliances have twice as much memory, you can support even more remote RDP and SSH sessions.</li> <li><strong>Automation Core: </strong>WatchGuard Firebox M Series appliances are designed with automation to the core, allowing your IT team to do more with less. Deploy from the Cloud, update signatures, detect and kill malware, all without lifting a finger.</li> </ul><h2><strong>Visit the <a href="/wgrd-products/rack-mount/firebox-m4800-m5800">Firebox M4800 &amp; M5800 page to learn more</a>.</strong> <h2>Contact</h2> </h2><p>For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Tue, 17 Nov 2020 09:59:44 -0800 Stephen Helm 47956 at https://www.watchguard.com TDR Outage in Preparation for WatchGuard Cloud Integration https://www.watchguard.com/wgrd-blog/tdr-outage-preparation-watchguard-cloud-integration <p><strong>BLUF</strong>: TDR Outage – 30 minutes<br /> EU – 30 November 2020 at 5PM PST<br /> NA – 1 December 2020 at 11PM PST   </p> <p>We have listened to your feedback and we are excited to announce that with the release of TDR 6.0.0, WatchGuard will deploy a TDR UI integrated into WatchGuard Cloud. To prepare for this, WatchGuard must deploy new TDR infrastructure before the TDR 6.0.0 release that is scheduled for late December or early January.</p> <p>During the outage, all Host Sensors will show as disconnected from ThreatSync and the TDR UI will be unavailable. Host Ransomware Prevention and its built-in ransomware hash list will continue to function. I hope you are all as excited about the new WatchGuard Cloud integration as we are.</p> <p>Thank you all for your loyalty and understanding as we march towards the future.</p> <p>TDR Product Team</p> Tue, 10 Nov 2020 11:41:47 -0800 Ricardo Arroyo 47911 at https://www.watchguard.com New Fireware releases https://www.watchguard.com/wgrd-blog/new-fireware-releases <p>WatchGuard published several Fireware releases over the last few weeks. Fireware 12.6.2 Update 3 is now available in the Software Downloads Center. This is an update release to v12.6.2, and includes both bug fixes and updates to some key components. This is the first v12.6.x release for the Firebox M series and it is maintenance update for the new Firebox T series (T20, T40, T80) appliances. The <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_6_2/index.html">Release Notes</a> include a comprehensive list of resolved issues and enhancements, and the <a href="https://www.watchguard.com/wgrd-help/documentation/xtm">What's New</a> presentation provides a detailed description of new enhancements. </p> <p><strong>Key elements of this release:</strong></p> <ul type="disc"><li><strong>KVM Hypervisor support: </strong>Support for the open source Linux hypervisor that provides an alternative to VMware and Hyper-V for FireboxV</li> <li><strong>Kernel update:</strong> Update to the base Linux kernel used in the Fireware operating system. This kernel update was previously released for new tabletop appliances (T20//T40/T80) with 12.6.1.  </li> <li><strong>IPS engine maintenance update:</strong> New version of our IPS engine to provide improved performance for both IPS and Application Control</li> <li><strong>CSfC compliance updates:</strong> Security enhancements to prepare for upcoming Commercial Solutions for Compliance (CSfC) US federal certification</li> </ul><p><strong>Which releases apply to me?</strong></p> <p>The new Fireware v12.6.2 release applies to Firebox T20, T40, T80 and is the first v12.6.x release for Firebox M Series (except M200 and M300), FireboxV, and Firebox Cloud appliances.</p> <p>The release is not available for older Firebox models. Firebox T10, T15, T30, T35, T50, T55, T70, M200, M300. Fireware v12.5.5 Update 1 was released to provide an equivalent set of bug fixes, as documented in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_5/index.html">Release Notes</a>. These platforms do not yet include an update to the kernel. More details in this <a href="https://techsearch.watchguard.com/KB?type=Article&amp;SFDCID=kA10H000000bpK3SAI&amp;lang=en_US">Knowledge Base article</a>.</p> <p>Fireware v12.1.3 Update 4 was also recently released for all XTM platforms.</p> <p>The WSM v12.6.2 Update 2 release can manage all of the above Fireware versions and Firebox models.</p> <p><strong>Software Download Center</strong></p> <p>Firebox appliance owners with active support subscriptions can download updated Fireware releases without additional charge from <a href="https://watchguardsupport.secure.force.com/software/">the WatchGuard Software Download Center</a>, from Fireware Web UI, and now in WatchGuard Cloud.</p> <p><strong>Contact</strong></p> <p>For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> <p> </p> Thu, 29 Oct 2020 18:11:39 -0700 Brendan Patterson 47001 at https://www.watchguard.com WatchGuard Cloud Introduces Enhancements for Managed Service Providers https://www.watchguard.com/wgrd-blog/watchguard-cloud-introduces-enhancements-managed-service-providers <p>WatchGuard Cloud now features enhanced account management capabilities specifically designed to make the job of managing subscriber accounts and devices easier for managed service providers (MSPs).</p> <p>The updated Service Provider interface allows MSPs to view and manage all of their Subscriber and Service Provider accounts from one page. This new interface saves time for Service Providers as they no longer have to pivot into the subscriber view of their managed accounts to make changes.</p> <p>WatchGuard's new Service Provider interface is now aligned with the Subscriber interface and includes a new <strong>Account Manager</strong> and <strong>Top Navigation</strong> Pane.</p> <p><strong>Account Manager</strong> is located in the <strong>left pane</strong> of the <strong>WatchGuard Cloud window, </strong>and includes a list of all of an MSP’s managed accounts<strong>. </strong>A search function in Account Manager allows MSPs with high numbers of subscribers to quickly find particular accounts.</p> <p>With <strong>Account Manager</strong> you can:</p> <ul><li>View/Add accounts</li> <li>View/Add devices and folders</li> </ul><p>In addition to the Account Manager, the new Service Provider interface also includes an updated <strong>Top</strong> <strong>Navigation</strong>. The Top Navigation allows you to navigate between Monitor, Configure, Inventory and Administration, all while staying in the context of a selected account.</p> <p class="text-center"><img src="/sites/default/files/cloud-blog-screen-800.png" alt="WatchGuard Cloud screenshot" /></p> <h2>Keep Up with What’s New in WatchGuard Cloud</h2> <p>WatchGuard regularly updates and improves on the WatchGuard Cloud platform. To learn more about the developments to WatchGuard Cloud, please refer to the <a href="https://www.watchguard.com/help/docs/WG_Cloud/en-US/whats-new_WG_Cloud.pptx">“What’s New In WatchGuard Cloud” presentation</a>, and <a href="https://www.watchguard.com/support/release-notes/WatchGuard_Cloud/en-US/index.html">most recent Release Notes.</a></p> <h2>Contact</h2> <p>For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Mon, 26 Oct 2020 15:38:09 -0700 Chloe Sabo 46956 at https://www.watchguard.com New in TDR 5.9.0: User-Based ThreatSync Services https://www.watchguard.com/wgrd-blog/new-tdr-590-user-based-threatsync-services <p>We are excited to announce that Threat Detection and Response has a new feature to try – user-based ThreatSync services.</p> <p>Have you ever stared at your ThreatSync dashboard and wondered who continues to download and run that malicious file? You might find the file in the home directory of the user, but we all know that is not always the case. Now, you can take out the guesswork with user-based ThreatSync services!</p> <h2>User-Based ThreatSync Services</h2> <p>In TDR 5.9.0, new user pages display user information attributed to each file or process detected by the Host Sensor.</p> <p>This feature includes these pages:</p> <p><strong>ThreatSync &gt; Users</strong> – This new page displays a combined score for a user, based on the indicators attributed to that user. Only users with a threat score are displayed on this page.</p> <ul><li>Color-coded logged in indicator icons display the current status of users logged in to a computer with a Host Sensor installed.</li> <li>The Indicators table displays all indicators attributed to that user.</li> <li>The Hosts table displays a list of endpoint devices that the user is logged in to.</li> </ul><p><strong>Devices/Users &gt; Users</strong>  – This new page displays all users detected by ThreatSync and their login status.</p> <ul><li>Color-coded logged in indicator icons display the current status of users logged in to a computer with a Host Sensor installed.</li> <li>The Hosts table displays a list of endpoint devices that the user is logged in to.</li> </ul><p><strong>ThreatSync &gt; Indicators</strong>  – This feature now includes a new User column to enable you to easily sort and filter indicators.</p> <p>This feature is open to early access. If you would like to use this feature, in the TDR web UI, go to <strong>Settings &gt; General</strong> and click <strong>Beta Tester</strong>. Please provide any feedback through a support case.</p> <p>We are excited about this new feature and look forward to your feedback.</p> <p>Thank you.</p> <p>TDR Product Team</p> <p> </p> Tue, 20 Oct 2020 05:43:41 -0700 Ricardo Arroyo 46796 at https://www.watchguard.com WatchGuard Cloud Introduces New Executive Summary Report https://www.watchguard.com/wgrd-blog/watchguard-cloud-introduces-new-executive-summary-report <p>We are pleased to announce the release of the new Executive Summary Report feature in WatchGuard Cloud. The Executive Summary Report provides complete visibility into network traffic and security events, and helps boost efficiency, productivity, and profitability.</p> <p>The three-page summary report provides the business intelligence that you need to support key goals:</p> <ul><li>Ensure productive use of corporate assets and time throughout the organization.</li> <li>Audit compliance against acceptable usage policies for Internet usage.</li> <li>Monitor protection against spyware, malware, and viruses.</li> </ul><p>WatchGuard partners can also apply custom branding to promote their brand and demonstrate value within their customer-base. The Executive Summary can also be included as a scheduled report, keeping Business Owners and Executives regularly informed of the organization’s security posture. Executive Reports are generated as PDF files than can be downloaded directly from WatchGuard Cloud by navigating in the UI from <strong>Monitor &gt; Devices &gt; Device Summary</strong> page.</p> <p>The classic 17-page report has been renamed the Executive Dashboard Report and is now found on the <strong>Monitor</strong> &gt; <strong>Devices</strong> &gt; <strong>Executive Dashboard</strong> page. </p> <p><strong>Keep Up What’s New in WatchGuard Cloud</strong></p> <p>WatchGuard regularly updates and improves on the WatchGuard Cloud platform. To learn more about the developments to WatchGuard Cloud please refer to the “<a href="https://www.watchguard.com/help/docs/WG_Cloud/en-US/whats-new_WG_Cloud.pptx">What’s New In WatchGuard Cloud” presentation</a>, and <a href="https://www.watchguard.com/support/release-notes/WatchGuard_Cloud/en-US/index.html">most recent Release Notes.</a></p> <p><strong>New Beta Feature Available – Service Provider Navigation</strong></p> <p>WatchGuard Service Provider partners are invited to participate in our Beta of the new Service Provider navigation experience in WatchGuard Cloud. The Service Provider navigation presents a consistent primary navigation for accounts, making it easier for Service Providers to switch between managed accounts.</p> <p>Visit the <a href="https://watchguard.centercode.com/welcome/">WatchGuard Beta site to register.</a></p> <p><strong>Contact</strong></p> <p>For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Thu, 17 Sep 2020 10:07:10 -0700 Stephen Helm 45021 at https://www.watchguard.com WatchGuard is switching Botnet Blocklist providers https://www.watchguard.com/wgrd-blog/watchguard-switching-botnet-blicklist-providers <p>Greetings valued WatchGuard Partners and Customers. For those that are not aware, or even those that just need a refresher, the firebox downloads a list of known malicious Command and Control IP addresses that it blocks. This is commonly referred to as the Botnet Blocklist and is Licensed as part of RED service in the Basic Security package. As part of our commitment to provide the best security to you, a new Botnet Block list is being deployed globally on July 13th. Should you or any of your customers encounter a false positive please add the offending IP address to the Blocked Sites Exceptions list and submit a technical support case.  Thank you to everyone for reading and enjoy the rest of your day.</p> Tue, 07 Jul 2020 08:02:17 -0700 Ricardo Arroyo 44341 at https://www.watchguard.com Fireware 12.5.4 Now Available https://www.watchguard.com/wgrd-blog/fireware-1254-now-available <p>WatchGuard has posted Fireware 12.5.4 in the Software Download Center. In addition to various bug fixes, this update introduces a new engine for spamBlocker, and TDR host sensor enforcement to permit a VPN connection via the Firebox. Full details are provided in the Release Notes, which are <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_4/index.html">available here</a>.  </p> <p><strong>Key elements of this release:</strong></p> <ul><li><strong>Host sensor VPN enforcement</strong>. Now admins can require an active TDR host sensor and required operating system to permit mobile VPN connections back to a Firebox.</li> <li><strong>Improved spam detection efficacy</strong>. In this release we are officially transitioning the spamBlocker security service to CloudMark.</li> <li><strong>Improved SD-WAN defaults</strong>. Defaults adjusted for latency and jitter to accommodate real-world traffic scenarios.</li> <li><strong>Improved BOVPN reliability</strong>. MTU settings for BOVPN virtual interfaces to ensure reliable performance with 3rd parties.  </li> <li><strong>Updated Multi-WAN Defaults</strong>. Updated default multi-WAN method to Failover, to better match recommended best practices.</li> <li><strong>Support for DYN DNS in CloudFlare</strong>.</li> </ul><p><strong>Software Download Center</strong></p> <p>Firebox appliance owners with active support subscriptions can obtain the Fireware 12.5.4 without additional charge by downloading the applicable packages from <a href="https://watchguardsupport.secure.force.com/software/">the WatchGuard Software Download Center</a>. </p> <p><strong>Contact</strong></p> <p>For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> <p> </p> Wed, 01 Jul 2020 08:31:56 -0700 Stephen Helm 44306 at https://www.watchguard.com Dimension 2.1.2 Update 4 now available https://www.watchguard.com/wgrd-blog/dimension-212-update-4-now-available <p>We are pleased to announce the availability of WatchGuard Dimension 2.1.2 Update 4. This maintenance release is now available from the <a href="https://watchguardsupport.secure.force.com/software/">Software Download Center</a>, together with Release Notes and update instructions. WatchGuard Dimension 2.1.2 Update 4 provides the following fixes:</p> <h3><strong>General</strong></h3> <ul><li>A warning is generated when attempting to upgrade to future versions of Dimension if the current instance is running an older Ubuntu kernel</li> <li>Added support for database restores to Postgresql v11 and v12<br />  </li> </ul><h3><strong>Logging and Reporting</strong></h3> <ul><li>Most Popular Domains has been renamed Most Popular Destinations in Per Client Report</li> <li>Added support for new Firebox IPS/Application ID engine</li> <li>Improved IMAP proxy support in multiple reports</li> </ul><p>For a full list of resolved issues, please refer to the Release Notes in the Software Download Center.  Note that Dimension 2.2 will be built using the 16.04 Ubuntu kernel. Any Dimension instance running an older Ubuntu kernel will have to redeploy the instance to upgrade to Dimension 2.2. Dimension instances currently running Ubuntu 16.04 will be able to upgrade to the upcoming Dimension 2.2 release through the upgrade mechanism within Dimension. Additional instructions will be provided with the release of Dimension 2.2.<br />  </p> <h2>Does this release pertain to me?</h2> <p>This release applies to all users of the WatchGuard Dimension network security visibility solution.  It is critical that any administrators using WatchGuard Dimension upgrade their solution to 2.1.2 Update 4 to take advantage of the security improvements available in the release. <br />  </p> <h2>Software Download Center</h2> <p>Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard <a href="https://watchguardsupport.secure.force.com/software/">Software Download Center</a>.</p> <p> </p> <p> </p> Fri, 26 Jun 2020 13:20:48 -0700 Jason Vendramin 44286 at https://www.watchguard.com Now Available: Global Exceptions API for Firebox https://www.watchguard.com/wgrd-blog/now-available-global-exceptions-api-firebox <p>Over the past year, we have made a lot of investment to pave the way for partners and customers to have API access to WatchGuard products. Earlier this year we released an API for AuthPoint Authentication and now we are excited to announce that live in production this week is the first Firebox Management API aimed at configuring Global Exceptions.</p> <p>Global exceptions are rules that can override the current settings on the Firebox and include:</p> <ul><li>Adding to blocked sites (one of the top use cases!)</li> <li>Blocked sites exceptions</li> <li>Botnet exceptions</li> <li>File exceptions</li> <li>Geolocation exceptions</li> <li>Intrusion prevention service (IPS) exceptions</li> <li>WebBlocker exceptions</li> </ul><p>There are several reasons why partners and customers may be interested in having access via API, today to make any changes to Firebox configuration users need to log into and use one of our management systems, whether that is WSM, the WebUI, or WatchGuard Cloud. In certain scenarios, it would be more efficient if configuration changes can be setup from an outside platform, a couple of real examples are partners who built for end customers a mobile app or customer portal, or a MSSP tool used for remote monitoring or professional services automation. MSSP partners who need more flexibility in setting up and changing Firebox configurations, often across multiple customers can benefit from using an API by:</p> <ul><li>Making changes quickly without having to log into a WG management system</li> <li>Building platforms and apps that can trigger actions through an API integration</li> <li>Giving more people the ability to make low impact changes instead of submitting service desk tickets</li> </ul><p>This is only the beginning for Firebox Management APIs, in future we will bring onboard policy management as well as APIs for WatchGuard Cloud to manage account hierarchies, devices, reporting, and more.</p> <p>Learn more about WatchGuard APIs by visiting our publicly available and centralized <a href="https://www.watchguard.com/help/docs/api/Content/en-US/home.html">API Documentation</a> site.</p> <p>Setting up API access is available to all WatchGuard Cloud accounts and a very easy process. For a demo of all the basic API calls required to create and deploy a Global Exception, check out the video below:</p> <script src="https://fast.wistia.com/embed/medias/8ovybspkv5.jsonp"></script><script src="https://fast.wistia.com/assets/external/E-v1.js"></script><div class="wistia_responsive_padding" style="padding:78.44% 0 0 0;position:relative;"> <div class="wistia_responsive_wrapper" style="height:100%;left:0;position:absolute;top:0;width:100%;"> <div class="wistia_embed wistia_async_8ovybspkv5 videoFoam=true" style="height:100%;position:relative;width:100%"> <div class="wistia_swatch" style="height:100%;left:0;opacity:0;overflow:hidden;position:absolute;top:0;transition:opacity 200ms;width:100%;"><img src="https://fast.wistia.com/embed/medias/8ovybspkv5/swatch" alt="" aria-hidden="true" onload="this.parentNode.style.opacity=1;" /></div> </div> </div> </div> Mon, 15 Jun 2020 10:24:47 -0700 Sharon Li 44116 at https://www.watchguard.com Now Available: Firebox T20, T40 & T80 https://www.watchguard.com/wgrd-blog/now-available-firebox-t20-t40-t80 <p>WatchGuard is excited to announce the<a href="https://www.watchguard.com/wgrd-about/press-releases/watchguard-brings-simplified-flexible-security-small-home-and-midsize"> release of three new Firebox T Series UTM appliances</a>: Firebox T20, T40, and T80. These latest Firebox models provide an upgrade path for our existing Firebox T Series customers and offer faster processors and more memory. Delivering big security in a small appliance, each WatchGuard Firebox includes a complete and industry-best set of threat management solutions.</p> <p><strong>Key Features:</strong></p> <ul><li><strong>IntelligentAV and Access Portal are available on the T40/T40-W and T80.</strong><br /> Services that were previously only available on rackmount appliances now run on smaller tabletop models.</li> <li><strong>Integrated Wi-Fi (T20-W and T40-W)</strong><br /> The Wi-Fi capable Firebox TXX-W supports the 802.11ac Wi-Fi standard, ensuring faster speeds for your users.<strong> </strong></li> <li><strong>Power over Ethernet - PoE+</strong><br /> Integrated support for PoE+ means you can avoid running separate power cables to peripheral devices like security cameras, VoIP phones or wireless access points.<strong> </strong></li> <li><strong>SD-WAN</strong><br /> Firebox TXX makes network optimization easy. With integrated SD-WAN, you can decrease you use of expensive MPLS or 4G/LTE connections, while improving resiliency and performance of you network.</li> <li><strong>Optional Expansion Module (T80)</strong><br /> Firebox T80 includes the option to customize your port configuration with expansion modules for integrated fiber connectivity right from the appliance. Optional SFP+ expansion module is available.</li> <li><strong>Automation Core</strong><br /> WatchGuard Firebox T Series appliances are designed with automation to the core, allowing your IT team to do more with less. Deploy from the Cloud, update signatures, detect and kill malware, all without lifting a finger.</li> </ul><h2>Fireware v12.6.1 Update 1 Released</h2> <p>Firebox T20, T40, and T80 were manufactured with Fireware v12.6.1, and since they left the factory, we have made several bug fixes.  We recommend that you upgrade your Firebox to Fireware v12.6.1 Update 1 immediately to take advantage of important bug fixes included in this update release. Full details are provided in the Release Notes, which are <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_6_1/index.html#Fireware/en-US/introduction.html%3FTocPath%3D_____2">available here.  </a></p> <h2>Software Download Center</h2> <p>Firebox appliance owners with active support subscriptions can obtain the Fireware 12.6.1 Update 1 without additional charge by downloading the applicable packages from <a href="https://watchguardsupport.secure.force.com/software/">the WatchGuard Software Download Center. </a></p> <h2>Contact</h2> <p>For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> <p> </p> <p> </p> <p> </p> Mon, 08 Jun 2020 20:59:51 -0700 Stephen Helm 44026 at https://www.watchguard.com Now available: Fireware 12.5.3 https://www.watchguard.com/wgrd-blog/now-available-fireware-1253 <p>WatchGuard has posted Fireware 12.5.3 and WSM 12.5.3 in the Software Download Center. These new releases introduce several key bug fixes and some new enhancements. Full details are provided in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_3/index.html">Release Notes</a> and the <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-5-3.pptx">What’s New</a> presentation. We’ve seen a huge increase in the number of people using Mobile VPN for remote access over the past few weeks, so please note that this release also includes an updated version of the SSL VPN client for Mac and Windows. </p> <p><strong>Key Updates of This Release:</strong></p> <ul><li>Mobile VPN with SSL improvements, including the elimination of an upgrade prompt that did not apply to non admin users, along with several bug fixes.</li> <li>Gateway Wireless Controller support for the <a href="https://www.watchguard.com/wgrd-products/access-points/ap225w">AP225W wall plate access point</a>, which is ideal for multi-dwelling unit (MDU) structures such as dorm rooms, shared office spaces, smart apartments and condos.</li> <li>Trusted Platform Module (TPM) support for registration of Fireboxes to WatchGuard Cloud, eliminating the need to enter a verification code.</li> <li>Web setup wizard has been enhanced to simplify RapidDeploy in environments that do not use DHCP.</li> <li>Support for the latest Autotask API updates. We strongly recommend all users of the Autotask integration to read the relevant notes in the What’s New and upgrade to 12.5.3 before April 15th.  </li> </ul><p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can obtain Fireware 12.5.3 without additional charge by downloading the applicable packages from <a href="https://watchguardsupport.secure.force.com/software/">the WatchGuard Software Download Center</a>. If you are already running Fireware 12.5.2, you can now use WatchGuard Cloud to simply upgrade the firmware on all of your appliances. </p> <p><strong>Does this release pertain to me?</strong><br /> Fireware 12.5.3 is available for all Firebox T and Firebox M appliances. The Mobile VPN with SSL 12.5.3 client has also been posted for XTM appliances.</p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> <p> </p> Tue, 31 Mar 2020 12:08:26 -0700 Brendan Patterson 40986 at https://www.watchguard.com General Availability of TDR Machine Learning Enhanced Host Ransomware Prevention https://www.watchguard.com/wgrd-blog/general-availability-tdr-machine-learning-enhanced-host-ransomware-prevention <p>We are excited to announce the general availability of Machine Learning Enhanced Host Ransomware Prevention!</p> <p>Ransomware authors are getting smarter and bolder. Every day they find new ways to avoid detection and steal data. TDR already protects your endpoints from devastating ransomware attacks. As ransomware attacks evolve, we must improve our ability to stop them with faster detection through machine learning.</p> <p>Machine Learning for Host Ransomware Prevention</p> <p>In 2018, we enhanced TDR's Detection and Response (D&amp;R) engine with machine learning. This significantly increased our general indicator detection rate.</p> <p>WatchGuard is now ready to apply those same principles to Host Ransomware Prevention (HRP). The addition of machine learning to HRP results in faster detection rates than our current detection model. With this enhancement, you will see more HRP indicators that result in remediations. </p> <p>We are excited about this new feature and protecting your endpoints for years to come.</p> <p>Thank you and enjoy!</p> <p>TDR Product Team</p> Fri, 27 Mar 2020 07:37:41 -0700 Ricardo Arroyo 40911 at https://www.watchguard.com TDR AD Helper Credential Disclosure Vulnerability https://www.watchguard.com/wgrd-blog/tdr-ad-helper-credential-disclosure-vulnerability <p>Good morning TDR Users, </p> <p>On 11 March 2020, a pen testing company, RedTeam PenTesting GMBH, disclosed a credential disclosure vulnerability in the AD Helper to exploit-db.com (link below). The disclosure states that by accessing the AD Helper web interface, a call to an API endpoint is made which responds with plaintext credentials to all configured domain controllers.</p> <p>On 9 March 2020, WatchGuard released a fix for this vulnerability in AD Helper 5.8.5.10317. In this version, the offending REST endpoint no longer returns plaintext passwords. In addition, the service running the configuration UI will only be available locally through the loopback IP address (Localhost/127.0.0.1). This means that users must log in to the computer locally to access the AD Helper Configuration UI.</p> <p>Please make sure your AD Helper is up-to-date and runs version 5.8.5.10317 or higher. If your AD Helper runs a lower version and cannot auto-update, you must manually update your AD Helper. If your AD Helper cannot communicate with TDR or cannot auto-update, please follow the steps at: <a href="https://watchguardsupport.secure.force.com/publicKB?type=Known%20Issues&amp;SFDCID=kA10H000000g4mPSAQ">https://watchguardsupport.secure.force.com/publicKB?type=Known%20Issues&amp;SFDCID=kA10H000000g4mPSAQ</a></p> <p>Additionally, if you are unable to update the AD Helper immediately, you can use firewall rules to minimize the exposure of the AD Helper to external networks, which would limit the scope of the vulnerability. While it is still a serious vulnerability, and you will want to patch quickly, most internet-based attackers should not be able to reach this web interface unless you allowed it via your firewall.</p> <p>WatchGuard greatly appreciates members of the security community who find and responsibly disclose vulnerabilities in our products so that we can correct them and make our products as secure as possible. We thank RedTeam PenTesting GMBH for responsibly bringing this to our attention.</p> <p> </p> <p>Sincerely,</p> <p>The TDR PM Team</p> <p>Exploit-DB Link: <a href="https://www.exploit-db.com/exploits/48203">https://www.exploit-db.com/exploits/48203</a></p> Thu, 12 Mar 2020 17:50:49 -0700 Ricardo Arroyo 40766 at https://www.watchguard.com TDR AD Helper Urgent Security Improvement https://www.watchguard.com/wgrd-blog/tdr-ad-helper-urgent-security-improvement <p>Good morning TDR Users,</p> <p>WatchGuard has released an AD Helper update, to be deployed immediately. This update resolves an issue found by RedTeam Pentesting GmbH and improves the security of the AD Helper. WatchGuard thanks RedTeam Pentesting GmbH for reporting this issue so that we could resolve it quickly. </p> <p>In AD Helper version 5.8.5.10317 and higher, the service that runs the AD Helper Configuration UI will only be available locally through the loopback IP address (localhost/127.0.0.1). This means that users must now log in to the computer locally to access the AD Helper Configuration UI. </p> <p>Please make sure that your AD Helper is up-to-date and runs version 5.8.5.10317 or higher. If your AD Helper runs a lower version and cannot auto-update, you must manually update your AD Helper.</p> <p>If your AD Helper cannot communicate with TDR or cannot auto-update:</p> <ol start="1" type="1"><li>Open the AD Helper UI and copy the domain information.</li> <li>Use the Windows Settings or Control Panel to uninstall AD Helper.</li> <li>Log in to TDR.</li> <li>Select Devices &gt; AD Helper.</li> <li>Follow the instructions to download and install AD Helper.</li> <li>Open the AD Helper UI and specify the domain information you copied in Step 1.</li> </ol><p> </p> <p>Sincerely,</p> <p>The TDR PM Team</p> Mon, 09 Mar 2020 11:57:52 -0700 Ricardo Arroyo 40686 at https://www.watchguard.com TDR Machine Learning Enhanced Host Ransomware Prevention Beta https://www.watchguard.com/wgrd-blog/tdr-machine-learning-enhanced-host-ransomware-prevention-beta <p>We are excited to announce that Threat Detection and Response has a new feature to Beta test!</p> <p>Ransomware authors are getting smarter and bolder. Every day they find new ways to avoid detection and steal data. TDR already protects your endpoints from devastating ransomware attacks. As ransomware attacks evolve, we must improve our ability to stop them with faster detection through machine learning.</p> <h3>Machine Learning for Host Ransomware Prevention</h3> <p>In 2018, we enhanced TDR's Detection and Response (D&amp;R) engine with machine learning. This significantly increased our general indicator detection rate. Machine learning enhanced Host Ransomware Prevention (HRP) is now ready for Beta test. The addition of machine learning to HRP results in faster detection rates than our current detection model. With this enhancement, you will see more HRP indicators that result in remediations. </p> <p>To participate in the Beta program, click the link below and follow the instructions provided.</p> <p><a href="https://watchguard.centercode.com/key/MLHRP">https://watchguard.centercode.com/key/MLHRP</a></p> <p>Thank you!</p> <p>TDR Product Team</p> <p> </p> Thu, 13 Feb 2020 11:08:16 -0800 Ricardo Arroyo 40016 at https://www.watchguard.com Dimension 2.1.2 Update 3 now available https://www.watchguard.com/wgrd-blog/dimension-212-update-3-now-available <p>We are pleased to announce the availability of WatchGuard Dimension 2.1.2 Update 3. This maintenance release is now available from the <a href="https://watchguardsupport.secure.force.com/software/">Software Download Center</a>, together with release notes and update instructions. WatchGuard Dimension 2.1.2 Update 3 provides the following fixes:</p> <h3><strong>General</strong></h3> <ul><li>Dimension now supports PostgreSQL versions up to v10.8.</li> <li>This release resolves a PCI compliance failure due to behavior of HTTP redirect to HTTPS connection feature.</li> <li>Quick Setup Wizard no longer stalls on administrator passphrase step on Hyper-V.</li> <li>This release improves performance with multiple connected devices.</li> <li>This release resolves a log collector memory leak issue.<br />  </li> </ul><h3><strong>Logging and Reporting</strong></h3> <ul><li>Authenticated users now correctly appear as the source for connections in HTTP and HTTPS proxy connnections.</li> <li>The <strong>User Expiration </strong>time now correctly appears in local browser time zone.</li> <li>The <strong>Policy Usage Report </strong>now appears in local browser time zone.</li> <li>ConnectWise reports no longer fail with message Task failed: _CWReportGeneration_align_to_maxlines is not defined.</li> <li>Geolocation data is now correctly included in Log Search results.</li> <li>The phrase app_cat_id no longer appears in domain name or IP address fields in some Dimension reports.</li> <li>This release resolves an issue that caused SMTP proxy report to show app_cat_ID=5 as the email sender.<br />  </li> </ul><h3><strong>Device Management</strong></h3> <ul><li>The Dimension no longer displays feature keys for devices after you remove them.</li> <li>Your Dimension will no longer create a new entry for a resolved FQDN that is already a configured static IP address.</li> </ul><p>For a full list of resolved issues, please refer to the release notes on the Software Download Center.</p> <p> </p> <h3><strong>Does this release pertain to me?</strong></h3> <p>This release applies to all users of the WatchGuard Dimension network security visibility solution.  It is critical that any administrators using WatchGuard Dimension upgrade their solution to 2.1.2 Update 3 to take advantage of the security improvements available in the release. </p> <p> </p> <h3><strong>Software Download Center</strong></h3> <p>Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard <a href="https://watchguardsupport.secure.force.com/software/">Software Download Center</a>.</p> <p> </p> <p> </p> <p> </p> Fri, 10 Jan 2020 11:08:50 -0800 Jason Vendramin 39556 at https://www.watchguard.com Now Available: Fireware 12.5.2 Update 1 https://www.watchguard.com/wgrd-blog/now-available-fireware-1252-update-1 <p>WatchGuard has posted Fireware 12.5.2 Update 1 in the Software Download Center. This update introduces several key bug fixes, as well as initial support for management of Firebox system tasks directly from WatchGuard Cloud. Full details are provided in the Release Notes, which are <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_2/Fireware_Release-Notes_v12_5_2.pdf">available here</a>.  Update 1 was released on December 23 to address an issue in environments with asymmetric routing. More details are about the issue are available in our <a href="https://watchguardsupport.secure.force.com/publicKB?type=Known%20Issues&amp;SFDCID=kA10H000000g4oLSAQ&amp;lang=en_US">knowledge base article</a>.</p> <p><strong>Key Updates of This Release:</strong></p> <p>    - Updated versions of SSL and IPSec VPN clients, SSO client support for macOS Catalina</p> <p>    - WebBlocker on-premises server version 1.1 – bug fixes</p> <p><strong>Software Download Center</strong></p> <p>Firebox appliance owners with active support subscriptions can obtain the Fireware 12.5.2 Update 1 without additional charge by downloading the applicable packages from <a href="https://watchguardsupport.secure.force.com/software/">the WatchGuard Software Download Center</a>. </p> <p><strong>Download Fireware 12.5.2 Update 1 and Get Access to the Latest WatchGuard Cloud Beta</strong></p> <p>WatchGuard Cloud provides a rich set of dashboards, reports, and alerts to help you monitor your Fireboxes. In the Fireware 12.5.2 release, we’ve added many of the system management actions that are most commonly performed by system administrators:</p> <p>    - Firebox firmware upgrades – immediate or scheduled</p> <p>    - Reboot a Firebox</p> <p>    - Save and restore Firebox backup images</p> <p>The beta is underway now! Sign up and find out more details here: <a href="https://watchguard.centercode.com/WGCloudSystemActionsBeta">https://watchguard.centercode.com/WGCloudSystemActionsBeta</a></p> <p><strong>Contact</strong></p> <p>For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Thu, 26 Dec 2019 12:48:51 -0800 Stephen Helm 39411 at https://www.watchguard.com General Availability of Threat Detection and Response 5.8 Features https://www.watchguard.com/wgrd-blog/general-availability-threat-detection-and-response-58-features <p>We are excited to announce that Threat Detection and Response (TDR) has some new capabilities! By popular demand, WatchGuard has made pre-configured Antivirus Exclusions a reality! Gone are the days of copying and pasting directory paths one by one into the Exclusions page.  These predefined exclusion sets make it easy to add exclusions for the most common antivirus vendors. </p> <p>To see these changes in the TDR Web UI, select <strong>Configuration &gt; Exclusions</strong>. The Exclusion page now includes two tabs: </p> <ul><li>Custom Exclusions - Shows the exclusions you configured manually before version 5.8.0. Any custom exclusions you added previously still work as expected.</li> <li>AV Exclusions - Shows the predefined sets of exclusions for common antivirus vendors. </li> </ul><p>In addition to the AV Exclusions feature, we have a new Host Ransomware Prevention (HRP) Visualization feature. When you view the details of an HRP Indicator that was successfully remediated, you can now view a graphical representation of the event.</p> <p><img src="/sites/default/files/watchguardtdr_behaviorpreventionchart.png" alt="HRP Chart View" /></p> <p>If the Indicator can be graphed, you will see a new <strong>Chart</strong> button in the Additional Details pop-up of the Indicator. Click the button to open a new window.  The chart is interactive, with the following capabilities: </p> <ul><li>Processes are displayed as square nodes </li> <li>If the Process has Behaviors, a plus sign will display in the Process node. </li> <li>Behaviors are displayed as oval nodes, and will be expanded when you click on the plus sign </li> <li>Hover over any node to show details </li> <li>Click on a node to highlight the node and the paths to related nodes </li> <li>The <strong>Download/Export</strong> icon enables you to export the chart as an image</li> </ul><p>We hope you are as excited about this new feature as we are! Any and all feedback is always welcome! </p> <p>Thank you! <br /> WatchGuard Product Team </p> Thu, 21 Nov 2019 10:24:22 -0800 Ricardo Arroyo 38981 at https://www.watchguard.com Fireware Maintenance Update - 12.5.1 Update 1 https://www.watchguard.com/wgrd-blog/fireware-maintenance-update-1251-update-1 <p><strong>Fireware 12.5.1 Update 1</strong>       <br /> WatchGuard has posted Fireware 12.5.1 Update 1 at the <a href="https://watchguardsupport.secure.force.com/software/">Software Download Center</a>. There is no corresponding update to WSM. This maintenance update provides resolution to issues that have been reported by customers. Based on feedback from our partners, we plan to make more bug fix update releases generally available instead of providing just customer speciific patches or hotfixes. Full details are provided in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5_1/index.html#Fireware/en-US/resolved_issues.html">Release Notes</a>, which are updated since the 12.5.1 GA release. </p> <p><strong>Does this release pertain to me?</strong><br /> Fireware 12.5 Update 1 is available for all Firebox T and Firebox M appliances. </p> <p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can obtain the Fireware 12.5.1 Update 1 without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.  </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available. </p> Tue, 05 Nov 2019 16:34:05 -0800 Brendan Patterson 38791 at https://www.watchguard.com WatchGuard Cloud - Visibility Updates https://www.watchguard.com/wgrd-blog/watchguard-cloud-visibility-updates <p><strong>WatchGuard Cloud Visibility Updates</strong><br /> We launched WatchGuard Cloud Visibility back in April of this year, and since then WatchGuard customers have enthusiastically adopted the new platform. Our product development team has continued to add new features and enhancements over the past few months. We capture the updates each week in our <a href="https://www.watchguard.com/support/release-notes/WatchGuard_Cloud/en-US/index.html">WatchGuard Cloud Release Notes.</a> Understanding that everyone is busy and won’t find time to review these closely, we will also publish regular updates here on the product blog. Some of the major highlights since we first announced General Availability are listed below:</p> <p><strong>WatchGuard Query Language:</strong> One of the great advantages of the WatchGuard Cloud platform is the fast performance and searching of the data that is stored in Elasticsearch. We’ve made it more powerful and flexible to find what you are looking for with a new query language where you can use structured search by operator to find exactly what you need. </p> <p>Example: virus:eicar* and src_ip:   and dst_ip:206.100.10.1</p> <p>Please take a few moments to review the <a href="https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/Devices/reports/log_search_wgc.html">log search documentation</a> (or as context sensitive help from the log search page), as this new search mechanism does differ from how search worked in on-premise Dimension.</p> <p><strong>Device Folders:</strong> Administrators can arrange their Fireboxes in folders, and then generate reports that aggregate the data across all devices in the folder – saving time by checking all device in a company or location at one time.</p> <p><strong>Firebox Alarms:</strong> The alerting system in the cloud includes alarms that have been defined on the UTM. Administrators can get email or better visibility into security events like malware detections and network attacks, or network issues like WAN failover or High Availability failover.</p> <p><strong>More Reports:</strong> Get auditors the data that they need with our HIPAA and PCI Compliance dashboards. We’ve also added the policy usage by hits or bytes, which also helps to highlight unused policies that may need to be investigated. Most recently, we have added new reports for the WatchGuard Access Portal feature. </p> <p><strong>SD-WAN Visibility:</strong> We can now show historical reports of jitter, packet loss, and latency. Allow administrators to better troubleshoot poor network connections.</p> <p><strong>Does this pertain to me?</strong></p> <p>WatchGuard Cloud Visibility is available for all Firebox appliances [running either Basic Security Suite or Total Security Suite]. Basic Security appliances come with 1 day of data retention, and Total Security appliances provide 30 days of data retention. </p> <p>We recently covered these enhancements in our October partner training webinar, including a demo of each of these new features. A recording is available in the learning center. </p> <p> </p> <p> </p> Tue, 05 Nov 2019 11:09:34 -0800 Brendan Patterson 38796 at https://www.watchguard.com TDR Host Sensor Kernel Driver Settings https://www.watchguard.com/wgrd-blog/tdr-host-sensor-kernel-driver-settings <p>WatchGuard’s Threat Detection and Response (TDR) has been protecting your assets for more than two years. We continue to improve stability and performance while improving our detection and remediation of threats before they can cause a problem in your network. </p> <p>To take full advantage of the threat detection capabilities available in TDR, we recommend that you enable the Host Sensor Kernel Driver features on all desktop and mobile devices. After extensive testing, we have determined that you will experience faster and more thorough detection and remediation for both our traditional detection and response functionality, as well as Host Ransomware Protection, if you enable Kernel Driver features.</p> <p>We highly encourage you to enable the Host Sensor Kernel Driver features to improve your experience and protect your networks. Starting in December of 2018 we made these recommended settings the default for new accounts. <br /> To optimize TDR on your network, make these changes:</p> <ol><li>Log in to the TDR Web UI as an Administrator or Analyst.</li> <li>Select <strong>Settings &gt; Host Sensor</strong>.</li> <li>In the <strong>Host Sensor Driver Configuration Settings</strong>, change the following settings to <strong>ON</strong>: <ul><li>Enable Kernel Process Events</li> <li>Enable Kernel File Events</li> <li>Enable Kernel Registry Events</li> <li>Enable Kernel Kill Process Action</li> <li>Enable Kernel Delete File Action</li> <li>Enable Kernel Host Containment Action</li> <li>Enable Kernel File Handle Enumeration</li> </ul></li> <li>Click Save. </li> </ol><p>For more information about TDR recommended settings, please visit the <a href="https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdr_deploy_tips_c.html">WatchGuard Help Center</a>.</p> Tue, 15 Oct 2019 20:43:48 -0700 Ricardo Arroyo 38001 at https://www.watchguard.com Now Available: Firebox T35-R https://www.watchguard.com/wgrd-blog/now-available-firebox-t35-r <p><strong>New Firebox T35-R Is a Ruggedized Appliance Built for Harsh Conditions</strong><br /> It’s an exciting time for product launches at WatchGuard, with the release of DNSWatchGO and Passport last week! Today I am excited to announce the release of our release of our newest Unified Threat Management (UTM) appliance. Firebox T35-R is a compact security appliance that features an industrial enclosure that is both dust- and splash-proof, and capable of operating in extreme temperatures. The ruggedized construction of Firebox T35-R means you can deploy the appliance in harsh environments without needing to build a special enclosure.</p> <p><strong>Product Details</strong><br /> Key Features of the T35-R are:</p> <ul><li><strong>An IP64-Rated Industrial Enclosure </strong>–  The appliance is fully dust- and splash-proof, and capable of operating in temperatures of -40 to +60 degrees Celsius, providing reliable security and connectivity that persists despite the extreme conditions often found in nontraditional network environments, and eliminating the need to build custom enclosures.</li> <li><strong>DC Power</strong> – The appliance can operate on 12v to 48v DC power, or alternatively use an optional AC power supply.</li> <li><strong>SCADA IPS Signatures</strong> – Included with WatchGuard’s Basic and Total Security Suite, the Firebox T35-R leverages these signatures to protect against known industrial control system (ICS) and SCADA threats and enable security use cases in harsh deployment environments.</li> <li><strong>Industry-leading UTM</strong> –The T35-R makes site-to-site VPN connectivity simple, reliable and manageable, and empowers administrators to confidently enable advanced security protections including APT Blocker, Threat Detection and Response, DNSWatch, IPS, Gateway AntiVirus, and more, without slowing network speeds.</li> </ul><p>Complete product details are available in the <a href="https://p.widencdn.net/yzmwqs/Datasheet_Firebox_T35-R">T35-R Datasheet</a> and on the <a href="https://www.watchguard.com/wgrd-products/tabletop/firebox-t35-t55">T35-R web page</a>.</p> Wed, 09 Oct 2019 08:28:15 -0700 Stephen Helm 37981 at https://www.watchguard.com Threat Detection and Response 5.8.X Beta Refresh https://www.watchguard.com/wgrd-blog/threat-detection-and-response-58x-beta-refresh <p>We are excited to announce the addition of an additional feature to the TDR 5.8.X Beta! In addition to the AV Exclusions feature currently available in Beta, we have a new Host Ransomware Prevention(HRP) capability. When you view the details of an HRP Indicator that was successfully remediated, you can now view a graphical representation of the event. If the Indicator can be graphed, you will see a new <strong>Chart</strong> button in the Additional Details pop-up of the Indicator. Click the button to open a new window.<br />  <br /> The chart is interactive, with the following capabilities:</p> <ol><li>Processes are displayed as square nodes</li> <li>Behaviors are displayed as oval nodes</li> <li>Hover over any node to show details</li> <li>Click on a node to highlight the node and the paths to related nodes</li> <li>The <strong>Download/Export</strong> icon enables you to export the chart as an image or PDF</li> </ol><p> <br /> There is a test tool available to safely generate an HRP Indicator (available on the WatchGuard beta management site).<br />  <br /> We are excited about this new feature and look forward to your feedback.<br />  <br /> To participate in the beta, click the link below and follow the instructions provided.<br />  <br /><a href="https://watchguard.centercode.com/key/TDR58XBeta">https://watchguard.centercode.com/key/TDR58XBeta</a><br />  <br /> Thank you!<br /> TDR Product Team</p> Mon, 30 Sep 2019 10:22:29 -0700 Ricardo Arroyo 37891 at https://www.watchguard.com Threat Detection and Response 5.8.X Beta https://www.watchguard.com/wgrd-blog/threat-detection-and-response-58x-beta <p>We are excited to announce that Threat Detection and Response has a new capability to Beta over the next 6 weeks! By popular demand, WatchGuard has made pre-configured Antivirus Exclusions a reality! Gone will be the days of copying and pasting directory paths one by one into the Exclusions page.</p> <ul><li><strong>AV Exclusions</strong> - TDR now includes predefined exclusion sets that make it easy to add exclusions for the most common antivirus tools. Any custom exclusions you added previously persist after the upgrade. To see these changes in the TDR Web UI, select Configuration &gt; Exclusions. The Exclusion page now includes two tabs:<br />   <ul><li>Custom Exclusions - Shows the exclusions you configured manually before version 5.8.0.</li> <li>AV Exclusions - Shows the predefined sets of exclusions for common antivirus tools.<br />  </li> </ul></li> </ul><p>We will be rolling out additional features to the Beta as they become available.  Keep an eye out for more features as new versions of TDR become available.</p> <p>We are excited about this new feature and look forward to your feedback.</p> <p>To participate in the beta click the link below and follow the instructions provided.<br />  <br /><a href="https://watchguard.centercode.com/key/TDR58XBeta">https://watchguard.centercode.com/key/TDR58XBeta</a></p> <p>Thank you!<br /> TDR Product Team</p> <p> </p> Thu, 05 Sep 2019 09:34:53 -0700 Ricardo Arroyo 37231 at https://www.watchguard.com Fireware 12.5 Update 1 https://www.watchguard.com/wgrd-blog/fireware-125-update-1 <p><strong>Fireware 12.5 Update 1</strong><br /> WatchGuard has posted Fireware 12.5 Update 1 at the <a href="https://watchguardsupport.secure.force.com/software/">Software Download Center</a>. There is no corresponding update to WSM. This maintenance update provides resolution to issues that have been reported by customers. Based on feedback from our partners at our recent conferences, we plan to make more bug fix update releases generally available instead of providing just customer speciific patches or hotfixes. Full details are provided in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_5/index.html#Fireware/en-US/resolved_issues.html">Release Notes</a>, which are updated since the 12.5 GA release. </p> <p><strong>Does this release pertain to me?</strong><br /> Fireware 12.5 Update 1 is available for all Firebox T and Firebox M appliances. We especially recommend that customers running DNSWatch upgrade to this release because of some inconsistent registration issues in the 12.5 GA. </p> <p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can obtain the Fireware 12.5 Update 1 without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.  </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available. </p> Thu, 15 Aug 2019 12:46:46 -0700 Brendan Patterson 36936 at https://www.watchguard.com TDR 5.7 General Availability https://www.watchguard.com/wgrd-blog/tdr-57-general-availability <p>We are excited to announce that enhanced Network to Process Correlation in Threat Detection and Response is generally available! While TDR has always correlated network threats from your Firebox to an individual host, we are proud to provide the ability to correlate that same network threat to an individual process on your Windows host! This functionality enables Administrators to:</p> <ul><li>Quickly identify Windows processes that are making malicious outbound network connections.</li> <li>Stop those processes before they cause any damage to your environment(s).<br />  </li> </ul><p>This feature includes the following benefits and functions:</p> <ul><li>A new Process + Network indicator type that contains all of the information you would expect to triage the threat.</li> <li>Zero configuration – the feature works out-of-the-box, protecting environments immediately.</li> <li>Automated integration with existing ThreatSync policies.</li> </ul><p>We hope you are as excited about this new feature as we are! Any and all feedback, as usual, is always welcome!</p> <p> </p> <p>Thank you!</p> <p>WatchGuard Product Team</p> Wed, 31 Jul 2019 11:36:09 -0700 Ricardo Arroyo 36696 at https://www.watchguard.com Fireware 12.5 Availability https://www.watchguard.com/wgrd-blog/fireware-125-availability <p><strong>Fireware 12.5 - General Availability</strong><br /> We are pleased to announce that Fireware 12.5 and the corresponding WSM 12.5 software are now Generally Available (GA) for download from the WatchGuard software download center. The Release Notes provide full details on enhancements and resolved issues. With each new feature release, we also provide a <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-5.pptx">What's New</a> presentation and <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/Whats-New-in-v12_5.mp4">webinar recording</a> that provide a comprehensive explanation of the new capabilities. Here are some of the key highlights: </p> <ul><li>Access Portal has been updated to provide a reverse proxy support for internally hosted applications, including common Microsoft services like Outlook Web Access and Exchange. This capbility provide VPN access without requiring a client, and a convenient single sign-on portal that can provide an additional layer of multi-factor authentication. </li> <li>The password override feature in webblocker is now integrated with Active Directory, allowing users to use their existing credentials when web pages are blocked. </li> <li>The Warn page in Webblocker is now customizable so admins can generate messages that are specific to their organization.</li> </ul><p><strong>Does this release pertain to me?</strong><br /> Fireware 12.5 is available for all Firebox T and Firebox M appliances. The Access Portal service is only available on Firebox M appliances. </p> <p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can obtain the Fireware 12.5 update without additional charge by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard software download center. </a></p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Wed, 24 Jul 2019 01:36:36 -0700 Brendan Patterson 36606 at https://www.watchguard.com Mobile DNS Protection Beta Updates! https://www.watchguard.com/wgrd-blog/mobile-dns-protection-beta-updates <p>We are happy to announce a major improvement to our content filtering in our Mobile DNS Protection beta! We have integrated the categories from our WebBlocker security service into DNSWatch. You will shortly be able to leverage the granularity of 120+ categories across your protected networks and mobile clients!</p> <p>For those customers already using WatchGuard’s WebBlocker service, the look and feel will be very familiar as we have worked to create an experience that mirrors the one you are used to. If you are not familiar with WebBlocker you will be treated to an updated experience allowing a more granular deployment of content filtering policies, leveraging 120+ categories!</p> <p>The content filtering settings in our Mobile DNS Protection solution have been updated and any existing content filtering policies have been migrated. We do recommend that if you are using content filtering currently, you review your policies to ensure they are accurate.</p> <p>We look forward to hearing your feedback on these changes and are excited to continue to drive innovation through Mobile DNS Protection! We plan to begin rolling these changes to active accounts beginning Tuesday July 23rd.</p> <p>Not signed up for the beta? Check it out <a href="https://watchguard.centercode.com/project/home.html?cap=603bad22e1ed40c1a17b5d4c44e94e06">here</a>.</p> Thu, 18 Jul 2019 15:08:34 -0700 Ben Oster 36501 at https://www.watchguard.com Dimension 2.1.2 Update 2 now available https://www.watchguard.com/wgrd-blog/dimension-212-update-2-now-available <p>We are pleased to announce the availability of WatchGuard Dimension 2.1.2 Update 2. This maintenance release is now available from the Software Downloads Center, together with release notes and update instructions. WatchGuard Dimension 2.1.2 Update 2 provides the following enhancements and fixes:</p> <ul><li>HTTPS traffic is now included in the Most Popular Domain, Most Active Client, and Web Activity Trend reports</li> <li>In the Virus(GAV) report, the Host(HTTP) and Virus pivots now correctly show data from log messages with "virus found"</li> <li>Addressed vulnerabilities for CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479 related to TCP SACK Panics</li> </ul><p>For a full list of resolved issues, please refer to the release notes on the Software Download Center.</p> <p> </p> <h2>Does this release pertain to me?</h2> <p>This release applies to all users of the WatchGuard Dimension network security visibility solution.  It is critical that any administrators using WatchGuard Dimension upgrade their solution to 2.1.2 Update 2 to take advantage of the security improvements available in the release. </p> <p> </p> <h2>Software Download Center</h2> <p>Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.</p> Mon, 01 Jul 2019 11:19:05 -0700 Jason Vendramin 36041 at https://www.watchguard.com Fireware 12.4.1 Update 1 https://www.watchguard.com/wgrd-blog/fireware-1241-update-1 <p><strong>Fireware 12.4.1 Update 1</strong><br /> WatchGuard has posted Fireware 12.4.1 Update 1 at the <a href="https://watchguardsupport.secure.force.com/software/">Software Download Center</a>. There is no corresponding update to WSM. This maintenance update provides resolution to issues that have been reported by customers. Full details are provided in the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_4_1/index.html">Release Notes</a>. </p> <p><strong>Fireware 12.5 Beta</strong><br /> If you are interested in new features, we also have an active public Beta underway for the new Fireware 12.5 release, which includes several new enhancements in Webblocker and a new reverse proxy capability for the Access Portal. The Firebox can now enable secure clientless VPN access to internally hosted web applications. Full details, including a What's New presentation are available at the Beta forum. <a href="https://watchguard.centercode.com/key/Fireware_v12_5">Sign up today!</a></p> <p><strong>Does this release pertain to me?</strong><br /> Both Fireware 12.4.1 Update 1 and the new Beta release are available for all Firebox T and Firebox M appliances. </p> <p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can obtain the Fireware 12.4.1 Update 1 without additional charge by downloading the applicable packages from the <a href="https://software.watchguard.com/">WatchGuard Software Download Center</a>.  The Beta release is also available from the link on the right hand side of the download pages. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available. Please file suggestions and feedback on the new 12.5 release in the Beta forum. </p> Wed, 19 Jun 2019 11:07:07 -0700 Brendan Patterson 35901 at https://www.watchguard.com Threat Detection and Response 5.7 Beta https://www.watchguard.com/wgrd-blog/threat-detection-and-response-57-beta <p>We are excited to announce that Threat Detection and Response has a new capability to beta test! While TDR has always correlated network threats from your Firebox to an individual host, we are proud to announce the ability to correlate that same network threat to an individual process on your Windows host! This functionality enables Administrators to:</p> <ul><li>Quickly identify Windows processes that are making malicious outbound network connections.</li> <li>Stop those processes before they cause any damage to your environment(s).</li> </ul><p>This feature includes the following benefits and functions:</p> <ul><li>A new Process + Network indicator type that contains all of the information you would expect to triage the threat.</li> <li>Zero configuration – the feature works out-of-the-box, protecting environments immediately.</li> <li>Automated integration with existing ThreatSync policies.</li> </ul><p>We are excited about this new feature and look forward to your feedback!</p> <p>To participate in the beta click the link below and follow the instructions provided.</p> <p><a href="https://watchguard.centercode.com/key/TDR57Beta">https://watchguard.centercode.com/key/TDR57Beta</a></p> <p>Thank you!</p> <p>WatchGuard Beta Team</p> Fri, 07 Jun 2019 08:58:32 -0700 Ricardo Arroyo 35621 at https://www.watchguard.com Fireware release updates https://www.watchguard.com/wgrd-blog/fireware-release-updates <p><strong>Fireware 12.4.1</strong><br /> We are pleased to announce that the latest maintenance releases for the Fireware Operating System, Fireware 12.4.1 and WSM 12.4.1 are available at the <a href="https://watchguardsupport.secure.force.com/software/">Software Download Center.</a> These maintenance releases don't include new features, but they provide resolution to many issues that have been reported by customers. WatchGuard partners and customers should review the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_4_1/index.html">Release Notes</a> to see a full list of fixed issues prior to upgrading. </p> <p><strong>Fireware 12.5 Beta</strong><br /> We also have an active public Beta underway for the new Fireware 12.5 release, which includes several new enhancements in Webblocker and a new reverse proxy capability for the Access Portal. The Firebox can now enable secure clientless VPN access to internally hosted web applications. Full details, including a What's New presentation are available at the Beta forum. <a href="https://watchguard.centercode.com/key/Fireware_v12_5">Sign up today!</a></p> <p><strong>Does this release pertain to me?</strong><br /> Both Fireware 12.4.1 and the new Beta release are available for all Firebox T and Firebox M appliances. </p> <p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can obtain the Fireware 12.4.1 update without additional charge by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard Software Download Center. </a> The Beta release is also available from the link on the right hand side of the download pages. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available. Please file suggestions and feedback on the new 12.5 release in the Beta forum. </p> Thu, 06 Jun 2019 11:14:02 -0700 Brendan Patterson 35571 at https://www.watchguard.com Dimension 2.1.2 Update 1 now available! https://www.watchguard.com/wgrd-blog/dimension-212-update-1-now-available <p>We are pleased to announce the availability of WatchGuard Dimension 2.1.2 Update 1. This maintenance release is now available from the Software Downloads Center, together with release notes and update instructions. WatchGuard Dimension 2.1.2 Update 1 updates DimensionOS to provide additional support for reporting in the Connectwise integration, as well as some bug fixes.​</p> <h2> </h2> <h2>Does this release pertain to me? </h2> <p>This release applies to all users of the WatchGuard Dimension network security visibility solution.  We highly recommend that any administrators using WatchGuard Dimension upgrade their solution to 2.1.2 Update 1 to take advantage of the security improvements available in the release. </p> <h2> <br /> Software Download Center</h2> <p>Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.</p> Mon, 13 May 2019 14:18:19 -0700 Julian Matossian 35221 at https://www.watchguard.com Fireware 12.4 Update 2 is now available https://www.watchguard.com/wgrd-blog/fireware-124-update-2-now-available <p><strong>Fireware 12.4 Update 2 - General Availability</strong><br /> We are pleased to announce that the Update 2 release for Fireware 12.4 and the corresponding WSM 12.4 software are now Generally Available (GA) for download from the <a href="http://software.watchguard.com">WatchGuard software download center</a>. The Update 2 release addresses some issues that were reported after Fireware 12.4 was first released in April, mostly related to HTTPS websites that failed to load correctly. The <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_4/index.html">Release Notes</a> provide full details on enhancements and resolved issues.</p> <p>With each new release, we also provide a <a href="https://www.watchguard.com/wgrd-help/documentation/xtm">What's New</a> presentation and recording that provide a comprehensive explanation of the new capabilities. Here are some of the key highlights: </p> <ul><li>SD-WAN for VPN and Private Lines: Extends SD-WAN benefits to more than just external WAN connections, allowing organizations to cut back on expensive MPLS connections. You can now measure loss/latency/jitter on Virtual Interface VPNs and internal interfaces.</li> <li>DNSWatch in Bridge Mode: Full DNS security applied in our simplest deployment option where the Firebox does not act as a gateway. </li> <li>Syslog export to two servers: Simultaneously send logs to two different syslog servers. Enables export to third party SIEM and also a local syslog server for log retention.</li> <li>TLS 1.3 Support: Continued compliance and support for latest standards with full inspection of HTTPS traffic using TLS 1.3. </li> </ul><p><strong>Does this release pertain to me?</strong><br /> Fireware 12.4 Update 2 is available for all Firebox T and Firebox M appliances. </p> <p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can obtain the Fireware 12.4 update without additional charge by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard software download center</a>. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> <p> </p> Wed, 08 May 2019 19:53:30 -0700 Brendan Patterson 34986 at https://www.watchguard.com Threat Detection and Response Host Sensor and AD Helper 5.6.2 and Lower End of Life https://www.watchguard.com/wgrd-blog/threat-detection-and-response-host-sensor-and-ad-helper-562-and-lower-end-life <p>In line with WatchGuard’s commitment to maintain the highest security standards for our customer data, Threat Detection and Response (TDR) will upgrade the TLS certificates used by the Host Sensor and AD Helper. From 26 June 2019, versions of the Host Sensor and AD Helper lower than 5.6.3 will no longer communicate with TDR. To ensure that your Host Sensor and AD Helper continue to function as expected, please upgrade to version 5.6.3 or higher before 26 June 2019.</p> <p>The Host Sensor is the endpoint component of TDR that enables ThreatSync to detect and respond to malware in near real time. It also provides real-time protection against ransomware with Host Ransomware Prevention.</p> <p>AD Helper keeps TDR synchronized with your local Active Directory server. Periodic synchronization ensures that hosts you add or remove from your Active Directory domain are also added or removed from TDR. TDR also uses the AD Helper to perform Host Sensor installations over Windows file shares. If your AD Helper does not upgrade to version 5.6.3 or higher, you will lose remote installation and Active Directory synchronization capabilities.</p> <p>For most users, Host Sensors and AD Helper will have already updated to version 5.6.3 or higher automatically. If you use AD Helper infrequently, make sure you restart it before 26 June 2019 so that it can connect and automatically download and install the update.</p> <p>To check your Host Sensor and AD Helper version or upgrade manually, follow the instructions in the sections below.</p> <h2>Upgrade Host Sensors</h2> <p>To check which version of the Host Sensor your hosts run:</p> <ol><li>Log in to TDR.</li> <li>Select Devices &gt; Hosts.<br /> The Host Sensor version, host name, and last heartbeat time appear in the table.</li> </ol><p>To upgrade to the latest version of the Host Sensor:</p> <ol><li>Ensure that the Host Sensor is running on all end hosts and can successfully communicate with TDR. Your Host Sensors should auto-update.</li> <li>If you have disabled auto-update, update the Host Sensor manually: <ol><li>Log in to TDR.</li> <li>Select Devices &gt; Hosts.</li> <li>Click the Update icon. <img src="/sites/default/files/tdr_spinner_icon.png" alt="TDR update icon" style="padding: .2em 0 .5em;" /></li> </ol></li> <li>If any of your Host Sensors cannot communicate with TDR or cannot auto-update: <ol><li>Use the Windows Settings or Control Panel to uninstall the Host Sensor.</li> <li>Log in to TDR.</li> <li>Select Devices &gt; Hosts.</li> <li>Follow the instructions to download and install the Host Sensor.</li> </ol></li> </ol><p>For more information on the Host Sensor, see <a href="https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdr_devices_hosts_c.html?tocpath=Manage%20Security%20Services%7CThreat%20Detection%20and%20Response%7CManage%20TDR%C2%A0Hosts%20and%20Host%20Sensors%7C_____0">Manage TDR Hosts and Host Sensors</a>.</p> <h2>Upgrade AD Helper</h2> <p>To check which version of AD Helper you run:</p> <ol><li>Log in to TDR.</li> <li>Select Devices &gt; AD Helper.<br /> The AD Helper version, installed host name, and last heartbeat time appear in the table.</li> </ol><p>To upgrade to the latest version of AD Helper:</p> <ol><li>Ensure that the AD Helper application is running and can successfully communicate with TDR. Your AD Helper should auto-update.</li> <li>If you have disabled auto-update, update the AD Helper manually: <ol><li>Log in to TDR.</li> <li>Select Devices &gt; AD Helper.</li> <li>Click the Update icon. <img src="/sites/default/files/tdr_spinner_icon.png" alt="TDR update icon" style="padding: .2em 0 .5em;" /></li> </ol></li> <li>If your AD Helper cannot communicate with TDR or cannot auto-update: <ol><li>Open the AD Helper UI and copy the domain information.</li> <li>Use the Windows Settings or Control Panel to uninstall AD Helper.</li> <li>Log in to TDR.</li> <li>Select Devices &gt; AD Helper.</li> <li>Follow the instructions to download and install AD Helper.</li> <li>Open the AD Helper UI and specify the domain information you copied in a previous step.</li> </ol></li> </ol><p>For more information on AD Helper, see <a href="https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdr_ad_helper_c.html">Install and Configure AD Helper</a>.</p> <p>Thank you and enjoy!</p> <p> </p> Fri, 05 Apr 2019 11:25:05 -0700 Ricardo Arroyo 34166 at https://www.watchguard.com Dimension 2.1.2 Now Available! https://www.watchguard.com/wgrd-blog/dimension-212-now-available <p>We are pleased to announce the availability of WatchGuard Dimension 2.1.2. This maintenance release is now available from the Software Downloads Center, together with release notes and update instructions. WatchGuard Dimension 2.1.2 updates DimensionOS for longer term OS support and fixes the Connectwise integration.  Other resolved issues include:</p> <ul><li>APT Malware Activity Trend schedule generates GAV Activity Trend report</li> <li>Renewal of self-signed web server certificate should be transparent to end user</li> <li>Dimension Server showing incorrect Server / Database Uptime status</li> <li>Dimension command Configuration History edits incorrect table entry</li> <li>Change Help link paths in Dimension from /11/ to /Help-Center/ </li> <li>Dimension PCI Compliance Report fails to be generated in Spanish Language</li> <li>GeoIP database update</li> <li>HIPAA Compliance Report missing IPS and GAV information</li> </ul><h2> </h2> <h2>Does this release pertain to me?</h2> <p>This release applies to all users of the WatchGuard Dimension network security visibility solution.  We highly recommend that any administrators using WatchGuard Dimension upgrade their solution to 2.1.2 to take advantage of the security improvements available in the release. </p> <h2> </h2> <h2>Software Download Center</h2> <p>Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.</p> Wed, 27 Mar 2019 12:18:07 -0700 Julian Matossian 33951 at https://www.watchguard.com Fireware 12.4 Beta Release https://www.watchguard.com/wgrd-blog/fireware-124-beta-release <p><strong>Fireware 12.4 Beta</strong><br /> We've just posted the latest update to our Fireware 12.4 Beta release. This release, which is available for all Firebox appliances, continues WatchGuard’s commitment to building out our SD-WAN roadmap. We’ve seen very positive reaction to the features that we introduced in 12.3, and there has been lots of great feedback on 12.4 in the Beta forum so far. Some of the key highlights in 12.4 include: </p> <ul><li>SD-WAN for VPN and Private Lines: Extends SD-WAN benefits to more than just external WAN connections, allowing organizations to cut back on expensive MPLS connections. You can now measure loss/latency/jitter on Virtual Interface VPNs and internal interfaces.</li> <li>DNSWatch in Bridge Mode: Full DNS security applied in our simplest deployment option where the Firebox does not act as a gateway. </li> <li>Syslog export to two servers: Simultaneously send logs to two different syslog servers. Enables export to third party SIEM and also a local syslog server for log retention.</li> <li>TLS 1.3 Support: Continued compliance and support for latest standards with full inspection of HTTPS traffic using TLS 1.3. </li> </ul><p>Full details on these and other features in Fireware 12.4 are available in the What’s New presentation, which is posted at the Beta site. We've been in Beta for a couple of months now, and we are getting close to a stable final release, but we'd like to hear from more people. </p> <p><a href="https://watchguard.centercode.com/key/Fireware_v12_4">Sign up</a> to participate in the Fireware 12.4 Beta program today if you are not already in the program.  </p> <p><strong>WatchGuard Beta Testing</strong><br /> By being a WatchGuard Beta tester, you get to see products in early stages of development, and your feedback will influence this release and the course of future products. Broad participation in our Beta programs also helps us to deliver high quality final releases. There are open Beta programs across 4 different product areas at the moment. You can always find out more at our <a href="https://www.watchguard.com/wgrd-support/beta-program">Beta program page</a>. If you've never joined a WatchGuard Beta program, this is a great time to jump in!</p> Wed, 13 Mar 2019 15:36:45 -0700 Brendan Patterson 33626 at https://www.watchguard.com Fireware 12.3.1 Maintenance Release https://www.watchguard.com/wgrd-blog/fireware-1231-maintenance-release <p><strong>Fireware 12.3.1 General Availability</strong><br /> We are pleased to announce the General Availability (GA) of Fireware 12.3.1 and WatchGuard System Manager 12.3.1. These are maintenance releases with significant bug fixes for the Fireware OS and WSM.  The <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_3_1/index.html">Release Notes</a> include the detailed list of resolved issues. Please read the Release Notes prior to upgrading. Note that Update 1 was posted shortly after the initial 12.3.1 posting to resolve an issue with Gateway Wireless Controller in the initial posting. </p> <p><strong>Does this release pertain to me?</strong><br /> Fireware 12.3.1 is available for all Firebox T and Firebox M appliances. The continued growth and expansion of the Fireware OS means it is no longer suitable for older generation appliances with more limited resources. Fireware 12.3.1 will not be available on any XTM appliances. WatchGuard is also planning to release 12.1.3 update 2 in early February to provide important bug fixes for XTM appliances.</p> <p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can obtain the Fireware 12.3.1 update without additional charge by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard Software Download Center</a>. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Mon, 04 Feb 2019 12:52:11 -0800 Brendan Patterson 32016 at https://www.watchguard.com WatchGuard Cloud Visibility now in public beta! https://www.watchguard.com/wgrd-blog/watchguard-cloud-visibility-now-public-beta <p>We are very excited to announce that WatchGuard Cloud Visibility is now in open beta! You are invited to join the beta for a pre-release view of what the platform will look like. Your feedback is valuable and will help shape important features, designs, and functionality. This is a significant release for us, so we are eager to hear what you think.</p> <p>Why WatchGuard Cloud Visibility? WatchGuard Cloud Visibility quickly distills your network data into actionable insights that you can access through its 100+ dashboards and reports, bringing the rich functionality of WatchGuard Dimension into the cloud. As a cloud-hosted service, it significantly reduces the time and money you spend to deploy and maintain infrastructure for on-premises network logging and reporting. </p> <p>We welcome you to connect your Fireboxes to WatchGuard Cloud Visibility and start exploring!</p> <p>To participate in the beta, please click the link below and follow the instructions provided</p> <p><a href="https://watchguard.centercode.com/key/WatchGuardCloudVisibilityBeta">https://watchguard.centercode.com/key/WatchGuardCloudVisibilityBeta</a></p> <p>The benefits of connecting your Firebox include:</p> <ul><li>Insightful, actionable network security information and insights</li> <li>No infrastructure to deploy</li> <li>High Performance and Scalability</li> <li>RapidDeploy from WatchGuard Cloud</li> <li>Multi-Tier/Multi-Tenant account structure</li> <li>Flexible Data Retention</li> <li>Automated Notifications and Alerts</li> <li>Simplified Role-based Access Control (RBAC)</li> <li>Intuitive User Interface</li> </ul><p>WatchGuard Cloud Visibility requires a Firebox T-series, M-series, Firebox V, and Firebox Cloud device, running Fireware 12.0 or higher. Logging to WatchGuard Cloud Visibility will not disrupt any logging you currently have setup to other destinations like Dimension.</p> <p>We look forward to hearing your feedback and using it to create an even better solution, catered specifically to your needs.</p> Tue, 11 Dec 2018 10:10:42 -0800 Julian Matossian 29056 at https://www.watchguard.com Fireware 12.3 General Availability https://www.watchguard.com/wgrd-blog/fireware-123-general-availability <p>We are pleased to announce the General Availability (GA) of Fireware 12.3 after a long Beta test period. WatchGuard now offers powerful SD-WAN capabilities right from the Firebox!  ​Fireware 12.3 introduces SD-WAN dynamic path selection, a key feature of SD-WAN products that allow midsize and distributed enterprises to improve network performance, simplify management, and ultimately reduce internet costs at the branch office.  Key hightlights of this release are:</p> <ul><li>New SD-WAN policy actions provide dynamic path selection, so admins can define the minimum acceptable performance levels for each connection, failing over when it drops below thresholds.</li> <li>Netflow export enables viewing of traffic flow information in third party tools like Paessler and SolarWinds. </li> <li>Integration with the Tigerpaw Professional Services Automation (PSA) tool. Partners can view Firebox asset and service status, with closed loop service desk ticketing. </li> <li>Geo-location policy actions. Users can now vary geolocation action based on policy, allowing for less strict rules for DNS and mail.</li> <li>Auto-save of backups to USB sticks enables faster recovery of systems with a local backup available on USB.</li> <li>IPv6 SSO – enables names not IP addresses in Dimension reports.</li> <li>WebBlocker UI updates including a global exception list to simplify the task of managing multiple webblocker actions on one or multiple Fireboxes. </li> </ul><p>Full details and many more enhancements  are covered in the <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-3.pptx">What's New in 12.3 </a>presentation, and there is also a recorded webinar of this content. Please read the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_3/index.html">Release Notes</a> prior to upgrading. </p> <p><strong>Does this release pertain to me?</strong><br /> Fireware 12.3 is available for all Firebox T and Firebox M appliances. The continued growth and expansion of the Fireware OS means it is no longer suitable for older generation appliances with more limited resources. Fireware 12.2.1 and subsequent releases will not be available on any XTM appliances. WatchGuard will continue to provide updates to the 12.1.x firmware versions to provide bug fixes and important security updates for XTM appliances.</p> <p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can obtain the Fireware 12.3 update without additional charge by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard Software Download Center. </a></p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Wed, 28 Nov 2018 14:07:19 -0800 Brendan Patterson 28766 at https://www.watchguard.com Fireware 12.2.1 is now available https://www.watchguard.com/wgrd-blog/fireware-1211-now-available-0 <p><strong>Fireware 12.2.1 General Availability</strong><br /> We are pleased to announce the General Availability (GA) of Fireware 12.2.1. Full details are covered in the <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-2-1.pptx">What's New in 12.2.1</a> presentation, and there is also a recorded webinar of this content. Key highlights of the release include:</p> <ul><li>​Backup and Restore features have been redesigned to provide a new UI with more options, making it more dependable on tabletop Fireboxes with lower available memory.</li> <li>WAN interface monitoring for Jitter, Latency, and Packet Loss enables admin to easily identify problematic WAN connections.  </li> <li>For partners with NFR appliances, WatchMode has been refactored for greater reliability. It now works with mirrored network traffic with VLAN tags. WatchMode enables monitoring of mirrored traffic from a switch, which is ideal for non-disruptive evaluations.</li> </ul><p>WSM 12.2.1 Update 1 is also available now, which is an update to the WSM 12.2.1 release to address a known issue. We recommend that any customers that installed WSM 12.2.1 in the last week upgrade to this release. Please read the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_2_1/index.html">Release Notes</a> prior to upgrading. </p> <p><strong>Does this release pertain to me?</strong><br /> Fireware 12.2.1 is available for all Firebox T and Firebox M appliances. The continued growth and expansion of the Fireware OS means it is no longer suitable for older generation appliances with more limited resources. Fireware 12.2.1 and subsequent releases will not be available on any XTM appliances. WatchGuard will continue to provide updates to the 12.1.x firmware versions to provide bug fixes and important security updates for XTM appliances.</p> <p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can obtain the Fireware 12.2.1 update without additional charge by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard Software Download Center</a>. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Mon, 17 Sep 2018 00:08:34 -0700 Brendan Patterson 27461 at https://www.watchguard.com Host Containment and Artificial Intelligence: New in TDR 5.5 https://www.watchguard.com/wgrd-blog/host-containment-and-artificial-intelligence-new-tdr-55 <h2>Host Containment</h2> <p>I am pleased to announce the availability of Threat Detection and Response 5.5. This release of TDR introduces a powerful new response capability, Host Containment, which enables operators to contain infected host machines. When a threat is identified, ThreatSync quickly moves to contain the host endpoint, preventing the spread of malware to other points in your network. The Host Containment feature also makes it possible to isolate machines when they are outside of your network, alleviating cases where an infected host returns “home” and unintentionally infects the network.</p> <p>If you are a customer or partner using TDR today, you already have access to TDR 5.5, and can begin using the feature immediately. <a href="https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdr_containment_c.html">To get started, visit the WatchGuard Help Center to learn how to configure host sensors, and establish containment policies.</a></p> <h2>Artificial Intelligence</h2> <p>TDR 5.5 also streamlines the advanced threat triage capability of ThreatSync, by introducing a new artificial intelligence engine to aid in the identification and classification of files. ThreatSync uses AI to automatically analyze combinations of features to determine if a file possesses suspicious characteristics, before sending the file for further analysis in APT Blocker. This prevents truly suspicious files from going undetected and allows you to identify real threats with more confidence.</p> <h2>Additional Included Features</h2> <ul><li>System tray notifications about relevant TDR events.</li> <li>The ability to pause protection when needed.</li> <li>Host Sensor auto-update control.</li> </ul><p>Want to get an early look at what’s next in TDR? <a href="/wgrd-support/beta-program">Join the WatchGuard Beta program today!</a></p> Thu, 13 Sep 2018 22:03:38 -0700 Julian Matossian 27411 at https://www.watchguard.com WebBlocker Server version 1.0 Available for Fireware 12.2 https://www.watchguard.com/wgrd-blog/webblocker-server-version-10-available-fireware-122 <p>WatchGuard is pleased to announce the release of a new standalone WebBlocker Server that replaces and upgrades the functionality previously provided in the legacy SurfControl service. The WebBlocker Server hosted on-premises now provides the same equivalent URL categories and database as the cloud hosted server which WatchGuard customers have been using since 2013.  </p> <p>The WebBlocker Server is available for VMware (v. 5.x.+) and Hyper-V (for Microsoft Windows 2008 R2, 2012, or 2012 R2 64-bit) and can be downloaded by customers with a WebBlocker subscription now, August 28, 2018.</p> <p>WatchGuard customers who use on-premises URL filtering today now have three options:</p> <ul><li>Upgrade to Fireware 12.2 or later and use the WebBlocker cloud service for URL filtering</li> <li>Upgrade to Fireware 12.2 or later and use WebBlocker Server, which is now available to download at software.watchguard.com</li> <li>Remain on current version of Fireware 12.1.x (or earlier) and leverage existing WebBlocker cloud service for URL filtering</li> </ul><p>WatchGuard is also announcing that the legacy SurfControl service will reach end of life on November 30, 2018. All URL lookups conducted against the SurfControl service after this date will return “uncategorized”. Customers can choose from one of the three migration options listed above.</p> <p>Note: XTM customers will not be able to upgrade to Fireware 12.2, but can still use Fireware 12.1.x or earlier.</p> <p>After the Fireware 12.2 release, support for these new features will be as follows:</p> <ul><li>On-premises WebBlocker Server will not be compatible with previous versions of Fireware 12.1.x</li> <li>WSM 12.2 will not be capable of managing SurfControl settings on devices that run 12.1.x or lower</li> </ul><p>This offering for a virtual WebBlocker server helps to serve customer environments where regulatory compliance or even ISP constraints inhibit the web connections that allow WebBlocker URL filtering to function as designed through the WatchGuard UTM. </p> <h2>How can I get started?</h2> <p>Qualifying Firebox M-series and T-series appliances with active Basic Security or Total Security Subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard <a href="https://watchguardsupport.secure.force.com/software/">Software Download Center</a>.</p> Thu, 30 Aug 2018 09:45:03 -0700 Arthur Gordon 26866 at https://www.watchguard.com DNSWatch Australian Resolvers https://www.watchguard.com/wgrd-blog/dnswatch-australian-resolvers <p>In order to better support our customers in Australia and New Zealand, we are pleased to announce the availability of a DNSWatch resolver in Sydney.</p> <p>Based upon your feedback and data collected from production DNSWatch, we identified a need for a resolver to service ANZ. Neither DNS nor content latency were within our target, so we have deployed this resolver to improve performance of any network protected by DNSWatch.</p> <p>No action is needed on your part. Any ANZ protected firebox will automatically use the Australian resolvers.</p> <p>Thank you for submitting your feedback and having patience with us as we improve our products globally. We hope that this improves your experience with the WatchGuard product line all while keeping you safer every day.</p> <div> <div> <div> </div> </div> </div> Wed, 29 Aug 2018 16:08:00 -0700 Todd O'Boyle 26826 at https://www.watchguard.com DNSWatch Introduces Protection Against DNS Rebinding Attacks https://www.watchguard.com/wgrd-blog/dnswatch-introduces-protection-against-dns-rebinding-attacks <p>Despite being around for many years, <a href="https://en.wikipedia.org/wiki/DNS_rebinding">“DNS Rebinding”</a> attacks have been <a href="https://medium.com/@brannondorsey/attacking-private-networks-from-the-internet-with-dns-rebinding-ea7098a2d325">making</a> <a href="https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/">headlines</a> <a href="https://www.wired.com/story/chromecast-roku-sonos-dns-rebinding-vulnerability/">recently</a>. Commodity devices (Chromecast, Roku, Sonos Speakers, and many other IoT devices) are potentially vulnerable, and while the popular ones have been patched, it’s hard to know if they all have.</p> <p>This trend, combined with direct feedback from other customers, has led us to build new protections into DNSWatch to address these types of attacks.</p> <p>You can enable the DNS binding protections in <a href="https://dnswatch.watchguard.com/settings/service/">your DNSWatch settings</a>. Once you enable the feature, it can take up to an hour to take effect due to DNS caching.</p> <p>When enabled, any responses that would normally contain an A record for a private IP address (192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/16) will instead result in an NXDOMAIN.</p> <p>To confirm the rebinding protection is enabled, you can look up `local.strongarm.io`. If rebinding is enabled, it will return `192.168.1.1`. If the rebinding protection is enabled, DNSWatch will return an NXDOMAIN.</p> <p>If you use an external nameserver to host intranet websites, you need to move those domains to an internal name server to protect them from DNS Rebinding attacks.</p> Thu, 23 Aug 2018 14:28:58 -0700 Todd O'Boyle 26786 at https://www.watchguard.com WatchGuard Dimension 2.1.1 Update 3 now available https://www.watchguard.com/wgrd-blog/watchguard-dimension-211-update-3-now-available <p>We are pleased to announce the availability of WatchGuard Dimension 2.1.1 Update 3.  This release is now available from the Software Downloads Center, along with release notes and update instructions.  WatchGuard Dimension 2.1.1 Update 3 resolves several performance and functionality issues, such as:</p> <ul><li>IPS Total Intrusions are double-counted in Subscription Service Dashboard</li> <li>Totals and Averages are now displayed on Health Summary Reports</li> <li>Angled brackets in email address break PDF report generation</li> <li>Executive Report Top Clients PDF Report showing incorrect graph value</li> <li>Changing the date in the calendar widget no longer automatically refreshes the current report</li> <li>Several database optimizations to reduce the time required to generate reports</li> </ul><p>For a full list of changes implemented as part of WatchGuard Dimension 2.1.1 Update 3, please refer to the release notes.</p> <p> </p> <h2>Does this release pertain to me?</h2> <p>This release applies to all users of the WatchGuard Dimension network security visibility solution.  We highly recommend that any administrators using WatchGuard Dimension upgrade their solution to 2.1.1 Update 3 to take advantage of the improvements available in the release.</p> <h2> </h2> <h2>Software Download Center</h2> <p>WatchGuard Dimension administrators can obtain this update by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard Software Download Center</a>.</p> <p> </p> <h2>Contact</h2> <p>For Sales or Support questions, you can find <a href="https://www.watchguard.com/wgrd-about/contact">phone numbers for your region online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Wed, 08 Aug 2018 14:57:45 -0700 Jason Vendramin 26586 at https://www.watchguard.com Fireware 12.2 is now available https://www.watchguard.com/wgrd-blog/fireware-122-now-available <p><strong>Fireware 12.2 is now available</strong><br /> Arthur posted earlier this week about the exciting new <a href="/wgrd-blog/intelligentav-available-fireware-122">AI technology that is now available in the Fireware 12.2</a> release with the new IntelligentAV service. But let’s not forget that this release includes many other new features. Many of the Beta testers had very positive feedback about the new ability to configure Geo-Blocking by Policy. Users can now set granular policies to restrict certain traffic types to or from specific countries. Other key highlights in Fireware version 12.2 include:</p> <ul style="padding-bottom:1em;"><li><strong>Firebox Cloud Management Upgrades:</strong> WatchGuard System Manager for management of multiple Firebox Cloud instances hosted on Amazon Web Services or Microsoft Azure.</li> <li><strong>TLS Proxy Protocols:</strong> Enables proxy and malware inspection for the POP3S and SMTPS (or POP3 and SMTP over TLS) mail retrieval protocols.</li> <li><strong>WebBlocker:</strong> Adds the ability to generate alerts by categories (for example, weapons, militancy and extremism).</li> <li><strong>Multiple Server Certificates:</strong> Users can now host multiple different servers and applications behind a single Firebox, each with their own proxy certificate.</li> </ul><p>You can find full details about this release in the <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-2.pptx">What’s New presentation</a> and <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_2/index.html">Release Notes</a>. Please review the Release Notes carefully before upgrading.</p> <p><strong>Does this release pertain to me?</strong><br /> Fireware 12.2 is available for all Firebox T and Firebox M appliances. The continued growth and expansion of the Fireware OS means it is no longer suitable for older generation appliances with more limited resources. Fireware 12.2 and subsequent releases greater than 12.2 will not be available on any XTM appliances. WatchGuard will continue to provide updates to the 12.1.x firmware versions to provide bug fixes and important security updates for XTM appliances.  </p> <p><strong>Software Download Center</strong><br /> Firebox appliance owners with active support subscriptions can obtain the Fireware 12.2 release without additional charge by downloading the applicable packages from the WatchGuard <a href="https://watchguardsupport.secure.force.com/software/">Software Download Center</a>. Or simply use the WebUI to directly upgrade your firebox.</p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> <p> </p> Wed, 08 Aug 2018 09:31:05 -0700 Brendan Patterson 26591 at https://www.watchguard.com IntelligentAV is Available for Fireware 12.2 https://www.watchguard.com/wgrd-blog/intelligentav-available-fireware-122 <p>Fileless malware and zero-day exploits are some of the most devastating threats facing small and midsize enterprise organizations today. WatchGuard IntelligentAV service provides an additional signature-less, antivirus engine to defend users against such threats and further augment the award-winning WatchGuard cybersecurity portfolio.</p> <p>IntelligentAV brings more than just supervised machine learning pre-processing, or data-mining to WatchGuard’s expanding security stack, this is the first addition of machine learning directly to a network security platform. As opposed to other solutions that see a co-mingling of signature-based antivirus solutions, the WatchGuard Unified Threat Management (UTM) platform uses two forms of anti-malware scanning at the network layer: (1) signature-based behavioral detection (Gateway AntiVirus) and (2) machine-learning-based detection with IntelligentAV. This composition of dual anti-virus engines on a network gateway appliance is a transformational push to attack the rise of increasingly evasive malware that tends to bypass signature based detection.</p> <p>The IntelligentAV platform was designed over a multi-year period, analyzing 1 billion+ file samples (including Microsoft Office documents, portable executables, PDFs, and Mach-O files, etc.), 20+ PB of storage, and thousands of CPU cores to develop a pure machine-learning AV engine that encompasses the following algorithms and neural network approaches:</p> <ul><li>Logistic Regression</li> <li>Decision Tree Analysis</li> <li>LSTM Neural Network</li> <li>Convolution Neural Network</li> <li>K-Means</li> <li>DBSCAN Clustering</li> </ul><p>These algorithms have not only demonstrated academic success in the research field of computer-aided artificial intelligence, but have also been proven in industries that focus on identifying consumer behavior, image classification in gaming, as well as computationally intensive tasks, that were exclusively the domain of room-filling supercomputers and/or humans.</p> <p>Given the climate of increasingly sophisticated cyber penetration tools and file obfuscation tools used by malicious online actors, WatchGuard is proud to deliver IntelligentAV as another crucial component of the UTM and continue to lead the industry in protection for enterprises large and small.</p> <h2>How can I get started?</h2> <p>Qualifying Firebox M-series appliances with active Total Security Subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center for Fireware 12.2.</p> Mon, 06 Aug 2018 09:09:41 -0700 Arthur Gordon 26406 at https://www.watchguard.com Now Available: Firebox M270 https://www.watchguard.com/wgrd-blog/now-available-firebox-m270 <p><strong>New Firebox M270 is the fastest entry level rack mount appliance</strong><br /> It's a busy time with new product launches at WatchGuard! Alex posted last week about the new <a href="/wgrd-blog/authpoint-watchguard-clouds-mfa-service-here">Authpoint</a> multi-factor authentication (MFA) product, and today I'm excited to announce the release of our newest Unified Threat Management (UTM) appliance. The M270 replaces the M200 as WatchGuard’s smallest rack-mounted Firebox, and it runs all of the security services offered in WatchGuard’s Total Security Suite. This includes the new IntelligentAV AI-based antivirus service which is now available in the new Fireware® version 12.2, as well as DNSWatch and Access Portal, which were introduced in the last year. Watch this blog for more detailed posts about IntelligentAV and Fireware 12.2 in the coming days. </p> <p><strong>Validated by Miercom</strong><br /> According to independent testing by Miercom, the M270 becomes the industry’s fastest entry-level rack-mounted appliance when running full UTM services, outperforming competitive products by up to 82%. Full details of this testing are available in the complete <a href="/wgrd-resource-center/miercom-high-performance-verification-report-m270">Miercom report</a>, which is available to download at the WatchGuard website. Another appliance in the WatchGuard mid-range family, the Firebox M670 recently achieved the Recommended rating from <a href="https://www.nsslabs.com/company/news/press-releases/nss-labs-announces-2018-next-generation-firewall-group-test-results/" target="_blank">NSS Labs</a> in their annual next generation firewall group test.</p> <p><strong>Product Details</strong><br /> Key specs for the M270 are:</p> <ul><li>Intel Atom processors with QuickAssist Technology (QAT)</li> <li>4 Gb RAM Memory</li> <li>8 1 Gb Ethernet ports</li> <li>Recommended in environments with up to 60 users</li> </ul><p>Complete product details are available at the <a href="/wgrd-products/rack-mount/firebox-m270-m370">M270 web page</a> or in the <a href="https://p.widencdn.net/6v7dia/Datasheet_M270_M370" target="_blank">M270 datasheet</a>. </p> <p> </p> Thu, 02 Aug 2018 11:18:17 -0700 Brendan Patterson 26366 at https://www.watchguard.com TDR 5.4 is now available https://www.watchguard.com/wgrd-blog/tdr-54-now-available <p>TDR 5.4 introduces two new features to improve management and security basics.</p> <p>First up, this release includes a new Account Reset feature that enables Admins to reset any or all elements of a TDR configuration to default settings and remove domains, devices, and indicators from your TDR account. This feature is helpful when wanting to start from a “factory default” state or even when wanting to have a clean environment when conducting POCs or providing product demos. From a GDPR compliance perspective, this feature enables Admins to ensure organizations who want to exercise their right to be forgotten that they will be fully removed from the platform.</p> <p>Additionally, this release brings a simple but necessary security feature around hardening of the Host Sensor. Regardless of how Admins and IT Departments configure their users’ laptops and workstations – i.e., providing user Admin rights or not – TDR enables Admins to directly protect the Host Sensor. TDR now provides functionality – regardless of system permissions – to control whether or not the Host Sensor can be modified or uninstalled.</p> <p>Both of these new features can be centrally configured via the TDR portal. </p> Fri, 22 Jun 2018 08:55:21 -0700 Julian Matossian 25051 at https://www.watchguard.com Threat Detection and Response AD Helper 5.3.x and older End of Life https://www.watchguard.com/wgrd-blog/threat-detection-and-response-ad-helper-53x-and-older-end-life <p>In line with WatchGuard’s commitment to maintain the highest security standards for our customer data, Threat Detection and Response (TDR) will discontinue the use of TLS 1.0. Beginning on 20 June 2018, versions of the AD Helper lower than 5.4.0 will no longer communicate with TDR. To ensure your AD Helper continues to function as expected please upgrade to version 5.4.0 or higher prior to 20 June 2018.</p> <p>The AD Helper keeps TDR synchronized with your local Active Directory. Hosts added or removed from your Active Directory Domain will be added or removed from TDR as periodic synchronization actions are performed. TDR also uses the AD helper to perform Host sensor installations over Windows file shares.  In the event your AD Helper does not upgrade you will lose remote installation and Active Directory synchronization capabilities. </p> <p>For a majority of users that have the AD Helper running constantly, your AD helper will have already updated itself automatically. If you use the AD Helper infrequently, restart it before 20 June so that it can connect and automatically download and install the update. See below for instructions on how to check the version of your AD Helper and how to manually update it.</p> <p>To check what version of the AD Helper you are running:</p> <ol><li>Log into TDR</li> <li>Browse to Devices -&gt; AD Helper</li> <li>The version, installed hostname, and last heartbeat time is available in the table.</li> </ol><p>To upgrade to the latest version of the AD Helper:</p> <ol><li>Ensure the AD Helper application is running and successfully communicating with TDR. Your AD Helper should auto-update.</li> <li>In the event your Ad Helper is not Communicating or cannot auto-update.<br /><br /><ol><li>Open up the AD Helper UI and copy the Domain information for re-entering later</li> <li>Uninstall the AD Helper using Windows Settings/Control Panel</li> <li>Log into TDR</li> <li>Browse to Devices -&gt; AD Helper</li> <li>Follow the instructions to Download and install the AD Helper</li> <li>Open up the AD Helper UI and re-enter in the Domain information.</li> </ol></li> </ol><p>For more information on the AD Helper please click <a href="https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/tdr/tdr_ad_helper_c.html">here</a>. Thank you and enjoy!</p> Mon, 04 Jun 2018 10:58:50 -0700 Ricardo Arroyo 24961 at https://www.watchguard.com New maintenance release - Fireware 12.1.3 is now available https://www.watchguard.com/wgrd-blog/new-maintenance-release-fireware-1213-now-available <p><strong>Fireware 12.1.3 General Availability</strong><br /> We are pleased to announce the General Availability (GA) of Fireware 12.1.3 and WSM 12.1.3. These maintenance releases don't include new features, but they provide resolution to many issues that have been reported by customers. WatchGuard partners and customers should review the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_1_3/index.html">Release Notes</a> to see a full list of fixed issues prior to upgrading. </p> <p><strong>New Features now in Beta in Fireware 12.2</strong><br /> Interested in new features? Help us test the next release of Fireware!  We have Fireware 12.2 in Beta now, and this new release adds some excellent new capabilities:</p> <ul><li>A second Artificial Intelligence based malware scan on rackmount appliances</li> <li>Redundant SSO agents</li> <li>Geolocation rules by policy</li> </ul><p><a href="https://watchguard.centercode.com/key/v12_2_Beta">Click Here</a> to sign up for the Beta program now and to learn more about the many new features.  </p> <p><strong>Does this release pertain to me?</strong><br /> The Fireware 12.1.3 maintenance release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, XTM 505, 510, 520, and 530 which have reached the End of Life. Firebox 12.2 is only available for Firebox appliances. </p> <p><strong>Reminder: AV Signatures ending for 11.x releases</strong><br /> WatchGuard announced last July that we would end support for AV signatures for the older AVG engine in Fireware 11.x by April 15th 2018. WatchGuard may continue to deliver some signature updates for 11.x firmware versions for a few more weeks, but frequency will decline and security efficacy will not be guaranteed to the same levels as 12.x firmware.  Customers must upgrade to a 12.x version of Fireware to receive the signature updates for protection against the latest threats and to maintain adequate defense against malware using the GAV service. </p> <p><strong>Software Download Center</strong><br /> Firebox and XTM appliance owners with active support subscriptions can obtain the Fireware 12.1.3 update without additional charge by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard Software Download Center</a>. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find <a href="/wgrd-about/contact">phone numbers for your region online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Tue, 29 May 2018 11:02:36 -0700 Brendan Patterson 24851 at https://www.watchguard.com TDR: Planned Service Interruption https://www.watchguard.com/wgrd-blog/tdr-planned-service-interruption <p><strong>When:</strong></p> <ul><li><strong>Europe: </strong>Friday, May 18, 2018 at 3:00AM GMT</li> <li><strong>Americas &amp; APAC: </strong>Saturday, May 19, 2018 at 10:00PM EDT</li> </ul><p> </p> <p><strong>Maintenance Window:</strong> 5 hours</p> <p><strong>Expected Impact/Duration:</strong> 2-3 hours<br /> During these maintenance windows, the TDR user interface, configuration, detection, and response will be unavailable in their respective regions. If HRP was configured to Prevent prior to the planned service interruption, your Host Sensor will continue to protect against ransomware.</p> <p><strong>Contact Information</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact?mkt_tok=eyJpIjoiWWpZMFltRTNOR0UyWkRaaSIsInQiOiJNMWVseUhrZ1Z3NjhTNzFOTFBPZ25tbmFrVktXcnhjcHU1TUlFMzFEZXpqcDBqamJqdm54MDlsckRib2FVd2FVVitSSVJWV2NUdjBucktmZUt6MER2SmNNTlwvUno0NGVBdE1xVkpwWCtSOFU9In0%3D">online</a>.</p> Wed, 09 May 2018 14:07:26 -0700 Julian Matossian 24461 at https://www.watchguard.com Fireware 12.1.1 is now available https://www.watchguard.com/wgrd-blog/fireware-1211-now-available <p><strong>Fireware 12.1.1. General Availability</strong><br /> We are pleased to announce the General Availability (GA) of Fireware 12.1.1 and WSM 12.1.1.  Key highlights include: </p> <ul><li>Support for the new DNSWatch security service, as announced by <a href="/wgrd-blog/dnswatch-now-available">Todd in his blog post earlier this week</a>.</li> <li>Adding more options for Dynamic DNS providers</li> </ul><p>WatchGuard partners and customers should review the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_1_1/index.html">Release Notes</a> and <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-1-1.pptx">What’s New</a> presentations prior to upgrading. </p> <p><strong>Does this release pertain to me?</strong><br /> The Fireware release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, XTM 505, 510, 520, and 530 which have reached the End of Life.</p> <p><strong>Reminder: AV Signatures ending for 11.x releases</strong><br /> As first announced last July, WatchGuard will begin to discontinue support for AV signatures for the older AVG engine in Fireware 11.x by <strong>April 15th 2018</strong>. To receive the signature updates for protection against the latest threats and maintain adequate defense against malware using the GAV service, customers must upgrade to a 12.x version of Fireware. After April 15th, WatchGuard may continue to deliver some signature updates for 11.x firmware versions for a few months, but frequency will decline and security efficacy will not be guaranteed to the same levels as 12.x firmware.</p> <p><strong>Software Download Center</strong><br /> Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard Software Download Center</a>. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find <a href="/wgrd-about/contact">phone numbers for your region online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Fri, 13 Apr 2018 10:06:09 -0700 Brendan Patterson 24211 at https://www.watchguard.com DNSWatch is Now Available https://www.watchguard.com/wgrd-blog/dnswatch-now-available <p>Phishing is one of the greatest threats facing small and midsize enterprise organizations today. WatchGuard DNSWatch service provides additional security to protect users at the DNS level, and adds a layer to RED and WebBlocker capabilities to block malicious connections on all ports and protocols – including those necessary during a phishing attack. </p> <p>Moreover, DNSWatch increases an organization’s resilience to phishing through end-user education. When an end-user clicks on an email or link that DNSWatch has identified as a phishing attempt, they are redirected to a game that educates them on the warning signs of a phishing attacks and gives them an action to take. This is an outstanding opportunity to reinforce any phishing education programs you have. Maybe you’d like the clicker to come talk to you or their boss. Maybe you should ask them to forward on the phish they just clicked on for tracking by your security team. Regardless, DNSWatch increases engagement you have with your users and we believe this is a key attribute of a mature phishing protection program.</p> <p>Once the attack is stopped, DNSWatch is just getting started.</p> <p>When a user is protected, the DNSWatch analysis team triages critical alerts, combining our intelligence and expertise to create a plain language analysis so that the “what and how” of an attack is quickly understood. Most small and midsize enterprises (or small service providers) don’t have resources for more security staff to manage this analysis themselves - the DNSWatch analysis team helps address this.</p> <table width="678"><tbody><tr><td width="172"> <p><strong>Name/Description</strong></p> </td> <td width="505"> <p><strong>Benefit(s)</strong></p> </td> </tr><tr><td width="172"> <p>DNS Based Protection</p> </td> <td width="505"> <p>Leveraging DNS-level detection provides an additional layer of security to identify and stop malware infections. Malicious DNS requests are automatically detected and blocked, redirecting users to a safe page instead of the attacker.</p> </td> </tr><tr><td width="172"> <p>100% Cloud-based</p> </td> <td width="505"> <p>100% cloud-based and requiring no client-side configuration makes deploying DNSWatch a breeze to configure and manage, saving time and money.</p> </td> </tr><tr><td width="172"> <p>End-user Education</p> </td> <td width="505"> <p>Educating end users is the IT admin’s first line of defense in protecting their organization. With DNSWatch, when a user clicks on a phish, they are automatically redirected to a safe page. This page offers education and games to reinforce the warning signs of a phishing attack.</p> </td> </tr><tr><td width="172"> <p>Personal Touch</p> </td> <td width="505"> <p>Personal touch provides IT managers and MSSPs details of infections detected and blocked by the service. No need to spend hours combing through logs or researching an alert as it comes through. With this service, MSSPs can easily show new value to customers without requiring an army of security analysts. </p> </td> </tr></tbody></table><p> </p> <h2>How Do I Get Started?</h2> <p>DNSWatch is available as part of the Total Security Suite package. Subscribers will need to upgrade to Fireware 12.1.1 and simply enable DNSWatch with the tick of a box. See our <a href="https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/services/dnswatch/dnswatch_about_c.html?Highlight=dnswatch">detailed instructions</a> to get started.</p> <p>DNSWatch will take five minutes to set up, identify any malware operating on your networks, and then go into phishing protection mode. Sit back and relax while our team does the work for you.</p> Mon, 09 Apr 2018 13:54:50 -0700 Todd O'Boyle 24161 at https://www.watchguard.com Email Notifications come to TDR https://www.watchguard.com/wgrd-blog/email-notifications-come-tdr <p>We are delighted to announced that Threat Detection and Response now has email notifications. Specifically, ThreatSync now includes email alerts and notifications to let you know when a threat indicator or incident has been detected, as well as if the threat has been remediated from the network or endpoint.</p> <p>Threat Detection and Response is the only threat correlation and scoring solution that provides fully configurable email alerting for both network and endpoint security events as well as for remediations. This alleviates the need for IT admins and MSPs to have the TDR dashboard opened and monitored at all times. Customers and Partners can now be fully aware of what ThreatSync is detecting and remediating without being in the dashboard, freeing them up to do other things.</p> <p>To learn more, please visit:  <a href="/wgrd-products/security-services/threat-detection-and-response">Threat Detection and Response</a></p> Thu, 29 Mar 2018 22:56:40 -0700 Julian Matossian 23851 at https://www.watchguard.com Firebox Cloud now available in Azure marketplace https://www.watchguard.com/wgrd-blog/firebox-cloud-now-available-azure-marketplace <p>We are pleased to announce that Firebox Cloud is now available in the <a href="https://azuremarketplace.microsoft.com/">Microsoft Azure marketplace</a>, after the conclusion of a two month Beta test period. Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Azure.</p> <p>Firebox Cloud in Azure uses the Bring Your Own License (BYOL) model. It uses the same Firebox Cloud SKUs and pricing that were released with the launch of <a href="/wgrd-blog/now-available-watchguard-firebox-cloud-aws-and-fireboxv">Firebox Cloud on AWS in April 2017</a>. Small, Medium, Large and X-Large model types are available, along with the usual options for Support only, Basic, and Total Security Suite.</p> <p>Note that WSM is not yet available for Firebox Cloud, but we have been working on that over the past couple of months and we expect to have it in Beta by late next week. This will also include support for SSO in Firebox Cloud. </p> Thu, 08 Mar 2018 18:27:45 -0800 Brendan Patterson 21986 at https://www.watchguard.com Recent WebBlocker Issue in Europe https://www.watchguard.com/wgrd-blog/recent-webblocker-issue-europe <p><strong>WebBlocker Incident Report</strong><br /> Users of the WebBlocker service in Europe experienced an outage late Thursday night that lasted into Friday morning, January 25 – 26, 2018. WatchGuard has worked closely with our partner Forcepoint over the last few days to analyze the failure and to put processes in place to ensure that events like this do not happen again. We are sharing details here so our partners and users are confident that we have addressed this issue.</p> <p><strong>Background</strong><br /> WebBlocker uses the Forcepoint ThreatSeeker Cloud URL database for web categorization, which is hosted in their ThreatSeeker Cloud Service. The URL database is hosted at 5 different locations around the world. The Firebox selects the appropriate location of the service based on the location of the DNS server that it uses. Unfortunately, there was an outage at the UK server last week that affected HTTPS lookups and led to our service outage. With Fireware version 12.0, WatchGuard switched to using the more secure HTTPS instead of HTTP for web category lookups, so only customers running Fireware version 12.0 or later were affected. Customers all over Europe use the UK server.</p> <p><strong>Incident Summary &amp; Root Cause Analysis</strong></p> <ul><li>Incident start time: Thursday January 25 2018 20:49 UTC</li> <li>Incident end time: Friday January 26 2018 08:35 UTC.</li> <li>Root Cause: As part of routine maintenance of firewall infrastructure in Heathrow (A) the active Virtual IP for the ThreatSeeker Cloud service was moved to another firewall device. During this process, the firewall for the HTTPS ThreatSeeker Cloud service did not start correctly on the new device. As a result, the ThreatSeeker cloud server in the UK was not accepting HTTPS lookups, causing our service to fail. The unavailability of the HTTPS ThreatSeeker Cloud service in Heathrow (A) was not immediately detected by WatchGuard. Sufficient monitoring was not in place to check for responses to both HTTP and HTTPS requests.</li> <li>Customer Impact: Users who have the server timeout in WebBlocker configured to deny access would have lost internet connectivity during this period. Users with the alternative “fail open” setting would have seen web connections allowed but no categorization would have been provided. </li> <li>Incident Tracking: Fireboxes were unable to connect to Heathrow London aka UK (A) ThreatSeeker Cloud service using HTTPS. The incident is tracked on the Forcepoint Cloud status page at <a href="https://status.forcepoint.net">https://status.forcepoint.net/</a> in the ThreatSeeker Cloud section. <br />  </li> </ul><p><strong>Process Updates</strong><br /> Forcepoint has increased monitoring from both HTTP and HTTPS connections to all ThreatSeeker servers around the world.  WatchGuard is also planning to put more monitoring in place to supplement the Forcepoint efforts.  WatchGuard and Forcepoint have reviewed our support escalation procedures and initiated a process to immediately elevate critical network impacting issues so they get immediate attention.</p> <p>The new and enhanced monitoring, combined with more streamlined support processes, will ensure this type of incident does not occur again, as well as better and faster escalations should any future issues occur.</p> <p>On behalf of WatchGuard, we apologize for any inconvenience this has caused our partners and customers.</p> <p> </p> Wed, 31 Jan 2018 12:56:30 -0800 Brendan Patterson 20751 at https://www.watchguard.com Coming Soon! - Fireware 12.1.1 Beta with DNSWatch https://www.watchguard.com/wgrd-blog/coming-soon-fireware-1211-beta-dnswatch <p><strong>UPDATE:</strong> Fireware v12.1.1 beta is scheduled for February 8, 2018 release. At the time of the original post, February 2, 2018 was the previously scheduled date.</p> <p><strong>Fireware 12.1.1 and DNSWatch</strong><br /> Recently WatchGuard announced the acquisition of Percipient Networks, a developer of an easy-to-deploy, security-focused Domain Name System (DNS) service, previously known as Strongarm. We're excited to announce that the first step in the integration of their solution will take place this week when we release the Fireware 12.1.1 Beta. The new service, DNSWatch, monitors outbound DNS requests and blocks traffic to websites based on a list of known malicious domains. </p> <p>More than just a filter, DNSWatch was architected to facilitate maximum user and IT admin education. Rather than just blocking traffic to potentially malicious sites, the service redirects users to a ‘blackhole’ where additional information about the attack is collected, and the user is presented with educational materials aimed at preventing future attacks. Just like APT Blocker, the service will be super simple to configure just by checking a box. We'll take care of the necessary DNS forwarding and Dynamic DNS for changing IP addresses. </p> <p><strong>Sounds great, where do I get it? </strong><br /> This will be a public Beta, open to all users and we expect it to be available to all by Feb 2nd. If you have not participated in a WatchGuard Beta before, you can sign up at our support page. We'll also email all previous Beta testers about the new opportunity. We'll have more information about the service and some other features in 12.1.1 at the Beta site. </p> <p><strong>How do I get a license? </strong><br /> This week, we will add the service to the feature key of all Not for Resale (NFR) units used by our partners, so we expect to see some great Beta participation from our partner community. Users that wish to participate in the Beta of the new DNSWatch service can use the free trial option that is now available at the product details page for all Firebox appliances. Before we GA Fireware 12.1.1 in mid-March, we will add DNSWatch to the feature key for all appliances with a current TotalSecurity Suite. </p> <p>Remember that we are still a couple of days away from the Beta. Please don't contact WatchGuard yet about getting software or feature keys in the NFR. </p> <p>Regards,</p> <p>- Brendan</p> Mon, 29 Jan 2018 19:36:21 -0800 Brendan Patterson 20731 at https://www.watchguard.com WatchGuard Dimension 2.1.1 Update 2 now available https://www.watchguard.com/wgrd-blog/watchguard-dimension-211-update-2-now-available <p>We are pleased to announce the availability of WatchGuard Dimension 2.1.1 Update 2. This maintenance release is now available from the Software Downloads Center, together with release notes and update instructions. WatchGuard Dimension 2.1.1 Update 2 addresses several frequently reported issues and introduces some security enhancements, including:</p> <ul><li> <p>APT content names with reserved characters would cause PDF reports to fail</p> </li> <li> <p>Log Collector issue that caused incorrect logging status to be displayed for devices</p> </li> <li> <p>Log Collector process unexpectedly restarts due to large number of simultaneous connections</p> </li> <li> <p>Backup locations are now clearly indicated using sftp:// URLs instead of local mount points</p> </li> <li> <p>Dimension SSH service now correctly rejects weak ciphers</p> </li> </ul><p> </p> <h2>Does this release pertain to me?</h2> <p>This release applies to all users of the WatchGuard Dimension network security visibility solution.  We highly recommend that any administrators using WatchGuard Dimension upgrade their solution to 2.1.1 Update 2 to take advantage of the security improvements available in the release. </p> <p> </p> <h2>Software Download Center</h2> <p>Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard Software Download Center</a>.</p> <p> </p> <h2>Contact</h2> <p>For Sales or Support questions, you can find <a href="https://www.watchguard.com/wgrd-about/contact">phone numbers for your region online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Wed, 20 Dec 2017 14:46:16 -0800 Jason Vendramin 20081 at https://www.watchguard.com Fireware 12.1 Now Available https://www.watchguard.com/wgrd-blog/fireware-121-now-available <p>We are pleased to announce the new release of Fireware 12.1 and WSM 12.1! These significant new releases are now available for download from the software download center. The highlight of Fireware 12.1 is the Access Portal, a clientless application portal that is available for SSO integration for cloud assets and internal resources via RDP and SSH. With the rate and notoriety of recent cybersecurity incidents involving compromised personal information, the marketplace for web-based authentication solutions continues to grow at a Compound Annual Growth Rate upwards of 10%.<sup>1</sup> The Access Portal is uniquely positioned to integrate into existing authentication markets to provide a clientless experience while encouraging strong authentication with existing SSO vendors or even providing MFA access (i.e. Google Authenticator, etc.) to the portal itself.</p> <p>The release of Fireware 12.1 adds a bevy of networking, VPN and proxy improvements that allow the network administrator to focus on the network without compromising security:</p> <ul><li>BoVPN over TLS provides an alternative to IPSec for site to site VPNs;</li> <li>Mobile VPN w/ IKEv2 enables support for native VPNs on mobile operating systems including Mac, Windows, iOS, and Android</li> <li>USB modem interface enabled to deliver physical interface features such as Multi-WAN enablement, traffic management</li> <li>New IMAPS proxy, HTTPS domain software exclusion list, and WebBlocker UI improvements</li> <li>Gateway Wireless Controller developed with band steering capability and additional passphrase protections</li> </ul><p> </p> <h2>Does this release pertain to me?</h2> <p>The Fireware release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, XTM 505, 510, 520, and 530 which have reached the End of Life.</p> <h2>Software Download Center</h2> <p>Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.</p> <h2>Contact</h2> <p>For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> <p> </p> <p><sup>1</sup><small><a href="https://www.forrester.com/report/Forrester+Data+Identity+And+Access+Management+Software+Forecast+2016+To+2021+Global/-/E-RES137200">https://www.forrester.com/report/Forrester+Data+Identity+And+Access+Management+Software+Forecast+2016+To+2021+Global/-/E-RES137200</a></small></p> Mon, 18 Dec 2017 09:55:49 -0800 Arthur Gordon 19926 at https://www.watchguard.com Fireware 12.0.2 is now available https://www.watchguard.com/wgrd-blog/fireware-1202-now-available <p><strong>Fireware 12.0.2 General Availability</strong><br /> We are pleased to announce the General Availability (GA) of Fireware 12.0.2 and WSM 12.0.2 today. These releases, which are now available at the software download center, resolve several issues that had been reported from the field. Since these are maintenance releases, there are no new features included. Please review the <a href="http://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_0_2/index.html">Release Notes</a> for a comprehenisve list of issues that are addressed. Notable highlights include: </p> <ul><li>A fix for an issue that caused some websites to fail to load correctly when using Microsoft Internet Explorer 11 or Edge browser.</li> <li>An option to mitigate the <a href="https://www.watchguard.com/wgrd-blog/krack-update-protecting-unpatched-devices">KRACK WPA2</a> vulnerability for client connections to wireless Fireboxes. </li> </ul><p>WatchGuard partners and customers should review the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_0_2/index.html">Release Notes</a> and <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-0-2.pptx">What’s New presentations</a> prior to upgrading. </p> <p><strong>Does this release pertain to me?</strong><br /> The Fireware release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, XTM 505, 510, 520, and 530 which have reached the <a href="https://www.watchguard.com/wgrd-resource-center/end-of-life-policy">End of Life</a>.</p> <p><strong>AV Signatures in 11.x releases</strong><br /> WatchGuard will discontinue support for AV signatures for the older AVG engine in Fireware 11.x by April 2018. Customers with active Gateway Antivirus subscriptions should update to a 12.x release before then. </p> <p><strong>Software Download Center</strong><br /> Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard Software Download Center.</a> </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find <a href="https://www.watchguard.com/wgrd-about/contact">phone numbers for your region online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Mon, 04 Dec 2017 13:36:41 -0800 Brendan Patterson 19586 at https://www.watchguard.com Fireware 12.0.1 is now available https://www.watchguard.com/wgrd-blog/fireware-1201-now-available <p><strong>Fireware 12.0.1 General Availability</strong><br /> We are pleased to announce the General Availability (GA) of Fireware 12.0.1 and WSM 12.0.1 today, along with updates for the Access Point firmware. These releases provide fixes for many reported issues and include some significant security updates. Key highlights: </p> <ul><li>Patches previously announced in the <a href="https://www.watchguard.com/wgrd-blog/krack-update-protecting-unpatched-devices">blog post on KRACK WiFi vulnerabilities</a>, including a new feature to mitigate against the vulnerability in unpatched clients. </li> <li>Streamlined some UI options for Gateway Antivirus to reflect the new capabilities of the new AV engine that we included in the <a href="https://www.watchguard.com/wgrd-blog/fireware-120-now-available">12.0 release in September.</a> </li> <li>A new simple option to enable Support access to the appliance, which will cut down on the time required for support calls, and lead to a smoother experience when customers need to work with support. </li> </ul><p>WatchGuard partners and customers should review the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_0_1/index.html">Release Notes</a> and <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-0-1.pptx">What’s New</a> presentations prior to upgrading. </p> <p><strong>Does this release pertain to me?</strong><br /> The Fireware release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, which are now End of Life (EOL), and XTM 505, 510, 520, and 530 which are EOL in December of this year.</p> <p><strong>AV Signatures in 11.x releases</strong><br /> Previously WatchGuard had announced that we would discontinue support for AV signatures for the older AVG engine in Fireware 11.x by January 2018. This support will now be extended until April 2018.</p> <p><strong>Software Download Center</strong><br /> Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the <a href="https://watchguardsupport.secure.force.com/software/">WatchGuard Software Download Center.</a> </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can <a href="https://www.watchguard.com/wgrd-about/contact">find phone numbers for your region online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Tue, 31 Oct 2017 08:09:31 -0700 Brendan Patterson 17946 at https://www.watchguard.com Now Available: TDR 5.1 with APT Blocker Built-in https://www.watchguard.com/wgrd-blog/now-available-tdr-51-apt-blocker-built <p>We’re thrilled to announce the general availability of Threat Detection and Response (TDR) 5.1, which includes some great new features that enhance both detection and response to threats as well as the overall user experience when testing new features. This release further increases the value of both TDR and the Total Security Suite, enabling users to more broadly identify threats across their network and respond to them in real-time.</p> <p>This release of TDR includes two new key features:</p> <ul><li><strong>APT Blocker</strong><br /> With this release TDR can now directly triage suspicious files discovered by a Host Sensor by sending them to APT Blocker for further analysis. The submitted files undergo deep analysis for APT activity in a sandbox environment at a Lastline cloud-based data center. If evidence of malware activity is discovered, TDR can adjust the original suspicious threat score assigned to the file to prevent future infection. With sandbox policy enabled, this process and subsequent response can be automated, making threat triage incredibly easy and effortless.</li> <li><strong>Localization</strong><br /> The TDR user interface is now available in French, Japanese, and Spanish. TDR automatically displays the localized user interface if your browser language is set to one of these languages.</li> </ul><p>To learn more, visit <a href="https://www.watchguard.com/wgrd-products/security-services/threat-detection-and-response">Threat Detection and Response.</a></p> Tue, 19 Sep 2017 14:36:26 -0700 Julian Matossian 17071 at https://www.watchguard.com Fireware 12.0 is now available! https://www.watchguard.com/wgrd-blog/fireware-120-now-available <p><strong>Fireware 12.0 General Availability</strong><br /> We are pleased to announce the General Availability (GA) of Fireware 12.0 and WSM 12.0 after a comprehensive Beta where the release was installed 400 Fireboxes around the world. These significant new releases are now available for download from the software download center.</p> <p>Fireware 12.0 improves on the efficacy and performance of our Gateway Antivirus (GAV) service through the introduction of a new lightweight detection engine. Fireware 12.0 also introduces more secure defaults, improvements to APT Blocker, and continued support for more advanced networking use cases. You can find full details in the <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-0.pptx" target="_blank">What’s New presentation</a> on the website, and we encourage everyone upgrading to read the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_0/index.html" target="_blank">Release Notes</a> in advance. Here is a quick summary of some key enhancements:</p> <p>New GAV engine from Bitdefender with many benefits: </p> <ul><li>Breadth of Protection against known threats with industry-leading file coverage</li> <li>Rapid response to new threats with multiple incremental signature updates per day</li> <li>Machine learning to assist in detection of unknown and evasive malware types</li> <li>Faster performance through optimized scanning of executables, Microsoft Office, PDF files and more!</li> </ul><p>Many of the settings in the VPN area have been updated to stronger default cryptography settings for authentication and encryption. SHA-256 and AES-256 are now the default in most cases. We have also removed the PPTP option for VPN because it is no longer considered to be a secure protocol.</p> <p>There are some APT Blocker improvements to guard against the delivery of zero-day malware and ransomware via email, including</p> <ul><li>Optional delay in email messages while waiting for results from the sandbox detonation of unknown attachments</li> <li>Analysis and detonation of javascript files that are included in email</li> </ul><p>There are more advanced networking use cases.</p> <ul><li>Host Header redirection allows the hosting of different web applications behind a single public IP address, by routing traffic based on URL paths included in HTTP headers.</li> <li>The Firebox can pass multicast (PIM-SM) traffic, which is used to deliver application traffic from one to many nodes – typically used in VoIP and broadcast applications.</li> </ul><p>There are many more enhancements so please pay close attention to the <a href="https://www.watchguard.com/support/release-notes/fireware/12/en-US/EN_ReleaseNotes_Fireware_12_0/index.html" target="_blank">Release Notes</a> and <a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-0.pptx">What’s New presentations</a>.</p> <p><strong>AV Signatures in 11.x releases</strong><br /> Previously WatchGuard had announced that we would discontinue support for AV signatures for the older AVG engine in Fireware 11.x by January 2018. This support will now be extended until April 2018. We will continue to notify partners and customers about this issue over the coming months.  </p> <p><strong>Does this release pertain to me?</strong><br /> The Fireware release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, which are now End of Life (EOL), and XTM 505, 510, 520, and 530 which are EOL in December of this year.</p> <p><strong>Software Download Center</strong><br /> Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. </p> <p><strong>Contact</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="/wgrd-about/contact" target="_blank">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Tue, 12 Sep 2017 00:26:33 -0700 Brendan Patterson 16876 at https://www.watchguard.com Now Available: Firebox M370, M470, M570, and M670 https://www.watchguard.com/wgrd-blog/now-available-firebox-m370-m470-m570-and-m670 <p>I’m excited to announce the availability today of four new mid-range Firebox appliances that provide industry leading performance, especially with all security capabilities enabled, along with greater flexibility in network port configurations.</p> <p>Over past few years at WatchGuard we’ve consistently educated our customers about the need to inspect encrypted web traffic using all of the security services available on our appliances. Network defenses that don’t adequately process and inspect encrypted traffic leave employees, customers and partners vulnerable to cyber attacks. According to a <a href="https://www.a10networks.com/sites/default/files/A10-EB-14106-EN.pdf" target="_new">2016 Ponemon study</a>, 41 percent of attacks in 2016 used encryption to either disguise their entry into the network or hide their connection to a Command and Control server. The volume of HTTPS traffic is growing rapidly, and customers can no longer consider this to be a minor blind spot that they can ignore.. NSS Labs have predicted that <a href="https://www.nsslabs.com/company/news/press-releases/nss-labs-predicts-75-of-web-traffic-will-be-encrypted-by-2019/" target="_new">75% of web traffic</a> will be encrypted by 2019.</p> <p>A new Miercom test report shows how the new WatchGuard appliances compare to similar priced models from Fortinet, Sonicwall, and Sophos. Raw firewall throughput may be similar, but the true test of performance is when all of the security services are enabled. The Firebox wins hands down against the competition especially when deep content inspection of HTTPS traffic is enabled.</p> <p>To support the growing use of fiber in mid-size enterprise data centers, Firebox M470, M570 and M670 allow users to add additional network modules to increase the number of copper or fiber ports available.All new appliances (except the M370) have an expansion slot for additional ports. The same modules that were previously available for M4600 and M5600 are now available i.e. 4x10Gb fiber, 8x1Gb copper or 8x1Gb Ethernet.</p> <p>We’ve also taken this opportunity to increase the level of detail that is shown on our <a href="https://p.widencdn.net/jobih6/Datasheet_M470-M570-670" target="_new">datasheets</a>. We now include throughput figures with HTTPS content inspection and IPS enabled at the same time. All of our HTTPS benchmark testing is conducted using strong encryption ciphers TLS 1.2 AES256 +SHA-256. We’ve also added IMIX performance numbers for both Firewall and VPN traffic. IMIX is a standard that includes a mix of 40 byte, 576 byte, and 1500 byte traffic to better represent data that is found in most network environments, instead of just 1512 byte packets.</p> Thu, 17 Aug 2017 10:29:28 -0700 Brendan Patterson 16036 at https://www.watchguard.com Fireware 12.0 Open Beta Notice https://www.watchguard.com/wgrd-blog/fireware-120-open-beta-notice <p><strong><em>UPDATE:</em></strong> A feature for GWC was mentioned as being deployed in 12.0 in a previous post, but this has been corrected to a later release date. Stay tuned for more product release updates through the product blog!</p> <p>WatchGuard is excited to announce that a Beta release is available now for the 12.0 version of the Fireware Operating System.  This is a public Beta release that is open to all Firebox and XTM users.  Sign up to participate at our <a href="https://watchguardsupport.secure.force.com/software/">software download page</a> and start submitting feedback via our Beta portal today.</p> <h2>Fireware 12.0 Highlights</h2> <p><strong>Improved Malware Detection</strong></p> <ul><li>New Gateway AntiVirus Engine. Bitdefender replaces AVG, which provides several significant advantages: <ul><li>Powerful archiving logic engine for recognizing 100+ archiving types and packer files</li> <li>Faster scan times to improve traffic throughput</li> <li>Lighter and frequent (up to 5x per day) incremental signature updates resulting in faster response times to new malware attacks, and more robust handling for FireCluster</li> </ul></li> <li>APT Blocker delays email (typically 1 to 3 minutes) until it gets a response back from the sandbox in the cloud, which prevents the delivery of zero-day malware infections through email.</li> <li>APT Blocker scans JavaScript files that are sent through email, which stops one of the most popular attack vectors for ransomware.</li> </ul><p></p> <p><strong>More Secure Defaults</strong></p> <ul><li>VPN connections have stronger default cryptography settings for authentication and encryption. SHA-256 and AES-256 are now the default in most cases.</li> <li>Removal of PPTP option for VPN due to multiple vulnerabilities inherent to the protocol and to promote stronger secure default stances across the Fireware product.</li> </ul><p></p> <p><strong>Support for More Advanced Networking Use Cases</strong></p> <ul><li>Host Header redirection through our new Content Actions allows the routing of traffic to different IP addresses attached to a domain and URL paths included in web headers. With Host Header Redirection, you can expect to host different server applications behind a single public IP address. It also enables SSL offload on the Firebox, removing the need to do decryption on inbound traffic to servers and clients behind the firewall.</li> <li>Multicast traffic is allowed. Enables the Firebox to work in environments where Multicast (PIM-SM) is used to deliver application traffic from one-to-many nodes.</li> </ul><p></p> <p>For information about these feature enhancements, download and review the <em><a href="https://www.watchguard.com/help/docs/fireware/12/en-US/whats-new_Fireware_v12-0.pptx" target="_blank">What's New in Fireware v12.0</a></em> PowerPoint presentation available from the 12.0 Beta portal.</p> Mon, 17 Jul 2017 11:19:46 -0700 Arthur Gordon 14671 at https://www.watchguard.com Fireware 11.12.4 is now available https://www.watchguard.com/wgrd-blog/fireware-11124-now-available <p><strong>Fireware 11.12.4 is now available</strong><br /> We are pleased to announce the latest release of the WatchGuard core operating system and management software. Fireware 11.12.4 and WSM 11.12.4 are now available from the software download center. The <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_4/index.html">Release Notes</a> include a comprehensive list of resolved issues. This is primarily a release for bug fixes but there are a couple of key updates. </p> <ul><li>APT Blocker customers can now specify that files only ever get sent to the European datacenter, to allay any concerns about the privacy of data sent outside Europe. </li> <li>Continued improvements to the security and availability of the Gateway Wireless Controller, including support for synchronization of data across nodes in a cluster.  </li> </ul><p>The <a href="https://www.watchguard.com/help/docs/fireware/11/en-US/whats-new_Fireware_v11-12-4.pptx">What's New presentation</a> includes all the details of any changes and updates in the software. </p> <p><strong>Does this release pertain to me?</strong><br /> The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, which reach their End of Life at the end of this month.</p> <p><strong>Software Download Center</strong><br /> Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the <a href="http://software.watchguard.com">WatchGuard Software Download Center</a>. Please read the <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_4/index.html">Release Notes</a> before you upgrade to understand what’s involved.</p> <p><strong>Contact </strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="http://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Wed, 07 Jun 2017 17:56:11 -0700 Brendan Patterson 14301 at https://www.watchguard.com Fireware 11.12.2 Update 1 https://www.watchguard.com/wgrd-blog/fireware-11122-update-1 <p><strong>Fireware 11.12.2 Update 1 is now available</strong><br /> This maintenance update includes some critical bug fixes and no new enhancements. The <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html">Release Notes</a> include a comprehensive list of resolved issues. There is no corresponding Update 1 version of WSM 11.12.2 </p> <p>This release resolves an issue that caused Branch Office VPNs and Mobile VPN with IPSec tunnels to restart after receiving malformed packets. We received several reports last week of this issue occurring after a research institute sent IKEv2 SA packets to a wide number of IP addresses on the public internet. More details are provided in this <a href="http://watchguardsupport.force.com/publicKB?type=KBKnownIssues&amp;SFDCID=kA42A000000HAYxSAO&amp;lang=en_US">knowledge base article</a>.</p> <p><strong>Does this release pertain to me?</strong><br /> This issue affects any appliance running version 11.11.2 or newer with Branch Office VPN tunnels. WatchGuard recommends any affected customer should upgrade to avoid any future problems. The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, which reach their End of Life at the end of next month.</p> <p><strong>Software Download Center</strong><br /> Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard <a href="http://software.watchguard.com/">Software Download Center</a>. Please read the <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html#Fireware/en-US/resolved_issues.html">Release Notes</a> before you upgrade to understand what’s involved.</p> <p><strong>Contact </strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="http://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Tue, 09 May 2017 16:36:07 -0700 Brendan Patterson 13856 at https://www.watchguard.com Fireware 11.12.2 now available https://www.watchguard.com/wgrd-blog/fireware-11122-now-available <p>Fireware 11.12.2 and WSM 11.12.2 are now available. Along with ongoing maintenance updates, these releases include several significant improvements to product security and also some new networking features that enable deployment in more environments. The <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html">Release Notes</a> online include details of bug fixes, and the <a href="https://www.watchguard.com/help/docs/fireware/11/en-US/whats-new_Fireware_v11-12-2.pptx">What's New presentation</a> gives a comprehensive overview of all new features. Here are the main highlights:</p> <p><strong>Security:</strong><br /> Brute force login controls prevent attackers from repeatedly guessing passwords for Firebox authentication or status/admin accounts. </p> <p>Gateway wireless controller security improvements to prevent exploitation of known defaults or impersonation</p> <ul><li>Option to apply new unique, strong passwords per access point instead of a global default</li> <li>New trust mechanism to prevent data loss due to AP impersonation or exploitation of factory reset</li> </ul><p> </p> <p><strong>Networking:</strong><br /> DNS forwarding enables admins to point to the gateway Firebox as the DNS server for a network. In addition, conditional forwarding gives distributed enterprise with many locations the flexibility to point to a central corporate DNS server for some traffic but local name servers for other domains.</p> <p>Dynamic tunnels to Amazon Web Services (AWS) allows customers to configure dynamic routing (BGP) with failover and failback and metric based route selection between the Firebox and AWS. This capability provides comprehensive network and routing options for hybrid cloud environments when businesses connect applications on premise with servers and databases hosted in the cloud. </p> <p>Appliances in bridge mode can be configured to use DHCP on the primary interface now, which enables the ability to quickly and easily install an appliance with no impact on the network. Appliances can be configured and initially setup in Bridge Mode via RapidDeploy.</p> <p>New VPN usage charts in the WebUI show the number of active VPN tunnels over time, assisting with tracking of license usage and issue investigation.</p> <p> </p> <p><strong>Does This Release Pertain to Me?</strong><br /> The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, which will soon go End of Life.</p> <p><strong>Software Download Center</strong><br /> Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the <a href="http://software.watchguard.com">WatchGuard Software Download Center</a>. Please read the <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_2/index.html">Release Notes</a> before you upgrade to understand what’s involved.</p> <p><strong>Contact Information</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Tue, 11 Apr 2017 13:18:50 -0700 Brendan Patterson 13341 at https://www.watchguard.com Threat Detection and Response Planned Service Update https://www.watchguard.com/wgrd-blog/threat-detection-and-response-planned-service-update-0 <p>Hello TDR Users,</p> <p>On Thursday, March 23rd, 2017, at 3:00 PM PST for EU and 5:00 PM PST for Americas, we will release a new version of Threat Detection and Response (TDR). This update will bring performance enhancements and system upgrades.</p> <p>Users can expect between 15-30 minutes of downtime for this maintenance window. TDR will continue to collect events from your deployed Fireboxes and Host Sensors. Those events will be analyzed once the downtime concludes. Users may need to log back into the system.</p> <p>Release notes for this upgrade will be posted shortly.</p> <p> </p> <p>Best Regards,</p> <p>WatchGuard</p> Tue, 21 Mar 2017 16:51:45 -0700 Julian Matossian 13131 at https://www.watchguard.com Now Available: WatchGuard Firebox Cloud for AWS and FireboxV https://www.watchguard.com/wgrd-blog/now-available-watchguard-firebox-cloud-aws-and-fireboxv <p>We are excited to announce the availability of <a href="/wgrd-products/cloud-and-virtual-firewalls/firebox-cloud">WatchGuard Firebox Cloud</a> and <a href="/wgrd-products/cloud-and-virtual-firewalls/fireboxv">WatchGuard FireboxV</a>. Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS). The AWS Shared Responsibility Model places responsibility for security IN the cloud (such as content and applications) in the hands of the AWS customer. Now those AWS customers can leverage the best-in-class security found in our UTM appliances to protect their data and systems in the cloud.</p> <p>Benefits of Firebox Cloud for AWS:</p> <ul><li>AWS optimization. Firebox Cloud was built specifically to run within the AWS environment, and our innovative Fireware OS is tuned specifically for that environment.</li> <li>UTM Protection for VPCs. With Firebox Cloud you can increase your security beyond what is provided by AWS Security Groups, and ensure your network is secured by more than simple port scanning and access control.</li> <li>Support for Dimension. Firebox Cloud leverages the same web-based tool to monitor and manage Firebox Cloud that admins use to manage their on-premises Fireboxes.</li> </ul><p>Firebox Cloud enables Partners and MSSPs to offer the powerful WatchGuard security their customers have come to trust on-premises, in a cloud solution purpose-built for AWS. Have customers considering a migration to AWS? Help them do so securely with Firebox Cloud!</p> <h2>Release of FireboxV</h2> <p>WatchGuard FireboxV rebrands the legacy XTMv products, and brings the specifications of our new virtual offering in line with our physical appliances. It’s easy to add WatchGuard security services to a FireboxV deployment, so users running in virtualized environments can leverage our Basic Security Suite and Total Security Suite. What’s more, we have expanded Virtual Machine support to include ESXi 6.5 and Hyper-V Server 2016. </p> <p><em><strong>Check out the Partner Portal for Firebox Cloud and FireboxV resources to help you sell!</strong></em></p> <ul><li><a href="https://p.widencdn.net/gdhgio/Datasheet_Firebox_Cloud">Firebox Cloud Datasheet</a></li> <li><a href="https://p.widencdn.net/izxgpl/Datasheet_FireboxV">FireboxV Datasheet</a></li> <li><a href="https://p.widencdn.net/nnvkn3/Presentation_Sales_Firebox_Cloud">PPT for Sales</a></li> <li><a href="https://p.widencdn.net/xmjmsk/FireboxCloud_FireboxV-MSSPs">MSSP Flyer</a></li> <li><a href="https://p.widencdn.net/ilzwth/Feature_Brief_Firebox_Cloud_AWS">Firebox Cloud in AWS Feature Brief</a></li> </ul><h2> </h2> <h2>Contact Information</h2> <p>For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> <p> </p> Thu, 16 Mar 2017 10:38:49 -0700 Jason Vendramin 12506 at https://www.watchguard.com Fireware 11.12.1 is now available https://www.watchguard.com/wgrd-blog/fireware-11121-now-available <p>WatchGuard is pleased to announce the release of Fireware 11.12.1, available now at the software download site. </p> <p>This release includes many important bug fixes, some minor enhancements, and support for new virtual models: </p> <ul><li>FireboxV, a new set of virtual models with updated feature specs that are more consistent with current hardware models when compared to XTMv</li> <li>Firebox Cloud, which will soon be available for deployment in Amazon Web Services (AWS), providing enhanced protection for workloads hosted in the cloud</li> <li>A new packet filter policy to enable communication with Threat Detection and Response (TDR)</li> </ul><p> </p> <p>The <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_1/index.html">Release Notes</a> include a comprehensive list of resolved issues, and the <a href="https://www.watchguard.com/help/docs/fireware/11/en-US/whats-new_Fireware_v11-12-1.pptx">What's New</a> presentation provides a detailed review of the new enhancements. </p> <p><strong>Does This Release Pertain to Me?</strong><br /> This release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W. </p> <p><strong>Software Download Center</strong><br /> Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the <a href="http://software.watchguard.com/">WatchGuard Software Download Center</a>. Please read the <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_12_1/index.html">Release Notes</a> before you upgrade to understand what’s involved. </p> <p><strong>Contact Information</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Wed, 22 Feb 2017 17:53:31 -0800 Jason Vendramin 11461 at https://www.watchguard.com Threat Detection and Response Planned Service Update https://www.watchguard.com/wgrd-blog/threat-detection-and-response-planned-service-update <p>On Thursday, January 26th, 2017, at 3:00 PM PST (11:00 PM GMT), we will be releasing a new version of Threat Detection and Response (TDR). This new version will bring some new functionality around policies and exclusions management, AD Sync, and deeper Firebox integration, as well as some performance and stability improvements.</p> <p>During this maintenance window, our users will experience a brief disruption period of 10 minutes or less. If you are logged in, you may see the user interface flicker due to the UI reload. If you are not logged in and attempt to do so, you may get an error due to UI reload. During this maintenance window, TDR will continue to collect events from your deployed Fireboxes and Host Sensors, but the user will not be able to log on nor will the events be analyzed until the migrations occur (i.e., event processing will be delayed during this time).</p> Wed, 25 Jan 2017 11:37:56 -0800 Julian Matossian 11196 at https://www.watchguard.com Fireware 11.12 Brings Industry-Leading ConnectWise Integration https://www.watchguard.com/wgrd-blog/fireware-1112-brings-industry-leading-connectwise-integration <p>With the recent release of <a href="/wgrd-blog/fireware-1112-now-available">Fireware v11.12</a>, WatchGuard has introduced an industry-leading integration with ConnectWise, a professional services automation (PSA) platform for managed security service providers (MSSPs). WatchGuard MSSP Partners can now easily synchronize their customers' security asset information, auto generate service tickets with closed-loop ticketing of system, security, and subscription events, and deliver on-demand security service reports straight from ConnectWise.</p> <p> </p> <p><strong>Auto Synchronization of Asset Information</strong> — Know Your Customers’ Security</p> <ul><li>Reduce manual upkeep of security asset information.</li> <li>Gain unparalleled visibility into your customers’ security through automated synchronization with WatchGuard security appliances, including subscription start and end dates, device serial numbers, OS versions, and more.</li> <li>Avoid a managed network going unprotected because of incorrect security service subscription end dates.</li> </ul><p> </p> <p><strong>Integrated, Closed-Loop Service Ticketing</strong> — Track Issues with Service Ticketing Made Easy</p> <ul><li>Enable ConnectWise service tickets for WatchGuard security solutions.</li> <li>Configure event thresholds on a wide range of parameters identified per device, including: security services, device statistics, and subscription statuses. Event thresholds automatically trigger the creation and closure of service tickets, closing tickets when issues are resolved, and reducing the number of false alarms.</li> <li>Eliminate ticket flooding and provide trending visibility into a customer’s security, because the same ticket reopens if the issue returns, rather than creating multiple tickets.</li> </ul><p> </p> <p><strong>Automated Reporting</strong> — Auto Deliver Security Summary Reports to Your Customers</p> <ul><li>Integrate data from the WatchGuard management and reporting solutions into the ConnectWise Executive Summary Reports, including device statistics, web usage statistics, and intrusion prevention service summaries.</li> <li>Deliver customized reports to customers via on-demand schedules.</li> </ul><p> </p> <p>Learn more about this integration by visiting the WatchGuard-ConnectWise <a href="/wgrd-partners/mssp-partners/connectwise">integration page</a>, which includes a link to the <a href="https://www.watchguard.com/help/docs/fireware/11/en-US/Content/en-US/integrations/connectwise/about_connectwise_c.html?Highlight=ConnectWise">integration guide</a>.</p> Mon, 28 Nov 2016 15:37:19 -0800 Bryce Hjalseth 10766 at https://www.watchguard.com Fireware 11.12 is Now Available! https://www.watchguard.com/wgrd-blog/fireware-1112-now-available <p>Fireware 11.12 is now Generally Available (GA) at the WatchGuard software download site. This is a major new update to the Fireware operating system that includes many new features.</p> <p><strong>Geolocation</strong> - Adds a new element of defense to Reputation Enabled Defense, which today includes web reputation and botnet detection. With Geolocation, you can prevent malware communication and attacks from areas where you never have any need for legitimate business communication. </p> <p><strong>ConnectWise Integration</strong> - With Fireware v11.12, we deepen our integration capabilities with ConnectWise, a leading Professional Service Automation tool used by many managed service providers. The integration adds support for the auto-synchronization of asset information, including subscription start and end dates, device serial numbers OS versions, etc., as well as closed-loop ticketing of system, security, and subscription events. </p> <p><strong>Dynamic VPN Tunnels to Azure</strong> - Hybrid cloud environments are becoming much more common, where companies have moved some workloads to cloud services such as AWS or Azure, but some key applications remain on premise. Secure VPN communication is needed between the on premise application and the cloud. Until now, we supported only a single static or policy-based tunnel to Azure. Now we add the ability to have multiple tunnels, even with dynamic routes and failover between them.</p> <p><strong>IPv6 Support in Services and Proxies</strong> - WatchGuard firewalls have IPv6 Gold logo certification, but previously application proxies and the full set of security services were not supported. Now customers can apply full range of security services, including WebBlocker for content filtering and APT Blocker and Gateway AV to prevent malware in IPv6 environments.</p> <p><strong>Services and Proxies Enabled by Defaul</strong>t - Customers that buy the appliance with Basic or Total Suite often neglect to turn on the security services that they have purchased. Now services will be enabled by default during the initial setup wizard with a secure set of default settings. Saves time and simplifies the initial setup for everyone.</p> <p><strong>Gateway Wireless Controller</strong> - Several updates to the UTM wireless controller including auto channel selection to enable smoother deployments without channel conflict, and a new repeater mode that allows access points to communicate over the air without a physical ethernet connection. </p> <p><strong>FireCluster with DHCP on External Interface</strong> - If your ISP provides external-facing interface IP addresses by DHCP, you can now enable an active/passive FireCluster to provide high availability.</p> <p><strong>X-forwarded Information from Header in Logs and Dimension</strong> - If a company uses an explicit proxy service or a web gateway, like WebMarshal, all of the information in Dimension shows only the IP address for that proxy. Now we can go a level deeper and find the original source IP address and show this in Dimension, too.</p> <h2>Software Download Center</h2> <p>Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. Please read the Release Notes before you upgrade to understand what’s involved.</p> <h2>Contact Information</h2> <p>For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Fri, 18 Nov 2016 17:26:02 -0800 Brendan Patterson 10771 at https://www.watchguard.com Dimension 2.1.1 Update 1 https://www.watchguard.com/wgrd-blog/dimension-211-update-1 <p>WatchGuard has posted a new update release for Dimension at the software download site. The release fixes some security vulnerabilities that were reported in WatchGuard Dimension. This is a maintenance update to patch security vulnerabilities. There are no new enhancements. The <a href="https://www.watchguard.com/support/release-notes/xtm/11/en-US/EN_ReleaseNotes_Dimension_v2_1_1/index.html">Release Notes</a> include a comprehensive list of resolved issues, including:  </p> <ul><li>The version of OpenSSL used by Dimension has been updated.</li> <li>This release includes fixes to address several reported command injection and cross scripting vulnerabilities.</li> </ul><p>WatchGuard appreciates the efforts of security researchers that test and report issues in our products. We encourage researchers in the security community to disclose any issues using the <a href="mailto:security@watchguard.com">security@watchguard.com</a> email address. Thanks to Francesco Oddo at Security Assessment for his responsible disclosure of this vulnerability. </p> <p><strong>Do These Releases Pertain to Me?</strong></p> <p>WatchGuard recommends that all users of Dimension should upgrade to avail of the security fixes.</p> <p><strong>Software Download Center</strong></p> <p>Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the <a href="http://software.watchguard.com/">WatchGuard Software Download</a> Center. Please read the <a href="https://www.watchguard.com/support/release-notes/xtm/11/en-US/EN_ReleaseNotes_Dimension_v2_1_1/index.html">Release Notes</a> before you upgrade to understand what’s involved.</p> <p><strong>Contact Information</strong></p> <p>For Sales or Support questions, you can find phone numbers for <a href="http://www.watchguard.com/wgrd-about/contact">your region online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Tue, 08 Nov 2016 09:21:56 -0800 Brendan Patterson 9851 at https://www.watchguard.com Fireware 11.11.4 Update 2 https://www.watchguard.com/wgrd-blog/fireware-11114-update-2 <p>WatchGuard has posted a new maintenance release, Fireware version 11.4 Update 2, at the software download site. </p> <p><strong>Fireware 11.11.4 Update 2</strong><br /> This releases includes many important bug fixes.The <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_11_4/index.html">Release Notes</a> include a comprehensive list of resolved issues. This is a maintenance update with no new enhancements. There is no corresponding update 2 version of WSM 11.11.4. </p> <p><strong>Do These Releases Pertain to Me?</strong><br /> The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W.</p> <p><strong>Software Download Center</strong><br /> Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the <a href="http://software.watchguard.com/">WatchGuard Software Download Center.</a> Please read the <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_11_4/index.html">Release Notes</a> before you upgrade to understand what’s involved.</p> <p><strong>Contact Information</strong><br /> For Sales or Support questions, you can find phone numbers for <a href="http://www.watchguard.com/wgrd-about/contact">your region online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Tue, 01 Nov 2016 00:31:54 -0700 Brendan Patterson 9841 at https://www.watchguard.com Introducing the WatchGuard Firebox T70 https://www.watchguard.com/wgrd-blog/introducing-watchguard-firebox-t70 <p>WatchGuard is excited to announce the launch of the Firebox T70, our latest tabletop network security appliance. The T70 has set a new industry best, with 1 Gigabit per second in full UTM mode with HTTP traffic, and over 600 Megabits per second with HTTPS traffic. Now, network administrators can confidently deploy a tabletop appliance knowing it will run the services necessary to secure their network without compromising performance.</p> <p>The Firebox T70 was designed to ensure that network administrators in the small and midsize business (SMB) and Distributed Enterprise segments can deploy a tabletop appliance that can handle HTTPS DPI in environments where Fiber broadband connections are becoming more prevalent. Though HTTPS adds security by encrypting traffic, unfortunately, bad actors are increasingly using this as an attack vector for passing malware through the firewall. It is critical that network admins have the capability to inspect and sanitize this traffic.</p> <p>To achieve the high performance bar that was set for T70, we decided to leverage an Intel chipset – our first use of the Intel platform in our tabletop lineup. The combination of the product architecture and WatchGuard’s proprietary Fireware OS resulted in our most powerful tabletop yet, and the fastest tabletop UTM on the market when running in full UTM mode (e.g. Intrusion Prevention, Gateway Antivirus, and Application Control) But you don’t have to take our word for it – the performance of the Firebox T70 has been verified by the Miercom independent test lab.</p> <p>From a design perspective, the Firebox T70 is a 1U tabletop appliance with an all-metal body and comes equipped with 8 x 1 Gb Ethernet ports, 2 of which support Power over Ethernet+ (PoE+). The 2 PoE+ ports allow administrators to easily extend the reach of the Firebox T70 by connecting remote peripherals such as wireless access points, without having to run costly AC power. The Firebox T70 is also fanless, so administrators can feel free to place it in noise sensitive work areas without having to worry about users being bothered by constant whirring.</p> Sun, 02 Oct 2016 17:34:18 -0700 Jason Vendramin 9156 at https://www.watchguard.com New Software Available https://www.watchguard.com/wgrd-blog/new-software-available <p>WatchGuard is pleased to announce the General Availability (GA) of new updates for Fireware, WSM, and Dimension, available now at the software download site. </p> <p><strong>Fireware 11.11.4 and WSM 11.11.4</strong><br /> These releases include many important bug fixes, and some small enhancements:</p> <ul><li>Support for Perfect Forward Secrecy (PFS) which are the most secure ciphers available for TLS protocols. </li> <li>Localization into French, Spanish, and Japanese languages.</li> </ul><p>The <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_11_4/index.html">Release Notes</a> &amp; include a comprehensive list of resolved issues, and the <a href="https://www.watchguard.com/help/docs/fireware/11/en-US/whats-new_Fireware_v11-11-4.pptx">What's New in 11.11.4</a> presentation provides a detailed review of the new enhancements.</p> <p><strong>Dimension 2.1.1</strong><br /> At the same time, we are also releasing an update to WatchGuard Dimension, including:</p> <ul><li>A new Dimension administrator role that is restricted from seeing reports, dashboards, and managing devices.</li> <li>Localization into French, Spanish, and Japanese languages.</li> </ul><p>Like Fireware, Dimension also has <a href="https://www.watchguard.com/support/release-notes/xtm/11/en-US/EN_ReleaseNotes_Dimension_v2_1_1/index.html">Release Notes</a> and a <a href="https://www.watchguard.com/help/docs/fireware/11/en-US/whats-new_Fireware_v11-11-4.pptx" target="_blank">What's New</a> presentation.</p> <p><strong>Do These Releases Pertain to Me?</strong><br /> The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W.</p> <p><strong>Software Download Center</strong><br /> Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the <a href="http://software.watchguard.com/">WatchGuard Software Download Center</a>. Please read the <a href="https://www.watchguard.com/support/release-notes/fireware/11/en-US/EN_ReleaseNotes_Fireware_11_11_4/index.html" target="_blank">Release Notes</a> before you upgrade to understand what’s involved.</p> <p><strong>Contact Information</strong><br /> For Sales or Support questions, you can find phone numbers for your region <a href="https://www.watchguard.com/wgrd-about/contact">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> Thu, 29 Sep 2016 12:06:33 -0700 Brendan Patterson 9151 at https://www.watchguard.com Video: BlackHat from the Show Floor https://www.watchguard.com/wgrd-blog/video-blackhat-show-floor <p>WatchGuard has <a href="https://www.secplicity.org/2016/07/28/watchguard-blackhat-2016/">two booths</a> (#973 and #1453) this year at BlackHat. They feature demos, ransomware research, arcade games, popcorn and Red Bull energy drinks. It’s been busy on the show floor, and thanks to everyone who visited us today. If you haven’t stopped by already, we hope see you tomorrow! The popcorn will be warm, the Red Bull cold, and there will be high scores for the taking in the arcade. Here’s a quick video recapping day one in the booths.</p> <div class="video-container"> <iframe width="750" height="422" src="https://www.youtube.com/embed/1XzRDmIBt20?rel=0" frameborder="0" allowfullscreen=""></iframe></div> Wed, 03 Aug 2016 10:00:00 -0700 Brendan Patterson 8301 at https://www.watchguard.com Dimension’s User Anonymization makes Data Protection Easy https://www.watchguard.com/wgrd-blog/dimensions-user-anonymization-makes-data-protection-easy-0 <p>Data privacy and protection is a BIG deal, and many countries are setting new regulatory standards for how to move, store, view, and report on data containing users’ personally identifiable information, or PII.</p> <p>The European Union (EU) in particular is setting precedents with some of the most stringent data and privacy protection controls in the world. In April 2016, the EU Parliament officially adopted the General Data Protection Regulation framework, or GDPR, scheduled for full enforcement in two years. Obligations coming as part of the GDPR are significant, and accountability – especially regarding a business’s workforce – is an important component of compliancy. Malicious insider activities are a major source of data abuse and breaches. “Encrypt everything” is a great start, but it’s just a band-aid solution for meeting compliance obligations.</p> <p>Among a new set of requirements, EU businesses will be required to demonstrate compliance with GDPR measures that include:</p> <ul><li>Appointing a Data Protection Officer, or DPO</li> <li>Ensuring the pseudonymization of personal data – PII is anonymized to the extent that it cannot be attributable to its owner during any stage of processing.</li> </ul><p>WatchGuard’s Dimension™ visibility platform delivers a new User Anonymization feature that takes an organization’s ability to comply with the GDPR framework to the next level. The feature works very simply, is easily accessible and configurable, and was designed with GDPR compliance and the reality of insider threats in mind.</p> <p>The best way to understand the new feature is to look at the screenshot below:</p> <p><img src="/sites/default/files/dimension-user.png" /></p> <p>When enabled, User Anonymization works by dynamically replacing all PII – user names, IP addresses, host names, and mobile devices – in Dimension’s reports, dashboards, and summary pages with hashed placeholder text.</p> <p>The Anonymization Officer, a new role available in Dimension to support GDPR compliance, was inspired by the Data Protection Officer (DPO) role introduced in the GDPR framework. The Anonymization Officer role was created in such a way that a technical or non-technical person can hold it, and it fulfills the “four-eyes” or two-logins approach to role-based access. For example, when an IT admin needs to de-anonymize Dimension, the admin would need approval from the Anonymization Officer. This avoids situations where a single person holds all the access to PII without any accountability or external verification.</p> <p>Does your current solution provide such a comprehensive yet simple approach to data privacy protection? To find out more about WatchGuard’s solution, check out our User Anonymization <a href="https://p.widencdn.net/ijubhw/wg_user-anonymization_tb" target="_new">Tech Brief</a>.</p> <p>Note: WatchGuard Dimension is included at no charge with all Firebox and XTMv models.</p> Mon, 27 Jun 2016 10:00:00 -0700 Brendan Patterson 8241 at https://www.watchguard.com Network Discovery shines a light on shadow IT https://www.watchguard.com/wgrd-blog/network-discovery-shines-light-shadow-it-0 <p>Last week we posted about the security and network visibility highlights included in the new Fireware 11.11 release. Today we want to take a closer look at one the major updates that we mentioned, <a href="https://www.youtube.com/v/vim1e6G1Slc?fs=1&amp;width=640&amp;height=480&amp;hl=en_US1&amp;rel=0&amp;iframe=true&amp;autoplay=1" target="_blank">Network Discovery</a>. This new service performs a complete network scan to generate a visual map of every connected device, providing Firebox administrators total visibility into all assets on their network. Information Security professionals have long understood that the first step in any vulnerability management program is to discover and identify all of the assets and their role in a network. You cannot secure a network that you do not understand. The term "shadow IT" is used to describe people installing and using their own, non-company-sanctioned applications, equipment, and software in the workplace. Here are just a few examples of security risks that could result from unknown devices:</p> <ul><li>An employee brings in a personal device or laptop that does not have the full corporate anti-virus solutions installed and connects it to a network, introducing malware.</li> <li>Old servers or applications installed without IT authorization may not be patched to current secure levels, exposing vulnerable software.</li> <li>Unauthorized or rogue access points may be providing unwanted wireless connectivity, providing an avenue for hackers to exploit.</li> </ul><p>The best way to understand the new capability is to look at a sample screenshot: <br /><img alt="NetworkDiscovery" class="alignnone size-full wp-image-7876" src="/sites/default/files/network-discovery.jpg" style="height:322px; width:624px" /><br /><br /> Network Discovery allows IT staff to map out the network behind their firewall. It uses information from a nmap scan (link), DHCP fingerprinting, HTTP header information, and the new WatchGuard FireClient app. Assets in the network are identified and represented with an icon with the following information:</p> <ul><li><strong>Host Name</strong></li> <li><strong>IP Address</strong></li> <li><strong>MAC Address</strong></li> <li><strong>Type of device</strong> – iOS, Android, MAC, Windows, etc.</li> <li><strong>Open ports</strong> – and protocols that may be running</li> </ul><p>Admins can search and filter all device data to zero in on key areas of interest. One click through to FireWatch or Traffic Monitor will provide a clear visual indication of the type of traffic that is passing through the IP address. Admins can mark devices as “known” and assign descriptive names. New or unfamiliar devices will immediately stand out when they appear without names. One Beta tester said:<strong><em> "Excellent feature and the GUI looks good. Found a couple of computers that should not have been on my network</em></strong><strong><em>." </em></strong> Are you confident that you can identify every device on your network? Find out more. <a href="https://p.widencdn.net/8rvbhn/wg_network-discovery_tb" target="_blank">Download</a> the new Tech Brief that describes more detail about the service with more screenshots. Network Discovery is available on all Firebox and XTMv models. The service is included in the UTM Security Suite for all new and existing customers. We’ve added the new feature key to all current security suite subscriptions on Firebox T or M Series and XTMv. Synchronize your feature key to get the latest license from our WatchGuard Servers and try out the new service today. This <a href="https://www.watchguard.com/help/video-tutorials/FeatureKeyWebUI/index.html" target="_blank">short video</a> explains how to synchronize a feature key.  </p> Sun, 19 Jun 2016 10:00:00 -0700 Brendan Patterson 8216 at https://www.watchguard.com WatchGuard Product Releases https://www.watchguard.com/wgrd-blog/watchguard-product-releases <p>WatchGuard recently announced the General Availability of major new releases of both the Fireware operating system and WatchGuard Dimension, both of which are now available to download at the <a href="http://software.watchguard.com/">software center</a>. These releases provide increased visibility across the entire network for distributed enterprises and small and midsize businesses (SMBs). I was in Europe last week at a number of WatchGuard events and I heard a lot of positive reaction firsthand. Many partners and end users are already quite familiar with the new capabilities because we conducted extensive beta testing for these new releases over the last two months. The Beta participation numbers are impressive:</p> <ul><li>640 users logged into our Beta portal from 45 different countries</li> <li>Over 220 unique pieces of feedback were submitted, including bugs and suggestions for product improvement</li> <li>176 users filled out a survey sharing their thoughts on the Beta and the new software</li> </ul><p>So what is everyone excited about? Key highlights in the new releases are:</p> <p><strong>Fireware 11.11:</strong></p> <ul><li><strong>Network Discovery: </strong>a subscription service that generates a visual map of every connected device, providing Firebox administrators total visibility into all assets on their network. Included in all UTM Security Suites on Firebox and XTMv models.</li> <li><strong>Botnet Detection:</strong>integrated into the Reputation Enabled Defense service. Customers gain real-time visibility into infected clients and command and control communication is immediately blocked. This feature is available on all XTM and Firebox appliances for any customer with a license for Reputation Enabled Defense (which is included in the UTM security suite).</li> <li><strong>Mobile Security:</strong>allows Firebox administrators to enforce access controls and only allow mobile devices that adhere to current corporate policies, and are free of malware. Available as an optional subscription service on all Firebox and XTMv models.</li> </ul><p><strong>Dimension 2.1:</strong></p> <ul><li><strong>Subscription Services Dashboard: </strong>a reporting interface that gives businesses a comprehensive performance summary with statistics to show what has been scanned by a Firebox and attacks or malware that have been prevented.</li> <li><strong>Policy Usage Report: </strong>a new report that provides valuable insight into how frequently policies are used, thereby enabling IT teams to keep firewall policies current and eliminate unnecessary or unused policies.</li> <li><strong>User Anonymization: </strong>an innovative feature that enables businesses to conform to data privacy regulations, such as the European Union's General Data Protection Regulation framework.</li> </ul><p>There are hundreds of more features than what we can cover in a short blog post. Check out the <a href="https://www.watchguard.com/help/docs/fireware/11/en-US/whats-new_Fireware_v11-11.pptx">What’s new in Fireware 11.11</a> and <a href="https://www.watchguard.com//help/docs/dimension/v2/en-US/whats-new_dimension_v2-1.pptx" target="_blank">What’s new in Dimension 2.1</a> presentations to find out full details, including screenshots. Also, watch for more posts on this blog over the next few weeks that go into depth for some of these features.</p> <p> </p> Sun, 12 Jun 2016 10:00:00 -0700 Brendan Patterson 8221 at https://www.watchguard.com WatchGuard Product Releases https://www.watchguard.com/wgrd-blog/watchguard-product-releases-0 <p>WatchGuard recently announced the General Availability of major new releases of both the Fireware operating system and WatchGuard Dimension, both of which are now available to download at the <a href="http://software.watchguard.com/">software center</a>. These releases provide increased visibility across the entire network for distributed enterprises and small and midsize businesses (SMBs). I was in Europe last week at a number of WatchGuard events and I heard a lot of positive reaction firsthand. Many partners and end users are already quite familiar with the new capabilities because we conducted extensive beta testing for these new releases over the last two months. The Beta participation numbers are impressive:</p> <ul><li>640 users logged into our Beta portal from 45 different countries</li> <li>Over 220 unique pieces of feedback were submitted, including bugs and suggestions for product improvement</li> <li>176 users filled out a survey sharing their thoughts on the Beta and the new software</li> </ul><p>So what is everyone excited about? Key highlights in the new releases are:</p> <p><strong>Fireware 11.11:</strong></p> <ul><li><strong>Network Discovery: </strong>a subscription service that generates a visual map of every connected device, providing Firebox administrators total visibility into all assets on their network. Included in all UTM Security Suites on Firebox and XTMv models.</li> <li><strong>Botnet Detection:</strong>integrated into the Reputation Enabled Defense service. Customers gain real-time visibility into infected clients and command and control communication is immediately blocked. This feature is available on all XTM and Firebox appliances for any customer with a license for Reputation Enabled Defense (which is included in the UTM security suite).</li> <li><strong>Mobile Security:</strong>allows Firebox administrators to enforce access controls and only allow mobile devices that adhere to current corporate policies, and are free of malware. Available as an optional subscription service on all Firebox and XTMv models.</li> </ul><p><strong>Dimension 2.1:</strong></p> <ul><li><strong>Subscription Services Dashboard: </strong>a reporting interface that gives businesses a comprehensive performance summary with statistics to show what has been scanned by a Firebox and attacks or malware that have been prevented.</li> <li><strong>Policy Usage Report: </strong>a new report that provides valuable insight into how frequently policies are used, thereby enabling IT teams to keep firewall policies current and eliminate unnecessary or unused policies.</li> <li><strong>User Anonymization: </strong>an innovative feature that enables businesses to conform to data privacy regulations, such as the European Union's General Data Protection Regulation framework.</li> </ul><p>There are hundreds of more features than what we can cover in a short blog post. Check out the <a href="http://www.watchguard.com/help/docs/fireware/11/en-US/whats-new_Fireware_v11-11.pptx">What’s new in Fireware 11.11</a> and <a href="http://www.watchguard.com/help/docs/dimension/v2/en-US/whats-new_dimension_v2-1.pptx" target="_blank">What’s new in Dimension 2.1</a> presentations to find out full details, including screenshots. Also, watch for more posts on this blog over the next few weeks that go into depth for some of these features.</p> <p> </p> Sun, 12 Jun 2016 10:00:00 -0700 Brendan Patterson 8246 at https://www.watchguard.com WatchGuard Technologies Named Gold and Silver Winner in 2016 IT World Awards https://www.watchguard.com/wgrd-blog/watchguard-technologies-named-gold-and-silver-winner-2016-it-world-awards <p><img alt="Network Products Guide - Gold 2016" src="/sites/default/files/2016-npg-gold.jpg" style="float:right;margin:5px 10px 10px 10px; width:130px;" /><img alt="Network Products Guide - Silver 2016" src="/sites/default/files/2016-npg-silver.jpg" style="float:right;margin:5px 10px 10px 10px; width:130px;" /></p> <p>It has been a great year for industry validation of our network security solutions. This week, WatchGuard received two awards from <a href="http://www.networkproductsguide.com/">Network Products Guide</a>, the industry's leading technology research and advisory guide. In the <a href="http://www.networkproductsguide.com/world/">11th Annual 2016 IT World Awards</a>, the <a href="https://p.widencdn.net/kxlgcn/Datasheet_Firebox_T10-T30-T50">Firebox T50-W</a> brought home the Gold for ‘Unified or Integrated Security’ and the <a href="https://p.widencdn.net/avyjm1/Datasheet_Firebox_M4600_M5600">Firebox M5600</a> took Silver in the ‘Security Hardware’ category. WatchGuard is honored to receive continued industry and peer validation for our network security products for the SMB and distributed enterprise markets. Network Products Guide’s goal is to keep decision makers and end-users informed about the choices they can make in all areas of information technology.</p> <p>The annual IT World Awards is part of the SVUS Awards recognition program, the same organization that recognized WatchGuard with <a href="https://watchguardsecuritycenter.com/2016/03/08/watchguard-receives-grand-trophy-and-five-other-2016-global-excellence-awards/">a </a><a href="https://watchguardsecuritycenter.com/2016/03/08/watchguard-receives-grand-trophy-and-five-other-2016-global-excellence-awards/">Grand Trophy and five Global Excellence Awards in March</a>.</p> Thu, 19 May 2016 10:00:00 -0700 Brendan Patterson 8306 at https://www.watchguard.com WatchGuard receives Grand Trophy and five other 2016 Global Excellence Awards https://www.watchguard.com/wgrd-blog/watchguard-receives-grand-trophy-and-five-other-2016-global-excellence-awards <p><img alt="2016-GEA-Grand" src="/sites/default/files/2016-gea-grand.jpg" style="float:right; height:170px; margin:5px 10px 10px 15px; width:124px" title="InfoSecurity Awards" />It was a busy week down at the RSA conference in San Francisco, but it kicked off right on Monday night when we learned that InfoSecurity Products Guide, the industry's leading information security research and advisory guide, recognized WatchGuard Technologies as a Grand Trophy winner for their 2016 Global Excellence Awards®. More than 50 judges from around the world formed a broad spectrum of industry voices and their average scores determined the 2016 Global Excellence Awards Finalists and <a href="http://www.infosecurityproductsguide.com/world/">Winners</a>. Beyond the Grand Trophy, we brought home a total of five Info Security Product Guide Global Excellence Awards in a diverse set of categories:</p> <ul><li>Gold Winner Award for Network Security and Management: <strong>WatchGuard Dimension Command</strong></li> <li>Gold Winner Award for Security Products and Solutions for Small Businesses and SOHO: <strong>WatchGuard Firebox T50</strong></li> <li>Silver Winner Award for Security Products and Solutions for Enterprise (Medium): <strong>APT Blocker</strong></li> <li>Bronze Winner Award for Integrated Security and Unified Threat Management: <strong>WatchGuard Firebox M300 Firewall</strong><strong> (Firebox M300 running Fireware 11.10.4 firmware)</strong></li> <li>Bronze Winner Award for People Shaping Info Security: <strong>Corey Nachreiner</strong><strong>, Chief Technology Officer at WatchGuard Technologies, for Raising InfoSecurity Awareness Through Education</strong></li> </ul><p>Info Security Product Guide’s recognition of our products and personnel stands as further validation of this company’s commitment to best-in-class security solutions. We’re proud to receive yet another endorsement of WatchGuard’s vision and execution in the field of security for SMBs and enterprises, and for general education and awareness about infosecurity.</p> Mon, 07 Mar 2016 09:00:00 -0800 Corey Nachreiner 8311 at https://www.watchguard.com Firebox M4600 & M5600 https://www.watchguard.com/wgrd-blog/firebox-m4600-m5600 <p>Today WatchGuard is pleased to announce the new Firebox M4600 and M5600 models, completing the replacement of all of our older XTM appliances with a new generation of hardware. Now, from the smallest Firebox T10 to the top of the line Firebox M5600, there is a new Firebox appliance that provides critical network and security functions in a single, centrally managed UTM platform that is easy to set up, deploy and manage.</p> <p>The WatchGuard Firebox M4600 and Firebox M5600 appliances both provide two empty bays that can be used to add expandable network modules to meet the needs of a wide range of network configurations. Both models support three modular interface options that each add either four or eight interfaces to the Firebox:</p> <ol><li>8 x 1 Gb Fiber</li> <li>4 x 10 Gb Fiber</li> <li>8 x 1 Gb Copper</li> </ol><p>The picture above shows an M4600 with options 1 and 2 in the two expansion bays. Expandable network modules offer room to grow for the future. If the need for more network ports into the firewall grows, the business doesn’t have to do a costly rip out and replace. The network admin can simply add a new module to the existing appliance to add extra ports.</p> <h2>Resources</h2> <p>These exciting new products are Generally Available (GA) now. Learn more through some of the new resources that are available with today's public launch:</p> <p>The M4600 provides 8 Gbps UTM throughput, and the M5600 is the fastest Firebox ever with 11 Gbps UTM. <a href="https://p.widencdn.net/avyjm1/Datasheet_Firebox_M4600_M5600" target="_new">Download the datasheet</a> with the full technical specifications for the two new appliances.</p> <p>We also have a new <a href="https://p.widencdn.net/qg2bou/wg_modularity_tb" target="_new">technical brief</a> that explains in detail how the new network modularity concept works in WatchGuard appliances.</p> Tue, 23 Feb 2016 13:40:53 -0800 Brendan Patterson 8121 at https://www.watchguard.com Dimension™ 2.0.1 Update 1 Fixes OpenSSL Flaw https://www.watchguard.com/wgrd-blog/dimensiontm-201-update-1-fixes-openssl-flaw <p>Early this month, I reported a <a href="https://www.openssl.org/news/secadv/20160128.txt">new OpenSSL vulnerability</a> in <a href="http://watchguardsecuritycenter.com/2016/02/01/openssl-dsa-vulnerability-daily-security-byte-ep-209/">one of my Daily Security Byte videos</a>. At a high-level, vulnerable OpenSSL servers configured to negotiate Diffie-Hellman keys in a particular way were vulnerable to a "key recovery" attack. By sending many specially crafted connections to a vulnerable server, an attacker could exploit this flaw to recover the server's private key, and decrypt its communications.</p> <p>Many of WatchGuard products weren't vulnerable to this flaw since we don't configure OpenSSL in the way necessary to expose the issue. However, our log collecter, which is present in both WatchGuard System Manager (WSM) and Dimension™, was vulnerable to the flaw.</p> <p>Dimension 2.0.1 Update 1 fixes this OpenSSL vulnerability (CVE-2016-0701). If you use Dimension™<b><i>—</i></b>especially if you expose its logging service publicly<b><i>—</i></b>you should <a href="https://watchguardsupport.secure.force.com/software/SoftwareDownloads?current=true&amp;familyId=a2RF00000009On4MAE">download</a> and install this Dimension™ update as soon as you can. Check the <a href="https://www.watchguard.com/support/release-notes/xtm/11/en-US/EN_ReleaseNotes_Dimension_v2_0_1/index.html">Release Notes</a> for more details on what the update fixes, and how to install it.</p> <p>Finally, you can learn more about this vulnerability, and how it affects our products, in the <a href="http://watchguardsupport.force.com/publicKB?type=KBArticle&amp;SFDCID=kA2F0000000QC5QKAW&amp;lang=en_US">Knowledge Base article</a> dedicated to the flaw.<b><i>— </i></b><span class="s1"><i>Corey Nachreiner, CISSP</i></span><i> (</i><a href="http://twitter.com/SecAdept"><span class="s1"><i>@SecAdept</i></span></a><i>)</i></p> <h2></h2> <h2></h2> Mon, 15 Feb 2016 09:00:00 -0800 Brendan Patterson 8251 at https://www.watchguard.com Big Security in a Small Package https://www.watchguard.com/wgrd-blog/big-security-small-package <p>At WatchGuard, we believe that good things can come in small packages. Our smallest tabletop appliances run the same operating system, or firmware, as the largest rack mount units. This means we can provide enterprise class security in a small form factor that helps protect small offices, retail stores, and remote branches of a distributed enterprise.</p> <p>This is why we are very excited to introduce the next generation of our tabletop appliances today, the <a href="/wgrd-products/utm/firebox-t-series/overview" target="_blank">WatchGuard Firebox T30 and T50</a>, which replaces our existing XTM 25/26 and XTM 33. With the Firebox T Series, companies of all sizes can benefit from our suite of sophisticated security technologies that have been developed to protect the most demanding enterprises. For example, with the WebBlocker service, every link is checked against the Threat Seeker cloud URL database from Websense. Using Intrusion Prevention Service (IPS), the Firebox looks for attacks against known vulnerabilities using technology from Trend Micro. Our newest subscription service, APT Blocker provides a defense against advanced malware. We check unknown files in a next generation sandbox in the cloud using full system emulation technology from Lastline.</p> <p>You might think that these services would slow performance. In fact, the new T50 provides up to 165 Mbps of Unified Threat Management (UTM) performance<a href="#ftn1">[1]</a> in a compact form factor with 7 Ethernet ports. The smaller T30 appliance has 5 ports and provides up to 135 Mbps UTM throughput. These powerful new boxes provide full security inspection of Internet traffic at the fast connection speeds available today.</p> <p>The T30 and T50 don’t just provide faster throughput. New features support the growing needs for secure wireless access. Both models have options for an integrated 802.11ac wireless version – providing faster speeds over the less congested 5 GHz channel. Each model also includes a Power over Ethernet (PoE) port, which can be used to provide power to a WatchGuard Wireless Access Point. With PoE, small locations like retail shops don’t have to install expensive power runs to the ceiling for wireless access points. They can simply run an Ethernet cable from the Firebox to the mounting point. Of course the Firebox also comes with the integrated Gateway Wireless Controller software.</p> <p>That’s a lot of sophisticated security technology in a small box. I’ve been running a Beta version of the T50 at home for a couple of months now. In today’s world, it’s reassuring to know that I have enterprise level security technology protecting my family and any work that I do for my company from home.</p> <p><span id="ftn1">Find</span> out more about the new T30 and T50 appliances at watchguard.com, <a href="/wgrd-products/utm/firebox-t-series/overview" target="_blank">here</a>.</p> <p><strong>[1]</strong> Remember that UTM performance measures the throughput when the most demanding security services are enabled, including IPS and Gateway Antivirus. Not all vendors publish a combined performance number like this, but we believe that it is important to enable all security services and measure the combined throughput.</p> Fri, 02 Oct 2015 15:01:46 -0700 Brendan Patterson 8126 at https://www.watchguard.com Main Street is the New Cyber Battleground. We Have Your Secret Weapon. https://www.watchguard.com/wgrd-blog/main-street-new-cyber-battleground-we-have-your-secret-weapon-0 <p>Network breaches at corporate giants make headlines, but a surprisingly bloody cyber battlefield is taking place on Main Street. In fact, nearly half of small and mid-sized businesses (SMBs) have been victims of cyber crime. And “the bigger they are, the harder they fall” doesn’t apply. Big companies often survive to fight another day, but 60 percent of SMBs go out of business within six months of an attack.</p> <p>Today, WatchGuard introduced two enterprise-strength firewalls that give small businesses a new secret weapon against hackers. The WatchGuard Firebox M200 and M300 Next-Generation Firewall (NGFW) and Unified Threat Management (UTM) appliance provide powerful security with easy setup and management. What’s more, they’re up to <a href="https://www.watchguard.com/docs/analysis/miercom_report_062015.pdf">218 percent faster</a> than competing solutions with all security engines turned on, and up to a blazing <a href="https://www.watchguard.com/docs/analysis/miercom_report_062015.pdf">385 percent faster</a> for encrypted traffic inspection, so even small businesses can compete at enterprise speed. (Download the Miercom report <a href="https://www.watchguard.com/docs/analysis/miercom_report_062015.pdf">now</a>.)</p> <p>“Sony and Target breaches have dominated headlines, but it’s the mom-and-pop shops that have gained traction with hackers,” said Corey Nachreiner, chief technology officer at WatchGuard. “In general, small businesses are less-protected and easier to breach, but not any more. The Firebox M200 and M300 make it easy for SMBs to protect themselves as effectively as large enterprises—and without the need for big-company IT resources.”</p> <p>The new Firebox M200 and M300 run WatchGuard’s powerful Fireware® operating system and include RapidDeploy support that makes setup and configuration easy for SMBs, even without a dedicated technical staff. </p> Tue, 02 Jun 2015 10:00:00 -0700 Brendan Patterson 8201 at https://www.watchguard.com WatchGuard Fireware OS Update Targets ‘Time Crime’ https://www.watchguard.com/wgrd-blog/watchguard-fireware-os-update-targets-time-crime <p>Up to 80 percent of employees’ time on the Internet each day has nothing to do with work. It’s unrealistic to completely cut it out – we all know breaks are necessary to recharge our battery. But, how much is too much?</p> <p><a href="/wgrd-about/press-releases/watchguard-technologies-targets-time-crime-its-newest-fireware-operating" title="Press Release">Today</a>, we announced the newest version of the WatchGuard Fireware® OS (11.10), which makes it easy to control the amount of data and time employees spend surfing the web. After all, we want our employees to be productive (and happy). It also allows IT pros to set website policies using names not numbers – 216.176.177.72 is now <a href="http://icanhas.cheezburger.com/">http://icanhas.cheezburger.com/</a>. More so, the new “wildcard” function enables network admins to cover multiple domains with one policy, in turn making your team more efficient.</p> <p>The new Fireware OS is available for all WatchGuard XTM and Firebox appliances, and is available starting in April 2015. </p> <p>Below is a fun infographic that highlights some of the cyberloafing your employees are doing. Control it now with Fireware OS 11.10.</p> <p><img src="/sites/default/files/cyberloafing_0.jpg" alt="Cyberloafing_1" /></p> Wed, 22 Apr 2015 14:13:07 -0700 Brendan Patterson 8226 at https://www.watchguard.com New Releases: Fireware and WSM version 11.9.5 https://www.watchguard.com/wgrd-blog/new-releases-fireware-and-wsm-version-1195 <p>WatchGuard is pleased to announce the release of Fireware 11.9.5 and WSM 11.9.5. These maintenance releases provide many bug fixes, with full details outlined in the <a href="http://pages.watchguard.com/U00000W0OC0K1z02fP000e0">Release Notes</a> and the  <a href="http://pages.watchguard.com/t1W0200zK00O100PC0000ff">What's New in 11.9.5</a> presentation.</p> <h2>Dimension 1.3 Update 2</h2> <p>Application Control information was not correctly logged from proxy policies in version 11.9.4. Along with the new Fireware release, we have also released Dimension 1.3 Update 2, which is also required to correct this issue.</p> <h2>Does This Release Pertain to Me?</h2> <p>The Fireware release applies to all Firebox and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W appliances.</p> <h2>Software Download Center</h2> <p>Firebox and XTM appliance owners with active LiveSecurity can obtain this update without additional charge by downloading the applicable packages from the new and improved <a href="http://pages.watchguard.com/R00O00fC01002000KgWz2P0">WatchGuard Software Download Center</a>. Please read the <a href="http://pages.watchguard.com/U00000W0OC0K1z02fP000e0">Release Notes</a> before you upgrade to understand what’s involved. Known Issues are now listed in the Knowledge Base when logged in at the WatchGuard website. Note that there is also a Beta version of 11.10 available to try out at the software download center.</p> <h2>Contact Information</h2> <p>For Sales or Support questions, you can find phone numbers for your region <a href="http://pages.watchguard.com/Y010z03P00000002OCK0hWf">online</a>. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.</p> <p>Don't have an active LiveSecurity subscription for your appliance? It's easy to renew. Contact your WatchGuard reseller today. <a href="http://pages.watchguard.com/JC2OK00ifW0P4z001000000">Find a Partner.</a></p> Tue, 17 Mar 2015 10:00:00 -0700 Brendan Patterson 8231 at https://www.watchguard.com Find Out Why IT Pro Magazine Calls WatchGuard’s Firebox M440 “a Powerful Beast” https://www.watchguard.com/wgrd-blog/find-out-why-it-pro-magazine-calls-watchguards-firebox-m440-powerful-beast <p>Today, we’re excited to announce the “beastly” accomplishments of our Firebox® M440. It has achieved a coveted 5-Star rating and has been named the Editor’s Choice by <a href="http://www.itpro.co.uk/" title="ITPRO">IT Pro Magazine</a>. </p> <p>You may recall back in October, when we launched this powerful UTM/NGFW appliance, it was the first appliance rich in truly independent ports. And, it was the first appliance to make it easy to apply the right policies to the correct network segment, without complex configurations. That means better security and protection for data.</p> <p>IT Pro agrees! WatchGuard’s Firebox® M440 impressed the editors on a variety of fronts with its superb value, top performance, extensive security measures, high port density and integral wireless gateway controller.</p> <p>As the review notes, “With its fire-engine red chassis you can’t miss a WatchGuard security appliance, but the Firebox M440 is an eye-catcher for a number of other good reasons. It’s designed to help big businesses enforce custom security policies across multiple network segments, but without complicating the process.”</p> <p>The WatchGuard Firebox M440 delivers 25 1Gb Ethernet ports, eight that deliver Power over Ethernet (PoE), plus two 10 Gb SFP+ (fiber) ports.</p> <p>The editors also highlight that for a sub-£10K appliance, it’s a powerful beast, with the appliance claiming a top 6.7Gbits/sec firewall throughput and 1.6Gbits/sec for UTM against the competition. The value is excellent as well, with a three-year LiveSecurity subscription that activates the firewall, VPNs, HTTPS inspection plus full customer support and has an RRP of £4,942 ex VAT. Add in all the features, including IPS, app control, advanced threat protection, DLP and more, and the cost is only £8,449. Finally, along with a superb range of security features, the M440 took top value, costing significantly less than competing products, such as SonicWALL’s E-Series NSA 6500.</p> <p>RED continues to <a href="/wgrd-about/awards" title="WG Awards" target="_blank">roar</a>.</p> Wed, 04 Feb 2015 09:00:00 -0800 Brendan Patterson 8211 at https://www.watchguard.com New Releases: Fireware XTM 11.9.4 and WSM 11.9.4 https://www.watchguard.com/wgrd-blog/new-releases-fireware-xtm-1194-and-wsm-1194 <p>Fireware OS 11.9.4 and WSM 11.9.4 are now available. This maintenance release includes many bug fixes and several new enhancements. The <a href="https://www.watchguard.com/support/release-notes/xtm/11/en-US/EN_ReleaseNotes_FirewareXTM_11_9_4/index.html">Release Notes</a> list all resolved issues and new enhancements in the software.</p> <p>Key Highlights:</p> <ul><li>New Guest Services capability enables the creation of temporary accounts for hotspot access. Ideal for hotels and retail stores to provide internet access for their visitors and customers. A new guest administrator role and user interface enable front line staff to manage and create the accounts.</li> <li>Selective inspection or bypass of encrypted web traffic (HTTPS DPI) via domain name or web category. Administrators now have more flexibility, allowing them to bypass DPI inspection of known good sites that need to remain private, such as online banking or financial applications.</li> <li>Diagnostic report output of Branch Office VPN configurations helps with quick troubleshooting and repair of any tunnel issues.</li> <li>SSLv3 is disabled by default to protect against man in the middle attacks that could exploit the Poodle vulnerability (CVE-2014-3566).</li> <li>Many bug fixes to improve the scalability and reliability of Single Sign-On.</li> <li>Support for /31 and /32 subnets on external interfaces, which are commonly used in regions with shortages of IPv4 IP addresses.</li> <li>WSM support for the new Firebox M400 and M500 models.</li> </ul><p>Full details of all changes including screenshots of new user interface are provided in the <a href="https://www.watchguard.com//help/docs/wsm/XTM_11/en-us/whats_new_in_xtm_11_9_4.ppt">What's New in 11.9.4 presentation [PPT]</a>.</p> <h2>Does this Release Pertain to Me?</h2> <p>This release applies to all Firebox and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W appliances.</p> <h2>New Software Download Center!</h2> <p>Firebox and XTM appliance owners can obtain this update without additional charge by downloading the applicable packages from the new and improved <a href="http://software.watchguard.com/">WatchGuard Software Download Center</a>. No login is required to download the software, but you must have active LiveSecurity on the appliance to apply the upgrade. Please read the <a href="http://software.watchguard.com/">Release Notes</a> before you upgrade, to understand what’s involved. Known issues are now listed in the <a href="https://watchguardsupport.secure.force.com/kb/">Knowledge Base</a> when accessed through the WatchGuard Portal. You must log in to see Known Issues.</p> <p>If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number or Partner ID available.)</p> <ul><li>U.S. End Users: 877.232.3531</li> <li>Authorized WatchGuard Resellers: 206.521.8375</li> <li>International End Users: +1.206.613.0456</li> </ul> Wed, 03 Dec 2014 09:00:00 -0800 Brendan Patterson 8236 at https://www.watchguard.com