WatchGuard Blog: Network Security

Fireware 12.9.3

Ben Brobak — Wed, 17 May 2023 13:42:26 -0700

Fireware 12.9.3

WatchGuard has posted a new maintenance release Fireware 12.9.3. This maintenance release addresses several issues resolved since the previous 12.9 release. See details in the Release Notes for a full list of enhancements and resolved issues in this release.

In addition to Fireware, version 11.12 update 1 of the Terminal Services TOAgent is available, resolving a compatibility issue between the agent and Endpoint Security protection, as well as v15.14 of the WatchGuard IPSec Mobile VPN Client for Windows.

Does this release affect me?

Fireware 12.9.3 is available for:

T Series: T55 and T70; T20, T40, and T80; T25, T45, and T85
M Series: M400, M440, and M500; M270, M370, M470, M570, and M670; M290, M390, M590, and M690; M4600 and M5600; M4800 and M5800
Firebox NV5, FireboxV, and Firebox Cloud

How to upgrade

Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center.

Contact

For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

Automatic TDR Host Sensor Upgrade Process Resuming

Ricardo Arroyo — Fri, 05 May 2023 07:16:52 -0700

WatchGuard announced on 21 April 2023 that we temporarily disabled the process for automatically updating TDR Host Sensors to WatchGuard Endpoint Security. On 8 May 2023 at 12:00 UTC, we will resume that process.

If you previously opted in to automatic upgrades, they will resume at that time. The upgrade page in WatchGuard Cloud will also become available again for those who want to initiate an upgrade or check the status of an existing upgrade.

Thank you for your patience and understanding throughout this process. Have a nice rest of your day!

The WatchGuard Product Team

Fireware 12.9.2

Ben Brobak — Wed, 12 Apr 2023 08:00:00 -0700

Fireware 12.9.2

WatchGuard has posted a new maintenance release Fireware 12.9.2. This release allows configuration of link-local IPv6 default gateways, enables configurable DNS suffix for IKEv2 configuration, and addresses several issues resolved since the original 12.9 release. See details in the Release Notes for a full list of enhancements and resolved issues in this release.

Additionally, this release includes support for the new Firebox T25, T45, and T85 models, including 802.11ax Wi-Fi 6 support, and dual-concurrent 2.4Ghz and 5Ghz in wireless models.

Does this release affect me?

Fireware 12.9.2 is available for:

T Series: T55 and T70; T20, T40, and T80; and the recently released T25, T45, and T85 models
M Series: M400, M440, and M500; M270, M370, M470, M570, and M670; M290, M390, M590, and M690; M4600 and M5600; M4800 and M5800
Firebox NV5, FireboxV, and Firebox Cloud

How to upgrade

Contact

ThreatSync (XDR) General Availability and EOS/EOL Schedule for TDR

Ricardo Arroyo — Thu, 02 Mar 2023 11:58:28 -0800

What’s new:

ThreatSync is a WatchGuard Cloud service that provides XDR technology for WatchGuard Network and Endpoint Security products that:

Provides a UX primarily for incident responders
Displays malicious detections as incidents
Correlates events to create new malicious detections
Enables responders to respond on-demand or configure automated responses to malicious detections and abnormal behaviors
Has service provider capabilities including aggregated dashboards, automation templates, and email notifications

ThreatSync provides extended detection capabilities by correlating data from different WatchGuard security products that indicate the presence of threat actors in the organization. By using multiple products and correlating activities monitored from different security products, ThreatSync scores and detects malicious scenarios that could be indicators of compromise (IoCs), enabling mean-time-to-detect (MTTD) reduction and swift containment of the impact, severity, and scope.

How do I get ThreatSync?

ThreatSync is a WatchGuard unified security feature included by default with any Firebox Total Security Suite (TSS) subscription and WatchGuard Endpoint Protection, Detection and Response (EPDR) and Endpoint Detection and Response (EDR) products. The more WatchGuard products you have, the more visibility and expanded XDR features you gain access to. And deployment is as easy as it gets. You simply browse to a ThreatSync page and click Enable to get ThreatSync to start using the products you already own.

What about TDR?

With the arrival of ThreatSync as the WatchGuard Cloud service that correlates network and endpoint data to detect new malicious activity, it is time to start to phase out the use of Threat Detection and Response (TDR). We recently released EDR Core as a replacement for the TDR Host Sensor to provide you with equivalent or superior capabilities to those you have with Threat Detection and Response today. In conjunction with that release, we will mark specific Threat Detection and Response features end-of-sale and end- of-life.

Here is the full schedule for this transition:

Event	Date
End-of-support for legacy Firebox logging to TDR (logging not through WGC Firebox Visibility)	9 March 2023
End-of-life for AD Helper	9 March 2023
End-of-sale for TDR Host Sensor Add-on Packs	30 April 2023
End–of-life for TDR	30 September 2023

Find out more For more information about ThreatSync, go to About ThreatSync in the Help Center.

EDR Core (TDR Host Sensor replacement) now available with migration!

Ricardo Arroyo — Thu, 23 Feb 2023 07:54:33 -0800

What’s new:

WatchGuard is excited to announce the general availability of EDR Core and the associated migration tool. The release of EDR Core further realizes our Unified Security vision by providing TDR functionality using Panda technology and the WatchGuard Cloud native XDR solution, ThreatSync (currently in Beta). Highlights of the new improvements based on WatchGuard Endpoint Security functionality include:

Improved Threat Intelligence and Heuristics
Improved Anti-tampering protection
Contextual Detections and Anti-exploit technology (for fileless malware)
Indicators of Attack (visible in ThreatSync only)

Does this affect me?

EDR Core licenses are included with every Total Security Suite license with a WatchGuard Firebox. All accounts with existing TDR Host Sensor licenses now have equivalent EDR Core licenses added in WatchGuard Cloud.

How do I upgrade?

We have provided a migration tool that facilitates the transition from the TDR Host Sensor to EDR Core. The tool is available from the Administration menu in WatchGuard Cloud. After you follow the prompts on the screen and click Upgrade, all your TDR Host Sensors will automatically upgrade to the WatchGuard Endpoint Agent the next time they connect to the cloud. All accounts can use TDR Host Sensors and EDR Core simultaneously, during migration.

Upgrading to a WatchGuard Endpoint Security product later will be easy because the agent used for EDR Core is the same as other WatchGuard Endpoint Security products. Simply activate a license for the new Endpoint Security product and the WatchGuard Cloud UI will automatically convert to the new product. There is no need to redeploy the agent.

Find out more

For more information, please refer to the Introduction to EDR Core document, the EDR Core documentation in WatchGuard Help Center and the EDR Core FAQ.

Contact
For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

ACTION REQUIRED: TDR Host Sensor automatic upgrade to version 6.0.5.9812

Ricardo Arroyo — Fri, 10 Feb 2023 11:10:18 -0800

Dear Valued Partners,

Starting 13 February 2023, the TDR Host Sensor will upgrade to version 6.0.5.9812 to make sure it can continue to communicate with the cloud. If a Host Sensor does not upgrade to the latest version by 22 February 2023, the Host Sensor will stop communication with the cloud. If this occurs, TDR will no longer perform detections and responses, and ransomware hash lists will not update for new threats.

What should you do?
The upgrade will be done automatically, so you only have to make sure your computers with Host Sensors installed are online to perform the automatic update to version 6.0.5.9812. If you need to install the latest Host Sensor version manually, you can download it from the Software Downloads page (https://software.watchguard.com/).

What are the next steps?
We will soon release a WatchGuard Cloud feature that enables you to migrate TDR Host Sensors to WatchGuard EDR Core, which supports the new ThreatSync service. If you want to run this migration but do not first upgrade your Host Sensors to the latest version, they cannot contact the cloud to update to EDR Core after 22 February 2023.

Please contact your WatchGuard Sales team if you have any additional questions about this upgrade. We will continue to communicate more information as we get closer to the release date.

The WatchGuard Team

Fireware v12.9 Update 1

Ben Brobak — Wed, 25 Jan 2023 14:06:56 -0800

Fireware 12.9u1

WatchGuard has posted a new maintenance update for Fireware 12.9. This update addresses several issues that have been resolved since the original 12.9 release, including an issue affecting SSLVPN connections to the Firebox from internal networks, as well as a disconnection from WatchGuard Cloud from devices that previously connected successfully. See details in the Release Notes for a full list of enhancements and resolved issues in this release.

Does this release affect me?

Fireware 12.9u1 is available for:

T Series: T20, T40, T55, T70, and T80
M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800
Firebox NV5, FireboxV and Firebox Cloud

How to upgrade

Contact

Fireware 12.9 Available Now

Kirk Jensen — Thu, 15 Dec 2022 12:11:42 -0800

Fireware 12.9

This release resolves several issues and includes the following enhancements:

Multi-factor authentication (MFA) support for the WSM Management Server
Client certificate authentication support for LDAPS
Split tunneling support for Mobile VPN with IKEv2
New configurable DNS Forwarding policy
Updated user interface for endpoint enforcement
Streamlined identification of spamBlocker false positives and false negatives
Updated WatchGuard IPSec Mobile VPN Client for Windows (64-bit) software

Please look at the Release Notes for a complete list of enhancements and resolved issues.

Which products are affected by this release?

T Series: T20, T40, T55, T70, and T80
M Series: M270, M290, M370, M390, M400, M440, M500, M590, M690, M4600, M4800, M5600, and M5800
Firebox NV5, FireboxV, and Firebox Cloud

Upgrade Process

Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The most straightforward approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center.

Contact

Fireware 12.8.2u1 Available Now

Ben Brobak — Mon, 17 Oct 2022 10:00:00 -0700

Fireware 12.8.2u1

This maintenance release updates the version of OpenSSH used by the Firebox to version 9.0p1s, resolves an issue that prevented VPN tunnels to AWS from recovering following a FireCluster failover, and addresses an issue where addresses configured in Blocked Sites Exceptions could be blocked if triggered immediately following a reboot. See details in the Release Notes for a full list of enhancements and resolved issues in this release.

Does this release affect me?

Fireware 12.8.2u1 is available for:

T Series: T20, T40, T55, T70, and T80
M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800
FireboxV and Firebox Cloud

How to upgrade

Contact

Enabling MSPs in WatchGuard Cloud with Service Provider-level Firmware Upgrade

Mike Deichman — Thu, 01 Sep 2022 11:02:25 -0700

WatchGuard Cloud allows Managed Service Providers (MSPs) the ability to allocate and manage their WatchGuard devices to their customers with simplicity and ease. With our recent post about Fireware 12.8.1's release, it's time to re-introduce and extremely useful feature in WatchGuard Cloud. Back in January, we brought forward the ability to view and update firmware for all WatchGuard devices, Fireboxes and Access Points, which are managed under the MSP umbrella to add to that simplicity.

This page should be familiar for those already using firmware upgrades in WatchGuard Cloud. On the Overview level, devices are listed with the account they belong to. Access Points, Fireboxes, and Firebox Cluster devices are accessible here, and the list can be filtered as desired.

Clicking "Upgrade Firmware" provides the same firmware upgrade experience as the Subscriber/Account level, and now the ability is available to select or deselect all devices under specific accounts.

MSPs no longer need to go down the line on each subscriber account, one at a time, to upgrade the firmware for the devices which makes this capability a great time saver for our partners!

Test Drive WatchGuard Cloud!
Explore our free online demo to see how easy it is to manage and report on AuthPoint, Threat Detection and Response, WatchGuard Firebox, and so much more.

Keep Up with What's New in WatchGuard Cloud
WatchGuard regularly updates and improves on the WatchGuard Cloud platform. To learn more about the developments to WatchGuard Cloud, please refer to our resources: "What is New In WatchGuard Cloud" presentation and most recent Release Notes.

Contact
For Sales or Support questions, feel free to explore WatchGuard's support page. When contacting WatchGuard's Technical Support, please have the registered appliance Serial Number or Partner ID available

Fireware 12.8.2 and 12.5.11

Ben Brobak — Thu, 25 Aug 2022 16:44:34 -0700

Fireware 12.8.2

This maintenance release includes support for a new 8x1Gb copper network module, resolves an issue that caused traffic to stop on M390, M590, and M690 appliances, and addresses other issues fixed since previous releases. See details in the Release Notes for a full list of enhancements and resolved issues in this release.

8x1Gb Copper Network Module

In addition to the resolved issues, Fireware 12.8.2 adds support for a new 8x1Gb copper network module (WG9022) for Firebox M290, M390, M590, and M690 models. This module provides additional port density for those in need of up to 8x additional interfaces on these Firebox models.

Fireware 12.5.11

This release updates the version of the SSLVPN client available for download from the Firebox to v12.7.2 of the Mobile VPN with SSL Client software and provides support for windows 11 in the IKEv2 client profile, and includes an important security update for advisory WGSA-2022-00020. See details in the Release Notes for a full list of resolved issues in this release, and for information on security updates in these releases review the advisories at psirt.watchguard.com.

Does this release affect me?

Fireware 12.8.2 is available for:

T Series: T20, T40, T55, T70, and T80
M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800
FireboxV and Firebox Cloud

Fireware v12.5.11 applies to:

Firebox T10, T15, T30, T35, T50, M200, and M300

How to upgrade

Contact

Dimension 2.2.1 is now available

Ben Brobak — Mon, 25 Jul 2022 16:00:41 -0700

We are pleased to announce the availability of WatchGuard Dimension 2.2.1. This maintenance release is now available from the Software Download Center, together with Release Notes and update instructions. WatchGuard Dimension 2.2.1 provides the following fixes:

General

An issue where the system root partition filled with backup data has been resolved.

Logging and Reporting

We've resolved invalid UUID errors when threat information is retrieved from the APT service.

Security

OpenSSL has been updated to v1.1.1n to address CVE-2022-0778 and CVE-2020-1971.
The Dimension web server now supports HSTS headers and TLS v1.2 as the minimum protocol version.
Fixes a jquery-ui v1.9.2 vulnerability to address CVE-2010-5312 and CVE-2012-6662.

See details in the Release Notes for issues addressed in these releases, and for information on security updates in these releases review the advisories on our PSIRT page.

WatchGuard’s Product Security Incident Response Team (PSIRT) recently launched our public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as WatchGuard’s investigations into industry-wide security issues that may impact our products or services.

Does this release pertain to me?

This release applies to all users of the WatchGuard Dimension network security visibility solution. We recommend that any administrators using WatchGuard Dimension upgrade their solution to 2.2.1 to take advantage of the security improvements available in the release.

Software Download Center

Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Cente r.

Contact Us

Please contact the WatchGuard team if you have any additional questions about Dimension 2.2.1. We're happy to help.

Fireware 12.8.1, 12.5.10, 12.1.4, and Mobile VPN client releases

Ben Brobak — Fri, 08 Jul 2022 10:13:48 -0700

Fireware 12.8.1, 12.5.10, 12.1.4, and Mobile VPN client releases
WatchGuard has posted maintenance releases for Fireware 12.8.1, and earlier branches, 12.5.10 and 12.1.4. These maintenance releases include some minor enhancements, address issues fixed since previous releases, and also include important security updates. See details in the Release Notes for issues addressed in these releases, and for information on security updates in these releases review the advisories on our PSIRT page.

WatchGuard’s Product Security Incident Response Team (PSIRT) recently launched our public PSIRT page to provide a consolidated resource where network administrators can find advisories and information about security vulnerabilities in WatchGuard products, as well as WatchGuard’s investigations into industry-wide security issues that may impact our products or services.

Tor Exit Node Blocking
In addition to the resolved issues, Fireware 12.8.1 and 12.5.10 provides the capability to block inbound traffic from Tor Exit Nodes. If your configuration has Botnet Detection enabled, after you upgrade to Fireware 12.8.1 or 12.5.10, Tor Exit Node Blocking is enabled in all policies by default. More information about using Tor Exit Node Blocking can be found in our product documentation.

WatchGuard IPSec Mobile VPN Clients
For users of the WatchGuard Mobile VPN Clients, v15.04 is available for installation on Windows 10 and 11 (up to and including 21H2), as well as v4.61 available for macOS 11 (Big Sur) and macOS 12 (Monterey). New features and issues addressed in these updates are included in the release notes for the Fireware.

Does this release affect me?
Fireware 12.8.1 is available for:

T Series: T20, T40, T55, T70, and T80
M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800
FireboxV and Firebox Cloud

Fireware v12.5.10 applies to:

Firebox T10, T15, T30, T35, T50, M200, and M300 (Release Notes)

Finally Fireware 12.1.4 is also provided for:

XTM 800, 1500, 2500, and XTMv (Release Notes)

WSM 12.8.1 is available for management of Fireboxes running Fireware 12.8.1, 12.5.10, and 12.1.4.

How to upgrade
Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center.

Supported Operating Systems for WSM

Ben Brobak — Fri, 10 Jun 2022 10:49:41 -0700

Supported Operating Systems for WatchGuard System Manager (WSM)
To determine when WatchGuard ends support for an operating system our applications run on, we follow the support lifecycle of the operating system vendor. This post provides detail on how Microsoft's lifecycle affects this policy.

In the release notes of Fireware 12.8, WatchGuard identified that the supported operating systems for WSM and Management Server software will follow Microsoft’s Mainstream Support end dates for Windows and Windows Server. When Mainstream Support ends for these operating systems, WSM and Management Server will no longer support them in the next feature release.

Historically, we followed Microsoft’s Extended Support end dates for Windows and Windows Server operating systems, but this limited the ongoing updates we could make to WSM Client and Management Server software. By following the Mainstream Support end dates for these fixed lifecycle products, we can make updates that are not limited by the legacy development tools needed to support operating systems that no longer receive feature updates from Microsoft.

For more information see the Microsoft Fixed Lifecycle Policy.

How does this affect currently supported operating systems?
WSM 12.8 and 12.8.x maintenance releases will continue to support currently-supported operating systems that previously ended Mainstream Support. This includes these operating systems which previously ended Mainstream Support:

Windows 8 - 12 Jan 2016
Windows 8.1 - 9 Jan 2018
Windows Server 2012 - 9 Oct 2018
Windows Server 2012 R2 - 9 Oct 2018
Windows Server 2016 - 11 Jan 2022

Future feature releases for WSM, such as 12.9 and higher, will no longer support these operating systems.

WSM will continue to support these operating systems through their Mainstream Support end dates:

Windows 10 – Final retirement 14 October 2025
Windows 11 – Final retirement not announced. 21H2 supported by Microsoft through 8 October 2024.
Windows Server 2019 – Supported through 9 January 2024
Windows Server 2022 – Supported through 13 October 2026

For more information see Microsoft product lifecycle.

Fireware Release Notes always include an Operating System Compatibility Matrix, identifying supported operating systems for features in each release.

Log, Report, and Quarantine Server deprecation

Brendan Patterson — Fri, 29 Apr 2022 09:40:31 -0700

Deprecation of older WatchGuard Server components
WatchGuard is announcing the deprecation of some older server components. WSM v12.8.x releases will still include these server components. Higher WSM releases, v12.9 and later, will include only the WSM Client and Management Server, and will not include the following:

WatchGuard Log Server
WatchGuard Report Server
WatchGuard Quarantine Server

WSM Log and Report servers have served well since their introduction in Fireware 10, but they no longer represent the best options available to our customers. WatchGuard now provides superior logging and reporting solutions. WatchGuard Cloud, our cloud-based visibility solution, includes 30 days log and report storage with Total Security Suite. Dimension is available on VMware and Microsoft Hyper-V for those customers that want to maintain an on premises log and report server.

The Quarantine Server no longer aligns well with the email services our customers deploy and operate today, such as Office 365 and web-based email solutions. Customers can continue to use the quarantine server on existing installations, and the Fireware OS will keep the option to send email to quarantine.

WatchGuard continues to actively develop and support the WSM Management Server. The recent v12.8 release include new features to support management server templates for SD-WAN.

Fireware v12.8 Update 1

Brendan Patterson — Mon, 25 Apr 2022 08:52:41 -0700

Key points:
WatchGuard has posted a new maintenance update for Fireware v12.8. Update 1 includes several issues that have been fixed since the original 12.8 release. It also includes an update to the OpenSSL version to address CVE-2022-0778. See details in the Release Notes.

Does this release affect me?
Fireware 12.8 Update 1 is available for:

T Series: T20, T40, T55, T70, and T80
M Series: M290, M390, M590, M690, M270, M370, M400, M440, M470, M500, M570, M670, M4600, M5600, M4800, and M5800
FireboxV and Firebox Cloud

How to upgrade
Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems (also works across multiple subscriber accounts). You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center.

New Fireware v12.8 Releases for Fireboxes

Kayla Myrhow — Mon, 21 Mar 2022 09:00:00 -0700

The latest release of Fireware v12.8 for Fireboxes delivers various enhanced features. Find out more about the release in the 12.8 Release Notes and What’s New in 12.8 Presentation.

Key Features include:

Networking:

SD-WAN Load Sharing: SD-WAN actions enables you to share traffic load across multiple SD-WAN interfaces. You can use this feature to distribute load across multiple ISPs or lines.
SD-WAN Actions in Device Configuration Templates: Management Server device configuration templates now support SD-WAN actions. This makes it easy to apply SD-WAN actions to multiple devices.
Support for IPv6 traffic in Bridge Mode
Firebox Cloud can now apply firewall policies to traffic that arrives and leaves by the same interface, enabling east-west inspection of traffic.

VPN:

Mobile IKE for IKEv2: This enables the Firebox to use the original VPN tunnel when a mobile device moves from one network to another. Also keeps VPN connections active to minimize reauthorization of MFA.

Do these releases affect me?

Fireware 12.8 is available for:

T Series: T20, T40, T55, T70, and T80
M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800
FireboxV and Firebox Cloud

Action for Partners and Customers: Install the new version of Fireware 12.8! Upgrade to ensure your WatchGuard deployment is leveraging the best power, speed, reliability, and security available today.

How to upgrade

Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. HA Cluster pairs are now supported for upgrade from WatchGuard Cloud too. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center.

Contact

Detection and Remediation for Cyclops Blink State-Sponsored Botnet

Brendan Patterson — Wed, 23 Feb 2022 06:48:16 -0800

Working closely with the FBI, CISA, DOJ, and UK NCSC¹, WatchGuard has investigated and developed a remediation for Cyclops Blink, a sophisticated state-sponsored botnet, that may have affected a limited number (estimated at ~1%) of WatchGuard firewall appliances. WatchGuard customers and partners can eliminate the potential threat posed by malicious activity from the botnet by immediately enacting WatchGuard’s 4-Step Cyclops Blink Diagnosis and Remediation Plan. It is critical for all customers, whether infected or not, to upgrade the appliance to the latest version of Fireware OS.

Scope of Potential Impact:

Based on our own investigation, an investigation conducted jointly with Mandiant, and information provided by the FBI, WatchGuard has concluded the following:

Based on current estimates, Cyclops Blink may have affected approximately 1% of active WatchGuard firewall appliances; no other WatchGuard products are affected.
Firewall appliances are not at risk if they were never configured to allow unrestricted management access from the internet. Restricted management access is the default setting for all WatchGuard’s physical firewall appliances.
There is no evidence of data exfiltration from WatchGuard or its customers.
WatchGuard’s own network has not been affected or breached.

Detecting, Remediating, and Preventing Cyclops Blink Infection:

WatchGuard, supported by the FBI, CISA, NSA², and the UK NCSC, recommends that all customers immediately enact the 4-Step Cyclops Blink Diagnosis and Remediation Plan available here. The plan outlines simple and easy-to-use Cyclops Blink detection options in WatchGuard System Manager, WatchGuard Cloud, and a new Web Detector tool.

Remediation steps are only necessary if you have an infected appliance; however, the future protection steps are applicable to all customers.

Visit detection.watchguard.com to review and enact the 4-Step Cyclops Blink Diagnosis and Remediation Plan now.

Please see the joint government advisory issued by the FBI, CISA, NSA, and the UK NCSC.

Our corporate blog post includes additional information and updates about the botnet.

New releases are now available to support the prevention step

WatchGuard System Manager 12.7.2 update 3 is available to support all appliances and includes the detection tool that can be run against multiple appliances. (Note: Update 3 was released on Feb 24 to resolve known issue where scan did not complete successfully against latest firmware)

Fireware 12.7.2 Update 2 (Release Notes) is available for:

T Series: T20, T40, T55, T70, and T80
M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800
FireboxV and Firebox Cloud

Fireware 12.5.9 Update 2 (Release Notes) for:

Firebox T10, T15, T30, T35, T50, M200, M300

Fireware 12.1.3 Update 8 (Release Notes) for:

XTMv, 850, 860, 870,1520, 1525, 2520
XTM 25, 26, 33, 330, 515, 525, 535, 545, 810, 820, 8301050, 2050 – Given the criticality of the issue, WatchGuard has also released a build for appliances that are now past End of Life. Customers still running these appliances may upgrade to this build with an expired support license.

How to upgrade

The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems, even for systems managed in WSM. Admins may also download the applicable packages from the WatchGuard Software Download Center.

Contact

For Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

¹ Federal Bureau of Investigation, Cybersecurity and Infrastructure Security Agency, Department of Justice, and UK National Cyber Security Centre.
² National Security Agency

New Fireware update releases

Brendan Patterson — Mon, 03 Jan 2022 09:31:08 -0800

In our last blog post of 2021, Corey shared 5 cybersecurity New Year's resolutions. Now is a great time to put one of those into practice: update to the latest version of Fireware!

WatchGuard has posted new maintenance updates for Fireware 12.7.2 and earlier branches, 12.5.9 and 12.1.3. WatchGuard is moving away from providing customer specific (CSP) builds, and we prefer to issue generally available update releases that are provided to all for download.These releases include fixes to resolve internally detected security issues that were found by our engineers.

Do these releases affect me?
Fireware 12.7.2 Update 1 (Release Notes) is available for:

T Series: T20, T40, T55, T70, and T80
M Series: M270, M290, M370, M390, M400, M440, M470, M500, M570, M590, M670, M690, M4600, M5600, M4800, and M5800
FireboxV and Firebox Cloud

WatchGuard has also released Fireware 12.5.9 Update 1 (Release Notes) for:

Firebox T10, T15, T30, T35, T50, M200, M300.

And there is also Fireware 12.1.3 Update 7 (Release Notes) for:

XTMv, XTM 25, 26, 33, 850, 860, 870,1520, 1525, 2520

How to upgrade
Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. HA Cluster pairs are now supported for upgrade from WatchGuard Cloud too. You can also upgrade individual systems directly from within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center.

Five Cybersecurity New Year’s Resolutions You Can Achieve Today!

Corey Nachreiner — Tue, 21 Dec 2021 09:00:00 -0800

The beginning of a new year marks a time of reflection and planning, and for making New Year’s Resolutions. Unfortunately, many resolutions are quickly forgotten once post-holiday life gets busy. At WatchGuard, we’d like to help you make and keep five important cybersecurity resolutions that you can complete today, and let you focus on the rest of your resolutions. Doesn’t it feel great to cross some resolutions off your list right away!

Five cybersecurity resolutions you can cross off your list today!

Close firewall management interfaces to the internet. It is very common to want to manage your Firebox remotely, and you can do this securely. However, exposing your Firebox management interfaces to the internet is not an industry best practice, and is not recommended by WatchGuard either. Use this Knowledge Base article for three recommendations for enabling secure remote management.
Update to the latest version of Fireware. Start the new year right, with the latest version of Fireware (12.7.2, or the latest of whichever branch your Firebox uses) to ensure your WatchGuard deployment is leveraging the best power, speed, reliability, and security available today. Release notes can be found here.
Change your passwords (now and regularly). Another easy-to-implement industry best practice is to change your passwords regularly. On Secplicity.org, we all too frequently cover breaking news regarding data breaches involving stolen credentials, and how those stolen credentials are utilized by adversaries. Using strong credentials, and changing them often, helps prevent lost or stolen credentials from being useful to the bad guys. You should equally follow this advice on your hardware appliances, for example regularly changing your Firebox credentials.
Implement Multi-factor Authentication (MFA). Using strong passwords, and changing them regularly, is a vital step, but you should also consider adding MFA, too! Implementing MFA to verify identities renders lost or stolen user credentials worthless to adversaries.
Read our 2022 Predictions! In this year’s Cybersecurity Predictions, the WatchGuard Threat Lab suits up at the news desk to update you on the top security-related headlines that we could see in 2022. Watch to learn how hackers might target space, what will happen with cyber insurance, Zero Trust, and more! You can find them here.

LTE Module Now Available for WatchGuard Firebox T80

Stephen Helm — Thu, 12 Aug 2021 08:53:22 -0700

With a growing demand for connectivity to Cloud-based applications and services, the need for multiple connection options is higher than ever. Network environments are getting more diverse with a vast array of options to choose from. WatchGuard’s expandable network modules offer room to grow for the future. If the need for more network ports into the Firebox grows, you don’t have to do a costly rip-and-replace. Network administrators can simply add a new module to the existing appliance to increase port density.

WatchGuard continues to expand connection options for our Firebox appliances. With the addition of the T80 LTE Module from WatchGuard, customers can leverage the integrated LTE connections to be sure they can stay connected to the applications and services they need to run their businesses.

Key Features:

Easily integrate LTE connectivity without adding a new appliance
Adds additional Internet option for failover
Minimizes risk of Internet outages
Works with a variety of cell vendors
Simplified management to a single gateway appliance

Contact

For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance serial number or Partner ID available.

Fireware and WatchGuard Cloud Release Updates

Stephen Helm — Tue, 10 Aug 2021 09:00:00 -0700

WatchGuard has released Fireware 12.7.1 and Fireware 12.5.8. The new releases include some enhancements, important security updates, and also support some new updates to the Firebox management capabilities in WatchGuard Cloud.

Key Enhancements:

FireCluster System Actions. FireCluster is the high availability solution for WatchGuard Fireboxes and allows clustering of multiple appliances to improve network performance and scalability. Along with the new Fireware releases, you can now upgrade, reboot, and fail over your locally-managed FireCluster.

Cloud Management for Virtual Fireboxes. WatchGuard Cloud enables you to simply set up your devices, and to configure security and manage networking across multiple Fireboxes with templates. You can now manage the configuration of FireboxV and Firebox Cloud in WatchGuard Cloud with Fireware v12.7.1.

Support for Azure Active Directory for Fireware integration with Authpoint. The AuthPoint authentication server on the Firebox now supports Azure Active Directory users for Mobile VPN with SSL, Mobile VPN with IKEv2, and the Firebox Authentication Portal.

Does this release affect me?

Fireware 12.7.1 is available for:

T Series: T20, T40, T55, T70, T80
M Series: M270, M370, M400, M440, M470, M500, M570, M670, M4600, M4800, M5600, M5800
FireboxV and Firebox Cloud

Release Notes and What’s New Presentation (and webinar!) provide more details.

Fireware 12.5.8 is available for:

T Series: Firebox T10, T15, T30, T35, and T50
M Series: Firebox M200, and M300

Release Notes provide more details.

WatchGuard has also ported all applicable security updates to any XTM appliance that is still supported. Customers are recommended to continue to upgrade these old platforms to latest firmware where those appliances are still in use.

Fireware 12.1.3 Update 6 is available for:

XTM Series: XTM 800, 1500, 2500, and XTMv

Release Notes provide more detail.

WSM v12.7.1 is available to manage all supported Firebox and XTM models.

Keep Up with What’s New in WatchGuard Cloud
WatchGuard regularly updates and improves on the WatchGuard Cloud platform. To learn more about the developments to WatchGuard Cloud, please refer to the “What’s New In WatchGuard Cloud” presentation, and most recent Release Notes.

UPDATE: Legacy TDR UI no longer available as of 19 July 2021

Ricardo Arroyo — Mon, 28 Jun 2021 05:49:05 -0700

Greetings!

We would like to provide an update on the Legacy TDR UI. We will be discontinuing the Legacy TDR UI on 19 July 2021. After this date, all existing direct links to the Legacy TDR UI will be removed from the watchguard.com portal and existing bookmarks directly referencing your regional TDR will be redirected to WatchGuard Cloud.

This change requires everyone to begin using the TDR UI that is integrated in WatchGuard Cloud. Before you can manage accounts and licenses for TDR, you are required to perform a one-time migration procedure. During this migration, you will manually link an existing WatchGuard Cloud Tier-2 account to an existing TDR managed child account. When you first browse to the Migrate TDR page in WatchGuard Cloud, you are presented with a wizard explaining the migration process, step-by-step. While we suggest using the wizard to complete your migration, you can also follow the steps in this knowledgebase article. Please perform this migration as soon as possible to avoid being unable to manage your TDR Accounts.

Thank you,

The WatchGuard Product Team

New Fireware update releases

Brendan Patterson — Wed, 12 May 2021 01:06:22 -0700

Key points:
WatchGuard has posted new maintenance updates for Fireware 12.7 and earlier branches, 12.5.7 and 12.1.3. The new releases address some issues that have been fixed since the original 12.7 release. See details in the Release Notes. WatchGuard is moving away from providing customer specific (CSP) builds, and we prefer to issue generally available Update releases that are provided to all for download.

These releases also include fixes to resolve internally detected security issues. These issues were found by our engineers, and not actively found in the wild. For the sake of not guiding potential threat actors toward finding and exploiting these internally discovered issues, we are not sharing technical details about these flaws.

Does this release affect me?
Fireware 12.7 Update 1 is available for:

T Series: T20, T40, T55, T70, and T80
M Series: M270, M370, M400, M440, M470, M500, M570, M670, M4600, M5600, M4800, and M5800
FireboxV and Firebox Cloud

WatchGuard has also released Fireware 12.5.7 Update 3 for:

Firebox T10, T15, T30, T35, T50, M200, M300. (Release Notes)

And there is also Fireware 12.1.3 Update 5 for:

XTMv, XTM 25, 26, 33, 1520, 1525, 2520 (Release Notes)

Fireware and Authpoint: The power couple.

Brendan Patterson — Tue, 27 Apr 2021 12:33:41 -0700

Fireware 12.7 is now generally available, with a new simple integration between Authpoint and the Firebox. This new integration of two key products in the WatchGuard portfolio makes it easier to set up strong multi-factor authentication for VPNs through the Firebox. Security and convenience make this bundle a powerful tool for zero-trust implementations.

Direct Integration with Authpoint
We can’t trust passwords. They can be shared. Written down. Captured. Guessed. Cracked. Stolen. 80% of breaches involve lost or stolen credentials. Systems should be secured with strong authentication that requires more than one factor. The Firebox has been able to use Authpoint for MFA previously but the new direct integration with WatchGuard Cloud in Fireware 12.7 makes it simpler to setup and configure, since a Radius server is no longer required.

Find out more about the release in the What’s New presentation and the Release Notes.

Other key points:
Fireware 12.7 includes other notable new features:

Automatic updates of HTTPS exceptions. WatchGuard can add new entries to the general exception list without requiring firmware updates.
802.1p marking for VLAN interfaces, which is often required by ISPs to set up Quality of Service on internet connections.
APT Blocker HTTP proxy server settings: Allows use of APT Blocker in environments where HTTP traffic is going through a general proxy server
APT Blocker control over pdf files: Enables admins to have more granular control of file types sent to cloud.
DHCP lease counts - Provides more information so that the admin can understand the current network status.

Does this release affect me?
Fireware 12.7 is available for:

T Series: T20, T40, T55, T70, and T80
M Series: M270, M370, M400, M440, M470, M500, M570, M670, M4600, M5600, M4800, and M5800
FireboxV and Firebox Cloud

WatchGuard has also released Fireware 12.5.7 Update 2 for:

Firebox T10, T15, T30, T35, T50, T55, T70, M200, M300.

Update 2 includes a new SSL version to address vulnerabilities, CVE-2021-3449 and CVE-2021-3450, that is also included in v12.7. Release Notes have full detail.

How to upgrade
Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. Individual systems can be upgraded directly from within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center.

New Fireware releases available

Brendan Patterson — Wed, 07 Apr 2021 15:21:04 -0700

WatchGuard has posted new maintenance releases in the Software Download Center. These updates introduce several key bug fixes, as well as ongoing improvements to support Firebox configuration from WatchGuard Cloud. Release Notes provide details of all the resolved issues (link in version name below).

Fireware 12.5.7 Update 1 is available for:

T Series: T10, T15, T30, T35, T50, T55, and T70
M Series: M200 and M300

These appliances (except T55 and T70) will not be capable of running v12.7 and subsequent new feature releases. For more information, see this Knowledge Base article.

Fireware 12.6.4 Update 1 is available for:

T Series: T20, T40, T80
M Series: M270, M370, M400, M440, M470, M500, M570, M670, M4600, and M5600
FireboxV and Firebox Cloud

Note that Fireware v12.7 is currently in Beta and expected to release later in April. It includes a similar set of bug fixes along with many new features, including a simple integration between Authpoint and Fireware. Find out more, and sign up to participate in the Beta here.

Use WSM v12.6.4 to manage Fireboxes that run Fireware v12.5.7 or v12.6.4.

How to upgrade
Firmware upgrades are included at no charge with active WatchGuard support subscriptions. The easiest approach is to use WatchGuard Cloud to schedule upgrades for one or many systems. Individual systems can be upgraded directly from within the WebUI. Admins may also download the applicable packages from the WatchGuard Software Download Center.

Legacy TDR UI no longer available as of 1 July 2021

Ricardo Arroyo — Thu, 01 Apr 2021 10:35:42 -0700

Greetings WatchGuard Partners and customers!

Earlier this year, I shared the exciting news that TDR is now integrated with WatchGuard Cloud. Partners and customers migrated their existing accounts to WatchGuard Cloud with very positive reviews.

Now I want to inform you that WatchGuard will retire the legacy TDR UI on 1 July 2021. All TDR management going forward must be performed in WatchGuard Cloud.

Before you can manage accounts and licenses for TDR in WatchGuard Cloud, you must perform a one-time migration procedure. During this migration, you will manually link an existing WatchGuard Cloud Tier-2 account to an existing TDR managed child account. When you first navigate to the Migrate TDR page, you are presented with a wizard explaining the migration process, step-by-step. You can also follow the steps in this knowledge base article to complete the migration.

Remember, after 1 July 2021 you will no longer be able to use the legacy TDR UI to manage TDR accounts and licenses. The sooner you perform the required migration, the faster you can learn about TDR in WatchGuard Cloud.

Thank you,

The WatchGuard Product Team

DNSWatchGo for Chromebooks Beta

Ricardo Arroyo — Thu, 25 Mar 2021 12:21:02 -0700

Greetings WatchGuard Beta community! We are proud to announce the open Beta for the DNSWatchGO Chrome extension for Chromebooks. With the DNSWatchGO Chrome extension, you can extend the protection of DNSWatch to provide consistent policy enforcement and security protection when your users leave the safety of your network. Similar to the DNSWatchGO Client on Windows devices, the DNSWatchGO Chrome extension provides DNS-level protection for users with Chrome. When the Chrome browser opens a site, the Chrome extension queries the DNSWatch servers to check if the site is malicious.

To participate in this beta test, you must have:

A DNSWatchGO license (or trial license)
A Google Workspace (formerly known as G Suite) administrative account. This gives you access to the Google Admin Console where you manage Google services for people in an organization, school, or group.

At a high level, to get started:

Download the DNSWatchGO Chrome extension file from the DNSWatch web UI.
From the Google Admin Console, configure and deploy the DNSWatchGO Chrome extension.

To participate in the Beta just click here to visit the Beta Site for further instructions.

Again, we appreciate your help in beta testing this new feature. Thanks for your help in making our products better!

The WatchGuard Beta Team

Introducing WatchGuard Firebox Policy Management in WatchGuard Cloud

Stephen Helm — Thu, 11 Feb 2021 10:20:38 -0800

We are excited to announce the release of Firebox Policy Management in WatchGuard Cloud. Our goal with WatchGuard Cloud has always been to build a powerful, cloud-hosted security platform that directly supports the way MSPs do business, and our latest release takes WatchGuard Firebox management to a new level. Now WatchGuard Cloud consolidates the management of network security, multi-factor authentication, and threat intelligence to an easy-to-learn Cloud platform.

Designed for operational efficiency, policy creation and VPN deployment are a breeze with WatchGuard Cloud. Create policy templates for easy and repeatable deployment across many clients. Policies can even be built offline and scheduled for deployment when the time is right, so you can make changes and build policy in advance before spending costly time at customer sites.

10 Things to Love About Firebox Management in WatchGuard Cloud:

Increased efficiency and compliance mean you can get your Firebox up and running in minutes
Policy templates that can apply configurations to multiple appliances across multiple tiers and tenants
Streamlined configuration and deployment of security policy
Offline configuration, and the ability to schedule deployment in advance
Policy Map and Policy Usage Reports can be used for automated audits, to find active and misconfigured policies, and to free up teams
Role-based access control to ensure that only appropriate IT admins have access to Firebox rules
Less stressful and more rewarding policy management, cutting time in day- to-day operations
Easily define networks for VoIP systems or other IOT devices with intent-based network set-up
Consolidated traffic types when firewall rules cut down on the number of rules to manage
Firmware upgrades made easy from the WatchGuard Cloud platform when downloaded on schedule around the world from a Content Delivery Network (CDN)

Test Drive WatchGuard Cloud for yourself!
Try our FREE online demo and see how easy it is to manage and report on AuthPoint, Threat Detection and Response, and WatchGuard Firebox.

Keep Up with What’s New in WatchGuard Cloud

WatchGuard regularly updates and improves on the WatchGuard Cloud platform. To learn more about the developments to WatchGuard Cloud, please refer to the “What’s New In WatchGuard Cloud” presentation, and most recent Release Notes.

Contact

End of Life of old versions of spamBlocker engine

Brendan Patterson — Wed, 03 Feb 2021 09:55:13 -0800

Important spamBlocker Update
In June 2020, WatchGuard released a new version of Fireware that provided an updated spamBlocker engine which uses Cloudmark technology to replace the old Cyren engine. Response has been very positive and many customers and partners report significantly improved detection rates and fewer false positives after they upgraded to Fireware v12.5.4 or higher. We are now announcing that the old Cyren engine will be retired later this year.

Does this notice apply to me?
This notice only applies to customers that use spamBlocker. If you do not use the spamBlocker service, you do not need to read further.

Affected models: Firebox T10, T15, T30, T35, T50, T55, T70, M200, M270, M300, M370, M400, M440, M470, M500, M570, M670, M4600, M5600, FireboxV, and Firebox Cloud. All XTM models will reach end of life before WatchGuard retires the old spamBlocker engine.

Key Detail
All spamBlocker users should update to current firmware to take advantage of the improvements. By 31 July 2021, WatchGuard will retire the old spamBlocker detection. To continue to get spam detection with spamBlocker, customers must upgrade to Fireware v12.5.4 or higher. If you are a spamBlocker customer and do not upgrade to Fireware v12.5.4 or higher, you will still receive all emails if the "When spamBlocker service is unavailable" setting is set to Allow in your spamBlocker configuration. However, the emails will no longer get scored for spam.

More details about what to expect on upgrade are available in this Knowledge Base article.

Software Download Center
Firebox appliance owners with active support subscriptions can download updated Fireware releases without additional charge from the WatchGuard Software Download Center, from Fireware Web UI, and now in WatchGuard Cloud.

TDR 6.0.0 is now integrated into WatchGuard Cloud

Ricardo Arroyo — Mon, 04 Jan 2021 06:27:14 -0800

We have listened to you and unification has arrived! The Threat Detection and Response (TDR) UI is now integrated into WatchGuard Cloud with the release of TDR 6.0.0. We have moved and mapped all Operator, Account, and License management into WatchGuard Cloud, while providing the familiar TDR UI directly in WatchGuard Cloud. Here are some features to look for:

Account Management - TDR will now use the accounts you create and manage from WatchGuard Cloud. You will no longer have to maintain two different account trees between WatchGuard Cloud and TDR.
Inventory Management – You can assign TDR licenses from your Service Provider account into a child Subscriber account in the same UI you use to assign AuthPoint licenses and perform all other Inventory management in WatchGuard Cloud.
Tier-2+ Operators - With the WatchGuard Cloud integration, you will now have the ability to create operators for tier-2 accounts with access to TDR.
Account Delegation - With the WatchGuard Cloud integration, you can now delegate accounts that have TDR licenses to another Service Provider.
Tier-3 TDR accounts - Because Tier-2 Service Providers are allowed to allocate inventory to their Tier-3 accounts, they will be able to allocate Host Sensors to Tier-3 accounts. TDR will be fully accessible in that Tier-3 account.
Legacy TDR UI - You will still be able to use the legacy TDR UI for all Tier-1 accounts and all Tier-2 accounts that were originally created in TDR.
TDR Host Status and Indicator Subscriber Tiles - The Host Status and Indicator tiles are the first dashboard tiles available in WatchGuard Cloud . These are the first of more tiles to come.

As exciting as this is, there are a few things all TDR users should be aware of:

All top-level Customers (Tier-1 Subscribers) can start using the integrated TDR UI Immediately.
All top-level Partners (Tier-1 Service Providers) will have to perform a one-time migration and mapping procedure. You will manually link an existing WatchGuard Cloud Tier-2 account to an existing Tier-2 TDR account. While this is not required immediately, as you can still use the Legacy UI to manage existing accounts, it is required to access a Tier-2 TDR account in WatchGuard Cloud. For more information, see this KB article.
New TDR license allocations created after creating a new Tier-2+ account in WatchGuard Cloud will not be available in the legacy TDR UI.

This is the first of many product integrations to come. We continue to work towards a vision where WatchGuard Cloud is a single pane of glass for management of all WatchGuard products.

Contact

If you experience any issues with the integration or mapping and migration process, please contact WatchGuard Support. For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered Firebox appliance Serial Number or Partner ID available.

Now Available: Firebox M4800 & M5800

Stephen Helm — Tue, 17 Nov 2020 09:59:44 -0800

We are excited to announce the availability of two new Firebox M Series appliances—M4800 and M5800, delivering top-of-the-line performance and serious security in a flexible, modular platform. With firewall throughput of up to 87 Gbps and UTM throughput up to 11.3 Gbps, the Firebox® M4800 and M5800 are our fastest Firebox appliances ever. This level of performance paired with powerful security, flexible high-port density, and affordability makes these the ideal solutions for distributed, hub-and-spoke type deployment scenarios.

Key Features:

Throughput: With firewall throughput of up to 87 Gbps and UTM throughput up to 11.3 Gbps, the Firebox® M4800 and M5800 are our fastest Firebox appliances ever.
Optional Interface Modules: Customize your port configuration to meet current needs, knowing you have the flexibility to adapt as the network evolves. This is how to future-proof your network and eliminate costly rip-and-replace scenarios.
A Clouds-Eye View of Your Network: WatchGuard Cloud Visibility provides full visibility into your network so that you can make timely, informed, and effective decisions about your network security anywhere, anytime.
Secure Remote Access Made Easy: Access Portal is a clientless VPN solution that comes standard with every M4800/M5800 and provides secure remote access to remote users. And, since the new appliances have twice as much memory, you can support even more remote RDP and SSH sessions.
Automation Core: WatchGuard Firebox M Series appliances are designed with automation to the core, allowing your IT team to do more with less. Deploy from the Cloud, update signatures, detect and kill malware, all without lifting a finger.

Visit the Firebox M4800 & M5800 page to learn more.

Contact

New Fireware releases

Brendan Patterson — Thu, 29 Oct 2020 18:11:39 -0700

WatchGuard published several Fireware releases over the last few weeks. Fireware 12.6.2 Update 3 is now available in the Software Downloads Center. This is an update release to v12.6.2, and includes both bug fixes and updates to some key components. This is the first v12.6.x release for the Firebox M series and it is maintenance update for the new Firebox T series (T20, T40, T80) appliances. The Release Notes include a comprehensive list of resolved issues and enhancements, and the What's New presentation provides a detailed description of new enhancements.

Key elements of this release:

KVM Hypervisor support: Support for the open source Linux hypervisor that provides an alternative to VMware and Hyper-V for FireboxV
Kernel update: Update to the base Linux kernel used in the Fireware operating system. This kernel update was previously released for new tabletop appliances (T20//T40/T80) with 12.6.1.
IPS engine maintenance update: New version of our IPS engine to provide improved performance for both IPS and Application Control
CSfC compliance updates: Security enhancements to prepare for upcoming Commercial Solutions for Compliance (CSfC) US federal certification

Which releases apply to me?

The new Fireware v12.6.2 release applies to Firebox T20, T40, T80 and is the first v12.6.x release for Firebox M Series (except M200 and M300), FireboxV, and Firebox Cloud appliances.

The release is not available for older Firebox models. Firebox T10, T15, T30, T35, T50, T55, T70, M200, M300. Fireware v12.5.5 Update 1 was released to provide an equivalent set of bug fixes, as documented in the Release Notes. These platforms do not yet include an update to the kernel. More details in this Knowledge Base article.

Fireware v12.1.3 Update 4 was also recently released for all XTM platforms.

The WSM v12.6.2 Update 2 release can manage all of the above Fireware versions and Firebox models.

Software Download Center

Firebox appliance owners with active support subscriptions can download updated Fireware releases without additional charge from the WatchGuard Software Download Center, from Fireware Web UI, and now in WatchGuard Cloud.

Contact

WatchGuard Cloud Introduces Enhancements for Managed Service Providers

Chloe Sabo — Mon, 26 Oct 2020 15:38:09 -0700

WatchGuard Cloud now features enhanced account management capabilities specifically designed to make the job of managing subscriber accounts and devices easier for managed service providers (MSPs).

The updated Service Provider interface allows MSPs to view and manage all of their Subscriber and Service Provider accounts from one page. This new interface saves time for Service Providers as they no longer have to pivot into the subscriber view of their managed accounts to make changes.

WatchGuard's new Service Provider interface is now aligned with the Subscriber interface and includes a new Account Manager and Top Navigation Pane.

Account Manager is located in the left pane of the WatchGuard Cloud window, and includes a list of all of an MSP’s managed accounts. A search function in Account Manager allows MSPs with high numbers of subscribers to quickly find particular accounts.

With Account Manager you can:

View/Add accounts
View/Add devices and folders

In addition to the Account Manager, the new Service Provider interface also includes an updated Top Navigation. The Top Navigation allows you to navigate between Monitor, Configure, Inventory and Administration, all while staying in the context of a selected account.

Keep Up with What’s New in WatchGuard Cloud

Contact

New in TDR 5.9.0: User-Based ThreatSync Services

Ricardo Arroyo — Tue, 20 Oct 2020 05:43:41 -0700

We are excited to announce that Threat Detection and Response has a new feature to try – user-based ThreatSync services.

Have you ever stared at your ThreatSync dashboard and wondered who continues to download and run that malicious file? You might find the file in the home directory of the user, but we all know that is not always the case. Now, you can take out the guesswork with user-based ThreatSync services!

User-Based ThreatSync Services

In TDR 5.9.0, new user pages display user information attributed to each file or process detected by the Host Sensor.

This feature includes these pages:

ThreatSync > Users – This new page displays a combined score for a user, based on the indicators attributed to that user. Only users with a threat score are displayed on this page.

Color-coded logged in indicator icons display the current status of users logged in to a computer with a Host Sensor installed.
The Indicators table displays all indicators attributed to that user.
The Hosts table displays a list of endpoint devices that the user is logged in to.

Devices/Users > Users – This new page displays all users detected by ThreatSync and their login status.

Color-coded logged in indicator icons display the current status of users logged in to a computer with a Host Sensor installed.
The Hosts table displays a list of endpoint devices that the user is logged in to.

ThreatSync > Indicators – This feature now includes a new User column to enable you to easily sort and filter indicators.

This feature is open to early access. If you would like to use this feature, in the TDR web UI, go to Settings > General and click Beta Tester. Please provide any feedback through a support case.

We are excited about this new feature and look forward to your feedback.

Thank you.

TDR Product Team

WatchGuard Cloud Introduces New Executive Summary Report

Stephen Helm — Thu, 17 Sep 2020 10:07:10 -0700

We are pleased to announce the release of the new Executive Summary Report feature in WatchGuard Cloud. The Executive Summary Report provides complete visibility into network traffic and security events, and helps boost efficiency, productivity, and profitability.

The three-page summary report provides the business intelligence that you need to support key goals:

Ensure productive use of corporate assets and time throughout the organization.
Audit compliance against acceptable usage policies for Internet usage.
Monitor protection against spyware, malware, and viruses.

WatchGuard partners can also apply custom branding to promote their brand and demonstrate value within their customer-base. The Executive Summary can also be included as a scheduled report, keeping Business Owners and Executives regularly informed of the organization’s security posture. Executive Reports are generated as PDF files than can be downloaded directly from WatchGuard Cloud by navigating in the UI from Monitor > Devices > Device Summary page.

The classic 17-page report has been renamed the Executive Dashboard Report and is now found on the Monitor > Devices > Executive Dashboard page.

Keep Up What’s New in WatchGuard Cloud

WatchGuard regularly updates and improves on the WatchGuard Cloud platform. To learn more about the developments to WatchGuard Cloud please refer to the “What’s New In WatchGuard Cloud” presentation, and most recent Release Notes.

New Beta Feature Available – Service Provider Navigation

WatchGuard Service Provider partners are invited to participate in our Beta of the new Service Provider navigation experience in WatchGuard Cloud. The Service Provider navigation presents a consistent primary navigation for accounts, making it easier for Service Providers to switch between managed accounts.

Visit the WatchGuard Beta site to register.

Contact

WatchGuard is switching Botnet Blocklist providers

Ricardo Arroyo — Tue, 07 Jul 2020 08:02:17 -0700

Greetings valued WatchGuard Partners and Customers. For those that are not aware, or even those that just need a refresher, the firebox downloads a list of known malicious Command and Control IP addresses that it blocks. This is commonly referred to as the Botnet Blocklist and is Licensed as part of RED service in the Basic Security package. As part of our commitment to provide the best security to you, a new Botnet Block list is being deployed globally on July 13th. Should you or any of your customers encounter a false positive please add the offending IP address to the Blocked Sites Exceptions list and submit a technical support case. Thank you to everyone for reading and enjoy the rest of your day.

Fireware 12.5.4 Now Available

Stephen Helm — Wed, 01 Jul 2020 08:31:56 -0700

WatchGuard has posted Fireware 12.5.4 in the Software Download Center. In addition to various bug fixes, this update introduces a new engine for spamBlocker, and TDR host sensor enforcement to permit a VPN connection via the Firebox. Full details are provided in the Release Notes, which are available here.

Key elements of this release:

Host sensor VPN enforcement. Now admins can require an active TDR host sensor and required operating system to permit mobile VPN connections back to a Firebox.
Improved spam detection efficacy. In this release we are officially transitioning the spamBlocker security service to CloudMark.
Improved SD-WAN defaults. Defaults adjusted for latency and jitter to accommodate real-world traffic scenarios.
Improved BOVPN reliability. MTU settings for BOVPN virtual interfaces to ensure reliable performance with 3rd parties.
Updated Multi-WAN Defaults. Updated default multi-WAN method to Failover, to better match recommended best practices.
Support for DYN DNS in CloudFlare.

Software Download Center

Firebox appliance owners with active support subscriptions can obtain the Fireware 12.5.4 without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

Contact

Dimension 2.1.2 Update 4 now available

Jason Vendramin — Fri, 26 Jun 2020 13:20:48 -0700

We are pleased to announce the availability of WatchGuard Dimension 2.1.2 Update 4. This maintenance release is now available from the Software Download Center, together with Release Notes and update instructions. WatchGuard Dimension 2.1.2 Update 4 provides the following fixes:

General

A warning is generated when attempting to upgrade to future versions of Dimension if the current instance is running an older Ubuntu kernel
Added support for database restores to Postgresql v11 and v12

Logging and Reporting

Most Popular Domains has been renamed Most Popular Destinations in Per Client Report
Added support for new Firebox IPS/Application ID engine
Improved IMAP proxy support in multiple reports

For a full list of resolved issues, please refer to the Release Notes in the Software Download Center. Note that Dimension 2.2 will be built using the 16.04 Ubuntu kernel. Any Dimension instance running an older Ubuntu kernel will have to redeploy the instance to upgrade to Dimension 2.2. Dimension instances currently running Ubuntu 16.04 will be able to upgrade to the upcoming Dimension 2.2 release through the upgrade mechanism within Dimension. Additional instructions will be provided with the release of Dimension 2.2.

Does this release pertain to me?

This release applies to all users of the WatchGuard Dimension network security visibility solution. It is critical that any administrators using WatchGuard Dimension upgrade their solution to 2.1.2 Update 4 to take advantage of the security improvements available in the release.

Software Download Center

Now Available: Global Exceptions API for Firebox

Sharon Li — Mon, 15 Jun 2020 10:24:47 -0700

Over the past year, we have made a lot of investment to pave the way for partners and customers to have API access to WatchGuard products. Earlier this year we released an API for AuthPoint Authentication and now we are excited to announce that live in production this week is the first Firebox Management API aimed at configuring Global Exceptions.

Global exceptions are rules that can override the current settings on the Firebox and include:

Adding to blocked sites (one of the top use cases!)
Blocked sites exceptions
Botnet exceptions
File exceptions
Geolocation exceptions
Intrusion prevention service (IPS) exceptions
WebBlocker exceptions

There are several reasons why partners and customers may be interested in having access via API, today to make any changes to Firebox configuration users need to log into and use one of our management systems, whether that is WSM, the WebUI, or WatchGuard Cloud. In certain scenarios, it would be more efficient if configuration changes can be setup from an outside platform, a couple of real examples are partners who built for end customers a mobile app or customer portal, or a MSSP tool used for remote monitoring or professional services automation. MSSP partners who need more flexibility in setting up and changing Firebox configurations, often across multiple customers can benefit from using an API by:

Making changes quickly without having to log into a WG management system
Building platforms and apps that can trigger actions through an API integration
Giving more people the ability to make low impact changes instead of submitting service desk tickets

This is only the beginning for Firebox Management APIs, in future we will bring onboard policy management as well as APIs for WatchGuard Cloud to manage account hierarchies, devices, reporting, and more.

Learn more about WatchGuard APIs by visiting our publicly available and centralized API Documentation site.

Setting up API access is available to all WatchGuard Cloud accounts and a very easy process. For a demo of all the basic API calls required to create and deploy a Global Exception, check out the video below:

Now Available: Firebox T20, T40 & T80

Stephen Helm — Mon, 08 Jun 2020 20:59:51 -0700

WatchGuard is excited to announce the release of three new Firebox T Series UTM appliances: Firebox T20, T40, and T80. These latest Firebox models provide an upgrade path for our existing Firebox T Series customers and offer faster processors and more memory. Delivering big security in a small appliance, each WatchGuard Firebox includes a complete and industry-best set of threat management solutions.

Key Features:

IntelligentAV and Access Portal are available on the T40/T40-W and T80.
Services that were previously only available on rackmount appliances now run on smaller tabletop models.
Integrated Wi-Fi (T20-W and T40-W)
The Wi-Fi capable Firebox TXX-W supports the 802.11ac Wi-Fi standard, ensuring faster speeds for your users.
Power over Ethernet - PoE+
Integrated support for PoE+ means you can avoid running separate power cables to peripheral devices like security cameras, VoIP phones or wireless access points.
SD-WAN
Firebox TXX makes network optimization easy. With integrated SD-WAN, you can decrease you use of expensive MPLS or 4G/LTE connections, while improving resiliency and performance of you network.
Optional Expansion Module (T80)
Firebox T80 includes the option to customize your port configuration with expansion modules for integrated fiber connectivity right from the appliance. Optional SFP+ expansion module is available.
Automation Core
WatchGuard Firebox T Series appliances are designed with automation to the core, allowing your IT team to do more with less. Deploy from the Cloud, update signatures, detect and kill malware, all without lifting a finger.

Fireware v12.6.1 Update 1 Released

Firebox T20, T40, and T80 were manufactured with Fireware v12.6.1, and since they left the factory, we have made several bug fixes. We recommend that you upgrade your Firebox to Fireware v12.6.1 Update 1 immediately to take advantage of important bug fixes included in this update release. Full details are provided in the Release Notes, which are available here.

Software Download Center

Firebox appliance owners with active support subscriptions can obtain the Fireware 12.6.1 Update 1 without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

Contact

Now available: Fireware 12.5.3

Brendan Patterson — Tue, 31 Mar 2020 12:08:26 -0700

WatchGuard has posted Fireware 12.5.3 and WSM 12.5.3 in the Software Download Center. These new releases introduce several key bug fixes and some new enhancements. Full details are provided in the Release Notes and the What’s New presentation. We’ve seen a huge increase in the number of people using Mobile VPN for remote access over the past few weeks, so please note that this release also includes an updated version of the SSL VPN client for Mac and Windows.

Key Updates of This Release:

Mobile VPN with SSL improvements, including the elimination of an upgrade prompt that did not apply to non admin users, along with several bug fixes.
Gateway Wireless Controller support for the AP225W wall plate access point, which is ideal for multi-dwelling unit (MDU) structures such as dorm rooms, shared office spaces, smart apartments and condos.
Trusted Platform Module (TPM) support for registration of Fireboxes to WatchGuard Cloud, eliminating the need to enter a verification code.
Web setup wizard has been enhanced to simplify RapidDeploy in environments that do not use DHCP.
Support for the latest Autotask API updates. We strongly recommend all users of the Autotask integration to read the relevant notes in the What’s New and upgrade to 12.5.3 before April 15th.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain Fireware 12.5.3 without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. If you are already running Fireware 12.5.2, you can now use WatchGuard Cloud to simply upgrade the firmware on all of your appliances.

Does this release pertain to me?
Fireware 12.5.3 is available for all Firebox T and Firebox M appliances. The Mobile VPN with SSL 12.5.3 client has also been posted for XTM appliances.

General Availability of TDR Machine Learning Enhanced Host Ransomware Prevention

Ricardo Arroyo — Fri, 27 Mar 2020 07:37:41 -0700

We are excited to announce the general availability of Machine Learning Enhanced Host Ransomware Prevention!

Ransomware authors are getting smarter and bolder. Every day they find new ways to avoid detection and steal data. TDR already protects your endpoints from devastating ransomware attacks. As ransomware attacks evolve, we must improve our ability to stop them with faster detection through machine learning.

Machine Learning for Host Ransomware Prevention

In 2018, we enhanced TDR's Detection and Response (D&R) engine with machine learning. This significantly increased our general indicator detection rate.

WatchGuard is now ready to apply those same principles to Host Ransomware Prevention (HRP). The addition of machine learning to HRP results in faster detection rates than our current detection model. With this enhancement, you will see more HRP indicators that result in remediations.

We are excited about this new feature and protecting your endpoints for years to come.

Thank you and enjoy!

TDR Product Team

TDR AD Helper Credential Disclosure Vulnerability

Ricardo Arroyo — Thu, 12 Mar 2020 17:50:49 -0700

Good morning TDR Users,

On 11 March 2020, a pen testing company, RedTeam PenTesting GMBH, disclosed a credential disclosure vulnerability in the AD Helper to exploit-db.com (link below). The disclosure states that by accessing the AD Helper web interface, a call to an API endpoint is made which responds with plaintext credentials to all configured domain controllers.

On 9 March 2020, WatchGuard released a fix for this vulnerability in AD Helper 5.8.5.10317. In this version, the offending REST endpoint no longer returns plaintext passwords. In addition, the service running the configuration UI will only be available locally through the loopback IP address (Localhost/127.0.0.1). This means that users must log in to the computer locally to access the AD Helper Configuration UI.

Please make sure your AD Helper is up-to-date and runs version 5.8.5.10317 or higher. If your AD Helper runs a lower version and cannot auto-update, you must manually update your AD Helper. If your AD Helper cannot communicate with TDR or cannot auto-update, please follow the steps at: https://watchguardsupport.secure.force.com/publicKB?type=Known%20Issues&SFDCID=kA10H000000g4mPSAQ

Additionally, if you are unable to update the AD Helper immediately, you can use firewall rules to minimize the exposure of the AD Helper to external networks, which would limit the scope of the vulnerability. While it is still a serious vulnerability, and you will want to patch quickly, most internet-based attackers should not be able to reach this web interface unless you allowed it via your firewall.

WatchGuard greatly appreciates members of the security community who find and responsibly disclose vulnerabilities in our products so that we can correct them and make our products as secure as possible. We thank RedTeam PenTesting GMBH for responsibly bringing this to our attention.

Sincerely,

The TDR PM Team

Exploit-DB Link: https://www.exploit-db.com/exploits/48203

TDR AD Helper Urgent Security Improvement

Ricardo Arroyo — Mon, 09 Mar 2020 11:57:52 -0700

Good morning TDR Users,

WatchGuard has released an AD Helper update, to be deployed immediately. This update resolves an issue found by RedTeam Pentesting GmbH and improves the security of the AD Helper. WatchGuard thanks RedTeam Pentesting GmbH for reporting this issue so that we could resolve it quickly.

In AD Helper version 5.8.5.10317 and higher, the service that runs the AD Helper Configuration UI will only be available locally through the loopback IP address (localhost/127.0.0.1). This means that users must now log in to the computer locally to access the AD Helper Configuration UI.

Please make sure that your AD Helper is up-to-date and runs version 5.8.5.10317 or higher. If your AD Helper runs a lower version and cannot auto-update, you must manually update your AD Helper.

If your AD Helper cannot communicate with TDR or cannot auto-update:

Open the AD Helper UI and copy the domain information.
Use the Windows Settings or Control Panel to uninstall AD Helper.
Log in to TDR.
Select Devices > AD Helper.
Follow the instructions to download and install AD Helper.
Open the AD Helper UI and specify the domain information you copied in Step 1.

Sincerely,

The TDR PM Team

TDR Machine Learning Enhanced Host Ransomware Prevention Beta

Ricardo Arroyo — Thu, 13 Feb 2020 11:08:16 -0800

We are excited to announce that Threat Detection and Response has a new feature to Beta test!

Machine Learning for Host Ransomware Prevention

In 2018, we enhanced TDR's Detection and Response (D&R) engine with machine learning. This significantly increased our general indicator detection rate. Machine learning enhanced Host Ransomware Prevention (HRP) is now ready for Beta test. The addition of machine learning to HRP results in faster detection rates than our current detection model. With this enhancement, you will see more HRP indicators that result in remediations.

To participate in the Beta program, click the link below and follow the instructions provided.

https://watchguard.centercode.com/key/MLHRP

Thank you!

TDR Product Team

Dimension 2.1.2 Update 3 now available

Jason Vendramin — Fri, 10 Jan 2020 11:08:50 -0800

We are pleased to announce the availability of WatchGuard Dimension 2.1.2 Update 3. This maintenance release is now available from the Software Download Center, together with release notes and update instructions. WatchGuard Dimension 2.1.2 Update 3 provides the following fixes:

General

Dimension now supports PostgreSQL versions up to v10.8.
This release resolves a PCI compliance failure due to behavior of HTTP redirect to HTTPS connection feature.
Quick Setup Wizard no longer stalls on administrator passphrase step on Hyper-V.
This release improves performance with multiple connected devices.
This release resolves a log collector memory leak issue.

Logging and Reporting

Authenticated users now correctly appear as the source for connections in HTTP and HTTPS proxy connnections.
The User Expiration time now correctly appears in local browser time zone.
The Policy Usage Report now appears in local browser time zone.
ConnectWise reports no longer fail with message Task failed: _CWReportGeneration_align_to_maxlines is not defined.
Geolocation data is now correctly included in Log Search results.
The phrase app_cat_id no longer appears in domain name or IP address fields in some Dimension reports.
This release resolves an issue that caused SMTP proxy report to show app_cat_ID=5 as the email sender.

Device Management

The Dimension no longer displays feature keys for devices after you remove them.
Your Dimension will no longer create a new entry for a resolved FQDN that is already a configured static IP address.

For a full list of resolved issues, please refer to the release notes on the Software Download Center.

Does this release pertain to me?

This release applies to all users of the WatchGuard Dimension network security visibility solution. It is critical that any administrators using WatchGuard Dimension upgrade their solution to 2.1.2 Update 3 to take advantage of the security improvements available in the release.

Software Download Center

Now Available: Fireware 12.5.2 Update 1

Stephen Helm — Thu, 26 Dec 2019 12:48:51 -0800

WatchGuard has posted Fireware 12.5.2 Update 1 in the Software Download Center. This update introduces several key bug fixes, as well as initial support for management of Firebox system tasks directly from WatchGuard Cloud. Full details are provided in the Release Notes, which are available here. Update 1 was released on December 23 to address an issue in environments with asymmetric routing. More details are about the issue are available in our knowledge base article.

Key Updates of This Release:

- Updated versions of SSL and IPSec VPN clients, SSO client support for macOS Catalina

- WebBlocker on-premises server version 1.1 – bug fixes

Software Download Center

Firebox appliance owners with active support subscriptions can obtain the Fireware 12.5.2 Update 1 without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

Download Fireware 12.5.2 Update 1 and Get Access to the Latest WatchGuard Cloud Beta

WatchGuard Cloud provides a rich set of dashboards, reports, and alerts to help you monitor your Fireboxes. In the Fireware 12.5.2 release, we’ve added many of the system management actions that are most commonly performed by system administrators:

- Firebox firmware upgrades – immediate or scheduled

- Reboot a Firebox

- Save and restore Firebox backup images

The beta is underway now! Sign up and find out more details here: https://watchguard.centercode.com/WGCloudSystemActionsBeta

Contact

General Availability of Threat Detection and Response 5.8 Features

Ricardo Arroyo — Thu, 21 Nov 2019 10:24:22 -0800

We are excited to announce that Threat Detection and Response (TDR) has some new capabilities! By popular demand, WatchGuard has made pre-configured Antivirus Exclusions a reality! Gone are the days of copying and pasting directory paths one by one into the Exclusions page. These predefined exclusion sets make it easy to add exclusions for the most common antivirus vendors.

To see these changes in the TDR Web UI, select Configuration > Exclusions. The Exclusion page now includes two tabs:

Custom Exclusions - Shows the exclusions you configured manually before version 5.8.0. Any custom exclusions you added previously still work as expected.
AV Exclusions - Shows the predefined sets of exclusions for common antivirus vendors.

In addition to the AV Exclusions feature, we have a new Host Ransomware Prevention (HRP) Visualization feature. When you view the details of an HRP Indicator that was successfully remediated, you can now view a graphical representation of the event.

If the Indicator can be graphed, you will see a new Chart button in the Additional Details pop-up of the Indicator. Click the button to open a new window. The chart is interactive, with the following capabilities:

Processes are displayed as square nodes
If the Process has Behaviors, a plus sign will display in the Process node.
Behaviors are displayed as oval nodes, and will be expanded when you click on the plus sign
Hover over any node to show details
Click on a node to highlight the node and the paths to related nodes
The Download/Export icon enables you to export the chart as an image

We hope you are as excited about this new feature as we are! Any and all feedback is always welcome!

Thank you!
WatchGuard Product Team

Fireware Maintenance Update - 12.5.1 Update 1

Brendan Patterson — Tue, 05 Nov 2019 16:34:05 -0800

Fireware 12.5.1 Update 1
WatchGuard has posted Fireware 12.5.1 Update 1 at the Software Download Center. There is no corresponding update to WSM. This maintenance update provides resolution to issues that have been reported by customers. Based on feedback from our partners, we plan to make more bug fix update releases generally available instead of providing just customer speciific patches or hotfixes. Full details are provided in the Release Notes, which are updated since the 12.5.1 GA release.

Does this release pertain to me?
Fireware 12.5 Update 1 is available for all Firebox T and Firebox M appliances.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain the Fireware 12.5.1 Update 1 without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

WatchGuard Cloud - Visibility Updates

Brendan Patterson — Tue, 05 Nov 2019 11:09:34 -0800

WatchGuard Cloud Visibility Updates
We launched WatchGuard Cloud Visibility back in April of this year, and since then WatchGuard customers have enthusiastically adopted the new platform. Our product development team has continued to add new features and enhancements over the past few months. We capture the updates each week in our WatchGuard Cloud Release Notes. Understanding that everyone is busy and won’t find time to review these closely, we will also publish regular updates here on the product blog. Some of the major highlights since we first announced General Availability are listed below:

WatchGuard Query Language: One of the great advantages of the WatchGuard Cloud platform is the fast performance and searching of the data that is stored in Elasticsearch. We’ve made it more powerful and flexible to find what you are looking for with a new query language where you can use structured search by operator to find exactly what you need.

Example: virus:eicar* and src_ip: and dst_ip:206.100.10.1

Please take a few moments to review the log search documentation (or as context sensitive help from the log search page), as this new search mechanism does differ from how search worked in on-premise Dimension.

Device Folders: Administrators can arrange their Fireboxes in folders, and then generate reports that aggregate the data across all devices in the folder – saving time by checking all device in a company or location at one time.

Firebox Alarms: The alerting system in the cloud includes alarms that have been defined on the UTM. Administrators can get email or better visibility into security events like malware detections and network attacks, or network issues like WAN failover or High Availability failover.

More Reports: Get auditors the data that they need with our HIPAA and PCI Compliance dashboards. We’ve also added the policy usage by hits or bytes, which also helps to highlight unused policies that may need to be investigated. Most recently, we have added new reports for the WatchGuard Access Portal feature.

SD-WAN Visibility: We can now show historical reports of jitter, packet loss, and latency. Allow administrators to better troubleshoot poor network connections.

Does this pertain to me?

WatchGuard Cloud Visibility is available for all Firebox appliances [running either Basic Security Suite or Total Security Suite]. Basic Security appliances come with 1 day of data retention, and Total Security appliances provide 30 days of data retention.

We recently covered these enhancements in our October partner training webinar, including a demo of each of these new features. A recording is available in the learning center.

TDR Host Sensor Kernel Driver Settings

Ricardo Arroyo — Tue, 15 Oct 2019 20:43:48 -0700

WatchGuard’s Threat Detection and Response (TDR) has been protecting your assets for more than two years. We continue to improve stability and performance while improving our detection and remediation of threats before they can cause a problem in your network.

To take full advantage of the threat detection capabilities available in TDR, we recommend that you enable the Host Sensor Kernel Driver features on all desktop and mobile devices. After extensive testing, we have determined that you will experience faster and more thorough detection and remediation for both our traditional detection and response functionality, as well as Host Ransomware Protection, if you enable Kernel Driver features.

We highly encourage you to enable the Host Sensor Kernel Driver features to improve your experience and protect your networks. Starting in December of 2018 we made these recommended settings the default for new accounts.
To optimize TDR on your network, make these changes:

Log in to the TDR Web UI as an Administrator or Analyst.
Select Settings > Host Sensor.
In the Host Sensor Driver Configuration Settings, change the following settings to ON:
- Enable Kernel Process Events
- Enable Kernel File Events
- Enable Kernel Registry Events
- Enable Kernel Kill Process Action
- Enable Kernel Delete File Action
- Enable Kernel Host Containment Action
- Enable Kernel File Handle Enumeration
Click Save.

For more information about TDR recommended settings, please visit the WatchGuard Help Center.

Now Available: Firebox T35-R

Stephen Helm — Wed, 09 Oct 2019 08:28:15 -0700

New Firebox T35-R Is a Ruggedized Appliance Built for Harsh Conditions
It’s an exciting time for product launches at WatchGuard, with the release of DNSWatchGO and Passport last week! Today I am excited to announce the release of our release of our newest Unified Threat Management (UTM) appliance. Firebox T35-R is a compact security appliance that features an industrial enclosure that is both dust- and splash-proof, and capable of operating in extreme temperatures. The ruggedized construction of Firebox T35-R means you can deploy the appliance in harsh environments without needing to build a special enclosure.

Product Details
Key Features of the T35-R are:

An IP64-Rated Industrial Enclosure – The appliance is fully dust- and splash-proof, and capable of operating in temperatures of -40 to +60 degrees Celsius, providing reliable security and connectivity that persists despite the extreme conditions often found in nontraditional network environments, and eliminating the need to build custom enclosures.
DC Power – The appliance can operate on 12v to 48v DC power, or alternatively use an optional AC power supply.
SCADA IPS Signatures – Included with WatchGuard’s Basic and Total Security Suite, the Firebox T35-R leverages these signatures to protect against known industrial control system (ICS) and SCADA threats and enable security use cases in harsh deployment environments.
Industry-leading UTM –The T35-R makes site-to-site VPN connectivity simple, reliable and manageable, and empowers administrators to confidently enable advanced security protections including APT Blocker, Threat Detection and Response, DNSWatch, IPS, Gateway AntiVirus, and more, without slowing network speeds.

Complete product details are available in the T35-R Datasheet and on the T35-R web page.

Threat Detection and Response 5.8.X Beta Refresh

Ricardo Arroyo — Mon, 30 Sep 2019 10:22:29 -0700

We are excited to announce the addition of an additional feature to the TDR 5.8.X Beta! In addition to the AV Exclusions feature currently available in Beta, we have a new Host Ransomware Prevention(HRP) capability. When you view the details of an HRP Indicator that was successfully remediated, you can now view a graphical representation of the event. If the Indicator can be graphed, you will see a new Chart button in the Additional Details pop-up of the Indicator. Click the button to open a new window.

The chart is interactive, with the following capabilities:

Processes are displayed as square nodes
Behaviors are displayed as oval nodes
Hover over any node to show details
Click on a node to highlight the node and the paths to related nodes
The Download/Export icon enables you to export the chart as an image or PDF

There is a test tool available to safely generate an HRP Indicator (available on the WatchGuard beta management site).

We are excited about this new feature and look forward to your feedback.

To participate in the beta, click the link below and follow the instructions provided.

https://watchguard.centercode.com/key/TDR58XBeta

Thank you!
TDR Product Team

Threat Detection and Response 5.8.X Beta

Ricardo Arroyo — Thu, 05 Sep 2019 09:34:53 -0700

We are excited to announce that Threat Detection and Response has a new capability to Beta over the next 6 weeks! By popular demand, WatchGuard has made pre-configured Antivirus Exclusions a reality! Gone will be the days of copying and pasting directory paths one by one into the Exclusions page.

AV Exclusions - TDR now includes predefined exclusion sets that make it easy to add exclusions for the most common antivirus tools. Any custom exclusions you added previously persist after the upgrade. To see these changes in the TDR Web UI, select Configuration > Exclusions. The Exclusion page now includes two tabs:
- Custom Exclusions - Shows the exclusions you configured manually before version 5.8.0.
- AV Exclusions - Shows the predefined sets of exclusions for common antivirus tools.

We will be rolling out additional features to the Beta as they become available. Keep an eye out for more features as new versions of TDR become available.

We are excited about this new feature and look forward to your feedback.

To participate in the beta click the link below and follow the instructions provided.

https://watchguard.centercode.com/key/TDR58XBeta

Thank you!
TDR Product Team

Fireware 12.5 Update 1

Brendan Patterson — Thu, 15 Aug 2019 12:46:46 -0700

Fireware 12.5 Update 1
WatchGuard has posted Fireware 12.5 Update 1 at the Software Download Center. There is no corresponding update to WSM. This maintenance update provides resolution to issues that have been reported by customers. Based on feedback from our partners at our recent conferences, we plan to make more bug fix update releases generally available instead of providing just customer speciific patches or hotfixes. Full details are provided in the Release Notes, which are updated since the 12.5 GA release.

Does this release pertain to me?
Fireware 12.5 Update 1 is available for all Firebox T and Firebox M appliances. We especially recommend that customers running DNSWatch upgrade to this release because of some inconsistent registration issues in the 12.5 GA.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain the Fireware 12.5 Update 1 without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

TDR 5.7 General Availability

Ricardo Arroyo — Wed, 31 Jul 2019 11:36:09 -0700

We are excited to announce that enhanced Network to Process Correlation in Threat Detection and Response is generally available! While TDR has always correlated network threats from your Firebox to an individual host, we are proud to provide the ability to correlate that same network threat to an individual process on your Windows host! This functionality enables Administrators to:

Quickly identify Windows processes that are making malicious outbound network connections.
Stop those processes before they cause any damage to your environment(s).

This feature includes the following benefits and functions:

A new Process + Network indicator type that contains all of the information you would expect to triage the threat.
Zero configuration – the feature works out-of-the-box, protecting environments immediately.
Automated integration with existing ThreatSync policies.

We hope you are as excited about this new feature as we are! Any and all feedback, as usual, is always welcome!

Thank you!

WatchGuard Product Team

Fireware 12.5 Availability

Brendan Patterson — Wed, 24 Jul 2019 01:36:36 -0700

Fireware 12.5 - General Availability
We are pleased to announce that Fireware 12.5 and the corresponding WSM 12.5 software are now Generally Available (GA) for download from the WatchGuard software download center. The Release Notes provide full details on enhancements and resolved issues. With each new feature release, we also provide a What's New presentation and webinar recording that provide a comprehensive explanation of the new capabilities. Here are some of the key highlights:

Access Portal has been updated to provide a reverse proxy support for internally hosted applications, including common Microsoft services like Outlook Web Access and Exchange. This capbility provide VPN access without requiring a client, and a convenient single sign-on portal that can provide an additional layer of multi-factor authentication.
The password override feature in webblocker is now integrated with Active Directory, allowing users to use their existing credentials when web pages are blocked.
The Warn page in Webblocker is now customizable so admins can generate messages that are specific to their organization.

Does this release pertain to me?
Fireware 12.5 is available for all Firebox T and Firebox M appliances. The Access Portal service is only available on Firebox M appliances.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain the Fireware 12.5 update without additional charge by downloading the applicable packages from the WatchGuard software download center.

Mobile DNS Protection Beta Updates!

Ben Oster — Thu, 18 Jul 2019 15:08:34 -0700

We are happy to announce a major improvement to our content filtering in our Mobile DNS Protection beta! We have integrated the categories from our WebBlocker security service into DNSWatch. You will shortly be able to leverage the granularity of 120+ categories across your protected networks and mobile clients!

For those customers already using WatchGuard’s WebBlocker service, the look and feel will be very familiar as we have worked to create an experience that mirrors the one you are used to. If you are not familiar with WebBlocker you will be treated to an updated experience allowing a more granular deployment of content filtering policies, leveraging 120+ categories!

The content filtering settings in our Mobile DNS Protection solution have been updated and any existing content filtering policies have been migrated. We do recommend that if you are using content filtering currently, you review your policies to ensure they are accurate.

We look forward to hearing your feedback on these changes and are excited to continue to drive innovation through Mobile DNS Protection! We plan to begin rolling these changes to active accounts beginning Tuesday July 23rd.

Not signed up for the beta? Check it out here.

Dimension 2.1.2 Update 2 now available

Jason Vendramin — Mon, 01 Jul 2019 11:19:05 -0700

We are pleased to announce the availability of WatchGuard Dimension 2.1.2 Update 2. This maintenance release is now available from the Software Downloads Center, together with release notes and update instructions. WatchGuard Dimension 2.1.2 Update 2 provides the following enhancements and fixes:

HTTPS traffic is now included in the Most Popular Domain, Most Active Client, and Web Activity Trend reports
In the Virus(GAV) report, the Host(HTTP) and Virus pivots now correctly show data from log messages with "virus found"
Addressed vulnerabilities for CVE-2019-11477, CVE-2019-11478, and CVE-2019-11479 related to TCP SACK Panics

For a full list of resolved issues, please refer to the release notes on the Software Download Center.

Does this release pertain to me?

This release applies to all users of the WatchGuard Dimension network security visibility solution. It is critical that any administrators using WatchGuard Dimension upgrade their solution to 2.1.2 Update 2 to take advantage of the security improvements available in the release.

Software Download Center

Fireware 12.4.1 Update 1

Brendan Patterson — Wed, 19 Jun 2019 11:07:07 -0700

Fireware 12.4.1 Update 1
WatchGuard has posted Fireware 12.4.1 Update 1 at the Software Download Center. There is no corresponding update to WSM. This maintenance update provides resolution to issues that have been reported by customers. Full details are provided in the Release Notes.

Fireware 12.5 Beta
If you are interested in new features, we also have an active public Beta underway for the new Fireware 12.5 release, which includes several new enhancements in Webblocker and a new reverse proxy capability for the Access Portal. The Firebox can now enable secure clientless VPN access to internally hosted web applications. Full details, including a What's New presentation are available at the Beta forum. Sign up today!

Does this release pertain to me?
Both Fireware 12.4.1 Update 1 and the new Beta release are available for all Firebox T and Firebox M appliances.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain the Fireware 12.4.1 Update 1 without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. The Beta release is also available from the link on the right hand side of the download pages.

Threat Detection and Response 5.7 Beta

Ricardo Arroyo — Fri, 07 Jun 2019 08:58:32 -0700

We are excited to announce that Threat Detection and Response has a new capability to beta test! While TDR has always correlated network threats from your Firebox to an individual host, we are proud to announce the ability to correlate that same network threat to an individual process on your Windows host! This functionality enables Administrators to:

Quickly identify Windows processes that are making malicious outbound network connections.
Stop those processes before they cause any damage to your environment(s).

This feature includes the following benefits and functions:

A new Process + Network indicator type that contains all of the information you would expect to triage the threat.
Zero configuration – the feature works out-of-the-box, protecting environments immediately.
Automated integration with existing ThreatSync policies.

We are excited about this new feature and look forward to your feedback!

To participate in the beta click the link below and follow the instructions provided.

https://watchguard.centercode.com/key/TDR57Beta

Thank you!

WatchGuard Beta Team

Fireware release updates

Brendan Patterson — Thu, 06 Jun 2019 11:14:02 -0700

Fireware 12.4.1
We are pleased to announce that the latest maintenance releases for the Fireware Operating System, Fireware 12.4.1 and WSM 12.4.1 are available at the Software Download Center. These maintenance releases don't include new features, but they provide resolution to many issues that have been reported by customers. WatchGuard partners and customers should review the Release Notes to see a full list of fixed issues prior to upgrading.

Fireware 12.5 Beta
We also have an active public Beta underway for the new Fireware 12.5 release, which includes several new enhancements in Webblocker and a new reverse proxy capability for the Access Portal. The Firebox can now enable secure clientless VPN access to internally hosted web applications. Full details, including a What's New presentation are available at the Beta forum. Sign up today!

Does this release pertain to me?
Both Fireware 12.4.1 and the new Beta release are available for all Firebox T and Firebox M appliances.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain the Fireware 12.4.1 update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. The Beta release is also available from the link on the right hand side of the download pages.

Dimension 2.1.2 Update 1 now available!

Julian Matossian — Mon, 13 May 2019 14:18:19 -0700

We are pleased to announce the availability of WatchGuard Dimension 2.1.2 Update 1. This maintenance release is now available from the Software Downloads Center, together with release notes and update instructions. WatchGuard Dimension 2.1.2 Update 1 updates DimensionOS to provide additional support for reporting in the Connectwise integration, as well as some bug fixes.

Does this release pertain to me?

This release applies to all users of the WatchGuard Dimension network security visibility solution. We highly recommend that any administrators using WatchGuard Dimension upgrade their solution to 2.1.2 Update 1 to take advantage of the security improvements available in the release.

Software Download Center

Fireware 12.4 Update 2 is now available

Brendan Patterson — Wed, 08 May 2019 19:53:30 -0700

Fireware 12.4 Update 2 - General Availability
We are pleased to announce that the Update 2 release for Fireware 12.4 and the corresponding WSM 12.4 software are now Generally Available (GA) for download from the WatchGuard software download center. The Update 2 release addresses some issues that were reported after Fireware 12.4 was first released in April, mostly related to HTTPS websites that failed to load correctly. The Release Notes provide full details on enhancements and resolved issues.

With each new release, we also provide a What's New presentation and recording that provide a comprehensive explanation of the new capabilities. Here are some of the key highlights:

SD-WAN for VPN and Private Lines: Extends SD-WAN benefits to more than just external WAN connections, allowing organizations to cut back on expensive MPLS connections. You can now measure loss/latency/jitter on Virtual Interface VPNs and internal interfaces.
DNSWatch in Bridge Mode: Full DNS security applied in our simplest deployment option where the Firebox does not act as a gateway.
Syslog export to two servers: Simultaneously send logs to two different syslog servers. Enables export to third party SIEM and also a local syslog server for log retention.
TLS 1.3 Support: Continued compliance and support for latest standards with full inspection of HTTPS traffic using TLS 1.3.

Does this release pertain to me?
Fireware 12.4 Update 2 is available for all Firebox T and Firebox M appliances.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain the Fireware 12.4 update without additional charge by downloading the applicable packages from the WatchGuard software download center.

Threat Detection and Response Host Sensor and AD Helper 5.6.2 and Lower End of Life

Ricardo Arroyo — Fri, 05 Apr 2019 11:25:05 -0700

In line with WatchGuard’s commitment to maintain the highest security standards for our customer data, Threat Detection and Response (TDR) will upgrade the TLS certificates used by the Host Sensor and AD Helper. From 26 June 2019, versions of the Host Sensor and AD Helper lower than 5.6.3 will no longer communicate with TDR. To ensure that your Host Sensor and AD Helper continue to function as expected, please upgrade to version 5.6.3 or higher before 26 June 2019.

The Host Sensor is the endpoint component of TDR that enables ThreatSync to detect and respond to malware in near real time. It also provides real-time protection against ransomware with Host Ransomware Prevention.

AD Helper keeps TDR synchronized with your local Active Directory server. Periodic synchronization ensures that hosts you add or remove from your Active Directory domain are also added or removed from TDR. TDR also uses the AD Helper to perform Host Sensor installations over Windows file shares. If your AD Helper does not upgrade to version 5.6.3 or higher, you will lose remote installation and Active Directory synchronization capabilities.

For most users, Host Sensors and AD Helper will have already updated to version 5.6.3 or higher automatically. If you use AD Helper infrequently, make sure you restart it before 26 June 2019 so that it can connect and automatically download and install the update.

To check your Host Sensor and AD Helper version or upgrade manually, follow the instructions in the sections below.

Upgrade Host Sensors

To check which version of the Host Sensor your hosts run:

Log in to TDR.
Select Devices > Hosts.
The Host Sensor version, host name, and last heartbeat time appear in the table.

To upgrade to the latest version of the Host Sensor:

Ensure that the Host Sensor is running on all end hosts and can successfully communicate with TDR. Your Host Sensors should auto-update.
If you have disabled auto-update, update the Host Sensor manually:
1. Log in to TDR.
2. Select Devices > Hosts.
3. Click the Update icon.
If any of your Host Sensors cannot communicate with TDR or cannot auto-update:
1. Use the Windows Settings or Control Panel to uninstall the Host Sensor.
2. Log in to TDR.
3. Select Devices > Hosts.
4. Follow the instructions to download and install the Host Sensor.

For more information on the Host Sensor, see Manage TDR Hosts and Host Sensors.

Upgrade AD Helper

To check which version of AD Helper you run:

Log in to TDR.
Select Devices > AD Helper.
The AD Helper version, installed host name, and last heartbeat time appear in the table.

To upgrade to the latest version of AD Helper:

Ensure that the AD Helper application is running and can successfully communicate with TDR. Your AD Helper should auto-update.
If you have disabled auto-update, update the AD Helper manually:
1. Log in to TDR.
2. Select Devices > AD Helper.
3. Click the Update icon.
If your AD Helper cannot communicate with TDR or cannot auto-update:
1. Open the AD Helper UI and copy the domain information.
2. Use the Windows Settings or Control Panel to uninstall AD Helper.
3. Log in to TDR.
4. Select Devices > AD Helper.
5. Follow the instructions to download and install AD Helper.
6. Open the AD Helper UI and specify the domain information you copied in a previous step.

For more information on AD Helper, see Install and Configure AD Helper.

Thank you and enjoy!

Dimension 2.1.2 Now Available!

Julian Matossian — Wed, 27 Mar 2019 12:18:07 -0700

We are pleased to announce the availability of WatchGuard Dimension 2.1.2. This maintenance release is now available from the Software Downloads Center, together with release notes and update instructions. WatchGuard Dimension 2.1.2 updates DimensionOS for longer term OS support and fixes the Connectwise integration. Other resolved issues include:

APT Malware Activity Trend schedule generates GAV Activity Trend report
Renewal of self-signed web server certificate should be transparent to end user
Dimension Server showing incorrect Server / Database Uptime status
Dimension command Configuration History edits incorrect table entry
Change Help link paths in Dimension from /11/ to /Help-Center/
Dimension PCI Compliance Report fails to be generated in Spanish Language
GeoIP database update
HIPAA Compliance Report missing IPS and GAV information

Does this release pertain to me?

This release applies to all users of the WatchGuard Dimension network security visibility solution. We highly recommend that any administrators using WatchGuard Dimension upgrade their solution to 2.1.2 to take advantage of the security improvements available in the release.

Software Download Center

Fireware 12.4 Beta Release

Brendan Patterson — Wed, 13 Mar 2019 15:36:45 -0700

Fireware 12.4 Beta
We've just posted the latest update to our Fireware 12.4 Beta release. This release, which is available for all Firebox appliances, continues WatchGuard’s commitment to building out our SD-WAN roadmap. We’ve seen very positive reaction to the features that we introduced in 12.3, and there has been lots of great feedback on 12.4 in the Beta forum so far. Some of the key highlights in 12.4 include:

SD-WAN for VPN and Private Lines: Extends SD-WAN benefits to more than just external WAN connections, allowing organizations to cut back on expensive MPLS connections. You can now measure loss/latency/jitter on Virtual Interface VPNs and internal interfaces.
DNSWatch in Bridge Mode: Full DNS security applied in our simplest deployment option where the Firebox does not act as a gateway.
Syslog export to two servers: Simultaneously send logs to two different syslog servers. Enables export to third party SIEM and also a local syslog server for log retention.
TLS 1.3 Support: Continued compliance and support for latest standards with full inspection of HTTPS traffic using TLS 1.3.

Full details on these and other features in Fireware 12.4 are available in the What’s New presentation, which is posted at the Beta site. We've been in Beta for a couple of months now, and we are getting close to a stable final release, but we'd like to hear from more people.

WatchGuard Beta Testing
By being a WatchGuard Beta tester, you get to see products in early stages of development, and your feedback will influence this release and the course of future products. Broad participation in our Beta programs also helps us to deliver high quality final releases. There are open Beta programs across 4 different product areas at the moment. You can always find out more at our Beta program page. If you've never joined a WatchGuard Beta program, this is a great time to jump in!

Fireware 12.3.1 Maintenance Release

Brendan Patterson — Mon, 04 Feb 2019 12:52:11 -0800

Fireware 12.3.1 General Availability
We are pleased to announce the General Availability (GA) of Fireware 12.3.1 and WatchGuard System Manager 12.3.1. These are maintenance releases with significant bug fixes for the Fireware OS and WSM. The Release Notes include the detailed list of resolved issues. Please read the Release Notes prior to upgrading. Note that Update 1 was posted shortly after the initial 12.3.1 posting to resolve an issue with Gateway Wireless Controller in the initial posting.

Does this release pertain to me?
Fireware 12.3.1 is available for all Firebox T and Firebox M appliances. The continued growth and expansion of the Fireware OS means it is no longer suitable for older generation appliances with more limited resources. Fireware 12.3.1 will not be available on any XTM appliances. WatchGuard is also planning to release 12.1.3 update 2 in early February to provide important bug fixes for XTM appliances.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain the Fireware 12.3.1 update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

WatchGuard Cloud Visibility now in public beta!

Julian Matossian — Tue, 11 Dec 2018 10:10:42 -0800

We are very excited to announce that WatchGuard Cloud Visibility is now in open beta! You are invited to join the beta for a pre-release view of what the platform will look like. Your feedback is valuable and will help shape important features, designs, and functionality. This is a significant release for us, so we are eager to hear what you think.

Why WatchGuard Cloud Visibility? WatchGuard Cloud Visibility quickly distills your network data into actionable insights that you can access through its 100+ dashboards and reports, bringing the rich functionality of WatchGuard Dimension into the cloud. As a cloud-hosted service, it significantly reduces the time and money you spend to deploy and maintain infrastructure for on-premises network logging and reporting.

We welcome you to connect your Fireboxes to WatchGuard Cloud Visibility and start exploring!

To participate in the beta, please click the link below and follow the instructions provided

https://watchguard.centercode.com/key/WatchGuardCloudVisibilityBeta

The benefits of connecting your Firebox include:

Insightful, actionable network security information and insights
No infrastructure to deploy
High Performance and Scalability
RapidDeploy from WatchGuard Cloud
Multi-Tier/Multi-Tenant account structure
Flexible Data Retention
Automated Notifications and Alerts
Simplified Role-based Access Control (RBAC)
Intuitive User Interface

WatchGuard Cloud Visibility requires a Firebox T-series, M-series, Firebox V, and Firebox Cloud device, running Fireware 12.0 or higher. Logging to WatchGuard Cloud Visibility will not disrupt any logging you currently have setup to other destinations like Dimension.

We look forward to hearing your feedback and using it to create an even better solution, catered specifically to your needs.

Fireware 12.3 General Availability

Brendan Patterson — Wed, 28 Nov 2018 14:07:19 -0800

We are pleased to announce the General Availability (GA) of Fireware 12.3 after a long Beta test period. WatchGuard now offers powerful SD-WAN capabilities right from the Firebox! Fireware 12.3 introduces SD-WAN dynamic path selection, a key feature of SD-WAN products that allow midsize and distributed enterprises to improve network performance, simplify management, and ultimately reduce internet costs at the branch office. Key hightlights of this release are:

New SD-WAN policy actions provide dynamic path selection, so admins can define the minimum acceptable performance levels for each connection, failing over when it drops below thresholds.
Netflow export enables viewing of traffic flow information in third party tools like Paessler and SolarWinds.
Integration with the Tigerpaw Professional Services Automation (PSA) tool. Partners can view Firebox asset and service status, with closed loop service desk ticketing.
Geo-location policy actions. Users can now vary geolocation action based on policy, allowing for less strict rules for DNS and mail.
Auto-save of backups to USB sticks enables faster recovery of systems with a local backup available on USB.
IPv6 SSO – enables names not IP addresses in Dimension reports.
WebBlocker UI updates including a global exception list to simplify the task of managing multiple webblocker actions on one or multiple Fireboxes.

Full details and many more enhancements are covered in the What's New in 12.3 presentation, and there is also a recorded webinar of this content. Please read the Release Notes prior to upgrading.

Does this release pertain to me?
Fireware 12.3 is available for all Firebox T and Firebox M appliances. The continued growth and expansion of the Fireware OS means it is no longer suitable for older generation appliances with more limited resources. Fireware 12.2.1 and subsequent releases will not be available on any XTM appliances. WatchGuard will continue to provide updates to the 12.1.x firmware versions to provide bug fixes and important security updates for XTM appliances.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain the Fireware 12.3 update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

Fireware 12.2.1 is now available

Brendan Patterson — Mon, 17 Sep 2018 00:08:34 -0700

Fireware 12.2.1 General Availability
We are pleased to announce the General Availability (GA) of Fireware 12.2.1. Full details are covered in the What's New in 12.2.1 presentation, and there is also a recorded webinar of this content. Key highlights of the release include:

Backup and Restore features have been redesigned to provide a new UI with more options, making it more dependable on tabletop Fireboxes with lower available memory.
WAN interface monitoring for Jitter, Latency, and Packet Loss enables admin to easily identify problematic WAN connections.
For partners with NFR appliances, WatchMode has been refactored for greater reliability. It now works with mirrored network traffic with VLAN tags. WatchMode enables monitoring of mirrored traffic from a switch, which is ideal for non-disruptive evaluations.

WSM 12.2.1 Update 1 is also available now, which is an update to the WSM 12.2.1 release to address a known issue. We recommend that any customers that installed WSM 12.2.1 in the last week upgrade to this release. Please read the Release Notes prior to upgrading.

Does this release pertain to me?
Fireware 12.2.1 is available for all Firebox T and Firebox M appliances. The continued growth and expansion of the Fireware OS means it is no longer suitable for older generation appliances with more limited resources. Fireware 12.2.1 and subsequent releases will not be available on any XTM appliances. WatchGuard will continue to provide updates to the 12.1.x firmware versions to provide bug fixes and important security updates for XTM appliances.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain the Fireware 12.2.1 update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

Host Containment and Artificial Intelligence: New in TDR 5.5

Julian Matossian — Thu, 13 Sep 2018 22:03:38 -0700

Host Containment

I am pleased to announce the availability of Threat Detection and Response 5.5. This release of TDR introduces a powerful new response capability, Host Containment, which enables operators to contain infected host machines. When a threat is identified, ThreatSync quickly moves to contain the host endpoint, preventing the spread of malware to other points in your network. The Host Containment feature also makes it possible to isolate machines when they are outside of your network, alleviating cases where an infected host returns “home” and unintentionally infects the network.

If you are a customer or partner using TDR today, you already have access to TDR 5.5, and can begin using the feature immediately. To get started, visit the WatchGuard Help Center to learn how to configure host sensors, and establish containment policies.

Artificial Intelligence

TDR 5.5 also streamlines the advanced threat triage capability of ThreatSync, by introducing a new artificial intelligence engine to aid in the identification and classification of files. ThreatSync uses AI to automatically analyze combinations of features to determine if a file possesses suspicious characteristics, before sending the file for further analysis in APT Blocker. This prevents truly suspicious files from going undetected and allows you to identify real threats with more confidence.

Additional Included Features

System tray notifications about relevant TDR events.
The ability to pause protection when needed.
Host Sensor auto-update control.

Want to get an early look at what’s next in TDR? Join the WatchGuard Beta program today!

WebBlocker Server version 1.0 Available for Fireware 12.2

Arthur Gordon — Thu, 30 Aug 2018 09:45:03 -0700

WatchGuard is pleased to announce the release of a new standalone WebBlocker Server that replaces and upgrades the functionality previously provided in the legacy SurfControl service. The WebBlocker Server hosted on-premises now provides the same equivalent URL categories and database as the cloud hosted server which WatchGuard customers have been using since 2013.

The WebBlocker Server is available for VMware (v. 5.x.+) and Hyper-V (for Microsoft Windows 2008 R2, 2012, or 2012 R2 64-bit) and can be downloaded by customers with a WebBlocker subscription now, August 28, 2018.

WatchGuard customers who use on-premises URL filtering today now have three options:

Upgrade to Fireware 12.2 or later and use the WebBlocker cloud service for URL filtering
Upgrade to Fireware 12.2 or later and use WebBlocker Server, which is now available to download at software.watchguard.com
Remain on current version of Fireware 12.1.x (or earlier) and leverage existing WebBlocker cloud service for URL filtering

WatchGuard is also announcing that the legacy SurfControl service will reach end of life on November 30, 2018. All URL lookups conducted against the SurfControl service after this date will return “uncategorized”. Customers can choose from one of the three migration options listed above.

Note: XTM customers will not be able to upgrade to Fireware 12.2, but can still use Fireware 12.1.x or earlier.

After the Fireware 12.2 release, support for these new features will be as follows:

On-premises WebBlocker Server will not be compatible with previous versions of Fireware 12.1.x
WSM 12.2 will not be capable of managing SurfControl settings on devices that run 12.1.x or lower

This offering for a virtual WebBlocker server helps to serve customer environments where regulatory compliance or even ISP constraints inhibit the web connections that allow WebBlocker URL filtering to function as designed through the WatchGuard UTM.

How can I get started?

Qualifying Firebox M-series and T-series appliances with active Basic Security or Total Security Subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

DNSWatch Australian Resolvers

Todd O'Boyle — Wed, 29 Aug 2018 16:08:00 -0700

In order to better support our customers in Australia and New Zealand, we are pleased to announce the availability of a DNSWatch resolver in Sydney.

Based upon your feedback and data collected from production DNSWatch, we identified a need for a resolver to service ANZ. Neither DNS nor content latency were within our target, so we have deployed this resolver to improve performance of any network protected by DNSWatch.

No action is needed on your part. Any ANZ protected firebox will automatically use the Australian resolvers.

Thank you for submitting your feedback and having patience with us as we improve our products globally. We hope that this improves your experience with the WatchGuard product line all while keeping you safer every day.

DNSWatch Introduces Protection Against DNS Rebinding Attacks

Todd O'Boyle — Thu, 23 Aug 2018 14:28:58 -0700

Despite being around for many years, “DNS Rebinding” attacks have been making headlines recently. Commodity devices (Chromecast, Roku, Sonos Speakers, and many other IoT devices) are potentially vulnerable, and while the popular ones have been patched, it’s hard to know if they all have.

This trend, combined with direct feedback from other customers, has led us to build new protections into DNSWatch to address these types of attacks.

You can enable the DNS binding protections in your DNSWatch settings. Once you enable the feature, it can take up to an hour to take effect due to DNS caching.

When enabled, any responses that would normally contain an A record for a private IP address (192.168.0.0/16, 10.0.0.0/8, 172.16.0.0/16) will instead result in an NXDOMAIN.

To confirm the rebinding protection is enabled, you can look up `local.strongarm.io`. If rebinding is enabled, it will return `192.168.1.1`. If the rebinding protection is enabled, DNSWatch will return an NXDOMAIN.

If you use an external nameserver to host intranet websites, you need to move those domains to an internal name server to protect them from DNS Rebinding attacks.

WatchGuard Dimension 2.1.1 Update 3 now available

Jason Vendramin — Wed, 08 Aug 2018 14:57:45 -0700

We are pleased to announce the availability of WatchGuard Dimension 2.1.1 Update 3. This release is now available from the Software Downloads Center, along with release notes and update instructions. WatchGuard Dimension 2.1.1 Update 3 resolves several performance and functionality issues, such as:

IPS Total Intrusions are double-counted in Subscription Service Dashboard
Totals and Averages are now displayed on Health Summary Reports
Angled brackets in email address break PDF report generation
Executive Report Top Clients PDF Report showing incorrect graph value
Changing the date in the calendar widget no longer automatically refreshes the current report
Several database optimizations to reduce the time required to generate reports

For a full list of changes implemented as part of WatchGuard Dimension 2.1.1 Update 3, please refer to the release notes.

Does this release pertain to me?

This release applies to all users of the WatchGuard Dimension network security visibility solution. We highly recommend that any administrators using WatchGuard Dimension upgrade their solution to 2.1.1 Update 3 to take advantage of the improvements available in the release.

Software Download Center

WatchGuard Dimension administrators can obtain this update by downloading the applicable packages from the WatchGuard Software Download Center.

Contact

Fireware 12.2 is now available

Brendan Patterson — Wed, 08 Aug 2018 09:31:05 -0700

Fireware 12.2 is now available
Arthur posted earlier this week about the exciting new AI technology that is now available in the Fireware 12.2 release with the new IntelligentAV service. But let’s not forget that this release includes many other new features. Many of the Beta testers had very positive feedback about the new ability to configure Geo-Blocking by Policy. Users can now set granular policies to restrict certain traffic types to or from specific countries. Other key highlights in Fireware version 12.2 include:

Firebox Cloud Management Upgrades: WatchGuard System Manager for management of multiple Firebox Cloud instances hosted on Amazon Web Services or Microsoft Azure.
TLS Proxy Protocols: Enables proxy and malware inspection for the POP3S and SMTPS (or POP3 and SMTP over TLS) mail retrieval protocols.
WebBlocker: Adds the ability to generate alerts by categories (for example, weapons, militancy and extremism).
Multiple Server Certificates: Users can now host multiple different servers and applications behind a single Firebox, each with their own proxy certificate.

You can find full details about this release in the What’s New presentation and Release Notes. Please review the Release Notes carefully before upgrading.

Does this release pertain to me?
Fireware 12.2 is available for all Firebox T and Firebox M appliances. The continued growth and expansion of the Fireware OS means it is no longer suitable for older generation appliances with more limited resources. Fireware 12.2 and subsequent releases greater than 12.2 will not be available on any XTM appliances. WatchGuard will continue to provide updates to the 12.1.x firmware versions to provide bug fixes and important security updates for XTM appliances.

Software Download Center
Firebox appliance owners with active support subscriptions can obtain the Fireware 12.2 release without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. Or simply use the WebUI to directly upgrade your firebox.

IntelligentAV is Available for Fireware 12.2

Arthur Gordon — Mon, 06 Aug 2018 09:09:41 -0700

Fileless malware and zero-day exploits are some of the most devastating threats facing small and midsize enterprise organizations today. WatchGuard IntelligentAV service provides an additional signature-less, antivirus engine to defend users against such threats and further augment the award-winning WatchGuard cybersecurity portfolio.

IntelligentAV brings more than just supervised machine learning pre-processing, or data-mining to WatchGuard’s expanding security stack, this is the first addition of machine learning directly to a network security platform. As opposed to other solutions that see a co-mingling of signature-based antivirus solutions, the WatchGuard Unified Threat Management (UTM) platform uses two forms of anti-malware scanning at the network layer: (1) signature-based behavioral detection (Gateway AntiVirus) and (2) machine-learning-based detection with IntelligentAV. This composition of dual anti-virus engines on a network gateway appliance is a transformational push to attack the rise of increasingly evasive malware that tends to bypass signature based detection.

The IntelligentAV platform was designed over a multi-year period, analyzing 1 billion+ file samples (including Microsoft Office documents, portable executables, PDFs, and Mach-O files, etc.), 20+ PB of storage, and thousands of CPU cores to develop a pure machine-learning AV engine that encompasses the following algorithms and neural network approaches:

Logistic Regression
Decision Tree Analysis
LSTM Neural Network
Convolution Neural Network
K-Means
DBSCAN Clustering

These algorithms have not only demonstrated academic success in the research field of computer-aided artificial intelligence, but have also been proven in industries that focus on identifying consumer behavior, image classification in gaming, as well as computationally intensive tasks, that were exclusively the domain of room-filling supercomputers and/or humans.

Given the climate of increasingly sophisticated cyber penetration tools and file obfuscation tools used by malicious online actors, WatchGuard is proud to deliver IntelligentAV as another crucial component of the UTM and continue to lead the industry in protection for enterprises large and small.

How can I get started?

Qualifying Firebox M-series appliances with active Total Security Subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center for Fireware 12.2.

Now Available: Firebox M270

Brendan Patterson — Thu, 02 Aug 2018 11:18:17 -0700

New Firebox M270 is the fastest entry level rack mount appliance
It's a busy time with new product launches at WatchGuard! Alex posted last week about the new Authpoint multi-factor authentication (MFA) product, and today I'm excited to announce the release of our newest Unified Threat Management (UTM) appliance. The M270 replaces the M200 as WatchGuard’s smallest rack-mounted Firebox, and it runs all of the security services offered in WatchGuard’s Total Security Suite. This includes the new IntelligentAV AI-based antivirus service which is now available in the new Fireware® version 12.2, as well as DNSWatch and Access Portal, which were introduced in the last year. Watch this blog for more detailed posts about IntelligentAV and Fireware 12.2 in the coming days.

Validated by Miercom
According to independent testing by Miercom, the M270 becomes the industry’s fastest entry-level rack-mounted appliance when running full UTM services, outperforming competitive products by up to 82%. Full details of this testing are available in the complete Miercom report, which is available to download at the WatchGuard website. Another appliance in the WatchGuard mid-range family, the Firebox M670 recently achieved the Recommended rating from NSS Labs in their annual next generation firewall group test.

Product Details
Key specs for the M270 are:

Intel Atom processors with QuickAssist Technology (QAT)
4 Gb RAM Memory
8 1 Gb Ethernet ports
Recommended in environments with up to 60 users

Complete product details are available at the M270 web page or in the M270 datasheet.

TDR 5.4 is now available

Julian Matossian — Fri, 22 Jun 2018 08:55:21 -0700

TDR 5.4 introduces two new features to improve management and security basics.

First up, this release includes a new Account Reset feature that enables Admins to reset any or all elements of a TDR configuration to default settings and remove domains, devices, and indicators from your TDR account. This feature is helpful when wanting to start from a “factory default” state or even when wanting to have a clean environment when conducting POCs or providing product demos. From a GDPR compliance perspective, this feature enables Admins to ensure organizations who want to exercise their right to be forgotten that they will be fully removed from the platform.

Additionally, this release brings a simple but necessary security feature around hardening of the Host Sensor. Regardless of how Admins and IT Departments configure their users’ laptops and workstations – i.e., providing user Admin rights or not – TDR enables Admins to directly protect the Host Sensor. TDR now provides functionality – regardless of system permissions – to control whether or not the Host Sensor can be modified or uninstalled.

Both of these new features can be centrally configured via the TDR portal.

Threat Detection and Response AD Helper 5.3.x and older End of Life

Ricardo Arroyo — Mon, 04 Jun 2018 10:58:50 -0700

In line with WatchGuard’s commitment to maintain the highest security standards for our customer data, Threat Detection and Response (TDR) will discontinue the use of TLS 1.0. Beginning on 20 June 2018, versions of the AD Helper lower than 5.4.0 will no longer communicate with TDR. To ensure your AD Helper continues to function as expected please upgrade to version 5.4.0 or higher prior to 20 June 2018.

The AD Helper keeps TDR synchronized with your local Active Directory. Hosts added or removed from your Active Directory Domain will be added or removed from TDR as periodic synchronization actions are performed. TDR also uses the AD helper to perform Host sensor installations over Windows file shares. In the event your AD Helper does not upgrade you will lose remote installation and Active Directory synchronization capabilities.

For a majority of users that have the AD Helper running constantly, your AD helper will have already updated itself automatically. If you use the AD Helper infrequently, restart it before 20 June so that it can connect and automatically download and install the update. See below for instructions on how to check the version of your AD Helper and how to manually update it.

To check what version of the AD Helper you are running:

Log into TDR
Browse to Devices -> AD Helper
The version, installed hostname, and last heartbeat time is available in the table.

To upgrade to the latest version of the AD Helper:

Ensure the AD Helper application is running and successfully communicating with TDR. Your AD Helper should auto-update.
In the event your Ad Helper is not Communicating or cannot auto-update.
1. Open up the AD Helper UI and copy the Domain information for re-entering later
2. Uninstall the AD Helper using Windows Settings/Control Panel
3. Log into TDR
4. Browse to Devices -> AD Helper
5. Follow the instructions to Download and install the AD Helper
6. Open up the AD Helper UI and re-enter in the Domain information.

For more information on the AD Helper please click here. Thank you and enjoy!

New maintenance release - Fireware 12.1.3 is now available

Brendan Patterson — Tue, 29 May 2018 11:02:36 -0700

Fireware 12.1.3 General Availability
We are pleased to announce the General Availability (GA) of Fireware 12.1.3 and WSM 12.1.3. These maintenance releases don't include new features, but they provide resolution to many issues that have been reported by customers. WatchGuard partners and customers should review the Release Notes to see a full list of fixed issues prior to upgrading.

New Features now in Beta in Fireware 12.2
Interested in new features? Help us test the next release of Fireware! We have Fireware 12.2 in Beta now, and this new release adds some excellent new capabilities:

A second Artificial Intelligence based malware scan on rackmount appliances
Redundant SSO agents
Geolocation rules by policy

Click Here to sign up for the Beta program now and to learn more about the many new features.

Does this release pertain to me?
The Fireware 12.1.3 maintenance release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, XTM 505, 510, 520, and 530 which have reached the End of Life. Firebox 12.2 is only available for Firebox appliances.

Reminder: AV Signatures ending for 11.x releases
WatchGuard announced last July that we would end support for AV signatures for the older AVG engine in Fireware 11.x by April 15th 2018. WatchGuard may continue to deliver some signature updates for 11.x firmware versions for a few more weeks, but frequency will decline and security efficacy will not be guaranteed to the same levels as 12.x firmware. Customers must upgrade to a 12.x version of Fireware to receive the signature updates for protection against the latest threats and to maintain adequate defense against malware using the GAV service.

Software Download Center
Firebox and XTM appliance owners with active support subscriptions can obtain the Fireware 12.1.3 update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

TDR: Planned Service Interruption

Julian Matossian — Wed, 09 May 2018 14:07:26 -0700

When:

Europe: Friday, May 18, 2018 at 3:00AM GMT
Americas & APAC: Saturday, May 19, 2018 at 10:00PM EDT

Maintenance Window: 5 hours

Expected Impact/Duration: 2-3 hours
During these maintenance windows, the TDR user interface, configuration, detection, and response will be unavailable in their respective regions. If HRP was configured to Prevent prior to the planned service interruption, your Host Sensor will continue to protect against ransomware.

Contact Information
For Sales or Support questions, you can find phone numbers for your region online.

Fireware 12.1.1 is now available

Brendan Patterson — Fri, 13 Apr 2018 10:06:09 -0700

Fireware 12.1.1. General Availability
We are pleased to announce the General Availability (GA) of Fireware 12.1.1 and WSM 12.1.1. Key highlights include:

Support for the new DNSWatch security service, as announced by Todd in his blog post earlier this week.
Adding more options for Dynamic DNS providers

WatchGuard partners and customers should review the Release Notes and What’s New presentations prior to upgrading.

Does this release pertain to me?
The Fireware release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, XTM 505, 510, 520, and 530 which have reached the End of Life.

Reminder: AV Signatures ending for 11.x releases
As first announced last July, WatchGuard will begin to discontinue support for AV signatures for the older AVG engine in Fireware 11.x by April 15th 2018. To receive the signature updates for protection against the latest threats and maintain adequate defense against malware using the GAV service, customers must upgrade to a 12.x version of Fireware. After April 15th, WatchGuard may continue to deliver some signature updates for 11.x firmware versions for a few months, but frequency will decline and security efficacy will not be guaranteed to the same levels as 12.x firmware.

Software Download Center
Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center.

DNSWatch is Now Available

Todd O'Boyle — Mon, 09 Apr 2018 13:54:50 -0700

Phishing is one of the greatest threats facing small and midsize enterprise organizations today. WatchGuard DNSWatch service provides additional security to protect users at the DNS level, and adds a layer to RED and WebBlocker capabilities to block malicious connections on all ports and protocols – including those necessary during a phishing attack.

Moreover, DNSWatch increases an organization’s resilience to phishing through end-user education. When an end-user clicks on an email or link that DNSWatch has identified as a phishing attempt, they are redirected to a game that educates them on the warning signs of a phishing attacks and gives them an action to take. This is an outstanding opportunity to reinforce any phishing education programs you have. Maybe you’d like the clicker to come talk to you or their boss. Maybe you should ask them to forward on the phish they just clicked on for tracking by your security team. Regardless, DNSWatch increases engagement you have with your users and we believe this is a key attribute of a mature phishing protection program.

Once the attack is stopped, DNSWatch is just getting started.

When a user is protected, the DNSWatch analysis team triages critical alerts, combining our intelligence and expertise to create a plain language analysis so that the “what and how” of an attack is quickly understood. Most small and midsize enterprises (or small service providers) don’t have resources for more security staff to manage this analysis themselves - the DNSWatch analysis team helps address this.

Name/Description	Benefit(s)
DNS Based Protection	Leveraging DNS-level detection provides an additional layer of security to identify and stop malware infections. Malicious DNS requests are automatically detected and blocked, redirecting users to a safe page instead of the attacker.
100% Cloud-based	100% cloud-based and requiring no client-side configuration makes deploying DNSWatch a breeze to configure and manage, saving time and money.
End-user Education	Educating end users is the IT admin’s first line of defense in protecting their organization. With DNSWatch, when a user clicks on a phish, they are automatically redirected to a safe page. This page offers education and games to reinforce the warning signs of a phishing attack.
Personal Touch	Personal touch provides IT managers and MSSPs details of infections detected and blocked by the service. No need to spend hours combing through logs or researching an alert as it comes through. With this service, MSSPs can easily show new value to customers without requiring an army of security analysts.

How Do I Get Started?

DNSWatch is available as part of the Total Security Suite package. Subscribers will need to upgrade to Fireware 12.1.1 and simply enable DNSWatch with the tick of a box. See our detailed instructions to get started.

DNSWatch will take five minutes to set up, identify any malware operating on your networks, and then go into phishing protection mode. Sit back and relax while our team does the work for you.

Email Notifications come to TDR

Julian Matossian — Thu, 29 Mar 2018 22:56:40 -0700

We are delighted to announced that Threat Detection and Response now has email notifications. Specifically, ThreatSync now includes email alerts and notifications to let you know when a threat indicator or incident has been detected, as well as if the threat has been remediated from the network or endpoint.

Threat Detection and Response is the only threat correlation and scoring solution that provides fully configurable email alerting for both network and endpoint security events as well as for remediations. This alleviates the need for IT admins and MSPs to have the TDR dashboard opened and monitored at all times. Customers and Partners can now be fully aware of what ThreatSync is detecting and remediating without being in the dashboard, freeing them up to do other things.

To learn more, please visit: Threat Detection and Response

Firebox Cloud now available in Azure marketplace

Brendan Patterson — Thu, 08 Mar 2018 18:27:45 -0800

We are pleased to announce that Firebox Cloud is now available in the Microsoft Azure marketplace, after the conclusion of a two month Beta test period. Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Azure.

Firebox Cloud in Azure uses the Bring Your Own License (BYOL) model. It uses the same Firebox Cloud SKUs and pricing that were released with the launch of Firebox Cloud on AWS in April 2017. Small, Medium, Large and X-Large model types are available, along with the usual options for Support only, Basic, and Total Security Suite.

Note that WSM is not yet available for Firebox Cloud, but we have been working on that over the past couple of months and we expect to have it in Beta by late next week. This will also include support for SSO in Firebox Cloud.

Coming Soon! - Fireware 12.1.1 Beta with DNSWatch

Brendan Patterson — Mon, 29 Jan 2018 19:36:21 -0800

UPDATE: Fireware v12.1.1 beta is scheduled for February 8, 2018 release. At the time of the original post, February 2, 2018 was the previously scheduled date.

Fireware 12.1.1 and DNSWatch
Recently WatchGuard announced the acquisition of Percipient Networks, a developer of an easy-to-deploy, security-focused Domain Name System (DNS) service, previously known as Strongarm. We're excited to announce that the first step in the integration of their solution will take place this week when we release the Fireware 12.1.1 Beta. The new service, DNSWatch, monitors outbound DNS requests and blocks traffic to websites based on a list of known malicious domains.

More than just a filter, DNSWatch was architected to facilitate maximum user and IT admin education. Rather than just blocking traffic to potentially malicious sites, the service redirects users to a ‘blackhole’ where additional information about the attack is collected, and the user is presented with educational materials aimed at preventing future attacks. Just like APT Blocker, the service will be super simple to configure just by checking a box. We'll take care of the necessary DNS forwarding and Dynamic DNS for changing IP addresses.

Sounds great, where do I get it?
This will be a public Beta, open to all users and we expect it to be available to all by Feb 2nd. If you have not participated in a WatchGuard Beta before, you can sign up at our support page. We'll also email all previous Beta testers about the new opportunity. We'll have more information about the service and some other features in 12.1.1 at the Beta site.

How do I get a license?
This week, we will add the service to the feature key of all Not for Resale (NFR) units used by our partners, so we expect to see some great Beta participation from our partner community. Users that wish to participate in the Beta of the new DNSWatch service can use the free trial option that is now available at the product details page for all Firebox appliances. Before we GA Fireware 12.1.1 in mid-March, we will add DNSWatch to the feature key for all appliances with a current TotalSecurity Suite.

Remember that we are still a couple of days away from the Beta. Please don't contact WatchGuard yet about getting software or feature keys in the NFR.

Regards,

- Brendan

WatchGuard Dimension 2.1.1 Update 2 now available

Jason Vendramin — Wed, 20 Dec 2017 14:46:16 -0800

We are pleased to announce the availability of WatchGuard Dimension 2.1.1 Update 2. This maintenance release is now available from the Software Downloads Center, together with release notes and update instructions. WatchGuard Dimension 2.1.1 Update 2 addresses several frequently reported issues and introduces some security enhancements, including:

APT content names with reserved characters would cause PDF reports to fail
Log Collector issue that caused incorrect logging status to be displayed for devices
Log Collector process unexpectedly restarts due to large number of simultaneous connections
Backup locations are now clearly indicated using sftp:// URLs instead of local mount points
Dimension SSH service now correctly rejects weak ciphers

Does this release pertain to me?

This release applies to all users of the WatchGuard Dimension network security visibility solution. We highly recommend that any administrators using WatchGuard Dimension upgrade their solution to 2.1.1 Update 2 to take advantage of the security improvements available in the release.

Software Download Center

Contact

Fireware 12.1 Now Available

Arthur Gordon — Mon, 18 Dec 2017 09:55:49 -0800

We are pleased to announce the new release of Fireware 12.1 and WSM 12.1! These significant new releases are now available for download from the software download center. The highlight of Fireware 12.1 is the Access Portal, a clientless application portal that is available for SSO integration for cloud assets and internal resources via RDP and SSH. With the rate and notoriety of recent cybersecurity incidents involving compromised personal information, the marketplace for web-based authentication solutions continues to grow at a Compound Annual Growth Rate upwards of 10%.¹ The Access Portal is uniquely positioned to integrate into existing authentication markets to provide a clientless experience while encouraging strong authentication with existing SSO vendors or even providing MFA access (i.e. Google Authenticator, etc.) to the portal itself.

The release of Fireware 12.1 adds a bevy of networking, VPN and proxy improvements that allow the network administrator to focus on the network without compromising security:

BoVPN over TLS provides an alternative to IPSec for site to site VPNs;
Mobile VPN w/ IKEv2 enables support for native VPNs on mobile operating systems including Mac, Windows, iOS, and Android
USB modem interface enabled to deliver physical interface features such as Multi-WAN enablement, traffic management
New IMAPS proxy, HTTPS domain software exclusion list, and WebBlocker UI improvements
Gateway Wireless Controller developed with band steering capability and additional passphrase protections

Does this release pertain to me?

The Fireware release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, XTM 505, 510, 520, and 530 which have reached the End of Life.

Software Download Center

Contact

¹https://www.forrester.com/report/Forrester+Data+Identity+And+Access+Management+Software+Forecast+2016+To+2021+Global/-/E-RES137200

Fireware 12.0.2 is now available

Brendan Patterson — Mon, 04 Dec 2017 13:36:41 -0800

Fireware 12.0.2 General Availability
We are pleased to announce the General Availability (GA) of Fireware 12.0.2 and WSM 12.0.2 today. These releases, which are now available at the software download center, resolve several issues that had been reported from the field. Since these are maintenance releases, there are no new features included. Please review the Release Notes for a comprehenisve list of issues that are addressed. Notable highlights include:

A fix for an issue that caused some websites to fail to load correctly when using Microsoft Internet Explorer 11 or Edge browser.
An option to mitigate the KRACK WPA2 vulnerability for client connections to wireless Fireboxes.

WatchGuard partners and customers should review the Release Notes and What’s New presentations prior to upgrading.

AV Signatures in 11.x releases
WatchGuard will discontinue support for AV signatures for the older AVG engine in Fireware 11.x by April 2018. Customers with active Gateway Antivirus subscriptions should update to a 12.x release before then.

Fireware 12.0.1 is now available

Brendan Patterson — Tue, 31 Oct 2017 08:09:31 -0700

Fireware 12.0.1 General Availability
We are pleased to announce the General Availability (GA) of Fireware 12.0.1 and WSM 12.0.1 today, along with updates for the Access Point firmware. These releases provide fixes for many reported issues and include some significant security updates. Key highlights:

Patches previously announced in the blog post on KRACK WiFi vulnerabilities, including a new feature to mitigate against the vulnerability in unpatched clients.
Streamlined some UI options for Gateway Antivirus to reflect the new capabilities of the new AV engine that we included in the 12.0 release in September.
A new simple option to enable Support access to the appliance, which will cut down on the time required for support calls, and lead to a smoother experience when customers need to work with support.

WatchGuard partners and customers should review the Release Notes and What’s New presentations prior to upgrading.

Does this release pertain to me?
The Fireware release applies to all Firebox T, Firebox M, and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, which are now End of Life (EOL), and XTM 505, 510, 520, and 530 which are EOL in December of this year.

AV Signatures in 11.x releases
Previously WatchGuard had announced that we would discontinue support for AV signatures for the older AVG engine in Fireware 11.x by January 2018. This support will now be extended until April 2018.

Now Available: TDR 5.1 with APT Blocker Built-in

Julian Matossian — Tue, 19 Sep 2017 14:36:26 -0700

We’re thrilled to announce the general availability of Threat Detection and Response (TDR) 5.1, which includes some great new features that enhance both detection and response to threats as well as the overall user experience when testing new features. This release further increases the value of both TDR and the Total Security Suite, enabling users to more broadly identify threats across their network and respond to them in real-time.

This release of TDR includes two new key features:

APT Blocker
With this release TDR can now directly triage suspicious files discovered by a Host Sensor by sending them to APT Blocker for further analysis. The submitted files undergo deep analysis for APT activity in a sandbox environment at a Lastline cloud-based data center. If evidence of malware activity is discovered, TDR can adjust the original suspicious threat score assigned to the file to prevent future infection. With sandbox policy enabled, this process and subsequent response can be automated, making threat triage incredibly easy and effortless.
Localization
The TDR user interface is now available in French, Japanese, and Spanish. TDR automatically displays the localized user interface if your browser language is set to one of these languages.

To learn more, visit Threat Detection and Response.

Fireware 12.0 is now available!

Brendan Patterson — Tue, 12 Sep 2017 00:26:33 -0700

Fireware 12.0 General Availability
We are pleased to announce the General Availability (GA) of Fireware 12.0 and WSM 12.0 after a comprehensive Beta where the release was installed 400 Fireboxes around the world. These significant new releases are now available for download from the software download center.

Fireware 12.0 improves on the efficacy and performance of our Gateway Antivirus (GAV) service through the introduction of a new lightweight detection engine. Fireware 12.0 also introduces more secure defaults, improvements to APT Blocker, and continued support for more advanced networking use cases. You can find full details in the What’s New presentation on the website, and we encourage everyone upgrading to read the Release Notes in advance. Here is a quick summary of some key enhancements:

New GAV engine from Bitdefender with many benefits:

Breadth of Protection against known threats with industry-leading file coverage
Rapid response to new threats with multiple incremental signature updates per day
Machine learning to assist in detection of unknown and evasive malware types
Faster performance through optimized scanning of executables, Microsoft Office, PDF files and more!

Many of the settings in the VPN area have been updated to stronger default cryptography settings for authentication and encryption. SHA-256 and AES-256 are now the default in most cases. We have also removed the PPTP option for VPN because it is no longer considered to be a secure protocol.

There are some APT Blocker improvements to guard against the delivery of zero-day malware and ransomware via email, including

Optional delay in email messages while waiting for results from the sandbox detonation of unknown attachments
Analysis and detonation of javascript files that are included in email

There are more advanced networking use cases.

Host Header redirection allows the hosting of different web applications behind a single public IP address, by routing traffic based on URL paths included in HTTP headers.
The Firebox can pass multicast (PIM-SM) traffic, which is used to deliver application traffic from one to many nodes – typically used in VoIP and broadcast applications.

There are many more enhancements so please pay close attention to the Release Notes and What’s New presentations.

Now Available: Firebox M370, M470, M570, and M670

Brendan Patterson — Thu, 17 Aug 2017 10:29:28 -0700

I’m excited to announce the availability today of four new mid-range Firebox appliances that provide industry leading performance, especially with all security capabilities enabled, along with greater flexibility in network port configurations.

Over past few years at WatchGuard we’ve consistently educated our customers about the need to inspect encrypted web traffic using all of the security services available on our appliances. Network defenses that don’t adequately process and inspect encrypted traffic leave employees, customers and partners vulnerable to cyber attacks. According to a 2016 Ponemon study, 41 percent of attacks in 2016 used encryption to either disguise their entry into the network or hide their connection to a Command and Control server. The volume of HTTPS traffic is growing rapidly, and customers can no longer consider this to be a minor blind spot that they can ignore.. NSS Labs have predicted that 75% of web traffic will be encrypted by 2019.

A new Miercom test report shows how the new WatchGuard appliances compare to similar priced models from Fortinet, Sonicwall, and Sophos. Raw firewall throughput may be similar, but the true test of performance is when all of the security services are enabled. The Firebox wins hands down against the competition especially when deep content inspection of HTTPS traffic is enabled.

To support the growing use of fiber in mid-size enterprise data centers, Firebox M470, M570 and M670 allow users to add additional network modules to increase the number of copper or fiber ports available.All new appliances (except the M370) have an expansion slot for additional ports. The same modules that were previously available for M4600 and M5600 are now available i.e. 4x10Gb fiber, 8x1Gb copper or 8x1Gb Ethernet.

We’ve also taken this opportunity to increase the level of detail that is shown on our datasheets. We now include throughput figures with HTTPS content inspection and IPS enabled at the same time. All of our HTTPS benchmark testing is conducted using strong encryption ciphers TLS 1.2 AES256 +SHA-256. We’ve also added IMIX performance numbers for both Firewall and VPN traffic. IMIX is a standard that includes a mix of 40 byte, 576 byte, and 1500 byte traffic to better represent data that is found in most network environments, instead of just 1512 byte packets.

Fireware 12.0 Open Beta Notice

Arthur Gordon — Mon, 17 Jul 2017 11:19:46 -0700

UPDATE: A feature for GWC was mentioned as being deployed in 12.0 in a previous post, but this has been corrected to a later release date. Stay tuned for more product release updates through the product blog!

WatchGuard is excited to announce that a Beta release is available now for the 12.0 version of the Fireware Operating System. This is a public Beta release that is open to all Firebox and XTM users. Sign up to participate at our software download page and start submitting feedback via our Beta portal today.

Fireware 12.0 Highlights

Improved Malware Detection

New Gateway AntiVirus Engine. Bitdefender replaces AVG, which provides several significant advantages:
- Powerful archiving logic engine for recognizing 100+ archiving types and packer files
- Faster scan times to improve traffic throughput
- Lighter and frequent (up to 5x per day) incremental signature updates resulting in faster response times to new malware attacks, and more robust handling for FireCluster
APT Blocker delays email (typically 1 to 3 minutes) until it gets a response back from the sandbox in the cloud, which prevents the delivery of zero-day malware infections through email.
APT Blocker scans JavaScript files that are sent through email, which stops one of the most popular attack vectors for ransomware.

More Secure Defaults

VPN connections have stronger default cryptography settings for authentication and encryption. SHA-256 and AES-256 are now the default in most cases.
Removal of PPTP option for VPN due to multiple vulnerabilities inherent to the protocol and to promote stronger secure default stances across the Fireware product.

Support for More Advanced Networking Use Cases

Host Header redirection through our new Content Actions allows the routing of traffic to different IP addresses attached to a domain and URL paths included in web headers. With Host Header Redirection, you can expect to host different server applications behind a single public IP address. It also enables SSL offload on the Firebox, removing the need to do decryption on inbound traffic to servers and clients behind the firewall.
Multicast traffic is allowed. Enables the Firebox to work in environments where Multicast (PIM-SM) is used to deliver application traffic from one-to-many nodes.

For information about these feature enhancements, download and review the What's New in Fireware v12.0 PowerPoint presentation available from the 12.0 Beta portal.

Fireware 11.12.4 is now available

Brendan Patterson — Wed, 07 Jun 2017 17:56:11 -0700

Fireware 11.12.4 is now available
We are pleased to announce the latest release of the WatchGuard core operating system and management software. Fireware 11.12.4 and WSM 11.12.4 are now available from the software download center. The Release Notes include a comprehensive list of resolved issues. This is primarily a release for bug fixes but there are a couple of key updates.

APT Blocker customers can now specify that files only ever get sent to the European datacenter, to allay any concerns about the privacy of data sent outside Europe.
Continued improvements to the security and availability of the Gateway Wireless Controller, including support for synchronization of data across nodes in a cluster.

The What's New presentation includes all the details of any changes and updates in the software.

Does this release pertain to me?
The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, which reach their End of Life at the end of this month.

Fireware 11.12.2 Update 1

Brendan Patterson — Tue, 09 May 2017 16:36:07 -0700

Fireware 11.12.2 Update 1 is now available
This maintenance update includes some critical bug fixes and no new enhancements. The Release Notes include a comprehensive list of resolved issues. There is no corresponding Update 1 version of WSM 11.12.2

This release resolves an issue that caused Branch Office VPNs and Mobile VPN with IPSec tunnels to restart after receiving malformed packets. We received several reports last week of this issue occurring after a research institute sent IKEv2 SA packets to a wide number of IP addresses on the public internet. More details are provided in this knowledge base article.

Does this release pertain to me?
This issue affects any appliance running version 11.11.2 or newer with Branch Office VPN tunnels. WatchGuard recommends any affected customer should upgrade to avoid any future problems. The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, which reach their End of Life at the end of next month.

Fireware 11.12.2 now available

Brendan Patterson — Tue, 11 Apr 2017 13:18:50 -0700

Fireware 11.12.2 and WSM 11.12.2 are now available. Along with ongoing maintenance updates, these releases include several significant improvements to product security and also some new networking features that enable deployment in more environments. The Release Notes online include details of bug fixes, and the What's New presentation gives a comprehensive overview of all new features. Here are the main highlights:

Security:
Brute force login controls prevent attackers from repeatedly guessing passwords for Firebox authentication or status/admin accounts.

Gateway wireless controller security improvements to prevent exploitation of known defaults or impersonation

Option to apply new unique, strong passwords per access point instead of a global default
New trust mechanism to prevent data loss due to AP impersonation or exploitation of factory reset

Networking:
DNS forwarding enables admins to point to the gateway Firebox as the DNS server for a network. In addition, conditional forwarding gives distributed enterprise with many locations the flexibility to point to a central corporate DNS server for some traffic but local name servers for other domains.

Dynamic tunnels to Amazon Web Services (AWS) allows customers to configure dynamic routing (BGP) with failover and failback and metric based route selection between the Firebox and AWS. This capability provides comprehensive network and routing options for hybrid cloud environments when businesses connect applications on premise with servers and databases hosted in the cloud.

Appliances in bridge mode can be configured to use DHCP on the primary interface now, which enables the ability to quickly and easily install an appliance with no impact on the network. Appliances can be configured and initially setup in Bridge Mode via RapidDeploy.

New VPN usage charts in the WebUI show the number of active VPN tunnels over time, assisting with tracking of license usage and issue investigation.

Does This Release Pertain to Me?
The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, which will soon go End of Life.

Contact Information
For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.

Threat Detection and Response Planned Service Update

Julian Matossian — Tue, 21 Mar 2017 16:51:45 -0700

Hello TDR Users,

On Thursday, March 23rd, 2017, at 3:00 PM PST for EU and 5:00 PM PST for Americas, we will release a new version of Threat Detection and Response (TDR). This update will bring performance enhancements and system upgrades.

Users can expect between 15-30 minutes of downtime for this maintenance window. TDR will continue to collect events from your deployed Fireboxes and Host Sensors. Those events will be analyzed once the downtime concludes. Users may need to log back into the system.

Release notes for this upgrade will be posted shortly.

Best Regards,

WatchGuard

Now Available: WatchGuard Firebox Cloud for AWS and FireboxV

Jason Vendramin — Thu, 16 Mar 2017 10:38:49 -0700

We are excited to announce the availability of WatchGuard Firebox Cloud and WatchGuard FireboxV. Firebox Cloud brings the protection of WatchGuard’s leading Firebox UTM appliances to public cloud environments. It enables organizations to extend their security perimeter to protect business-critical assets in Amazon Web Services (AWS). The AWS Shared Responsibility Model places responsibility for security IN the cloud (such as content and applications) in the hands of the AWS customer. Now those AWS customers can leverage the best-in-class security found in our UTM appliances to protect their data and systems in the cloud.

Benefits of Firebox Cloud for AWS:

AWS optimization. Firebox Cloud was built specifically to run within the AWS environment, and our innovative Fireware OS is tuned specifically for that environment.
UTM Protection for VPCs. With Firebox Cloud you can increase your security beyond what is provided by AWS Security Groups, and ensure your network is secured by more than simple port scanning and access control.
Support for Dimension. Firebox Cloud leverages the same web-based tool to monitor and manage Firebox Cloud that admins use to manage their on-premises Fireboxes.

Firebox Cloud enables Partners and MSSPs to offer the powerful WatchGuard security their customers have come to trust on-premises, in a cloud solution purpose-built for AWS. Have customers considering a migration to AWS? Help them do so securely with Firebox Cloud!

Release of FireboxV

WatchGuard FireboxV rebrands the legacy XTMv products, and brings the specifications of our new virtual offering in line with our physical appliances. It’s easy to add WatchGuard security services to a FireboxV deployment, so users running in virtualized environments can leverage our Basic Security Suite and Total Security Suite. What’s more, we have expanded Virtual Machine support to include ESXi 6.5 and Hyper-V Server 2016.

Check out the Partner Portal for Firebox Cloud and FireboxV resources to help you sell!

Contact Information

Fireware 11.12.1 is now available

Jason Vendramin — Wed, 22 Feb 2017 17:53:31 -0800

WatchGuard is pleased to announce the release of Fireware 11.12.1, available now at the software download site.

This release includes many important bug fixes, some minor enhancements, and support for new virtual models:

FireboxV, a new set of virtual models with updated feature specs that are more consistent with current hardware models when compared to XTMv
Firebox Cloud, which will soon be available for deployment in Amazon Web Services (AWS), providing enhanced protection for workloads hosted in the cloud
A new packet filter policy to enable communication with Threat Detection and Response (TDR)

The Release Notes include a comprehensive list of resolved issues, and the What's New presentation provides a detailed review of the new enhancements.

Does This Release Pertain to Me?
This release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W.

Threat Detection and Response Planned Service Update

Julian Matossian — Wed, 25 Jan 2017 11:37:56 -0800

On Thursday, January 26th, 2017, at 3:00 PM PST (11:00 PM GMT), we will be releasing a new version of Threat Detection and Response (TDR). This new version will bring some new functionality around policies and exclusions management, AD Sync, and deeper Firebox integration, as well as some performance and stability improvements.

During this maintenance window, our users will experience a brief disruption period of 10 minutes or less. If you are logged in, you may see the user interface flicker due to the UI reload. If you are not logged in and attempt to do so, you may get an error due to UI reload. During this maintenance window, TDR will continue to collect events from your deployed Fireboxes and Host Sensors, but the user will not be able to log on nor will the events be analyzed until the migrations occur (i.e., event processing will be delayed during this time).

Fireware 11.12 Brings Industry-Leading ConnectWise Integration

Bryce Hjalseth — Mon, 28 Nov 2016 15:37:19 -0800

With the recent release of Fireware v11.12, WatchGuard has introduced an industry-leading integration with ConnectWise, a professional services automation (PSA) platform for managed security service providers (MSSPs). WatchGuard MSSP Partners can now easily synchronize their customers' security asset information, auto generate service tickets with closed-loop ticketing of system, security, and subscription events, and deliver on-demand security service reports straight from ConnectWise.

Auto Synchronization of Asset Information — Know Your Customers’ Security

Reduce manual upkeep of security asset information.
Gain unparalleled visibility into your customers’ security through automated synchronization with WatchGuard security appliances, including subscription start and end dates, device serial numbers, OS versions, and more.
Avoid a managed network going unprotected because of incorrect security service subscription end dates.

Integrated, Closed-Loop Service Ticketing — Track Issues with Service Ticketing Made Easy

Enable ConnectWise service tickets for WatchGuard security solutions.
Configure event thresholds on a wide range of parameters identified per device, including: security services, device statistics, and subscription statuses. Event thresholds automatically trigger the creation and closure of service tickets, closing tickets when issues are resolved, and reducing the number of false alarms.
Eliminate ticket flooding and provide trending visibility into a customer’s security, because the same ticket reopens if the issue returns, rather than creating multiple tickets.

Automated Reporting — Auto Deliver Security Summary Reports to Your Customers

Integrate data from the WatchGuard management and reporting solutions into the ConnectWise Executive Summary Reports, including device statistics, web usage statistics, and intrusion prevention service summaries.
Deliver customized reports to customers via on-demand schedules.

Learn more about this integration by visiting the WatchGuard-ConnectWise integration page, which includes a link to the integration guide.

Fireware 11.12 is Now Available!

Brendan Patterson — Fri, 18 Nov 2016 17:26:02 -0800

Fireware 11.12 is now Generally Available (GA) at the WatchGuard software download site. This is a major new update to the Fireware operating system that includes many new features.

Geolocation - Adds a new element of defense to Reputation Enabled Defense, which today includes web reputation and botnet detection. With Geolocation, you can prevent malware communication and attacks from areas where you never have any need for legitimate business communication.

ConnectWise Integration - With Fireware v11.12, we deepen our integration capabilities with ConnectWise, a leading Professional Service Automation tool used by many managed service providers. The integration adds support for the auto-synchronization of asset information, including subscription start and end dates, device serial numbers OS versions, etc., as well as closed-loop ticketing of system, security, and subscription events.

Dynamic VPN Tunnels to Azure - Hybrid cloud environments are becoming much more common, where companies have moved some workloads to cloud services such as AWS or Azure, but some key applications remain on premise. Secure VPN communication is needed between the on premise application and the cloud. Until now, we supported only a single static or policy-based tunnel to Azure. Now we add the ability to have multiple tunnels, even with dynamic routes and failover between them.

IPv6 Support in Services and Proxies - WatchGuard firewalls have IPv6 Gold logo certification, but previously application proxies and the full set of security services were not supported. Now customers can apply full range of security services, including WebBlocker for content filtering and APT Blocker and Gateway AV to prevent malware in IPv6 environments.

Services and Proxies Enabled by Default - Customers that buy the appliance with Basic or Total Suite often neglect to turn on the security services that they have purchased. Now services will be enabled by default during the initial setup wizard with a secure set of default settings. Saves time and simplifies the initial setup for everyone.

Gateway Wireless Controller - Several updates to the UTM wireless controller including auto channel selection to enable smoother deployments without channel conflict, and a new repeater mode that allows access points to communicate over the air without a physical ethernet connection.

FireCluster with DHCP on External Interface - If your ISP provides external-facing interface IP addresses by DHCP, you can now enable an active/passive FireCluster to provide high availability.

X-forwarded Information from Header in Logs and Dimension - If a company uses an explicit proxy service or a web gateway, like WebMarshal, all of the information in Dimension shows only the IP address for that proxy. Now we can go a level deeper and find the original source IP address and show this in Dimension, too.

Software Download Center

Contact Information

Dimension 2.1.1 Update 1

Brendan Patterson — Tue, 08 Nov 2016 09:21:56 -0800

WatchGuard has posted a new update release for Dimension at the software download site. The release fixes some security vulnerabilities that were reported in WatchGuard Dimension. This is a maintenance update to patch security vulnerabilities. There are no new enhancements. The Release Notes include a comprehensive list of resolved issues, including:

The version of OpenSSL used by Dimension has been updated.
This release includes fixes to address several reported command injection and cross scripting vulnerabilities.

WatchGuard appreciates the efforts of security researchers that test and report issues in our products. We encourage researchers in the security community to disclose any issues using the security@watchguard.com email address. Thanks to Francesco Oddo at Security Assessment for his responsible disclosure of this vulnerability.

Do These Releases Pertain to Me?

WatchGuard recommends that all users of Dimension should upgrade to avail of the security fixes.

Software Download Center

Contact Information

Fireware 11.11.4 Update 2

Brendan Patterson — Tue, 01 Nov 2016 00:31:54 -0700

WatchGuard has posted a new maintenance release, Fireware version 11.4 Update 2, at the software download site.

Fireware 11.11.4 Update 2
This releases includes many important bug fixes.The Release Notes include a comprehensive list of resolved issues. This is a maintenance update with no new enhancements. There is no corresponding update 2 version of WSM 11.11.4.

Do These Releases Pertain to Me?
The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W.

Introducing the WatchGuard Firebox T70

Jason Vendramin — Sun, 02 Oct 2016 17:34:18 -0700

WatchGuard is excited to announce the launch of the Firebox T70, our latest tabletop network security appliance. The T70 has set a new industry best, with 1 Gigabit per second in full UTM mode with HTTP traffic, and over 600 Megabits per second with HTTPS traffic. Now, network administrators can confidently deploy a tabletop appliance knowing it will run the services necessary to secure their network without compromising performance.

The Firebox T70 was designed to ensure that network administrators in the small and midsize business (SMB) and Distributed Enterprise segments can deploy a tabletop appliance that can handle HTTPS DPI in environments where Fiber broadband connections are becoming more prevalent. Though HTTPS adds security by encrypting traffic, unfortunately, bad actors are increasingly using this as an attack vector for passing malware through the firewall. It is critical that network admins have the capability to inspect and sanitize this traffic.

To achieve the high performance bar that was set for T70, we decided to leverage an Intel chipset – our first use of the Intel platform in our tabletop lineup. The combination of the product architecture and WatchGuard’s proprietary Fireware OS resulted in our most powerful tabletop yet, and the fastest tabletop UTM on the market when running in full UTM mode (e.g. Intrusion Prevention, Gateway Antivirus, and Application Control) But you don’t have to take our word for it – the performance of the Firebox T70 has been verified by the Miercom independent test lab.

From a design perspective, the Firebox T70 is a 1U tabletop appliance with an all-metal body and comes equipped with 8 x 1 Gb Ethernet ports, 2 of which support Power over Ethernet+ (PoE+). The 2 PoE+ ports allow administrators to easily extend the reach of the Firebox T70 by connecting remote peripherals such as wireless access points, without having to run costly AC power. The Firebox T70 is also fanless, so administrators can feel free to place it in noise sensitive work areas without having to worry about users being bothered by constant whirring.

New Software Available

Brendan Patterson — Thu, 29 Sep 2016 12:06:33 -0700

WatchGuard is pleased to announce the General Availability (GA) of new updates for Fireware, WSM, and Dimension, available now at the software download site.

Fireware 11.11.4 and WSM 11.11.4
These releases include many important bug fixes, and some small enhancements:

Support for Perfect Forward Secrecy (PFS) which are the most secure ciphers available for TLS protocols.
Localization into French, Spanish, and Japanese languages.

The Release Notes & include a comprehensive list of resolved issues, and the What's New in 11.11.4 presentation provides a detailed review of the new enhancements.

Dimension 2.1.1
At the same time, we are also releasing an update to WatchGuard Dimension, including:

A new Dimension administrator role that is restricted from seeing reports, dashboards, and managing devices.
Localization into French, Spanish, and Japanese languages.

Like Fireware, Dimension also has Release Notes and a What's New presentation.

Do These Releases Pertain to Me?
The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W.

Video: BlackHat from the Show Floor

Brendan Patterson — Wed, 03 Aug 2016 10:00:00 -0700

WatchGuard has two booths (#973 and #1453) this year at BlackHat. They feature demos, ransomware research, arcade games, popcorn and Red Bull energy drinks. It’s been busy on the show floor, and thanks to everyone who visited us today. If you haven’t stopped by already, we hope see you tomorrow! The popcorn will be warm, the Red Bull cold, and there will be high scores for the taking in the arcade. Here’s a quick video recapping day one in the booths.

Dimension’s User Anonymization makes Data Protection Easy

Brendan Patterson — Mon, 27 Jun 2016 10:00:00 -0700

Data privacy and protection is a BIG deal, and many countries are setting new regulatory standards for how to move, store, view, and report on data containing users’ personally identifiable information, or PII.

The European Union (EU) in particular is setting precedents with some of the most stringent data and privacy protection controls in the world. In April 2016, the EU Parliament officially adopted the General Data Protection Regulation framework, or GDPR, scheduled for full enforcement in two years. Obligations coming as part of the GDPR are significant, and accountability – especially regarding a business’s workforce – is an important component of compliancy. Malicious insider activities are a major source of data abuse and breaches. “Encrypt everything” is a great start, but it’s just a band-aid solution for meeting compliance obligations.

Among a new set of requirements, EU businesses will be required to demonstrate compliance with GDPR measures that include:

Appointing a Data Protection Officer, or DPO
Ensuring the pseudonymization of personal data – PII is anonymized to the extent that it cannot be attributable to its owner during any stage of processing.

WatchGuard’s Dimension™ visibility platform delivers a new User Anonymization feature that takes an organization’s ability to comply with the GDPR framework to the next level. The feature works very simply, is easily accessible and configurable, and was designed with GDPR compliance and the reality of insider threats in mind.

The best way to understand the new feature is to look at the screenshot below:

When enabled, User Anonymization works by dynamically replacing all PII – user names, IP addresses, host names, and mobile devices – in Dimension’s reports, dashboards, and summary pages with hashed placeholder text.

The Anonymization Officer, a new role available in Dimension to support GDPR compliance, was inspired by the Data Protection Officer (DPO) role introduced in the GDPR framework. The Anonymization Officer role was created in such a way that a technical or non-technical person can hold it, and it fulfills the “four-eyes” or two-logins approach to role-based access. For example, when an IT admin needs to de-anonymize Dimension, the admin would need approval from the Anonymization Officer. This avoids situations where a single person holds all the access to PII without any accountability or external verification.

Does your current solution provide such a comprehensive yet simple approach to data privacy protection? To find out more about WatchGuard’s solution, check out our User Anonymization Tech Brief.

Note: WatchGuard Dimension is included at no charge with all Firebox and XTMv models.

Network Discovery shines a light on shadow IT

Brendan Patterson — Sun, 19 Jun 2016 10:00:00 -0700

Last week we posted about the security and network visibility highlights included in the new Fireware 11.11 release. Today we want to take a closer look at one the major updates that we mentioned, Network Discovery. This new service performs a complete network scan to generate a visual map of every connected device, providing Firebox administrators total visibility into all assets on their network. Information Security professionals have long understood that the first step in any vulnerability management program is to discover and identify all of the assets and their role in a network. You cannot secure a network that you do not understand. The term "shadow IT" is used to describe people installing and using their own, non-company-sanctioned applications, equipment, and software in the workplace. Here are just a few examples of security risks that could result from unknown devices:

An employee brings in a personal device or laptop that does not have the full corporate anti-virus solutions installed and connects it to a network, introducing malware.
Old servers or applications installed without IT authorization may not be patched to current secure levels, exposing vulnerable software.
Unauthorized or rogue access points may be providing unwanted wireless connectivity, providing an avenue for hackers to exploit.

The best way to understand the new capability is to look at a sample screenshot:

Network Discovery allows IT staff to map out the network behind their firewall. It uses information from a nmap scan (link), DHCP fingerprinting, HTTP header information, and the new WatchGuard FireClient app. Assets in the network are identified and represented with an icon with the following information:

Host Name
IP Address
MAC Address
Type of device – iOS, Android, MAC, Windows, etc.
Open ports – and protocols that may be running

Admins can search and filter all device data to zero in on key areas of interest. One click through to FireWatch or Traffic Monitor will provide a clear visual indication of the type of traffic that is passing through the IP address. Admins can mark devices as “known” and assign descriptive names. New or unfamiliar devices will immediately stand out when they appear without names. One Beta tester said: "Excellent feature and the GUI looks good. Found a couple of computers that should not have been on my network." Are you confident that you can identify every device on your network? Find out more. Download the new Tech Brief that describes more detail about the service with more screenshots. Network Discovery is available on all Firebox and XTMv models. The service is included in the UTM Security Suite for all new and existing customers. We’ve added the new feature key to all current security suite subscriptions on Firebox T or M Series and XTMv. Synchronize your feature key to get the latest license from our WatchGuard Servers and try out the new service today. This short video explains how to synchronize a feature key.

WatchGuard Product Releases

Brendan Patterson — Sun, 12 Jun 2016 10:00:00 -0700

WatchGuard recently announced the General Availability of major new releases of both the Fireware operating system and WatchGuard Dimension, both of which are now available to download at the software center. These releases provide increased visibility across the entire network for distributed enterprises and small and midsize businesses (SMBs). I was in Europe last week at a number of WatchGuard events and I heard a lot of positive reaction firsthand. Many partners and end users are already quite familiar with the new capabilities because we conducted extensive beta testing for these new releases over the last two months. The Beta participation numbers are impressive:

640 users logged into our Beta portal from 45 different countries
Over 220 unique pieces of feedback were submitted, including bugs and suggestions for product improvement
176 users filled out a survey sharing their thoughts on the Beta and the new software

So what is everyone excited about? Key highlights in the new releases are:

Fireware 11.11:

Network Discovery: a subscription service that generates a visual map of every connected device, providing Firebox administrators total visibility into all assets on their network. Included in all UTM Security Suites on Firebox and XTMv models.
Botnet Detection:integrated into the Reputation Enabled Defense service. Customers gain real-time visibility into infected clients and command and control communication is immediately blocked. This feature is available on all XTM and Firebox appliances for any customer with a license for Reputation Enabled Defense (which is included in the UTM security suite).
Mobile Security:allows Firebox administrators to enforce access controls and only allow mobile devices that adhere to current corporate policies, and are free of malware. Available as an optional subscription service on all Firebox and XTMv models.

Dimension 2.1:

Subscription Services Dashboard: a reporting interface that gives businesses a comprehensive performance summary with statistics to show what has been scanned by a Firebox and attacks or malware that have been prevented.
Policy Usage Report: a new report that provides valuable insight into how frequently policies are used, thereby enabling IT teams to keep firewall policies current and eliminate unnecessary or unused policies.
User Anonymization: an innovative feature that enables businesses to conform to data privacy regulations, such as the European Union's General Data Protection Regulation framework.

There are hundreds of more features than what we can cover in a short blog post. Check out the What’s new in Fireware 11.11 and What’s new in Dimension 2.1 presentations to find out full details, including screenshots. Also, watch for more posts on this blog over the next few weeks that go into depth for some of these features.

WatchGuard Product Releases

Brendan Patterson — Sun, 12 Jun 2016 10:00:00 -0700

640 users logged into our Beta portal from 45 different countries
Over 220 unique pieces of feedback were submitted, including bugs and suggestions for product improvement
176 users filled out a survey sharing their thoughts on the Beta and the new software

So what is everyone excited about? Key highlights in the new releases are:

Fireware 11.11:

Network Discovery: a subscription service that generates a visual map of every connected device, providing Firebox administrators total visibility into all assets on their network. Included in all UTM Security Suites on Firebox and XTMv models.
Botnet Detection:integrated into the Reputation Enabled Defense service. Customers gain real-time visibility into infected clients and command and control communication is immediately blocked. This feature is available on all XTM and Firebox appliances for any customer with a license for Reputation Enabled Defense (which is included in the UTM security suite).
Mobile Security:allows Firebox administrators to enforce access controls and only allow mobile devices that adhere to current corporate policies, and are free of malware. Available as an optional subscription service on all Firebox and XTMv models.

Dimension 2.1:

Subscription Services Dashboard: a reporting interface that gives businesses a comprehensive performance summary with statistics to show what has been scanned by a Firebox and attacks or malware that have been prevented.
Policy Usage Report: a new report that provides valuable insight into how frequently policies are used, thereby enabling IT teams to keep firewall policies current and eliminate unnecessary or unused policies.
User Anonymization: an innovative feature that enables businesses to conform to data privacy regulations, such as the European Union's General Data Protection Regulation framework.

WatchGuard Technologies Named Gold and Silver Winner in 2016 IT World Awards

Brendan Patterson — Thu, 19 May 2016 10:00:00 -0700

It has been a great year for industry validation of our network security solutions. This week, WatchGuard received two awards from Network Products Guide, the industry's leading technology research and advisory guide. In the 11th Annual 2016 IT World Awards, the Firebox T50-W brought home the Gold for ‘Unified or Integrated Security’ and the Firebox M5600 took Silver in the ‘Security Hardware’ category. WatchGuard is honored to receive continued industry and peer validation for our network security products for the SMB and distributed enterprise markets. Network Products Guide’s goal is to keep decision makers and end-users informed about the choices they can make in all areas of information technology.

The annual IT World Awards is part of the SVUS Awards recognition program, the same organization that recognized WatchGuard with a Grand Trophy and five Global Excellence Awards in March.

WatchGuard receives Grand Trophy and five other 2016 Global Excellence Awards

Corey Nachreiner — Mon, 07 Mar 2016 09:00:00 -0800

It was a busy week down at the RSA conference in San Francisco, but it kicked off right on Monday night when we learned that InfoSecurity Products Guide, the industry's leading information security research and advisory guide, recognized WatchGuard Technologies as a Grand Trophy winner for their 2016 Global Excellence Awards®. More than 50 judges from around the world formed a broad spectrum of industry voices and their average scores determined the 2016 Global Excellence Awards Finalists and Winners. Beyond the Grand Trophy, we brought home a total of five Info Security Product Guide Global Excellence Awards in a diverse set of categories:

Gold Winner Award for Network Security and Management: WatchGuard Dimension Command
Gold Winner Award for Security Products and Solutions for Small Businesses and SOHO: WatchGuard Firebox T50
Silver Winner Award for Security Products and Solutions for Enterprise (Medium): APT Blocker
Bronze Winner Award for Integrated Security and Unified Threat Management: WatchGuard Firebox M300 Firewall (Firebox M300 running Fireware 11.10.4 firmware)
Bronze Winner Award for People Shaping Info Security: Corey Nachreiner, Chief Technology Officer at WatchGuard Technologies, for Raising InfoSecurity Awareness Through Education

Info Security Product Guide’s recognition of our products and personnel stands as further validation of this company’s commitment to best-in-class security solutions. We’re proud to receive yet another endorsement of WatchGuard’s vision and execution in the field of security for SMBs and enterprises, and for general education and awareness about infosecurity.

Firebox M4600 & M5600

Brendan Patterson — Tue, 23 Feb 2016 13:40:53 -0800

Today WatchGuard is pleased to announce the new Firebox M4600 and M5600 models, completing the replacement of all of our older XTM appliances with a new generation of hardware. Now, from the smallest Firebox T10 to the top of the line Firebox M5600, there is a new Firebox appliance that provides critical network and security functions in a single, centrally managed UTM platform that is easy to set up, deploy and manage.

The WatchGuard Firebox M4600 and Firebox M5600 appliances both provide two empty bays that can be used to add expandable network modules to meet the needs of a wide range of network configurations. Both models support three modular interface options that each add either four or eight interfaces to the Firebox:

8 x 1 Gb Fiber
4 x 10 Gb Fiber
8 x 1 Gb Copper

The picture above shows an M4600 with options 1 and 2 in the two expansion bays. Expandable network modules offer room to grow for the future. If the need for more network ports into the firewall grows, the business doesn’t have to do a costly rip out and replace. The network admin can simply add a new module to the existing appliance to add extra ports.

Resources

These exciting new products are Generally Available (GA) now. Learn more through some of the new resources that are available with today's public launch:

The M4600 provides 8 Gbps UTM throughput, and the M5600 is the fastest Firebox ever with 11 Gbps UTM. Download the datasheet with the full technical specifications for the two new appliances.

We also have a new technical brief that explains in detail how the new network modularity concept works in WatchGuard appliances.

Dimension™ 2.0.1 Update 1 Fixes OpenSSL Flaw

Brendan Patterson — Mon, 15 Feb 2016 09:00:00 -0800

Early this month, I reported a new OpenSSL vulnerability in one of my Daily Security Byte videos. At a high-level, vulnerable OpenSSL servers configured to negotiate Diffie-Hellman keys in a particular way were vulnerable to a "key recovery" attack. By sending many specially crafted connections to a vulnerable server, an attacker could exploit this flaw to recover the server's private key, and decrypt its communications.

Many of WatchGuard products weren't vulnerable to this flaw since we don't configure OpenSSL in the way necessary to expose the issue. However, our log collecter, which is present in both WatchGuard System Manager (WSM) and Dimension™, was vulnerable to the flaw.

Dimension 2.0.1 Update 1 fixes this OpenSSL vulnerability (CVE-2016-0701). If you use Dimension™—especially if you expose its logging service publicly—you should download and install this Dimension™ update as soon as you can. Check the Release Notes for more details on what the update fixes, and how to install it.

Finally, you can learn more about this vulnerability, and how it affects our products, in the Knowledge Base article dedicated to the flaw.— Corey Nachreiner, CISSP (@SecAdept)

Big Security in a Small Package

Brendan Patterson — Fri, 02 Oct 2015 15:01:46 -0700

At WatchGuard, we believe that good things can come in small packages. Our smallest tabletop appliances run the same operating system, or firmware, as the largest rack mount units. This means we can provide enterprise class security in a small form factor that helps protect small offices, retail stores, and remote branches of a distributed enterprise.

This is why we are very excited to introduce the next generation of our tabletop appliances today, the WatchGuard Firebox T30 and T50, which replaces our existing XTM 25/26 and XTM 33. With the Firebox T Series, companies of all sizes can benefit from our suite of sophisticated security technologies that have been developed to protect the most demanding enterprises. For example, with the WebBlocker service, every link is checked against the Threat Seeker cloud URL database from Websense. Using Intrusion Prevention Service (IPS), the Firebox looks for attacks against known vulnerabilities using technology from Trend Micro. Our newest subscription service, APT Blocker provides a defense against advanced malware. We check unknown files in a next generation sandbox in the cloud using full system emulation technology from Lastline.

You might think that these services would slow performance. In fact, the new T50 provides up to 165 Mbps of Unified Threat Management (UTM) performance[1] in a compact form factor with 7 Ethernet ports. The smaller T30 appliance has 5 ports and provides up to 135 Mbps UTM throughput. These powerful new boxes provide full security inspection of Internet traffic at the fast connection speeds available today.

The T30 and T50 don’t just provide faster throughput. New features support the growing needs for secure wireless access. Both models have options for an integrated 802.11ac wireless version – providing faster speeds over the less congested 5 GHz channel. Each model also includes a Power over Ethernet (PoE) port, which can be used to provide power to a WatchGuard Wireless Access Point. With PoE, small locations like retail shops don’t have to install expensive power runs to the ceiling for wireless access points. They can simply run an Ethernet cable from the Firebox to the mounting point. Of course the Firebox also comes with the integrated Gateway Wireless Controller software.

That’s a lot of sophisticated security technology in a small box. I’ve been running a Beta version of the T50 at home for a couple of months now. In today’s world, it’s reassuring to know that I have enterprise level security technology protecting my family and any work that I do for my company from home.

Find out more about the new T30 and T50 appliances at watchguard.com, here.

[1] Remember that UTM performance measures the throughput when the most demanding security services are enabled, including IPS and Gateway Antivirus. Not all vendors publish a combined performance number like this, but we believe that it is important to enable all security services and measure the combined throughput.

New Releases: Fireware and WSM version 11.9.5

Brendan Patterson — Tue, 17 Mar 2015 10:00:00 -0700

WatchGuard is pleased to announce the release of Fireware 11.9.5 and WSM 11.9.5. These maintenance releases provide many bug fixes, with full details outlined in the Release Notes and the What's New in 11.9.5 presentation.

Dimension 1.3 Update 2

Application Control information was not correctly logged from proxy policies in version 11.9.4. Along with the new Fireware release, we have also released Dimension 1.3 Update 2, which is also required to correct this issue.

Does This Release Pertain to Me?

The Fireware release applies to all Firebox and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W appliances.

Software Download Center

Firebox and XTM appliance owners with active LiveSecurity can obtain this update without additional charge by downloading the applicable packages from the new and improved WatchGuard Software Download Center. Please read the Release Notes before you upgrade to understand what’s involved. Known Issues are now listed in the Knowledge Base when logged in at the WatchGuard website. Note that there is also a Beta version of 11.10 available to try out at the software download center.

Contact Information

Don't have an active LiveSecurity subscription for your appliance? It's easy to renew. Contact your WatchGuard reseller today. Find a Partner.

Find Out Why IT Pro Magazine Calls WatchGuard’s Firebox M440 “a Powerful Beast”

Brendan Patterson — Wed, 04 Feb 2015 09:00:00 -0800

Today, we’re excited to announce the “beastly” accomplishments of our Firebox® M440. It has achieved a coveted 5-Star rating and has been named the Editor’s Choice by IT Pro Magazine.

You may recall back in October, when we launched this powerful UTM/NGFW appliance, it was the first appliance rich in truly independent ports. And, it was the first appliance to make it easy to apply the right policies to the correct network segment, without complex configurations. That means better security and protection for data.

IT Pro agrees! WatchGuard’s Firebox® M440 impressed the editors on a variety of fronts with its superb value, top performance, extensive security measures, high port density and integral wireless gateway controller.

As the review notes, “With its fire-engine red chassis you can’t miss a WatchGuard security appliance, but the Firebox M440 is an eye-catcher for a number of other good reasons. It’s designed to help big businesses enforce custom security policies across multiple network segments, but without complicating the process.”

The WatchGuard Firebox M440 delivers 25 1Gb Ethernet ports, eight that deliver Power over Ethernet (PoE), plus two 10 Gb SFP+ (fiber) ports.

The editors also highlight that for a sub-£10K appliance, it’s a powerful beast, with the appliance claiming a top 6.7Gbits/sec firewall throughput and 1.6Gbits/sec for UTM against the competition. The value is excellent as well, with a three-year LiveSecurity subscription that activates the firewall, VPNs, HTTPS inspection plus full customer support and has an RRP of £4,942 ex VAT. Add in all the features, including IPS, app control, advanced threat protection, DLP and more, and the cost is only £8,449. Finally, along with a superb range of security features, the M440 took top value, costing significantly less than competing products, such as SonicWALL’s E-Series NSA 6500.

RED continues to roar.

New Releases: Fireware XTM 11.9.4 and WSM 11.9.4

Brendan Patterson — Wed, 03 Dec 2014 09:00:00 -0800

Fireware OS 11.9.4 and WSM 11.9.4 are now available. This maintenance release includes many bug fixes and several new enhancements. The Release Notes list all resolved issues and new enhancements in the software.

Key Highlights:

New Guest Services capability enables the creation of temporary accounts for hotspot access. Ideal for hotels and retail stores to provide internet access for their visitors and customers. A new guest administrator role and user interface enable front line staff to manage and create the accounts.
Selective inspection or bypass of encrypted web traffic (HTTPS DPI) via domain name or web category. Administrators now have more flexibility, allowing them to bypass DPI inspection of known good sites that need to remain private, such as online banking or financial applications.
Diagnostic report output of Branch Office VPN configurations helps with quick troubleshooting and repair of any tunnel issues.
SSLv3 is disabled by default to protect against man in the middle attacks that could exploit the Poodle vulnerability (CVE-2014-3566).
Many bug fixes to improve the scalability and reliability of Single Sign-On.
Support for /31 and /32 subnets on external interfaces, which are commonly used in regions with shortages of IPv4 IP addresses.
WSM support for the new Firebox M400 and M500 models.

Full details of all changes including screenshots of new user interface are provided in the What's New in 11.9.4 presentation [PPT].

Does this Release Pertain to Me?

This release applies to all Firebox and XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W appliances.

New Software Download Center!

Firebox and XTM appliance owners can obtain this update without additional charge by downloading the applicable packages from the new and improved WatchGuard Software Download Center. No login is required to download the software, but you must have active LiveSecurity on the appliance to apply the upgrade. Please read the Release Notes before you upgrade, to understand what’s involved. Known issues are now listed in the Knowledge Base when accessed through the WatchGuard Portal. You must log in to see Known Issues.

If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number or Partner ID available.)

U.S. End Users: 877.232.3531
Authorized WatchGuard Resellers: 206.521.8375
International End Users: +1.206.613.0456