What's New in This Release
Fireware OS Version 12.1
This release of Fireware includes these new and improved features:
- Access Portal Feature DetailsAccess Portal is a new feature that connects users to web applications, RDP sessions, and SSH sessions within a web browser. SAML single sign-on is supported.
- Mobile VPN with IKEv2 Feature DetailsMobile VPN with IKEv2 is a new feature that supports VPN connections from native IKEV2 clients on Windows, Mac OS, and iOS. Android devices are supported with the third-party strongSwan app.
- BOVPN over TLS Feature DetailsConfigure the new BOVPN over TLS feature to create VPN tunnels that use TLS for secure communication between Fireboxes.
- IPv4 Wildcard Addresses in Aliases in Device Configuration Templates Feature DetailsWhen you add an alias, you can specify a Host IPv4, Wildcard IPv4, Network IPv4, Host Range IPv4, Host IPv6, Network IPv6, Host Range IPv6, or Host Name (DNS lookup), or import a list of FQDN addresses.
- Modem Interfaces Feature DetailsWhen you add a modem to your Firebox, it is configured as a dedicated external interface that can participate in multi-WAN.
- Wildcard IP Addresses Feature DetailsSpecify wildcard IPv4 addresses in aliases and policies.
- Minimum Association RSSI, Smart Steering, and Band Steering Feature DetailsAP120, AP300, AP320, AP322, and AP420 now support minimum association RSSI and smart steering on the Gateway Wireless Controller. Formerly known as Fast Handover, these options are now configured for each SSID with advanced steering parameters configured in the AP settings. Band Steering parameters are also now configured per SSID.
- Import and Export Alias Members from a Text File Feature DetailsYou can import a list of alias members from a text file. You can also export a list of alias members to a text file. These options were only available in the Web UI in Fireware v12.0.1. In Fireware v12.1, these options are now also available in Policy Manager.
- Multi-WAN Link Monitor Enhancements Feature DetailsYou can now disable link monitor for any interface. When you add a new interface, link monitor is enabled by default for all interfaces except modem interfaces.
Threat Detection and Response
Recent TDR releases added these new and improved features:
- Notification Rules Feature DetailsTDR 5.3 added a new Notification Rules feature that enables email notification when threats are detected.
- Remediations page Feature DetailsTDR 5.2.2 added a new Remediations page to increase the visibility of remediated threats
- Mac Host Sensor Feature DetailsTDR 5.2 added support for a Mac Host Sensor
- Host Group Management from the Hosts Page Feature DetailsOn the Hosts page, you can now select multiple hosts and change the Host Group.
Dimension v2.1.1 Update 2
This release of Dimension includes these new and improved features:
Fireware OS Version 12.0.1
This release of Fireware includes these new and improved features:
- Support Access Feature DetailsYou can now enable Support Access to create a temporary read-only account and enable connections to your Firebox from WatchGuard Support.
- Policy Manager save a configuration for a specific Fireware version Feature DetailsIn Policy Manager you can now save a configuration for a specific version of Fireware. This is most useful for RapidDeploy.
- Gateway AV Scan Size Limit defaults updated Feature DetailsThe default and maximum scan size limits changed in Fireware v12.0.1. Gateway AntiVirus default and maximum scan size limits are set based on the hardware capabilities of each Firebox model.
- Gateway AV actions updated in proxy action settings Feature DetailsThe Gateway AV proxy action settings now include an Enable Gateway AV check box that automatically changes all Allow actions in the proxy action to AV Scan. You can also now configure the action to take when a file cannot be scanned because it is encrypted or exceeds the scan limit.
- Gateway AV decompression is always enabled Feature DetailsGateway AntiVirus file decompression is always enabled, and there are no configurable settings. The number of levels to scan depends on the Firebox model.
- Setup wizards default configuration settings updates Feature DetailsIn the Default-HTTP-Client proxy action, the action for the Windows EXE/DLL Body Content Rule is set to AV Scan instead of Deny. The APT Blocker action for High level threats is set to Drop instead of Block. The action for IPS Low level threats is set to Drop instead of Allow.
- YouTube for Schools settings removed from the HTTP proxy Feature DetailsThe YouTube for Schools option has been removed from the General Settings in the HTTP proxy action configuration. YouTube for schools is no longer supported by Google.
- KRACK WPA/WPA2 wireless vulnerability mitigation Feature DetailsMitigate KRACK WPA/WPA2 vulnerabilities by blocking handshake messages that can potentially exploit clients and force clients to reauthenticate.
- Integration support for Autotask Feature DetailsYou can configure your Firebox to integrate with Autotask, a professional services automation tool.
- Import and export a list of alias members from a text file Feature DetailsYou can import a list of alias members from a text file with Fireware Web UI. You can also export a list of alias members from Fireware Web UI to a text file. These options are not available in Policy Manager in Fireware v12.0.1.
Fireware OS Version 12.0
This release of Fireware includes these new and improved features:
- Content Actions for HTTP Host Header Redirection Feature DetailsYou can now use a content action in an HTTP server proxy policy or HTTPS server proxy action to redirect inbound HTTP requests based on the domain and path in the host header. This feature includes an option for TLS/SSL offloading for inspected HTTPS content.
- Routing Actions in HTTPS Server Proxy Actions Feature DetailsIn the domain name rules for an HTTPS server proxy action you can now specify a routing action to route inbound HTTPS requests to a specific server IP address and port based on a domain name match.
- IMAP Proxy Feature DetailsFireware now supports an IMAP proxy. This does not include support for encrypted IMAP over TLS/SSL.
- APT Blocker Zero Day Protection in the SMTP Proxy Feature DetailsWhen APT Blocker is enabled in the SMTP proxy, the SMTP proxy does not deliver the message until the file has been analyzed for APT threats. The same behavior applies to APT Blocker in the new IMAP proxy.
- Gateway AV Signatures from Bitdefender Feature DetailsGateway AV now uses signatures from Bitdefender for improved virus detection and better performance.
- APT Blocker Scanning of JavaScript Email Attachments Feature DetailsAPT Blocker can now scan JavaScript (.js) files attached to email messages.
- Mobile VPN with PPTP Feature Removed Feature DetailsMobile VPN with PPTP is now not available with Fireware OS. PPTP is an older VPN protocol that is not considered secure.
- Updated Default BOVPN and BOVPN Virtual Interface Security Settings Feature DetailsNew BOVPN, BOVPN virtual interface, and Mobile VPN connections created in Fireware v12.0 have stronger default authentication and encryption settings.
- Updated Default Mobile VPN Security Settings Feature DetailsNew BOVPN, BOVPN virtual interface, and Mobile VPN connections created in Fireware v12.0 have stronger default authentication and encryption settings.
- Removed Obsolete Security Settings from Mobile VPN with SSL Feature DetailsThree obsolete security settings were removed from Mobile VPN with SSL: Blowfish, DES, and MD5.
- Updated Mobile VPN with SSL Status Icons Feature DetailsThe connection status icons for Mobile VPN with SSL that appear in your Windows system tray or Mac OS X menu bar were redesigned. The new icons are easier to see and understand.
- Renamed Authentication Exceptions list in the Hotspot Settings Feature DetailsThe Authentication Exceptions list in the Hotspot settings is now called Walled Garden.
- Wireless Rate Shaping Enhancements Feature DetailsYou can now configure separate upload and download rate limits per SSID and per user in an SSID configuration.
- ConnectWise Default Service Ticket Priority Feature DetailsYou can now configure the default ticket priority for service tickets generated by a Firebox defined in ConnectWise.
- Multicast Routing Feature DetailsFireware now includes support for multicast routing, a networking method for efficient distribution of one-to-many traffic.