WatchGuard Fireware® XTM(WSM v11 and Fireware v11 Release Notes)
发布: 2009-9-17 14:25 | 作者: Allan | 来源: 《深圳赛佛莱特科技有限公司》技术版
注:本站原创,转载请保留本行信息(深圳赛佛莱特科技有限公司)。
注:该版本不再支持老型号产品,如X500,X700,X1000,只支持最新的E系列
XTM软件版本已经发布,按官方说明,该版本很多功能模块重新写过,应该从内核及研发层面来讲与以前的版本有非常大的区别,现在翻译并介绍一下重点:
一、WSM中的策略管理软件增加了很多新的管理特性。
二、从XTM版本开始,WatchGuard硬件防火墙开始支持WEB管理了。
三、第一次完全支持CLI管理方式(命令行管理方式)
四、WSM管理应用完全支持EDGE型号,意味着可以统一用XTM软件中的WSM来管理所有WatchGuard产品了,以往的WSM不支持EDGE等型号。真正意义上实现了产品安装配置的统一化。
五、HTTP Proxy能转向到Caching Proxy Server,也就是可以在HTTP PROXY策略中指定缓存服务器(一般是放在公司内部网络)来加快网站的访问,并节省网络带宽。
六、日志服务器性能增强、报告可自定义内容格式、在线报告和新的报告类型。
七、支持透明桥接模式,并且支持多个接口桥接。
以下是官方发布信息:
WatchGuard is pleased to release Fireware XTM v11 OS for the Firebox X Edge, Core, and Peak e-Series and new XTM 1050 devices. Fireware XTM v11 is a new operating system for your Firebox e-Series or XTM device that combines the best of WatchGuard's Edge and Fireware appliance software features and offers exciting new Extensible Threat Management features. The Fireware XTM v11 release is the first release that offers you a choice of management interfaces to manage your Firebox:
WatchGuard System Manager with Fireware XTM Policy Manager - updated with many new management features
Fireware XTM Web UI - completely redesigned web browser-based interface that you can use to manage any Fireware XTM device
Fireware XTM CLI - the first fully supported command line interface for all WatchGuard XTM devices
For existing Edge, Core and Peak e-Series customers, the Fireware XTM v11 release also introduces many new features for the WatchGuard Firebox product line. Major new features include:
FireCluster - Active/Active load balancing or Active/Passive configuration for a pair of Firebox X Core/Peak e-Series or XTM 1050 devices
Enhanced HTTPS proxy with deep packet inspection and dynamic certificate status checking using OCSP (Online Certificate Status Protocol)
Role-Based Access Control (RBAC) for more granular delegation of management responsibilities for administrators. This feature only applies to devices managed by a WatchGuard Management Server and works with either local or Active Directory user names and groups.
Edge users can now download and use the full WSM suite of management applications
A consolidated WatchGuard Server Center from which you can configure and manage all WatchGuard servers running on a local Windows-based computer.
Centralized management for all devices running Fireware XTM OS with new Fireware XTM templates. Other new features include the ability to do scheduled configuration changes, OS updates, and feature key synchronization for centrally managed devices.
Application Blocker profiles you can apply to any TCP-UDP, HTTP, or HTTPS proxy policy
A new, improved, and more powerful Gateway AV engine
New call setup security features for the SIP and H.323 Application Layer Gateways (SIP and H.323 proxies have been renamed as application layer gateways in v11)
HTTP proxy redirect to a caching proxy server
Automatic redirection to the Firebox authentication page when a user tries to browse the Web without authentication
Severity levels for IPS signatures
Override WebBlocker with a password, and create a different inactivity timeout for each web site
Increased proxy performance
Log Server performance and scalability enhancements
Reporting enhancements, including the ability to define the format of report content, on-demand reporting, and new report types
Transparent Bridge mode
Support for network bridging of multiple interfaces
Port independence for Firebox X Edge users, and the ability to configure your own trust relationships between Edge network interfaces
Support for multicast routing through a BOVPN tunnel to support one-way multicast streams between networks protected by WatchGuard devices
Support for limited broadcast routing through a branch office VPN tunnel. The tunnel supports broadcasts to the broadcast IP address of 255.255.255.255 only.
NAT loopback support
SSL VPN no longer requires clients to open port 4100
Support for VLANs on external interfaces
Minor feature enhancements include:
The Web UI no longer allows multiple read-write administration sessions at the same time
Support for Mobile VPN with IPSec user roaming
Several Intrusion Prevention subscription service enhancements
Single Sign-On improvements
TCP/UDP proxy support for HTTP traffic filtering
QoS and scheduling support for managed VPN tunnel policies
Ability to use Mobile VPN with a dynamically addressed external interface without using DynDNS
Support for metrics on static routes
Scheduled reboot option now available for all Firebox devices
Improved reliability of traffic handling on network interface 4-7
Some features that previously required a "Pro" upgrade have become standard in Fireware XTM. These features include traffic management, QoS, and support for third-party VPN certificates.
注:该版本不再支持老型号产品,如X500,X700,X1000,只支持最新的E系列
XTM软件版本已经发布,按官方说明,该版本很多功能模块重新写过,应该从内核及研发层面来讲与以前的版本有非常大的区别,现在翻译并介绍一下重点:
一、WSM中的策略管理软件增加了很多新的管理特性。
二、从XTM版本开始,WatchGuard硬件防火墙开始支持WEB管理了。
三、第一次完全支持CLI管理方式(命令行管理方式)
四、WSM管理应用完全支持EDGE型号,意味着可以统一用XTM软件中的WSM来管理所有WatchGuard产品了,以往的WSM不支持EDGE等型号。真正意义上实现了产品安装配置的统一化。
五、HTTP Proxy能转向到Caching Proxy Server,也就是可以在HTTP PROXY策略中指定缓存服务器(一般是放在公司内部网络)来加快网站的访问,并节省网络带宽。
六、日志服务器性能增强、报告可自定义内容格式、在线报告和新的报告类型。
七、支持透明桥接模式,并且支持多个接口桥接。
以下是官方发布信息:
WatchGuard is pleased to release Fireware XTM v11 OS for the Firebox X Edge, Core, and Peak e-Series and new XTM 1050 devices. Fireware XTM v11 is a new operating system for your Firebox e-Series or XTM device that combines the best of WatchGuard's Edge and Fireware appliance software features and offers exciting new Extensible Threat Management features. The Fireware XTM v11 release is the first release that offers you a choice of management interfaces to manage your Firebox:
WatchGuard System Manager with Fireware XTM Policy Manager - updated with many new management features
Fireware XTM Web UI - completely redesigned web browser-based interface that you can use to manage any Fireware XTM device
Fireware XTM CLI - the first fully supported command line interface for all WatchGuard XTM devices
For existing Edge, Core and Peak e-Series customers, the Fireware XTM v11 release also introduces many new features for the WatchGuard Firebox product line. Major new features include:
FireCluster - Active/Active load balancing or Active/Passive configuration for a pair of Firebox X Core/Peak e-Series or XTM 1050 devices
Enhanced HTTPS proxy with deep packet inspection and dynamic certificate status checking using OCSP (Online Certificate Status Protocol)
Role-Based Access Control (RBAC) for more granular delegation of management responsibilities for administrators. This feature only applies to devices managed by a WatchGuard Management Server and works with either local or Active Directory user names and groups.
Edge users can now download and use the full WSM suite of management applications
A consolidated WatchGuard Server Center from which you can configure and manage all WatchGuard servers running on a local Windows-based computer.
Centralized management for all devices running Fireware XTM OS with new Fireware XTM templates. Other new features include the ability to do scheduled configuration changes, OS updates, and feature key synchronization for centrally managed devices.
Application Blocker profiles you can apply to any TCP-UDP, HTTP, or HTTPS proxy policy
A new, improved, and more powerful Gateway AV engine
New call setup security features for the SIP and H.323 Application Layer Gateways (SIP and H.323 proxies have been renamed as application layer gateways in v11)
HTTP proxy redirect to a caching proxy server
Automatic redirection to the Firebox authentication page when a user tries to browse the Web without authentication
Severity levels for IPS signatures
Override WebBlocker with a password, and create a different inactivity timeout for each web site
Increased proxy performance
Log Server performance and scalability enhancements
Reporting enhancements, including the ability to define the format of report content, on-demand reporting, and new report types
Transparent Bridge mode
Support for network bridging of multiple interfaces
Port independence for Firebox X Edge users, and the ability to configure your own trust relationships between Edge network interfaces
Support for multicast routing through a BOVPN tunnel to support one-way multicast streams between networks protected by WatchGuard devices
Support for limited broadcast routing through a branch office VPN tunnel. The tunnel supports broadcasts to the broadcast IP address of 255.255.255.255 only.
NAT loopback support
SSL VPN no longer requires clients to open port 4100
Support for VLANs on external interfaces
Minor feature enhancements include:
The Web UI no longer allows multiple read-write administration sessions at the same time
Support for Mobile VPN with IPSec user roaming
Several Intrusion Prevention subscription service enhancements
Single Sign-On improvements
TCP/UDP proxy support for HTTP traffic filtering
QoS and scheduling support for managed VPN tunnel policies
Ability to use Mobile VPN with a dynamically addressed external interface without using DynDNS
Support for metrics on static routes
Scheduled reboot option now available for all Firebox devices
Improved reliability of traffic handling on network interface 4-7
Some features that previously required a "Pro" upgrade have become standard in Fireware XTM. These features include traffic management, QoS, and support for third-party VPN certificates.
EN_ReleaseNotes_FirewareXTM_11_0_1.pdf
(2009-09-17 14:25:09, Size: 385 KB, Downloads: 0)