WatchGuard VPN Manager 11 to 20 Users Datasheet
Add to my manualsadvertisement
WatchGuard System Manager
Release Notes for WSM 8.0
Introduction
WatchGuard ® is pleased to release WatchGuard System Manager (WSM) 8.0. WSM is the next version of our unified management and monitoring software and delivers a host of new feature enhancements. One of the most significant advancements comes with availability of Fireware ™ Pro – the next generation security software system for the Firebox ® X Core and Firebox X Peak lines of security appliances. It represents the convergence of the WatchGuard Firebox System security capabilities with the WatchGuard Firebox Vclass advanced networking features.
New WatchGuard System Manager features
We made the VPN Manager Device view the default view for all the Firebox devices, log servers, and Management Servers in your network. From WatchGuard System Manager, you can start monitor and configuration tools such as Policy Manager, HostWatch, and the Firebox System Manager.
WatchGuard System Manager also includes:
Simple management of a network with more than one WatchGuard hardware platform:
• Firebox X Core
• Firebox X Edge (VPN management only)
• Firebox X Peak with Fireware Pro
• Firebox SOHO6 and Firebox SOHO6 Wireless (VPN management only)
• Firebox S6 and Firebox S6 Wireless (VPN management only)
A Management Server that operates on a Windows server instead of on a gateway Firebox. This solution is more scalable and flexible and lets you easily set up a large network with many offices and VPN tunnels.
Log messages in XML format.
Features introduced with Fireware Pro
The Fireware Pro appliance software improves WatchGuard’s ability to supply new features on the same hardware platform. Fireware Pro is available for all Firebox®X Core and Firebox X Peak devices. You can use
WatchGuard System Manager 8.0 to manage a Firebox with Fireware Pro appliance software. Fireware Pro is an upgrade for the Firebox X Core model line. Features of Fireware Pro include:
Enhancements to the Gateway AntiVirus service such as a feature to examine outgoing messages, to lock attachments with suspicious content, and better reports
Interface independence
Signature-based intrusion prevention with stateful signature matching
Multi-WAN for more flexibility and network connection time
Dynamic routing of these protocols: BGP, OSPF, RIPv1 and v2
Quality of Service (QoS) which uses “virtual pipes” to regulate the traffic to align with your business requirements
Support for Active Directory and LDAP authentication servers
Enhanced policy management interface for support of Fireware Pro features, and more granular control of your security policy
RELEASE NOTES MAY 12, 2005 PAGE 1
WATCHGUARD SYSTEM MANAGER WSM 8.0
Support for SNMP to monitor important device statistics. You can also transmit SNMP traps to SNMP servers.
For more information or to purchase the upgrade for a Firebox X Core device, contact your reseller or browse to the WatchGuard Web site.
Enhancements to WFS appliance software
The WatchGuard System Manager 8.0 includes WFS 7.4 appliance software. This version has two important features.
WSM 8.0 uses a Management Server that operates on a Windows server instead of on a gateway Firebox.
This allows for much more scalability and flexibility when you set up a large network with many locations.
The Log Server saves log messages in an XML format.
Changes in WFS Appliance Software 7.3 to 7.4
WatchGuard released the final version of WFS 7.3 on December 23, 2004. WatchGuard System Manager includes the WFS 7.4. This is the WFS 7.3 appliance software with some minor differences.
WFS 7.4 includes the SYNFlood (Hotfix 050209) and Link Negotiation (Hotfix 050216).
WFS 7.4 does not include the PPPoE (Hotfix 050330) hotfix. You can not install this hotfix on WFS 7.4. If you installed the hotfix and upgrade your device to WFS 7.4, you no longer have the corrections to the problems identified and resolved with this hotfix.
[5517]
WFS 7.4 does not include the Gateway AntiVirus for E-mail Engine Update version 0.8, 1.0.1. You can not install this update on WFS 7.4. If you installed the update and upgrade your device to WFS 7.4, your device will use the original Gateway AntiVirus for E-mail Engine.
WFS 7.4 requires that you move your DVCP server from the Firebox to a computer.
WFS 7.4 does not support Basic DVCP.
The Management Server is the computer you use as the DVCP server. It can not be a Firebox.
The VPN Manager is now known as the WatchGuard System Manager.
You can not use the WatchGuard System Manager to connect to a Firebox DVCP server with WFS 7.3 or earlier firmware. The WSM will only connect to WSM 8.0 DVCP servers. It will also connect directly to
Firebox devices with WFS 7.4 or Fireware 8.0 firmware.
Technical Assistance
For technical assistance, please contact WatchGuard Technical Support via telephone (see the numbers in the table below) or check the website at http://www.watchguard.com/support . When contacting Technical Support, please have your registered LiveSecurity® key, serial number, or Partner ID ready.
U.S. End Users
International End User
Authorized WatchGuard Resellers
Phone Number
877.232.3531
+1.206.613.0456
206.521.8375
RELEASE NOTES MAY 12, 2005 PAGE 2
WATCHGUARD SYSTEM MANAGER
Installation and Upgrade
WSM 8.0
Before installing the WatchGuard System Manager software, please read the information in the Known Issues section.
If you are migrating a DVCP server to a WSM 8.0 Management Server
Make sure you obtain the WatchGuard System Manager 8.0 HF050505WSM80 hotfix to correct an error that occurs when you migrate an existing DVCP server to the new WSM 8.0 Management Server. (You do not need this hotfix if you plan to set up a new Management Server instead of migrating a previous one, or if you do not want to use the WSM 8.0 Management Server.)
Also, you must have your VPN Manager license before you can migrate a DVCP server to a Management
Server. You can use a VPN Manager license or a WatchGuard System Manager license to increase the total number of devices managed by the Management Server.
To get and install the WSM 8.0 management station software
Use the instructions in the WSM 8.0 Upgrade Guide to install this release. You can find the Upgrade Guide posted on your LiveSecurity site at the same location as the software download and these Release Notes.
To get and install the MUVPN 7.3 client software
Follow the instructions in the MUVPN 7.3 release notes which are posted on your LiveSecurity site. This is not a new release. You do not need to upgrade your client computers.
To get and install Fireware Pro appliance software
Fireware Pro is available as an upgrade to the WatchGuard System Manager. Speak to your reseller or browse to the WatchGuard Web site for more information.
Platform Compatibility
Software Component
Fireware 8.0 Appliance Software
Install On
Firebox X500, X700, X1000, X2500, X5000, X6000, X8000
WFS 7.4 Appliance Software Firebox X500, X700, X1000, X2500, Firebox III
WatchGuard System Manager 8.0 Windows 2000 Professional, Windows 2000 Server, Windows XP Professional, Windows 2003 Server
Server Components Windows 2000 Professional, Windows 2000 Server, Windows XP Professional, Windows 2003 Server
WSM 8.0 System Requirements
Minimum required platform:
Pentium-III, 750MHz CPU
394MB RAM
300MB disk space for software (no data)
Recommended platform: Pentium-IV 1GHz
512MB RAM
300MB disk space for software
10+ GB for application data (logs)
RELEASE NOTES MAY 12, 2005 PAGE 3
WATCHGUARD SYSTEM MANAGER
Before You Start
This software release is an important step forward for WatchGuard management software and appliance firmware. There are significant changes and enhancements to the software you install on the management station. We also introduce the new, next generation firmware for the Firebox X called Fireware 8.0.
Please read the Known Issues and Limitations section below for important information about limits to this release. You can also learn more about known issues and methods to avoid these possible issues.
Before you install this release, make sure that you have:
One or more Firebox III, Firebox X Core and Firebox X Peak devices
An Ethernet cable
The installation software for the management station
The documentation we include to help you install and use this product
A backup copy your current WFS 7.x configuration file
A full backup of the Firebox X WFS image
WSM 8.0
Known Issues and Limitations
The following are known issues with this release of the WatchGuard System Manager. Where available, we include a way to work around the issue.
Upgrade
The Management Server Setup Wizard can not convert all the Basic DVCP tunnels that you have in your network. It can only convert the tunnels that use the gateway Firebox as one of the endpoints. Tunnels which do not use the DVCP server as an endpoint do not appear in the Management Server after you migrate. For more information, see the WSM 8.0 Upgrade Instructions.
[4888]
WatchGuard System Manager
The certificate information for your gateway Firebox does not appear in WatchGuard System Manager until you select Update Device for that appliance.
[403]
When you install an additional WatchGuard server component on a management station, the new server does not appear in the toolbar.
[4616]
Workaround: Disable the WatchGuard toolbar, and then enable the toolbar again.
Management Server
The time on the computer which you use for WatchGuard servers (Log Server, WebBlocker Server, and
Management Server) must be the same as the Firebox device(s) which connects to them. We recommend that you use network time protocol (NTP) to do this.
[5356, 3464, 5585]
If you frequently update Managed Firebox Clients, your CRL can get large. You can use the CA manager to delete old entries.
[5563]
You can only set the Key Bits property for Client Certificates with the Management Server Configuration
Wizard.
[3980]
On the Management Server, you can enter an invalid value for the Publication Interval of the Certificate
Revocation List.
[3996]
Workaround: Only use positive integers for the Publication Interval setting.
RELEASE NOTES MAY 12, 2005 PAGE 4
WATCHGUARD SYSTEM MANAGER
WSM 8.0
In some conditions, a managed Firebox can not connect to the Management Server. This can occur if the
Firebox does not download the certificate correctly.
[4401]
Workaround: Change the Management Server Distribution IP Address and update the Firebox client.
Virtual Private Networking, DVCP, Management Server
In some conditions, Internet Explorer 5.0 can not open the WatchGuard Certificate Authority Web page.
[3714]
Logging
The Roll Log Files by File Size and Roll Log Files by Time Interval options do not work correctly. The Log
Server rolls the log file at intervals which do not match the values you set for these features.
[5615]
The tool to convert log files from WFS 7.x format to XML does not convert all log messages. It only converts log messages that the system uses for Historical Reports or LogViewer.
[301]
Feedback
To provide input about the software, documentation, or help systems associated with this release, we encourage you to contact us at any time at [email protected]
. We look forward to hearing your feedback and comments.
RELEASE NOTES MAY 12, 2005 PAGE 5
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project