What’s New in WatchGuard
XCS v9.1
Introducing WatchGuard XCS v9.1
 Enhancements that improve ease of use
•
•
Improved web-based installation wizard
After you upgrade to v9.1, keyboard and monitor are no longer required for
future full software release upgrades!
 Additional functionality to make an already significant XCS solution even
more powerful
•
•
•
•
•
•
Web Reputation (with ReputationAuthority)
Improved user-based web reporting statistics
URL Categorization - Uncategorized sites
Web authentication bypass (based on domain or IP address)
Web URL Block List (Independent configuration from email URL Block Lists)
IP address and time-based policies
WatchGuard Training
2
Introducing WatchGuard XCS v9.1
 Additional XCS v9.1 enhancements
•
•
•
•
•
•
•
Enhanced Anti-Virus scanning capacity for email and web (factor of 2 to 3
times faster compared to previous XCS versions) because of Kaspersky
engine update
Significant email and web performance improvements with more than 100%
faster performance
Improved email message history search functionality for non-Latin based
languages including Japanese, Chinese, Greek and other delimited
languages
Enhanced attachment control for stronger detection
Analysis improvements for superior detection of latest spamming techniques
Stronger protection against incoming spam and threats delivered via PDF
attachments and WordPerfect
Greater control from data loss with ability to disable low-grade TLS encryption
(less than 128 bit)
WatchGuard Training
3
Introducing WatchGuard XCS v9.1
 Additional XCS v9.1 enhancements (continued)
•
•
•
•
•
•
New WatchGuard Email Encryption controls to disable Forward/Reply to
prevent unencrypted messages from being distributed by a recipient
Enhanced reporting with rejected connection details, and new option to expire
on-box generated reports to free disk space
Increased privacy settings for Tiered Administration settings
New Brightmail add-on subscription for customers who want to enable
multi-layered Anti-Spam engines
New McAfee add-on subscription for customers who want to enable
multi-layered Anti-Virus engines
Over 300+ resolved issues
WatchGuard Training
4
Web Installation Wizard
Web Installation Wizard
 Power on the XCS device
 Wait at least 5 minutes for the XCS device to initialize
 From a computer connected to the XCS device, open a web browser and
type https://10.0.0.1
 Log in with the default username/password: admin/admin
WatchGuard Training
6
Web Installation Wizard
 Enter Network Settings:
•
•
•
•
•
•
Hostname
Domain
Gateway
Name Servers
NTP Server
Interface 1 (NIC 1) settings
 IP address and netmask
 External Proxy Server
WatchGuard Training
7
Web Installation Wizard
 Update your feature key
•
•
Click Update to enter your feature key manually if you stored it on your
computer
If device is already registered, click Get Feature Key to obtain the feature
key from WatchGuard’s Live Security site
 We highly recommend that you enter your feature key during the
installation wizard
WatchGuard Training
8
Web Installation Wizard
 Mail Configuration :
•
•
•
The email domain you are processing mail for
Your internal mail server (for example, an Exchange server)
Initial settings for Intercept Anti-Spam, Anti-Virus, and Attachment Control
WatchGuard Training
9
Web Installation Wizard
 NEW! Enable mail processing in the web wizard to immediately start
processing messages after the installation
WatchGuard Training
10
Web Setup Wizard
 Click Done. Allow a minute for the XCS to initialize.
 The XCS is ready to start processing both incoming and outgoing mail
with Anti-Spam and Anti-Virus settings enabled
WatchGuard Training
11
Web Proxy Enhancements
Web Proxy Enhancements
 The XCS Web Proxy has been enhanced to improve ease of use and
add protection for web users
•
•
•
•
•
Web Reputation – ReputationAuthority now protects your web users from
browsing sites with bad reputations (because of viruses, malware, etc.)
User-based reporting – Enhanced Web User reporting statistics
URL Categorization Uncategorized Sites – You can now specify web sites
that are not categorized by URL Categorization (web site whitelist)
Web URL Block Lists - A new specific page to configure Web UBL has been
added that is independent from the Email UBL configuration
HTTP proxy configuration simplification - The global HTTP proxy
configuration page is now divided into 3 separate configuration pages
 HTTP/HTTPS Proxy
 Traffic Accelerator
 User Reporting
WatchGuard Training
13
Web Reputation Authority
Web Reputation
 New for v9.1 - Web Reputation
•
•
The ReputationAuthority service helps to identify web sites that contain
malicious or inappropriate content by reporting behavioral information based
on a collection of statistics about a web site URL
The WatchGuard XCS can make a decision about whether to allow or block a
web site request based on the reputation score of the web site URL
WatchGuard Training
15
Web Reputation
 Select the Enable Reject on Reputation check box to enable reputation
lookups for web URLs to the ReputationAuthority network.
 Reject Threshold allows you to specify a score. Web Reputation blocks
web sites with a reputation score higher than the value you set (default is
90).
WatchGuard Training
16
Web Reputation
 Bypass Scanning
•
For increased web performance, select Bypass Anti-Virus & Spyware
scanning for good reputation to bypass Anti-Virus scanning for web
requests if the reputation of the requested web site URL is below the
specified bypass threshold (default is 10)
 No Anti-Virus scanning is performed on web sites with good reputations
where the risk of harmful content is minimal
WatchGuard Training
17
Web Reputation
 You can also apply Web Reputation to individual policies for maximum
granularity of user, IP, domain, and group-based filtering
WatchGuard Training
18
URL Categorization
Uncategorized Sites
Uncategorized Sites
 You can create a dictionary of uncategorized sites for the URL
Categorization feature
•
Uncategorized sites feature allows you to upload your own dictionaries of
sites that would otherwise be categorized and blocked
 Sometimes referred to as exceptions, or whitelisting
 Functionally similar to the HTTP Trusted Sites List, except that only URL
Categorization is bypassed. Antivirus and HTTP Content Control are still
enforced with the Uncategorized Sites feature
After you upload a custom dictionary, you can select it
when you edit the HTTP settings in any policy
WatchGuard Training
20
Web Proxy Authentication Bypass
Web Proxy Authentication Bypass
 Two new authentication bypass settings:
•
•
Networks that Bypass Authentication - Any users on the specified
networks are not prompted to authenticate when using the Web Proxy
Domains that Bypass Authentication - Any users that try to connect to the
specified domains are not prompted for authentication
WatchGuard Training
22
Web Monitoring and User-based
Reporting
Web Monitoring and User-based Reporting
 XCS v9.1 enhances the monitoring and reporting of a web user’s activity
•
Web summary is now separated out in the Dashboard
WatchGuard Training
24
Web Monitoring and User-Based Reporting
 A new category in the Web menu for more granular control on reporting
of user web-based traffic
•
You can modify how the WatchGuard XCS calculates the browse time for a
user, and define users, domains, and categories that are not reported by the
User Reporting feature.
Your own custom
dictionaries are used
for both Ignore Users
and Ignore Domain
Names that you do
want tracked by
reporting
Web site categories
that you do not want
tracked by reporting
WatchGuard Training
25
Web URL Block Lists
Web Proxy Enhancements
 A new menu item is available in Configuration > Web > URL Block
Lists
•
•
URL Block Lists contain a list of domains and IP addresses of URLs that have
appeared previously in spam, phishing, or other malicious web site content
The URL Block Lists feature allows you to block access to web site URLs that
appear on a URL Block List
WatchGuard Training
27
Web URL Block Lists
 Select UBL Whitelist to configure domains that bypass URL Block List
processing
 Select UBL Domains to customize the URL Block List lookup domains
to use for URL checks
WatchGuard Training
28
HTTP Proxy Configuration Redesign
HTTP Proxy Configuration Redesign
 HTTP proxy configuration page redesign
•
The global HTTP proxy configuration page has been divided into 3 separate
configuration pages
 HTTP/HTTPS Proxy
 Traffic Accelerator
 User Reporting
 New items in the Web menu
9.1
9.0
WatchGuard Training
30
Time Policies
Time Policies
 New for v9.1 – Time Policies
 If time policies are configured, a policy with a specific effective time
policy takes precedence over a policy with an effective time period of
“Always”
 Every policy you create can have its own associated time policy
WatchGuard Training
32
Default Time Policy
 The system Default Policy has an effective time period of “Always” and
cannot be changed.
 You can add additional Default Time Policies for specific periods of time
Default
policy
This policy
takes
precedence
over the
Default
“always” policy
WatchGuard Training
33
IP Policies
IP Policies
 Policies are enforced in this order from most specific to least specific
•
•
•
•
•
•
User policy (user@example.com)
IP address policy (10.0.1.100)
Group policy (Finance)
Domain policy (example.com)
Default Policy
Global settings
WatchGuard Training
35
IP Policies
 You can add up to five policies for specific addresses or networks
 IP policies apply to web traffic only
•
They are not used for email messages
When you enter network addresses, you
must add CIDR/slash notation
The XCS
automatically
adds a
hidden /32 for
single host
addresses
WatchGuard Training
36
Upgrade to XCS v9.1
Upgrade to XCS v9.1
 Because Security Connection does not automatically download full
releases, you must download the software from the LiveSecurity site
•
From the Software Downloads page, download the [xcs91.zip] file and extract
the files
WatchGuard Training
38
Upgrade to XCS v9.1
 After you extract the files, run btiweb.exe
•
•
BTIweb is a small web server on your computer that hosts the
xcs-91.img file during the XCS upgrade process
Run btiweb.exe, then click Start to start the web server
Notice
the icon
changes
after you
install
btiweb
WatchGuard Training
39
Upgrade to XCS v9.1
 Before you start the upgrade process, back up your existing
configuration so that it can be restored after the upgrade
 To upgrade the XCS device to a major release requires that you reboot the
appliance and press F1 – Install at startup to install a new software image on
the device
 Choose one of three backup options
•
•
•
FTP
SCP
Local Disk
•
Use FTP or SCP backup when you back up a large reporting database
WatchGuard Training
40
Upgrade to XCS v9.1
 Choose the items you want to back up
•
In most cases, we recommend that you select all backup options
WatchGuard Training
41
Upgrade to XCS v9.1
 Save the backup to your computer’s local disk
•
The MG-BCKUP file is time stamped for easy identification
Year[10], month[04], day[30], and time[1437]
WatchGuard Training
42
Upgrade to XCS v9.1
 After you complete the backup process, open a console connection to
the XCS device. You will need these items:
•
•
A monitor to connect to the VGA port on the back of the XCS
A PS2 or USB keyboard
VGA port
 With the monitor and keyboard connected, press the reset button located
on the front of the appliance to reboot the XCS
•
Press the F1 key on the keyboard
WatchGuard Training
43
Upgrade to XCS v9.1
 The WatchGuard Installation Program welcome page appears
 Press Enter to continue
 Choose your type of keyboard in the next page and press Enter
WatchGuard Training
44
Upgrade to XCS v9.1
 In the Installation Type window, select Auto and then press Enter
 On the next page, click OK to confirm the installation
WatchGuard Training
45
Upgrade to XCS v9.1
 On the Installation page, select Network to upgrade using the v9.1 .img
file:
•
•
Type the appropriate network information for the XCS device.
In the Install Path field, type the IP address of the computer where you
installed the btiweb.exe file. Press OK.
This is the IP address of the
computer where you installed
btiweb. Remember the trailing “/”
character.
Press Enter to
confirm
WatchGuard Training
46
Upgrade to XCS v9.1
 On the Create Restore Image page, select Save Image to Hard Disk
and press Enter
•
Do not choose this option if you do not want to overwrite the 9.0 image stored
on the XCS device’s hard disk
WatchGuard Training
47
Upgrade to XCS v9.1
 After the disk partitioning is complete, the main console window appears
•
At this point, you can configure the device with the new installation wizard
 After you install the system with the v9.1 wizard ,you can build a new
configuration, or restore your XCS v9.0 configuration
WatchGuard Training
48
Summary
Summary
 XCS v9.1 improves ease of use
•
•
Improved web-based installation wizard
After you upgrade to v9.1, keyboard and monitor are no longer required for
future full software release upgrades!
 Additional functionality makes an already significant XCS solution even
more powerful
•
•
•
•
•
•
Web Reputation (with ReputationAuthority)
Improved user-based web reporting statistics
URL Categorization - Uncategorized sites
Web authentication bypass (based on domain or IP address)
Web URL Block List (Independent configuration from email URL Block Lists)
IP address and time-based policies
WatchGuard Training
50
Thank You!