What’s New in WatchGuard XCS v9.1 Introducing WatchGuard XCS v9.1 Enhancements that improve ease of use • • Improved web-based installation wizard After you upgrade to v9.1, keyboard and monitor are no longer required for future full software release upgrades! Additional functionality to make an already significant XCS solution even more powerful • • • • • • Web Reputation (with ReputationAuthority) Improved user-based web reporting statistics URL Categorization - Uncategorized sites Web authentication bypass (based on domain or IP address) Web URL Block List (Independent configuration from email URL Block Lists) IP address and time-based policies WatchGuard Training 2 Introducing WatchGuard XCS v9.1 Additional XCS v9.1 enhancements • • • • • • • Enhanced Anti-Virus scanning capacity for email and web (factor of 2 to 3 times faster compared to previous XCS versions) because of Kaspersky engine update Significant email and web performance improvements with more than 100% faster performance Improved email message history search functionality for non-Latin based languages including Japanese, Chinese, Greek and other delimited languages Enhanced attachment control for stronger detection Analysis improvements for superior detection of latest spamming techniques Stronger protection against incoming spam and threats delivered via PDF attachments and WordPerfect Greater control from data loss with ability to disable low-grade TLS encryption (less than 128 bit) WatchGuard Training 3 Introducing WatchGuard XCS v9.1 Additional XCS v9.1 enhancements (continued) • • • • • • New WatchGuard Email Encryption controls to disable Forward/Reply to prevent unencrypted messages from being distributed by a recipient Enhanced reporting with rejected connection details, and new option to expire on-box generated reports to free disk space Increased privacy settings for Tiered Administration settings New Brightmail add-on subscription for customers who want to enable multi-layered Anti-Spam engines New McAfee add-on subscription for customers who want to enable multi-layered Anti-Virus engines Over 300+ resolved issues WatchGuard Training 4 Web Installation Wizard Web Installation Wizard Power on the XCS device Wait at least 5 minutes for the XCS device to initialize From a computer connected to the XCS device, open a web browser and type https://10.0.0.1 Log in with the default username/password: admin/admin WatchGuard Training 6 Web Installation Wizard Enter Network Settings: • • • • • • Hostname Domain Gateway Name Servers NTP Server Interface 1 (NIC 1) settings IP address and netmask External Proxy Server WatchGuard Training 7 Web Installation Wizard Update your feature key • • Click Update to enter your feature key manually if you stored it on your computer If device is already registered, click Get Feature Key to obtain the feature key from WatchGuard’s Live Security site We highly recommend that you enter your feature key during the installation wizard WatchGuard Training 8 Web Installation Wizard Mail Configuration : • • • The email domain you are processing mail for Your internal mail server (for example, an Exchange server) Initial settings for Intercept Anti-Spam, Anti-Virus, and Attachment Control WatchGuard Training 9 Web Installation Wizard NEW! Enable mail processing in the web wizard to immediately start processing messages after the installation WatchGuard Training 10 Web Setup Wizard Click Done. Allow a minute for the XCS to initialize. The XCS is ready to start processing both incoming and outgoing mail with Anti-Spam and Anti-Virus settings enabled WatchGuard Training 11 Web Proxy Enhancements Web Proxy Enhancements The XCS Web Proxy has been enhanced to improve ease of use and add protection for web users • • • • • Web Reputation – ReputationAuthority now protects your web users from browsing sites with bad reputations (because of viruses, malware, etc.) User-based reporting – Enhanced Web User reporting statistics URL Categorization Uncategorized Sites – You can now specify web sites that are not categorized by URL Categorization (web site whitelist) Web URL Block Lists - A new specific page to configure Web UBL has been added that is independent from the Email UBL configuration HTTP proxy configuration simplification - The global HTTP proxy configuration page is now divided into 3 separate configuration pages HTTP/HTTPS Proxy Traffic Accelerator User Reporting WatchGuard Training 13 Web Reputation Authority Web Reputation New for v9.1 - Web Reputation • • The ReputationAuthority service helps to identify web sites that contain malicious or inappropriate content by reporting behavioral information based on a collection of statistics about a web site URL The WatchGuard XCS can make a decision about whether to allow or block a web site request based on the reputation score of the web site URL WatchGuard Training 15 Web Reputation Select the Enable Reject on Reputation check box to enable reputation lookups for web URLs to the ReputationAuthority network. Reject Threshold allows you to specify a score. Web Reputation blocks web sites with a reputation score higher than the value you set (default is 90). WatchGuard Training 16 Web Reputation Bypass Scanning • For increased web performance, select Bypass Anti-Virus & Spyware scanning for good reputation to bypass Anti-Virus scanning for web requests if the reputation of the requested web site URL is below the specified bypass threshold (default is 10) No Anti-Virus scanning is performed on web sites with good reputations where the risk of harmful content is minimal WatchGuard Training 17 Web Reputation You can also apply Web Reputation to individual policies for maximum granularity of user, IP, domain, and group-based filtering WatchGuard Training 18 URL Categorization Uncategorized Sites Uncategorized Sites You can create a dictionary of uncategorized sites for the URL Categorization feature • Uncategorized sites feature allows you to upload your own dictionaries of sites that would otherwise be categorized and blocked Sometimes referred to as exceptions, or whitelisting Functionally similar to the HTTP Trusted Sites List, except that only URL Categorization is bypassed. Antivirus and HTTP Content Control are still enforced with the Uncategorized Sites feature After you upload a custom dictionary, you can select it when you edit the HTTP settings in any policy WatchGuard Training 20 Web Proxy Authentication Bypass Web Proxy Authentication Bypass Two new authentication bypass settings: • • Networks that Bypass Authentication - Any users on the specified networks are not prompted to authenticate when using the Web Proxy Domains that Bypass Authentication - Any users that try to connect to the specified domains are not prompted for authentication WatchGuard Training 22 Web Monitoring and User-based Reporting Web Monitoring and User-based Reporting XCS v9.1 enhances the monitoring and reporting of a web user’s activity • Web summary is now separated out in the Dashboard WatchGuard Training 24 Web Monitoring and User-Based Reporting A new category in the Web menu for more granular control on reporting of user web-based traffic • You can modify how the WatchGuard XCS calculates the browse time for a user, and define users, domains, and categories that are not reported by the User Reporting feature. Your own custom dictionaries are used for both Ignore Users and Ignore Domain Names that you do want tracked by reporting Web site categories that you do not want tracked by reporting WatchGuard Training 25 Web URL Block Lists Web Proxy Enhancements A new menu item is available in Configuration > Web > URL Block Lists • • URL Block Lists contain a list of domains and IP addresses of URLs that have appeared previously in spam, phishing, or other malicious web site content The URL Block Lists feature allows you to block access to web site URLs that appear on a URL Block List WatchGuard Training 27 Web URL Block Lists Select UBL Whitelist to configure domains that bypass URL Block List processing Select UBL Domains to customize the URL Block List lookup domains to use for URL checks WatchGuard Training 28 HTTP Proxy Configuration Redesign HTTP Proxy Configuration Redesign HTTP proxy configuration page redesign • The global HTTP proxy configuration page has been divided into 3 separate configuration pages HTTP/HTTPS Proxy Traffic Accelerator User Reporting New items in the Web menu 9.1 9.0 WatchGuard Training 30 Time Policies Time Policies New for v9.1 – Time Policies If time policies are configured, a policy with a specific effective time policy takes precedence over a policy with an effective time period of “Always” Every policy you create can have its own associated time policy WatchGuard Training 32 Default Time Policy The system Default Policy has an effective time period of “Always” and cannot be changed. You can add additional Default Time Policies for specific periods of time Default policy This policy takes precedence over the Default “always” policy WatchGuard Training 33 IP Policies IP Policies Policies are enforced in this order from most specific to least specific • • • • • • User policy ([email protected]) IP address policy (10.0.1.100) Group policy (Finance) Domain policy (example.com) Default Policy Global settings WatchGuard Training 35 IP Policies You can add up to five policies for specific addresses or networks IP policies apply to web traffic only • They are not used for email messages When you enter network addresses, you must add CIDR/slash notation The XCS automatically adds a hidden /32 for single host addresses WatchGuard Training 36 Upgrade to XCS v9.1 Upgrade to XCS v9.1 Because Security Connection does not automatically download full releases, you must download the software from the LiveSecurity site • From the Software Downloads page, download the [xcs91.zip] file and extract the files WatchGuard Training 38 Upgrade to XCS v9.1 After you extract the files, run btiweb.exe • • BTIweb is a small web server on your computer that hosts the xcs-91.img file during the XCS upgrade process Run btiweb.exe, then click Start to start the web server Notice the icon changes after you install btiweb WatchGuard Training 39 Upgrade to XCS v9.1 Before you start the upgrade process, back up your existing configuration so that it can be restored after the upgrade To upgrade the XCS device to a major release requires that you reboot the appliance and press F1 – Install at startup to install a new software image on the device Choose one of three backup options • • • FTP SCP Local Disk • Use FTP or SCP backup when you back up a large reporting database WatchGuard Training 40 Upgrade to XCS v9.1 Choose the items you want to back up • In most cases, we recommend that you select all backup options WatchGuard Training 41 Upgrade to XCS v9.1 Save the backup to your computer’s local disk • The MG-BCKUP file is time stamped for easy identification Year, month, day, and time WatchGuard Training 42 Upgrade to XCS v9.1 After you complete the backup process, open a console connection to the XCS device. You will need these items: • • A monitor to connect to the VGA port on the back of the XCS A PS2 or USB keyboard VGA port With the monitor and keyboard connected, press the reset button located on the front of the appliance to reboot the XCS • Press the F1 key on the keyboard WatchGuard Training 43 Upgrade to XCS v9.1 The WatchGuard Installation Program welcome page appears Press Enter to continue Choose your type of keyboard in the next page and press Enter WatchGuard Training 44 Upgrade to XCS v9.1 In the Installation Type window, select Auto and then press Enter On the next page, click OK to confirm the installation WatchGuard Training 45 Upgrade to XCS v9.1 On the Installation page, select Network to upgrade using the v9.1 .img file: • • Type the appropriate network information for the XCS device. In the Install Path field, type the IP address of the computer where you installed the btiweb.exe file. Press OK. This is the IP address of the computer where you installed btiweb. Remember the trailing “/” character. Press Enter to confirm WatchGuard Training 46 Upgrade to XCS v9.1 On the Create Restore Image page, select Save Image to Hard Disk and press Enter • Do not choose this option if you do not want to overwrite the 9.0 image stored on the XCS device’s hard disk WatchGuard Training 47 Upgrade to XCS v9.1 After the disk partitioning is complete, the main console window appears • At this point, you can configure the device with the new installation wizard After you install the system with the v9.1 wizard ,you can build a new configuration, or restore your XCS v9.0 configuration WatchGuard Training 48 Summary Summary XCS v9.1 improves ease of use • • Improved web-based installation wizard After you upgrade to v9.1, keyboard and monitor are no longer required for future full software release upgrades! Additional functionality makes an already significant XCS solution even more powerful • • • • • • Web Reputation (with ReputationAuthority) Improved user-based web reporting statistics URL Categorization - Uncategorized sites Web authentication bypass (based on domain or IP address) Web URL Block List (Independent configuration from email URL Block Lists) IP address and time-based policies WatchGuard Training 50 Thank You!