What’s New in WatchGuard What’s New in WatchGuard XCS v9.1XCS v9.1

Introducing WatchGuard XCS v9.1

Enhancements that improve ease of use

• Improved web-based installation wizard

• After you upgrade to v9.1, keyboard and monitor are no longer required for future full software release upgrades!

Additional functionality to make an already significant XCS solution even more powerful

• Web Reputation (with ReputationAuthority)

• Improved user-based web reporting statistics

• URL Categorization - Uncategorized sites

• Web authentication bypass (based on domain or IP address)

• Web URL Block List (Independent configuration from email URL Block Lists)

• IP address and time-based policies

WatchGuard Training 22

Introducing WatchGuard XCS v9.1

Additional XCS v9.1 enhancements

• Enhanced Anti-Virus scanning capacity for email and web (factor of 2 to 3 times faster compared to previous XCS versions) because of Kaspersky engine update

• Significant email and web performance improvements with more than 100% faster performance

• Improved email message history search functionality for non-Latin based languages including Japanese, Chinese, Greek and other delimited languages

• Enhanced attachment control for stronger detection

• Analysis improvements for superior detection of latest spamming techniques

• Stronger protection against incoming spam and threats delivered via PDF attachments and WordPerfect

• Greater control from data loss with ability to disable low-grade TLS encryption (less than 128 bit)

WatchGuard Training 33

Introducing WatchGuard XCS v9.1

Additional XCS v9.1 enhancements (continued)

• New WatchGuard Email Encryption controls to disable Forward/Reply to prevent unencrypted messages from being distributed by a recipient

• Enhanced reporting with rejected connection details, and new option to expire on-box generated reports to free disk space

• Increased privacy settings for Tiered Administration settings

• New Brightmail add-on subscription for customers who want to enable multi-layered Anti-Spam engines

• New McAfee add-on subscription for customers who want to enable multi-layered Anti-Virus engines

• Over 300+ resolved issues

WatchGuard Training 44

Web Installation WizardWeb Installation Wizard

Web Installation Wizard

Power on the XCS device Wait at least 5 minutes for the XCS device to initialize From a computer connected to the XCS device, open a web browser and

type https://10.0.0.1 Log in with the default username/password: admin/admin

WatchGuard Training 66

Web Installation Wizard

Enter Network Settings:

• Hostname

• Domain

• Gateway

• Name Servers

• NTP Server

• Interface 1 (NIC 1) settings IP address and netmask External Proxy Server

WatchGuard Training 77

Web Installation Wizard

Update your feature key

• Click Update to enter your feature key manually if you stored it on your computer

• If device is already registered, click Get Feature Key to obtain the feature key from WatchGuard’s Live Security site

We highly recommend that you enter your feature key during the installation wizard

WatchGuard Training 88

Web Installation Wizard

Mail Configuration :

• The email domain you are processing mail for

• Your internal mail server (for example, an Exchange server)

• Initial settings for Intercept Anti-Spam, Anti-Virus, and Attachment Control

WatchGuard Training 99

Web Installation Wizard

NEW! Enable mail processing in the web wizard to immediately start processing messages after the installation

WatchGuard Training 1010

Web Setup Wizard

Click Done. Allow a minute for the XCS to initialize. The XCS is ready to start processing both incoming and outgoing mail

with Anti-Spam and Anti-Virus settings enabled

WatchGuard Training 1111

Web Proxy EnhancementsWeb Proxy Enhancements

Web Proxy Enhancements

The XCS Web Proxy has been enhanced to improve ease of use and add protection for web users

• Web Reputation – ReputationAuthority now protects your web users from browsing sites with bad reputations (because of viruses, malware, etc.)

• User-based reporting – Enhanced Web User reporting statistics

• URL Categorization Uncategorized Sites – You can now specify web sites that are not categorized by URL Categorization (web site whitelist)

• Web URL Block Lists - A new specific page to configure Web UBL has been added that is independent from the Email UBL configuration

• HTTP proxy configuration simplification - The global HTTP proxy configuration page is now divided into 3 separate configuration pages

HTTP/HTTPS Proxy Traffic Accelerator User Reporting

WatchGuard Training 1313

Web Reputation AuthorityWeb Reputation Authority

Web Reputation

New for v9.1 - Web Reputation

• The ReputationAuthority service helps to identify web sites that contain malicious or inappropriate content by reporting behavioral information based on a collection of statistics about a web site URL

• The WatchGuard XCS can make a decision about whether to allow or block a web site request based on the reputation score of the web site URL

WatchGuard Training 1515

Web Reputation

Select the Enable Reject on Reputation check box to enable reputation lookups for web URLs to the ReputationAuthority network.

Reject Threshold allows you to specify a score. Web Reputation blocks web sites with a reputation score higher than the value you set (default is 90).

WatchGuard Training 1616

Web Reputation

Bypass Scanning

• For increased web performance, select Bypass Anti-Virus & Spyware scanning for good reputation to bypass Anti-Virus scanning for web requests if the reputation of the requested web site URL is below the specified bypass threshold (default is 10)

No Anti-Virus scanning is performed on web sites with good reputations where the risk of harmful content is minimal

WatchGuard Training 1717

Web Reputation

You can also apply Web Reputation to individual policies for maximum granularity of user, IP, domain, and group-based filtering

WatchGuard Training 1818

URL CategorizationURL CategorizationUncategorized SitesUncategorized Sites

Uncategorized Sites

You can create a dictionary of uncategorized sites for the URL Categorization feature

• Uncategorized sites feature allows you to upload your own dictionaries of sites that would otherwise be categorized and blocked

Sometimes referred to as exceptions, or whitelisting Functionally similar to the HTTP Trusted Sites List, except that only URL

Categorization is bypassed. Antivirus and HTTP Content Control are still enforced with the Uncategorized Sites feature

WatchGuard Training 2020

After you upload a custom dictionary, you can select it when you edit the HTTP settings in any policy

Web Proxy Authentication BypassWeb Proxy Authentication Bypass

Web Proxy Authentication Bypass

Two new authentication bypass settings:

• Networks that Bypass Authentication - Any users on the specified networks are not prompted to authenticate when using the Web Proxy

• Domains that Bypass Authentication - Any users that try to connect to the specified domains are not prompted for authentication

WatchGuard Training 2222

Web Monitoring and User-based Web Monitoring and User-based ReportingReporting

Web Monitoring and User-based Reporting

XCS v9.1 enhances the monitoring and reporting of a web user’s activity

• Web summary is now separated out in the Dashboard

WatchGuard Training 2424

Web Monitoring and User-Based Reporting

A new category in the Web menu for more granular control on reporting of user web-based traffic

• You can modify how the WatchGuard XCS calculates the browse time for a user, and define users, domains, and categories that are not reported by the User Reporting feature.

WatchGuard Training 2525

Your own custom dictionaries are used for both Ignore Users and Ignore Domain Names that you do want tracked by reporting

Web site categories that you do not want tracked by reporting

Web URL Block ListsWeb URL Block Lists

Web Proxy Enhancements

A new menu item is available in Configuration > Web > URL Block Lists

• URL Block Lists contain a list of domains and IP addresses of URLs that have appeared previously in spam, phishing, or other malicious web site content

• The URL Block Lists feature allows you to block access to web site URLs that appear on a URL Block List

WatchGuard Training 2727

Web URL Block Lists

Select UBL Whitelist to configure domains that bypass URL Block List processing

Select UBL Domains to customize the URL Block List lookup domains to use for URL checks

WatchGuard Training 2828

HTTP Proxy Configuration RedesignHTTP Proxy Configuration Redesign

HTTP Proxy Configuration Redesign

HTTP proxy configuration page redesign

• The global HTTP proxy configuration page has been divided into 3 separate configuration pages

HTTP/HTTPS Proxy Traffic Accelerator User Reporting

New items in the Web menu

WatchGuard Training 3030

9.09.1

Time PoliciesTime Policies

Time Policies

New for v9.1 – Time Policies If time policies are configured, a policy with a specific effective time

policy takes precedence over a policy with an effective time period of “Always”

Every policy you create can have its own associated time policy

WatchGuard Training 3232

Default Time Policy

The system Default Policy has an effective time period of “Always” and cannot be changed.

You can add additional Default Time Policies for specific periods of time

WatchGuard Training 3333

This policy takes precedence over the Default “always” policy

Default policy

IP PoliciesIP Policies

IP Policies

Policies are enforced in this order from most specific to least specific

• User policy (user@example.com)

• IP address policy (10.0.1.100)

• Group policy (Finance)

• Domain policy (example.com)

• Default Policy

• Global settings

WatchGuard Training 3535

IP Policies

You can add up to five policies for specific addresses or networks IP policies apply to web traffic only

• They are not used for email messages

WatchGuard Training 3636

When you enter network addresses, you must add CIDR/slash notation

The XCS automatically adds a hidden /32 for single host addresses

Upgrade to XCS v9.1Upgrade to XCS v9.1

Upgrade to XCS v9.1

Because Security Connection does not automatically download full releases, you must download the software from the LiveSecurity site

• From the Software Downloads page, download the [xcs91.zip] file and extract the files

WatchGuard Training 3838

Upgrade to XCS v9.1

After you extract the files, run btiweb.exe

• BTIweb is a small web server on your computer that hosts the xcs-91.img file during the XCS upgrade process

• Run btiweb.exe, then click Start to start the web server

WatchGuard Training 3939

Notice the icon changes after you install btiweb

Upgrade to XCS v9.1

Before you start the upgrade process, back up your existing configuration so that it can be restored after the upgrade To upgrade the XCS device to a major release requires that you reboot the

appliance and press F1 – Install at startup to install a new software image on the device

Choose one of three backup options

• FTP

• SCP

• Local Disk

• Use FTP or SCP backup when you back up a large reporting database

WatchGuard Training 4040

Upgrade to XCS v9.1

Choose the items you want to back up

• In most cases, we recommend that you select all backup options

WatchGuard Training 4141

Upgrade to XCS v9.1

Save the backup to your computer’s local disk

• The MG-BCKUP file is time stamped for easy identification

WatchGuard Training 4242

Year[10], month[04], day[30], and time[1437]

Upgrade to XCS v9.1

After you complete the backup process, open a console connection to the XCS device. You will need these items:

• A monitor to connect to the VGA port on the back of the XCS

• A PS2 or USB keyboard

With the monitor and keyboard connected, press the reset button located on the front of the appliance to reboot the XCS

• Press the F1 key on the keyboard

WatchGuard Training 4343

VGA port

Upgrade to XCS v9.1

The WatchGuard Installation Program welcome page appears Press Enter to continue Choose your type of keyboard in the next page and press Enter

WatchGuard Training 4444

Upgrade to XCS v9.1

In the Installation Type window, select Auto and then press Enter On the next page, click OK to confirm the installation

WatchGuard Training 4545

Upgrade to XCS v9.1

On the Installation page, select Network to upgrade using the v9.1 .img file:

• Type the appropriate network information for the XCS device.

• In the Install Path field, type the IP address of the computer where you installed the btiweb.exe file. Press OK.

WatchGuard Training 4646

This is the IP address of the computer where you installed btiweb. Remember the trailing “/” character.

Press Enter to confirm

Upgrade to XCS v9.1

On the Create Restore Image page, select Save Image to Hard Disk and press Enter

• Do not choose this option if you do not want to overwrite the 9.0 image stored on the XCS device’s hard disk

WatchGuard Training 4747

Upgrade to XCS v9.1

After the disk partitioning is complete, the main console window appears

• At this point, you can configure the device with the new installation wizard After you install the system with the v9.1 wizard ,you can build a new

configuration, or restore your XCS v9.0 configuration

WatchGuard Training 4848

SummarySummary

Summary

XCS v9.1 improves ease of use

• Improved web-based installation wizard

• After you upgrade to v9.1, keyboard and monitor are no longer required for future full software release upgrades!

Additional functionality makes an already significant XCS solution even more powerful

• Web Reputation (with ReputationAuthority)

• Improved user-based web reporting statistics

• URL Categorization - Uncategorized sites

• Web authentication bypass (based on domain or IP address)

• Web URL Block List (Independent configuration from email URL Block Lists)

• IP address and time-based policies

WatchGuard Training 5050

Thank You!Thank You!