What’s New in WatchGuard XCS v9.2

What’s New in What’s New in WatchGuard XCS v9.2WatchGuard XCS v9.2

WatchGuard XCS v9.2 New Feature Introduction

Ease of use enhancements Frequent Tasks page DLP and QMS Wizards Improved Attachment Control pages Improved Message Details page

Spam Rules

Content Rules enhancements (Boolean operators, nested conditions)

Multiple software updates management

Internationalization of attachment names in message

New Web Proxy engine Web configuration added to Install Wizard FTP over HTTP scanning URL Categorization HTTPS & “Uncategorized” category Bypass URL Categorization Flush URL from web cache Web bandwidth usage on Dashboard and Reports Traffic Accelerator improvements

WatchGuard XCS v9.2 Installation

WatchGuard Training 22

Ease of Use Ease of Use EnhancementsEnhancements

Frequent Tasks

Appears as the default page when you log in to the WatchGuard XCS. Provides direct links to the most frequent tasks you can perform to configure and

manage the WatchGuard XCS. Some tasks are important to run after installation, such as importing LDAP users,

updating your software, or adding additional email routing domains.

If you want to display the Dashboard monitoring page after you log in, instead of the Frequent Tasks page, clear the Display at Login check box.


Frequent Tasks

Accept email for additional domains – Configure additional email domains for which you accept mail. Note: Make sure you also add a specific access pattern to trust the internal mail server you specify for the mail route.

Import users/groups from directory services – Configure a directory server to import user/group information for use with LDAP features. Note: Make sure you import Directory Users after you configure a directory server.

QMS Integration Wizard – This wizard guides you through the required configuration to integrate the WatchGuard XCS with the WatchGuard QMS (Quarantine Management Server). Note: Make sure your WatchGuard QMS is configured and running before starting the wizard.

Block or allow email using pattern filters – Pattern filters allow you to block or allow email messages based on message characteristics including the message header, sender, recipient, subject, attachment content, and message body text.

Block or allow attachment types – Attachment controls allow you to block, allow, or strip email attachments based on their file extension, MIME type, or attachment content.

Enable email encryption – SecureMail email encryption allows you to protect the confidentiality of messages by encrypting the message before it is delivered to the recipient.


Frequent Tasks

Data Loss Prevention Wizard – Guides you through the configuration of DLP rules for inbound and outbound email and web traffic. You can block credit cards, SSN/SIN numbers, or use a compliance dictionary to scan for specific words. Note: If you want to use a custom compliance dictionary with the DLP wizard, you must upload the dictionary using Dictionaries and Lists before you start the wizard.

Create and schedule backup – Use the local disk, or FTP/SCP to schedule a backup a remote server.

Update your software – Keep your system software up-to-date by installing any software updates available for your WatchGuard device.

Add an administrator account – Add additional administrator accounts for managing your WatchGuard device.

Create and schedule a report – The WatchGuard XCS reports provide a comprehensive range of detailed information about your system. You can create a report on demand or schedule a recurring report.

View a report – See your generated reports in HTML, PDF, or CSV format. Search message history – Search the message history database to see how specific

messages were processed and the final action performed on a message.


Data Loss Prevention Wizard

The Data Loss Prevention (DLP) wizard guides you through the configuration of DLP content controls and rules for inbound and outbound email and web traffic.

Available tasks: Block credit card numbers

Creates Content Rules in the Default Policy to block the selected types of credit card patterns in email messages.

Block national identification numbers Creates Content Rules in the Default Policy to block national identification numbers

such as a Social Security Number (USA) or Social Insurance Number (Canada) in email messages.

Block based on compliance terms Email: Creates Content Rules in the Default Policy to content scan email

messages based on the selected dictionary, such as Medical, Financial, or a custom dictionary.

Web: Configures Content Scanning in the Default Policy to content scan web content based on the selected dictionary, such as Medical, Financial, or a custom dictionary.

Note: If you want to use a custom compliance dictionary with the DLP wizard, you must upload the dictionary using Dictionaries and Lists before you start the wizard.




DLP Wizard creates new Content Rules in the Default Policy based on your selections.

When you use the DLP wizard, any previous settings (configured through a previous wizard session or configured manually) are displayed and maintained unless you modify the configuration.

Notifications are not configured using the wizard. After you complete the wizard, you can manually examine any content rules created by the wizard and modify the notification settings in the Default Policy.

QMS Wizard

The QMS Wizard guides you through the required configuration to integrate the WatchGuard XCS with the WatchGuard QMS (Quarantine Management Server).

This allows you to redirect spam messages from the WatchGuard XCS to the quarantine area on the WatchGuard QMS, where users can manage their quarantined spam.


QMS Wizard – QMS Configuration You must configure your WatchGuard QMS before starting the QMS Wizard on the XCS:

Select Configuration > Quarantine > User Spam Quarantine to enable and configure spam quarantine services on the WatchGuard QMS.

Select Configuration > Mail > Delivery and set the Relay To field to the IP address of the WatchGuard XCS device. This makes sure that any notifications and released spam messages will be sent to the WatchGuard XCS for delivery.

Create local quarantine user accounts, or import user accounts from an LDAP directory. By default the WatchGuard QMS automatically creates new user accounts when new spam messages are received for a user.

Select Configuration > Quarantine > Trusted/Blocked Senders, enable Permit Downloads, and set the Allowed IPs text box to the IP address of the WatchGuard XCS.


QMS Wizard – Configuration Settings

When you have completed the wizard, the following configuration settings are applied on the WatchGuard XCS: Mail Route – A mail route is created for the specific QMS address called

".quarantine_reroute". This special reroute option is used as the Intercept Anti-Spam action to redirect spam messages to the QMS.

Specific Access Pattern – A Specific Access Pattern is created to trust the address of the QMS to make sure that any mail from the QMS, such as spam digest notifications and released quarantine messages, are not scanned by the Intercept Anti-Spam or Content Control features.

Intercept Anti-Spam – Intercept is configured to redirect spam messages for the specified spam classifications to the QMS.

Pattern Filter – A Pattern Filter is created to prevent training on messages containing the subject 'Quarantined Email Summary". This prevents spam digest notifications messages from the QMS from being trained by Intercept Anti-Spam.

Trusted/Blocked Senders List – If enabled, the Trusted/Blocked Senders List is imported from the QMS using the specified source URL of the QMS.


Attachment Control Attachment Control EnhancementsEnhancements

Attachment Control Enhancements

Redesigned Attachment Control page:

Simplified main configuration page

Separate file type pages for Email File Extensions, Email Content Types, and Web Content types

Inbound/Outbound settings and actions

Collapsed notification settings


Attachment Control – Edit File Types


Edit File Types

Multi-page view or view all entries

Upload and download of file types

Inbound and outbound actions

Filter by action and search text

Ability to delete multiple items

Attachment Control – Add and Edit File Types page


Set inbound and outbound actions Former “Scan” option renamed to “Check Inbound Archive” or “Check Outbound

Archive”

Attachment Control – Attachment Size Limits


Attachment size limits now located on their own page: Security > Content Control > (More ) > Attachment Size Limits

You can configure separate actions for inbound and outbound mail.

Message Details Message Details EnhancementsEnhancements

Message Details Enhancements

The message details have been improved to provide these enhancements: Results of processing are clear

with less repetitive information

Only the most important message details displayed

Ability to add global pattern filters to accept or block messages based on the sender or domain

Scan result icons for quick analysis

Final action and reason clearly indicated

Any content rules and pattern filters that triggered for a message contain the rule name and number


Message Details Enhancements

You can add global pattern filters to accept or block messages based on the sender or domain of the message. Allow Sender – Creates a pattern filter set to "Accept" for the sender Envelope From address. Block Sender – Creates a pattern filter set to "Reject" for the sender Envelope From address. Allow Domain – Creates a pattern filter to "Accept" the domain part of the sender Envelope From. Block Domain – Creates a pattern filter to "Reject" any messages from the domain part of the

sender Envelope From.

The system automatically checks for duplicate or conflicting pattern filters that already exist


Spam RulesSpam Rules

Spam Rules

Spam Rules are a list of content rules generated by WatchGuard . Helps detect new types of spam messages that are not easily detected by other

Intercept Anti-Spam features. Spam Rules are regularly updated by WatchGuard (through Security Connection)

to make sure you are always protected from the latest variants of spam messages.

We recommend you enable this feature. Select Security > Anti-Spam > Spam Rules.


Content Rules Content Rules EnhancementsEnhancements

Content Rules

Greater condition flexibility with powerful boolean operators (AND, OR, NOT) Conditions can be nested using the +() button No limit to the number of conditions in a rule Per rule notifications “In dictionary” search expanded to include Content Scanning


Multiple Software Updates

Management


Multiple Software Updates Management

You can now install or remove multiple software updates at the same time.

Only need to reboot once to install multiple software updates. The WatchGuard XCS determines any software dependency issues and

installs/removes the updates in the correct order. You get a warning if you are missing a software dependency.


Internationalization of Attachment Names in Message Database


Internationalization of Attachment Names

The WatchGuard XCS now supports internationalization of attachment names in message database views. Message history

Message details

Logs and reports

The XCS also already supports internationalized subject headers .


Web Proxy Enhancements


Installation Wizard and Web Configuration

If you have enabled Web scanning with your feature key, the installation wizard displays a new page for Web configuration options.

HTTP/HTTPS – Enable or disable HTTP/HTTPS scanning. Internal Mail Server – Type the address of your internal mail server that will receive

notification messages. Note: The Internal Mail Server field only appears if you did not configure a mail server in the previous step in the Email configuration.

In the Security Settings section of the Web Configuration page, you can enable or disable URL Categorization, Reputation Enabled Defense, and the Anti-Virus features.

Note: If you enable URL Categorization, the feature will not be enabled until the initial control list is downloaded.


FTP over HTTP Scanning

You can now scan FTP traffic that is passed over HTTP. For example, visiting an FTP site through an ftp:// URL such as ftp://ftp.example.com/

All scanners that currently scan HTTP traffic can scan FTP traffic over HTTP. Select Configuration > Web > HTTP/S Proxy.

(HTTP/HTTPS scanning must be enabled)

Select the Enable FTP Proxy check box.

FTP over HTTP Scanning Limitations Only supports FTP over HTTP in a web browser. FTP clients or web browser extensions that use the

“CONNECT” method are not supported. FTP over HTTP scanning is not supported in Transparent mode.


URL Categorization: HTTPS and Uncategorized URLs

HTTPS URLs The URL Categorization feature can now categorize and take action on HTTPS URLs

For example, https://secure.example.com/ No additional configuration required. Enable URL Categorization to scan both HTTP and HTTPS URLs.

Uncategorized URLs New category in the URL Categorization control list called Uncategorized. Select the Uncategorized category to block web sites that cannot be classified in any specific category. Available for selection from the category list on the Configuration > Web > URL Categorization page. (Not enabled by default)

Note: Be careful when you enable this category as you could block legitimate sites or specific pages of those sites even if the primary page is part of a known category.


https://secure.example.com/

Bypass URL Categorization Scanning

Bypass URL Categorization (formerly Uncategorized Sites) allows specified domain to bypass URL Categorization scanning.

You can create a list of web sites to make sure they are not blocked by URL Categorization.

Upload a web domain list in a policy (each specified domain includes subdomains)For example:example.comexample2.comexample3.com


Web Proxy Traffic Accelerator

Additional Traffic Accelerator features help improve scanning efficiency

Preview Scanning Preview scanning allows the web proxy to take action based on your configured

policies by scanning only the initial header of the response. If an action is taken based on the header information, the rest of the content does not have to be scanned.

Only certain types of responses can be handled with a header preview scan, such as detection of MIME types for content control and streaming media bypass, or checks on maximum files sizes reported in the header.

Early Response Early response scanning allows the web proxy to take action based on scanning

only part of the downloaded content.

This early response is useful for detecting issues such as files beyond the maximum file size where the file should not be scanned.


Web Proxy Traffic Accelerator (continued)

Client Request Many HTTP security features, such as URL Categorization, URL Block Lists, and

Trusted/Blocked Lists can perform actions without scanning the actual downloaded content.

These Web scanning decisions are performed very quickly based on your configured policies.

Policy Caching For greater efficiency, some common policy results are cached, such as those

where continuous amounts of web traffic with the same content triggers the same policy.

In general, access of cached data is still sent to the Web Proxy content scanners because different users can have different HTTP content policies applied to them.

Efficiency can be improved by using fewer policies that are wider in scope.The more policies you have results in a higher probability that cached policy results are replaced by the scanning result of a different policy.

Web Site Content Caching Web site content is cached if the web server does not send a non-caching directive

in the response and the response data passes the requirements of the scanning policy.


Flush URL from Web Cache

Flush URL from Web Cache replaces the previous Flush Web Cache Domain feature.

Remove problematic URLs from the cache if they do not load or refresh correctly. The URL must be specified exactly the way it is typed, including the protocol.

For example: http://www.example.com/index.html or ftp://ftp.example.com Select Activity > Status > Utilities. Type the URL, then click Flush.


Web Bandwidth Usage on Dashboard

Appears on the Web Summary Dashboard page Indicates the amount of bandwidth used (in megabytes) for non-cached inbound

and outbound web traffic


Web Analysis Report – Bandwidth

New sections in the Web Analysis report indicate the amount of traffic (in megabytes) for web client and web server inbound and outbound traffic.


Install XCS v9.2Install XCS v9.2

Upgrade to XCS v9.2

Because Security Connection does not automatically download full releases, you must download the software from the LiveSecurity site From the Software Downloads page, download the [xcs92.zip] file and extract

the files


Upgrade to XCS v9.2

After you extract the files, run btiweb.exe BTIweb is a small web server on your computer that hosts the

xcs-92.img file during the XCS upgrade process

Run btiweb.exe, then click Start to start the web server


Notice the icon changes after you install btiweb

Upgrade to XCS v9.2

Before you start the upgrade process, back up your existing configuration so that it can be restored after the upgrade To upgrade the XCS device to a major release requires that you reboot the appliance

and press F1 – Install at startup to install a new software image on the device

Choose one of three backup options FTP

SCP

Local Disk

Use FTP or SCP backup when you back up a large reporting database


Upgrade to XCS v9.2

Choose the items you want to back up In most cases, we recommend that you select all backup options


Upgrade to XCS v9.2

Save the backup to your computer’s local disk. The MG-BCKUP file is given a time stamp for easy identification


Year[11], month[04], day[30], and time[1437]

Upgrade to XCS v9.2

After you complete the backup process, open a console connection to the XCS device. You need these items: A monitor to connect to the VGA port on the back of the XCS

A PS2 or USB keyboard

With the monitor and keyboard connected, press the reset button located on the front of the appliance to reboot the XCS • Press the F1 key on the keyboard


VGA port

Upgrade to XCS v9.2

The WatchGuard Installation Program welcome page appears. Press Enter to continue. Choose your type of keyboard in the next page and press Enter.


Upgrade to XCS v9.2

In the Installation Type window, select Auto and then press Enter.

On the next page, click OK to confirm the installation.


Upgrade to XCS v9.2

On the Installation page, select Network to upgrade using the v9.2 .img file: Type the appropriate network information for the XCS device.

In the Install Path field, type the IP address of the computer where you installed the btiweb.exe file. Press OK.


This is the IP address of the computer where you installed btiweb. Remember the trailing “/” character.

Press Enter to confirm

Upgrade to XCS v9.2

On the Create Restore Image page, select Save Image to Hard Disk and press Enter. Do not choose this option if you do not want to overwrite the previous XCS

software image stored on the XCS device’s hard disk.


Upgrade to XCS v9.2

After the disk partitioning is complete, the main console window appears. At this point, you can configure the device with the new installation wizard.

After you install the system with the v9.2 wizard ,you can build a new configuration, or restore your previous XCS configuration .


Thank You!Thank You!

What’s New in WatchGuard XCS v9.2

Documents

Transcript of What’s New in WatchGuard XCS v9.2