Introduction
WatchGuard is excited to release Fireware XTM v11.4.1. Fireware XTM v11.4.1 demonstrates a continuing commitment to quality to WatchGuard customers, with a significant number of bug fixes and enhancements.
Application Control
- You can now configure an action for an application category. Actions set by category are automatically updated to include any new applications that are added to a category as part of regular signature updates.
- You can now apply an Application Control action to several policies at one time.
VPN Enhancements
- Mobile VPN with IPSec — New support for the Shrew Soft VPN IPSec client. See the Mobile VPN with IPSec section below for more information.
- Mobile VPN with SSL — support for multiple authentication users and groups.
- New branch office VPN gateway settings to specify whether the device tries to resolve the domain name in the remote gateway ID.
Other Enhancements
- Safe Search Enforcement — The HTTP-Client proxy action now has an option to enforce the safe search filtering included in major search engines to make sure that users, especially children, do not see adult content in their search results. All major search engines are covered, including Google, Bing, Yahoo, and Ask.com. The safe search feature also enforces safety mode on YouTube to filter out and remove any objectionable content or comments. By setting this option at the gateway, administrators override whatever preference their users set in their browsers.
- Numerous SNMP MIBs have been added to Fireware XTM with this release.
- New option in Policy Manager to automatically save a time-stamped backup copy of the configuration file each time you save to a file.
- You can now enable or disable IPS for several policies at one time.
- New pre-defined packet filter policy to open the correct ports for LogViewer and Report Manager.
- You can now edit SNAT objects from the Policy Properties dialog box in Policy Manager.
- If LDAPS is enabled for your Active Directory or LDAP server, and the default port for LDAPS is not selected, you are prompted to change the port to the default LDAPS port.
- WSM Filtered View now includes Management Groups for templates and devices.
- You can now specify which authentication server appears first in the authentication portal Authentication Server list.
- You can now release or renew a DHCP lease for an external VLAN in the Web UI.
- Firebox System Manager now includes an option to hide warnings for expired trial periods when a valid license for the feature exists.
- You can now specify the IP address of devices that can connect to the SSO Agent.
- When the SSO Client is installed, port 4116 is automatically enabled on Windows firewall.
You can install Fireware XTM OS v11.4 software on any WatchGuard XTM device, including 2 Series, 5 Series, 8 Series, and the XTM 1050. Although WatchGuard System Manager/Policy Manager v11.4.1 has been designed to manage Fireware XTM v11.3 and Fireware XTM v11.4 devices seamlessly, it is not possible to install Fireware XTM OS v11.4.x on WatchGuard e-Series appliances.
For more information about the feature enhancements included in Fireware XTM v11.4.1, see What's New in Fireware XTM v11.4.1.