•Secondary networks for VLANs
•Support for static NAT and server load balancing for traffic through an Optional interface
•PPPoE client IP address enforcement
•DHCP Force Renew support on external interfaces
•Sierra Wireless 320U 3G/4G modem support
•Bridge XTM wireless Access Points to the same network
•Sierra Wireless 320U 3G/4G modem support
•XTMv on ESXi now supports active/passive FireCluster
WatchGuard AP Device Management Enhancements:
•New AP status of Discovered in the Gateway Wireless Controller
•Ability to upgrade an AP device from the Gateway Wireless Controller
•Automatic AP device firmware upgrades are now staggered
•Customize the Authentication Portal page
•Case-sensitivity disabled for Firebox-DB user names
•Allow only SSL compliant traffic through the HTTPS-proxy
•Improved WebBlocker local override page
Management Server Enhancements:
•Management Server Clustering
•Compare versions of configuration files & force users to comment on changes to configuration files and templates
Monitoring & Reporting Enhancements:
•Download a diagnostic log file from the Web UI
•New Web Traffic Summary report
• Data Loss Prevention: prevents costly data breaches by scanning and detecting the transfer of sensitive information over email, web, and ftp.
• All-new Web UI: has enhanced ease of use, and includes popular WatchGuard tools such as Traffic Monitor and Firewatch. Supports iOS devices.
• Routed VPNs: in 11.8 add tremendous flexibility to the configuration of VPNs in today’s more complex network environments. Many new use cases are supported with the ability to add VPN on a virtual interface.
• Wireless Access Point enhancements: including manual channel selection, and the ability to set the max data rate at which clients connected to the AP can send data.
• YouTube for Schools: Now schools get a unique identifier ("School ID") that XTM firewalls append to all YouTube requests. YouTube (Google) then only allows browsing of videos on the school channel and other safe educational content. Find out more.
• SHA-2: a more secure crypto algorithm than SHA-1, is included in 11.8 as part of the authentication algorithms for Branch Office Tunnels (IPSec).
• SSO for Mac OS and Mobile Devices (iOS and Android): Mac OS and mobile devices do not use Microsoft Active Directory. This new feature, widely used in Education environments, adds a Microsoft Exchange monitor. Alternatively, a client on the device has been added that can be used to identify the user.
• Next-generation firewall capabilities (App Control and IPS) in an IPv6 environment: Find out more about WatchGuard and IPv6 here.
WatchGuard Dimension™ is a cloud-ready network security visibility solution that comes standard with WatchGuard's flagship Unified Threat Management platform. It provides a suite of big data visibility and reporting tools that instantly isolate and distill key security issues and trends, speeding the ability to set meaningful security policies across the network.
Public and Private Cloud-Ready Simply deploy or import a virtual appliance, which includes compatible OS, database, utilities, and WatchGuard server software. It can be in a public or private cloud, or on your server, desktop or laptop. No need to install, maintain, and patch an operating system. No need to maintain dependencies between version of operating systems, databases, and the WatchGuard server software.
XTMv on Hyper-V
WatchGuard AP device enhancements
• MAC access control whitelist
• AP device monitoring enhancements
• Station isolation
• No automatic AP device reboot after AP configuration change
• See the AP device radio used by each wireless client
Set source IP address in static NAT and server load balancing actions
3G / 4G modem support for failover
Quarantine Server end-user web UI improvements
New Websense categories
Configurable syslog server port
Set the diagnostic log level for the Gateway Wireless Controller
Updated hotspot policies
Log off hotspot user sessions
Send device feedback to WatchGuard
Sort policies by column in manual order mode Management
Report Server enforces the Maximum database size setting
CA Manager in WatchGuard WebCenter
Updated UI for management of quarantined messages by recipients
1-to-1 NAT for managed VPN tunnels
Centralized Management for XTM devices behind NAT gateways
Windows 8 and Server 2012 support Services
Intrusion Prevention Service (IPS) scan modes
• IPS and Application Control for HTTPS
WebBlocker with Websense Cloud
Support for the new WatchGuard AP100 and AP200 wireless access points
spamBlocker updated to use anti-spam technology from Mailshell
• New serial number variable support in the HTTP-proxy deny message
• New setting in SMTP-proxy action configuration
• Set the maximum email header size
• TLS encryption not enabled by default
• See the v11.7.2 Release Notes for a list of resolved issues in v11.7.2.
• Additional external interfaces
• DHCP options
• Dynamic NAT — Configurable source IP address
• Serial modem failover on XTM 5 Series and XTM 330
• Branch office VPN modem failover
• Wireless hotspot external guest authentication
• Link aggregation
• Mobile VPN with L2TP
• Mobile VPN apps for Android and iOS
• Mobile VPN with SSL client changes
• Wireless XTM devices
• Hardware health monitoring for failover
• Save TCP dump data to a PCAP file — FSM & Web UI
• Automatic feature key synchronization
• Configure authentication login limits per user or group
Policy tags and filters