Fireware 11.12.2 now available

Fireware 11.12.2 and WSM 11.12.2 are now available. Along with ongoing maintenance updates, these releases include several significant improvements to product security and also some new networking features that enable deployment in more environments. The Release Notes online include details of bug fixes, and the What’s New presentation gives a comprehensive overview of all new features. Here are the main highlights:

Security:
Brute force login controls prevent attackers from repeatedly guessing passwords for Firebox authentication or status/admin accounts. 

Gateway wireless controller security improvements to prevent exploitation of known defaults or impersonation

  • Option to apply new unique, strong passwords per access point instead of a global default
  • New trust mechanism to prevent data loss due to AP impersonation or exploitation of factory reset

 

Networking:
DNS forwarding enables admins to point to the gateway Firebox as the DNS server for a network. In addition, conditional forwarding gives distributed enterprise with many locations the flexibility to point to a central corporate DNS server for some traffic but local name servers for other domains.

Dynamic tunnels to Amazon Web Services (AWS) allows customers to configure dynamic routing (BGP) with failover and failback and metric based route selection between the Firebox and AWS. This capability provides comprehensive network and routing options for hybrid cloud environments when businesses connect applications on premise with servers and databases hosted in the cloud. 

Appliances in bridge mode can be configured to use DHCP on the primary interface now, which enables the ability to quickly and easily install an appliance with no impact on the network. Appliances can be configured and initially setup in Bridge Mode via RapidDeploy.

New VPN usage charts in the WebUI show the number of active VPN tunnels over time, assisting with tracking of license usage and issue investigation.

 

Does This Release Pertain to Me?
The Fireware release applies to all Firebox T, Firebox M, and all XTM appliances, except XTM 21/21-W, 22/22-W, or 23/23-W, which will soon go End of Life.

Software Download Center
Firebox and XTM appliance owners with active support subscriptions can obtain this update without additional charge by downloading the applicable packages from the WatchGuard Software Download Center. Please read the Release Notes before you upgrade to understand what’s involved.

Contact Information
For Sales or Support questions, you can find phone numbers for your region online. If you contact WatchGuard Technical Support, please have your registered appliance Serial Number or Partner ID available.


Source: WatchGuard

Threat Detection and Response Planned Service Update

Hello TDR Users,

On Thursday, March 23rd, 2017, at 3:00 PM PST for EU and 5:00 PM PST for Americas, we will release a new version of Threat Detection and Response (TDR). This update will bring performance enhancements and system upgrades.

Users can expect between 15-30 minutes of downtime for this maintenance window. TDR will continue to collect events from your deployed Fireboxes and Host Sensors. Those events will be analyzed once the downtime concludes. Users may need to log back into the system.

Release notes for this upgrade will be posted shortly.

 

Best Regards,

WatchGuard


Source: WatchGuard

Introducing the WatchGuard Firebox T70

WatchGuard is excited to announce the launch of the Firebox T70, our latest tabletop network security appliance. The T70 has set a new industry best, with 1 Gigabit per second in full UTM mode with HTTP traffic, and over 600 Megabits per second with HTTPS traffic. Now, network administrators can confidently deploy a tabletop appliance knowing it will run the services necessary to secure their network without compromising performance.

The Firebox T70 was designed to ensure that network administrators in the small and midsize business (SMB) and Distributed Enterprise segments can deploy a tabletop appliance that can handle HTTPS DPI in environments where Fiber broadband connections are becoming more prevalent. Though HTTPS adds security by encrypting traffic, unfortunately, bad actors are increasingly using this as an attack vector for passing malware through the firewall. It is critical that network admins have the capability to inspect and sanitize this traffic.

To achieve the high performance bar that was set for T70, we decided to leverage an Intel chipset – our first use of the Intel platform in our tabletop lineup. The combination of the product architecture and WatchGuard’s proprietary Fireware OS resulted in our most powerful tabletop yet, and the fastest tabletop UTM on the market when running in full UTM mode (e.g. Intrusion Prevention, Gateway Antivirus, and Application Control) But you don’t have to take our word for it – the performance of the Firebox T70 has been verified by the Miercom independent test lab.

From a design perspective, the Firebox T70 is a 1U tabletop appliance with an all-metal body and comes equipped with 8 x 1 Gb Ethernet ports, 2 of which support Power over Ethernet+ (PoE+). The 2 PoE+ ports allow administrators to easily extend the reach of the Firebox T70 by connecting remote peripherals such as wireless access points, without having to run costly AC power. The Firebox T70 is also fanless, so administrators can feel free to place it in noise sensitive work areas without having to worry about users being bothered by constant whirring.

The Firebox T70 is generally available now, please see the resources below to learn more, or to buy.

To Learn More:

Source: WatchGuard

Firebox M4600 & M5600

Today WatchGuard is pleased to announce the new Firebox M4600 and M5600 models, completing the replacement of all of our older XTM appliances with a new generation of hardware. Now, from the smallest Firebox T10 to the top of the line Firebox M5600, there is a new Firebox appliance that provides critical network and security functions in a single, centrally managed UTM platform that is easy to set up, deploy and manage.

The WatchGuard Firebox M4600 and Firebox M5600 appliances both provide two empty bays that can be used to add expandable network modules to meet the needs of a wide range of network configurations. Both models support three modular interface options that each add either four or eight interfaces to the Firebox:

  1. 8 x 1 Gb Fiber
  2. 4 x 10 Gb Fiber
  3. 8 x 1 Gb Copper

The picture above shows an M4600 with options 1 and 2 in the two expansion bays. Expandable network modules offer room to grow for the future. If the need for more network ports into the firewall grows, the business doesn’t have to do a costly rip out and replace. The network admin can simply add a new module to the existing appliance to add extra ports.

Resources

These exciting new products are Generally Available (GA) now. Learn more through some of the new resources that are available with today’s public launch:

The M4600 provides 8 Gbps UTM throughput, and the M5600 is the fastest Firebox ever with 11 Gbps UTM. Download the datasheet with the full technical specifications for the two new appliances.

Use our new interactive module selector on the web to explore the different network module options available for each model, and see how the firewall throughput can depend on module configuration.

We also have a new technical brief that explains in detail how the new network modularity concept works in WatchGuard appliances.

Source: WatchGuard

Big Security in a Small Package

At WatchGuard, we believe that good things can come in small packages. Our smallest tabletop appliances run the same operating system, or firmware, as the largest rack mount units. This means we can provide enterprise class security in a small form factor that helps protect small offices, retail stores, and remote branches of a distributed enterprise.

This is why we are very excited to introduce the next generation of our tabletop appliances today, the WatchGuard Firebox T30 and T50, which replaces our existing XTM 25/26 and XTM 33. With the Firebox T Series, companies of all sizes can benefit from our suite of sophisticated security technologies that have been developed to protect the most demanding enterprises. For example, with the WebBlocker service, every link is checked against the Threat Seeker cloud URL database from Websense. Using Intrusion Prevention Service (IPS), the Firebox looks for attacks against known vulnerabilities using technology from Trend Micro. Our newest subscription service, APT Blocker provides a defense against advanced malware. We check unknown files in a next generation sandbox in the cloud using full system emulation technology from Lastline.

You might think that these services would slow performance. In fact, the new T50 provides up to 165 Mbps of Unified Threat Management (UTM) performance[1] in a compact form factor with 7 Ethernet ports. The smaller T30 appliance has 5 ports and provides up to 135 Mbps UTM throughput. These powerful new boxes provide full security inspection of Internet traffic at the fast connection speeds available today.

The T30 and T50 don’t just provide faster throughput. New features support the growing needs for secure wireless access. Both models have options for an integrated 802.11ac wireless version – providing faster speeds over the less congested 5 GHz channel. Each model also includes a Power over Ethernet (PoE) port, which can be used to provide power to a WatchGuard Wireless Access Point. With PoE, small locations like retail shops don’t have to install expensive power runs to the ceiling for wireless access points. They can simply run an Ethernet cable from the Firebox to the mounting point. Of course the Firebox also comes with the integrated Gateway Wireless Controller software.

That’s a lot of sophisticated security technology in a small box. I’ve been running a Beta version of the T50 at home for a couple of months now. In today’s world, it’s reassuring to know that I have enterprise level security technology protecting my family and any work that I do for my company from home.

Find out more about the new T30 and T50 appliances at watchguard.com, here.

[1] Remember that UTM performance measures the throughput when the most demanding security services are enabled, including IPS and Gateway Antivirus. Not all vendors publish a combined performance number like this, but we believe that it is important to enable all security services and measure the combined throughput.

Source: WatchGuard

Firedot honeypot solution

Main Street is the New Cyber Battleground. We Have Your Secret Weapon.

Network breaches at corporate giants make headlines, but a surprisingly bloody cyber battlefield is taking place on Main Street. In fact, nearly half of small and mid-sized businesses (SMBs) have been victims of cyber crime. And “the bigger they are, the harder they fall” doesn’t apply. Big companies often survive to fight another day, but 60 percent of SMBs go out of business within six months of an attack.

Today, WatchGuard introduced two enterprise-strength firewalls that give small businesses a new secret weapon against hackers. The WatchGuard Firebox M200 and M300 Next-Generation Firewall (NGFW) and Unified Threat Management (UTM) appliance provide powerful security with easy setup and management. What’s more, they’re up to 218 percent faster than competing solutions with all security engines turned on, and up to a blazing 385 percent faster for encrypted traffic inspection, so even small businesses can compete at enterprise speed. (Download the Miercom report now.)

“Sony and Target breaches have dominated headlines, but it’s the mom-and-pop shops that have gained traction with hackers,” said Corey Nachreiner, chief technology officer at WatchGuard. “In general, small businesses are less-protected and easier to breach, but not any more. The Firebox M200 and M300 make it easy for SMBs to protect themselves as effectively as large enterprises—and without the need for big-company IT resources.”

The new Firebox M200 and M300 run WatchGuard’s powerful Fireware® operating system and include RapidDeploy support that makes setup and configuration easy for SMBs, even without a dedicated technical staff. You can get complete product information here.

Want to know more about how cyber crime is affecting small businesses—and what to do about it? Download our eBook now: “The Cyber Crime Guide for Small and Midsize Businesses.

hacker-van

Or explore our interactive infographic “Cyber Crime Comes To Main Street” to see the sneaky tactics hackers are using to attack mom-and-pop companies on every corner.

mainstreet

Source: WatchGuard

Find Out Why IT Pro Magazine Calls WatchGuard’s Firebox M440 “a Powerful Beast”

Today, we’re excited to announce the “beastly” accomplishments of our Firebox® M440. It has achieved a coveted 5-Star rating and has been named the Editor’s Choice by IT Pro Magazine. Read the entire review right now.

You may recall back in October, when we launched this powerful UTM/NGFW appliance, it was the first appliance rich in truly independent ports. And, it was the first appliance to make it easy to apply the right policies to the correct network segment, without complex configurations. That means better security and protection for data.

IT Pro agrees! WatchGuard’s Firebox® M440 impressed the editors on a variety of fronts with its superb value, top performance, extensive security measures, high port density and integral wireless gateway controller.

As the review notes, “With its fire-engine red chassis you can’t miss a WatchGuard security appliance, but the Firebox M440 is an eye-catcher for a number of other good reasons. It’s designed to help big businesses enforce custom security policies across multiple network segments, but without complicating the process.”

The WatchGuard Firebox M440 delivers 25 1Gb Ethernet ports, eight that deliver Power over Ethernet (PoE), plus two 10 Gb SFP+ (fiber) ports.

The editors also highlight that for a sub-£10K appliance, it’s a powerful beast, with the appliance claiming a top 6.7Gbits/sec firewall throughput and 1.6Gbits/sec for UTM against the competition. The value is excellent as well, with a three-year LiveSecurity subscription that activates the firewall, VPNs, HTTPS inspection plus full customer support and has an RRP of £4,942 ex VAT. Add in all the features, including IPS, app control, advanced threat protection, DLP and more, and the cost is only £8,449. Finally, along with a superb range of security features, the M440 took top value, costing significantly less than competing products, such as SonicWALL’s E-Series NSA 6500.

RED continues to roar.

To read the entire review, click here.

To check out the infographic we did on network segmentation myths, click here.

Source: WatchGuard