Upload
amalia
View
53
Download
4
Embed Size (px)
DESCRIPTION
What’s New in WatchGuard XCS v9.2. WatchGuard XCS v9.2. New Feature Introduction Ease of use enhancements Frequent Tasks page DLP and QMS Wizards Improved Attachment Control pages Improved Message Details page Spam Rules Content Rules enhancements (Boolean operators, nested conditions) - PowerPoint PPT Presentation
Citation preview
What’s New in What’s New in WatchGuard XCS v9.2WatchGuard XCS v9.2
WatchGuard XCS v9.2 New Feature Introduction
Ease of use enhancements Frequent Tasks page DLP and QMS Wizards Improved Attachment Control pages Improved Message Details page
Spam Rules
Content Rules enhancements (Boolean operators, nested conditions)
Multiple software updates management
Internationalization of attachment names in message
New Web Proxy engine Web configuration added to Install Wizard FTP over HTTP scanning URL Categorization HTTPS & “Uncategorized” category Bypass URL Categorization Flush URL from web cache Web bandwidth usage on Dashboard and Reports Traffic Accelerator improvements
WatchGuard XCS v9.2 Installation
WatchGuard Training 22
Ease of Use Ease of Use EnhancementsEnhancements
Frequent Tasks
Appears as the default page when you log in to the WatchGuard XCS. Provides direct links to the most frequent tasks you can perform to configure and
manage the WatchGuard XCS. Some tasks are important to run after installation, such as importing LDAP users,
updating your software, or adding additional email routing domains.
If you want to display the Dashboard monitoring page after you log in, instead of the Frequent Tasks page, clear the Display at Login check box.
WatchGuard Training 44
Frequent Tasks
Accept email for additional domains – Configure additional email domains for which you accept mail. Note: Make sure you also add a specific access pattern to trust the internal mail server you specify for the mail route.
Import users/groups from directory services – Configure a directory server to import user/group information for use with LDAP features. Note: Make sure you import Directory Users after you configure a directory server.
QMS Integration Wizard – This wizard guides you through the required configuration to integrate the WatchGuard XCS with the WatchGuard QMS (Quarantine Management Server). Note: Make sure your WatchGuard QMS is configured and running before starting the wizard.
Block or allow email using pattern filters – Pattern filters allow you to block or allow email messages based on message characteristics including the message header, sender, recipient, subject, attachment content, and message body text.
Block or allow attachment types – Attachment controls allow you to block, allow, or strip email attachments based on their file extension, MIME type, or attachment content.
Enable email encryption – SecureMail email encryption allows you to protect the confidentiality of messages by encrypting the message before it is delivered to the recipient.
WatchGuard Training 55
Frequent Tasks
Data Loss Prevention Wizard – Guides you through the configuration of DLP rules for inbound and outbound email and web traffic. You can block credit cards, SSN/SIN numbers, or use a compliance dictionary to scan for specific words. Note: If you want to use a custom compliance dictionary with the DLP wizard, you must upload the dictionary using Dictionaries and Lists before you start the wizard.
Create and schedule backup – Use the local disk, or FTP/SCP to schedule a backup a remote server.
Update your software – Keep your system software up-to-date by installing any software updates available for your WatchGuard device.
Add an administrator account – Add additional administrator accounts for managing your WatchGuard device.
Create and schedule a report – The WatchGuard XCS reports provide a comprehensive range of detailed information about your system. You can create a report on demand or schedule a recurring report.
View a report – See your generated reports in HTML, PDF, or CSV format. Search message history – Search the message history database to see how specific
messages were processed and the final action performed on a message.
WatchGuard Training 66
Data Loss Prevention Wizard
The Data Loss Prevention (DLP) wizard guides you through the configuration of DLP content controls and rules for inbound and outbound email and web traffic.
Available tasks: Block credit card numbers
Creates Content Rules in the Default Policy to block the selected types of credit card patterns in email messages.
Block national identification numbers Creates Content Rules in the Default Policy to block national identification numbers
such as a Social Security Number (USA) or Social Insurance Number (Canada) in email messages.
Block based on compliance terms Email: Creates Content Rules in the Default Policy to content scan email
messages based on the selected dictionary, such as Medical, Financial, or a custom dictionary.
Web: Configures Content Scanning in the Default Policy to content scan web content based on the selected dictionary, such as Medical, Financial, or a custom dictionary.
Note: If you want to use a custom compliance dictionary with the DLP wizard, you must upload the dictionary using Dictionaries and Lists before you start the wizard.
WatchGuard Training 77
Data Loss Prevention Wizard
WatchGuard Training 88
Data Loss Prevention Wizard
WatchGuard Training 99
Data Loss Prevention Wizard
WatchGuard Training 1010
DLP Wizard creates new Content Rules in the Default Policy based on your selections.
When you use the DLP wizard, any previous settings (configured through a previous wizard session or configured manually) are displayed and maintained unless you modify the configuration.
Notifications are not configured using the wizard. After you complete the wizard, you can manually examine any content rules created by the wizard and modify the notification settings in the Default Policy.
QMS Wizard
The QMS Wizard guides you through the required configuration to integrate the WatchGuard XCS with the WatchGuard QMS (Quarantine Management Server).
This allows you to redirect spam messages from the WatchGuard XCS to the quarantine area on the WatchGuard QMS, where users can manage their quarantined spam.
WatchGuard Training 1111
QMS Wizard – QMS Configuration You must configure your WatchGuard QMS before starting the QMS Wizard on the XCS:
Select Configuration > Quarantine > User Spam Quarantine to enable and configure spam quarantine services on the WatchGuard QMS.
Select Configuration > Mail > Delivery and set the Relay To field to the IP address of the WatchGuard XCS device. This makes sure that any notifications and released spam messages will be sent to the WatchGuard XCS for delivery.
Create local quarantine user accounts, or import user accounts from an LDAP directory. By default the WatchGuard QMS automatically creates new user accounts when new spam messages are received for a user.
Select Configuration > Quarantine > Trusted/Blocked Senders, enable Permit Downloads, and set the Allowed IPs text box to the IP address of the WatchGuard XCS.
WatchGuard Training 1212
QMS Wizard – Configuration Settings
When you have completed the wizard, the following configuration settings are applied on the WatchGuard XCS: Mail Route – A mail route is created for the specific QMS address called
".quarantine_reroute". This special reroute option is used as the Intercept Anti-Spam action to redirect spam messages to the QMS.
Specific Access Pattern – A Specific Access Pattern is created to trust the address of the QMS to make sure that any mail from the QMS, such as spam digest notifications and released quarantine messages, are not scanned by the Intercept Anti-Spam or Content Control features.
Intercept Anti-Spam – Intercept is configured to redirect spam messages for the specified spam classifications to the QMS.
Pattern Filter – A Pattern Filter is created to prevent training on messages containing the subject 'Quarantined Email Summary". This prevents spam digest notifications messages from the QMS from being trained by Intercept Anti-Spam.
Trusted/Blocked Senders List – If enabled, the Trusted/Blocked Senders List is imported from the QMS using the specified source URL of the QMS.
WatchGuard Training 1313
Attachment Control Attachment Control EnhancementsEnhancements
Attachment Control Enhancements
Redesigned Attachment Control page:
Simplified main configuration page
Separate file type pages for Email File Extensions, Email Content Types, and Web Content types
Inbound/Outbound settings and actions
Collapsed notification settings
WatchGuard Training 1515
Attachment Control – Edit File Types
WatchGuard Training 1616
Edit File Types
Multi-page view or view all entries
Upload and download of file types
Inbound and outbound actions
Filter by action and search text
Ability to delete multiple items
Attachment Control – Add and Edit File Types page
WatchGuard Training 1717
Set inbound and outbound actions Former “Scan” option renamed to “Check Inbound Archive” or “Check Outbound
Archive”
Attachment Control – Attachment Size Limits
WatchGuard Training 1818
Attachment size limits now located on their own page: Security > Content Control > (More ) > Attachment Size Limits
You can configure separate actions for inbound and outbound mail.
Message Details Message Details EnhancementsEnhancements
Message Details Enhancements
The message details have been improved to provide these enhancements: Results of processing are clear
with less repetitive information
Only the most important message details displayed
Ability to add global pattern filters to accept or block messages based on the sender or domain
Scan result icons for quick analysis
Final action and reason clearly indicated
Any content rules and pattern filters that triggered for a message contain the rule name and number
WatchGuard Training 2020
Message Details Enhancements
You can add global pattern filters to accept or block messages based on the sender or domain of the message. Allow Sender – Creates a pattern filter set to "Accept" for the sender Envelope From address. Block Sender – Creates a pattern filter set to "Reject" for the sender Envelope From address. Allow Domain – Creates a pattern filter to "Accept" the domain part of the sender Envelope From. Block Domain – Creates a pattern filter to "Reject" any messages from the domain part of the
sender Envelope From.
The system automatically checks for duplicate or conflicting pattern filters that already exist
WatchGuard Training 2121
Spam RulesSpam Rules
Spam Rules
Spam Rules are a list of content rules generated by WatchGuard . Helps detect new types of spam messages that are not easily detected by other
Intercept Anti-Spam features. Spam Rules are regularly updated by WatchGuard (through Security Connection)
to make sure you are always protected from the latest variants of spam messages.
We recommend you enable this feature. Select Security > Anti-Spam > Spam Rules.
WatchGuard Training 2323
Content Rules Content Rules EnhancementsEnhancements
Content Rules
Greater condition flexibility with powerful boolean operators (AND, OR, NOT) Conditions can be nested using the +() button No limit to the number of conditions in a rule Per rule notifications “In dictionary” search expanded to include Content Scanning
WatchGuard Training 2525
Multiple Software Updates
Management
WatchGuard Training 2626
Multiple Software Updates Management
You can now install or remove multiple software updates at the same time.
Only need to reboot once to install multiple software updates. The WatchGuard XCS determines any software dependency issues and
installs/removes the updates in the correct order. You get a warning if you are missing a software dependency.
WatchGuard Training 2727
Internationalization of Attachment Names in Message Database
WatchGuard Training 2828
Internationalization of Attachment Names
The WatchGuard XCS now supports internationalization of attachment names in message database views. Message history
Message details
Logs and reports
The XCS also already supports internationalized subject headers .
WatchGuard Training 2929
Web Proxy Enhancements
WatchGuard Training 3030
Installation Wizard and Web Configuration
If you have enabled Web scanning with your feature key, the installation wizard displays a new page for Web configuration options.
HTTP/HTTPS – Enable or disable HTTP/HTTPS scanning. Internal Mail Server – Type the address of your internal mail server that will receive
notification messages. Note: The Internal Mail Server field only appears if you did not configure a mail server in the previous step in the Email configuration.
In the Security Settings section of the Web Configuration page, you can enable or disable URL Categorization, Reputation Enabled Defense, and the Anti-Virus features.
Note: If you enable URL Categorization, the feature will not be enabled until the initial control list is downloaded.
WatchGuard Training 3131
FTP over HTTP Scanning
You can now scan FTP traffic that is passed over HTTP. For example, visiting an FTP site through an ftp:// URL such as ftp://ftp.example.com/
All scanners that currently scan HTTP traffic can scan FTP traffic over HTTP. Select Configuration > Web > HTTP/S Proxy.
(HTTP/HTTPS scanning must be enabled)
Select the Enable FTP Proxy check box.
FTP over HTTP Scanning Limitations Only supports FTP over HTTP in a web browser. FTP clients or web browser extensions that use the
“CONNECT” method are not supported. FTP over HTTP scanning is not supported in Transparent mode.
WatchGuard Training 3232
URL Categorization: HTTPS and Uncategorized URLs
HTTPS URLs The URL Categorization feature can now categorize and take action on HTTPS URLs
For example, https://secure.example.com/ No additional configuration required. Enable URL Categorization to scan both HTTP and HTTPS URLs.
Uncategorized URLs New category in the URL Categorization control list called Uncategorized. Select the Uncategorized category to block web sites that cannot be classified in any specific category. Available for selection from the category list on the Configuration > Web > URL Categorization page. (Not enabled by default)
Note: Be careful when you enable this category as you could block legitimate sites or specific pages of those sites even if the primary page is part of a known category.
WatchGuard Training 3333
Bypass URL Categorization Scanning
Bypass URL Categorization (formerly Uncategorized Sites) allows specified domain to bypass URL Categorization scanning.
You can create a list of web sites to make sure they are not blocked by URL Categorization.
Upload a web domain list in a policy (each specified domain includes subdomains)For example:example.comexample2.comexample3.com
WatchGuard Training 3434
Web Proxy Traffic Accelerator
Additional Traffic Accelerator features help improve scanning efficiency
Preview Scanning Preview scanning allows the web proxy to take action based on your configured
policies by scanning only the initial header of the response. If an action is taken based on the header information, the rest of the content does not have to be scanned.
Only certain types of responses can be handled with a header preview scan, such as detection of MIME types for content control and streaming media bypass, or checks on maximum files sizes reported in the header.
Early Response Early response scanning allows the web proxy to take action based on scanning
only part of the downloaded content.
This early response is useful for detecting issues such as files beyond the maximum file size where the file should not be scanned.
WatchGuard Training 3535
Web Proxy Traffic Accelerator (continued)
Client Request Many HTTP security features, such as URL Categorization, URL Block Lists, and
Trusted/Blocked Lists can perform actions without scanning the actual downloaded content.
These Web scanning decisions are performed very quickly based on your configured policies.
Policy Caching For greater efficiency, some common policy results are cached, such as those
where continuous amounts of web traffic with the same content triggers the same policy.
In general, access of cached data is still sent to the Web Proxy content scanners because different users can have different HTTP content policies applied to them.
Efficiency can be improved by using fewer policies that are wider in scope.The more policies you have results in a higher probability that cached policy results are replaced by the scanning result of a different policy.
Web Site Content Caching Web site content is cached if the web server does not send a non-caching directive
in the response and the response data passes the requirements of the scanning policy.
WatchGuard Training 3636
Flush URL from Web Cache
Flush URL from Web Cache replaces the previous Flush Web Cache Domain feature.
Remove problematic URLs from the cache if they do not load or refresh correctly. The URL must be specified exactly the way it is typed, including the protocol.
For example: http://www.example.com/index.html or ftp://ftp.example.com Select Activity > Status > Utilities. Type the URL, then click Flush.
WatchGuard Training 3737
Web Bandwidth Usage on Dashboard
Appears on the Web Summary Dashboard page Indicates the amount of bandwidth used (in megabytes) for non-cached inbound
and outbound web traffic
WatchGuard Training 3838
Web Analysis Report – Bandwidth
New sections in the Web Analysis report indicate the amount of traffic (in megabytes) for web client and web server inbound and outbound traffic.
WatchGuard Training 3939
Install XCS v9.2Install XCS v9.2
Upgrade to XCS v9.2
Because Security Connection does not automatically download full releases, you must download the software from the LiveSecurity site From the Software Downloads page, download the [xcs92.zip] file and extract
the files
WatchGuard Training 4141
Upgrade to XCS v9.2
After you extract the files, run btiweb.exe BTIweb is a small web server on your computer that hosts the
xcs-92.img file during the XCS upgrade process
Run btiweb.exe, then click Start to start the web server
WatchGuard Training 4242
Notice the icon changes after you install btiweb
Upgrade to XCS v9.2
Before you start the upgrade process, back up your existing configuration so that it can be restored after the upgrade To upgrade the XCS device to a major release requires that you reboot the appliance
and press F1 – Install at startup to install a new software image on the device
Choose one of three backup options FTP
SCP
Local Disk
Use FTP or SCP backup when you back up a large reporting database
WatchGuard Training 4343
Upgrade to XCS v9.2
Choose the items you want to back up In most cases, we recommend that you select all backup options
WatchGuard Training 4444
Upgrade to XCS v9.2
Save the backup to your computer’s local disk. The MG-BCKUP file is given a time stamp for easy identification
WatchGuard Training 4545
Year[11], month[04], day[30], and time[1437]
Upgrade to XCS v9.2
After you complete the backup process, open a console connection to the XCS device. You need these items: A monitor to connect to the VGA port on the back of the XCS
A PS2 or USB keyboard
With the monitor and keyboard connected, press the reset button located on the front of the appliance to reboot the XCS • Press the F1 key on the keyboard
WatchGuard Training 4646
VGA port
Upgrade to XCS v9.2
The WatchGuard Installation Program welcome page appears. Press Enter to continue. Choose your type of keyboard in the next page and press Enter.
WatchGuard Training 4747
Upgrade to XCS v9.2
In the Installation Type window, select Auto and then press Enter.
On the next page, click OK to confirm the installation.
WatchGuard Training 4848
Upgrade to XCS v9.2
On the Installation page, select Network to upgrade using the v9.2 .img file: Type the appropriate network information for the XCS device.
In the Install Path field, type the IP address of the computer where you installed the btiweb.exe file. Press OK.
WatchGuard Training 4949
This is the IP address of the computer where you installed btiweb. Remember the trailing “/” character.
Press Enter to confirm
Upgrade to XCS v9.2
On the Create Restore Image page, select Save Image to Hard Disk and press Enter. Do not choose this option if you do not want to overwrite the previous XCS
software image stored on the XCS device’s hard disk.
WatchGuard Training 5050
Upgrade to XCS v9.2
After the disk partitioning is complete, the main console window appears. At this point, you can configure the device with the new installation wizard.
After you install the system with the v9.2 wizard ,you can build a new configuration, or restore your previous XCS configuration .
WatchGuard Training 5151
Thank You!Thank You!