whats new in fireware xtm 11.6.3. new features in fireware xtm v11.6.3 automatic feature key...
TRANSCRIPT
What’s New inFireware XTM 11.6.3
2
New Features in Fireware XTM v11.6.3
Automatic Feature Key SynchronizationRapidDeployNew Hardware• 2050A
WatchGuard Training
Automatic Feature Key Synchronization
4
Automatic Feature Key Synchronization
When automatic feature key synchronization is enabled, the XTM device automatically downloads the latest feature key from the WatchGuard web site when any feature in the feature key is expired or about to expire. It is not enabled by default.
To enable automatic feature key synchronization:• In Policy Manager, select
Setup > Feature Keys.
• Select the Enable automaticfeature key synchronizationcheck box.
WatchGuard Training
5
Automatic Feature Key Synchronization
When you enable automatic feature key synchronization: • The XTM device immediately checks the expiration dates in the feature
key, and continues to check once per day.
• If any feature is expired, or will expire within three days, the XTM device automatically downloads the latest feature key from WatchGuard once per day, until it successfully downloads a feature key that does not have expired features.
In a FireCluster, the cluster master synchronizes the feature keys for all cluster members.
WatchGuard Training
RapidDeploy
7
RapidDeploy
The RapidDeploy feature enables the network administrators of large centralized management installations to be able to send XTM devices out into the field without the need to physically pre-configure the devices.
With RapidDeploy, administrators can activate up to 200 XTM devices at one time, and provision each device to be able to check in with its Management Server automatically.
RapidDeploy works only with XTM devices manufactured with Fireware XTM v11.6.3 or higher. A device manufactured with v11.6.3 or higher will have a cloud “Ready” sticker on its shipping carton.
You must use at least one Management Server.
WatchGuard Training
8
The RapidDeploy Process
1. From WatchGuard System Manager, register your Management Server with the WatchGuard Portal. Log in to the WatchGuard Deployment Center to verify your Management Server registration was successful.
2. In the Deployment Center, import your XTM device list CSV file and activate all devices.
3. Connect the XTM device to power and to the Internet. The XTM device contacts the Deployment Center to download a basic configuration file and necessary information to contact its Management Server.
4. When XTM device contacts the Management Server, the Management Server contacts the Deployment Center to verify that the XTM device has been assigned to it.
5. In the Deployment Center, verify the deployment status of each XTM device to see which devices have contacted the RapidDeploy servers.
WatchGuard Training
9
Rapid Deployment
WatchGuard Training
10
RapidDeploy – A Closer Look
Register your Management Server• From WSM, select File > RapidDeploy > Management Server
Registration.Or, from the Management Server page, in the RapidDeploy section, select Management Server Registration.
When you register, key Management Server information is passed to the Deployment Center:• The first distribution IP address
• The Management Server certificate
WatchGuard Training
11
RapidDeploy – A Closer Look
Launch Deployment Center• Within WSM, open File > RapidDeploy > Deployment Center
Or, from the Management Server page, in the RapidDeploy section, select Deployment Center.
Verify Management Server Registration• Before you import a CSV, verify that all Management Servers appear in
the Registered Management Servers list.
WatchGuard Training
12
RapidDeploy – A Closer Look
Activate Your XTM Devices• Import an XTM device list, as a UTF-8 encoded CSV file
CSV file must include a header row and contain this information:– XTM Device Serial Number– XTM Device Friendly Name– Management Server IP Address
You can download an example CSV and use it as a template
• To import the device list Click Browse and select the CSV file you created Click Import Deployment Center checks the CSV to verify the data is correct
– If there are errors in the CSV file, an error list will appear If your device list includes a large number of devices, it can take some time to
complete this process.
WatchGuard Training
13
RapidDeploy – Import a CSV File
WatchGuard Training
14
RapidDeploy – Activation
WatchGuard Training
15
RapidDeploy – A Closer Look
When a “Cloud Ready” XTM device is powered on, it contacts the RapidDeploy servers to retrieve its feature key
The XTM device then picks up some basic configuration from the Deployment Center:• A configuration, default with the following exceptions
XTM device friendly name as the device name Management Server IP Address added to the WatchGuard Policy Managed Device Settings
– Management Server IP– Randomly Generated shared secret– Management Server Certificate
• Randomly generated passphrases The device then attempts to contact its Management Server
WatchGuard Training
16
RapidDeploy – A Closer Look
When your Management Server receives a connection from an unknown device, it will use the WatchGuard Portal Account to contact Deployment Center• If the device is not identified, it will remain in folder: Unknown Devices
• If the device is identified, it is added below New Devices. The “New Devices” folder is restricted:• It cannot be moved
• Additional folders cannot be moved to or created in this folder
• Additional devices cannot be moved to or created in this folder New devices are added in Basic managed mode
WatchGuard Training
17
RapidDeploy - A Closer Look
You can now manage the device through the Management Server.• Change the passphrases
As only the Management Server knows the passphrases, the device would not be manageable if the device loses its internet connection or if the Management Server becomes available
• Configure Trusted network settings All default devices have 10.0.1.1/24 as their trusted network. When using non-
default networks, especially for VPNs, it is recommended to start configuration by changing the internal networks to what you have allocated
• Change to fully managed mode
• Apply policy templates, create VPNSs etc.
WatchGuard Training
18
Deployment Center
Confirm the device status in Deployment Center• Deployment Center identifies which devices have made connections and
retrieved their settings (to contact their Management Server)
• Once a device has contacted the Deployment Center, its data is stored for 30 days.
• Data for devices that have not contacted Deployment Center will be stored for 2 years.
WatchGuard Training
New Hardware
20
New Hardware – XTM 2050A
WatchGuard Training
Update to XTM 2050A hardware platform, increases available ports to include 16x 1000Base-T interfaces and 4x 10GBBase-SR, LC Fiber, or GbE 100Base-SR interfaces
THANK YOU!