lPerfect Forward Secrecy (PFS) is now supported in the SMTP and HTTPS proxies.
lPOP3 proxy can now block files by extension within a ZIPor GZIPcompressed archive file.
lBecause of security vulnerabilities, SSLv2 is considered a non-compliant SSLprotocol in Fireware
v11.11.1 and higher. However, because some applications, such as Skype, require SSLv2, the
HTTPSproxy can now be configured to allow SSLv2 traffic if necessary. For more information, see
What's New in Fireware v11.11.4.
Gateway Wireless Controller (GWC) Enhancements
lYou can now reset APdevices directly from GWC.
lYou can now remove AP firmware from your Firebox with GWC.
Enhancements for WatchGuard Wi-Fi Cloud
lDomain names for WatchGuard Wi-Fi Cloud services are now included by default in the HTTP Proxy
Exceptions and HTTPS Proxy Domain Names lists.
lA new packet filter template, WG-Cloud-Managed-WiFi, is available for WatchGuard Wi-Fi Cloud
APmanagement to open the required ports to enable AP devices to communicate with cloud services.
Other Enhancements
lYou can now select an IPSec VPN certificate that does not include an Extended Key Usage (EKU)
identifier.
lThis release also includes support for the new Firebox T70.
For more information on the bug fixes and enhancements in this release, see the Enhancements and Resolved
Issues section. For more detailed information about the feature enhancements and functionality changes
included in Fireware v11.11.4, see the product documentation or review What's New in Fireware v11.11.4.
Important Information about Firebox Certificates
SHA-1 is being deprecated by many popular web browsers, and WatchGuard recommends that you now use
SHA-256 certificates. Because of this, we have upgraded our default Firebox certificates. Starting with
Fireware v11.10.4, all newly generated default Firebox certificates use a 2048-bit key length. In addition, newly
generated default Proxy Server and Proxy Authority certificates use SHA-256 for their signature hash
algorithm. Starting with Fireware v11.10.5, all newly generated default Firebox certificates use SHA-256 for
their signature hash algorithm. New CSRs created from the Firebox also use SHA-256 for their signature hash
algorithm.
Default certificates are not automatically upgraded after you install Fireware v11.10.5 or later releases.
To regenerate any default Firebox certificates, delete the certificate and reboot the Firebox. If you want to
regenerate default certificates without a reboot, you can use the CLIcommands described in the next section.
Before you regenerate the Proxy Server or Proxy Authority certification, there are some important things to
know.
The Proxy Server certificate is used for inbound HTTPS with content inspection and SMTP with TLS
inspection. The Proxy Authority certificate is used for outbound HTTPS with content inspection. The two
certificates are linked because the default Proxy Server certificate is signed by the default Proxy Authority
certificate. If you use the CLI to regenerate these certificates, after you upgrade, you must redistribute the new
Proxy Authority certificate to your clients or users will receive web browser warnings when they browse
HTTPS sites, if content inspection is enabled.
Important Information about Firebox Certificates
2 WatchGuard Technologies, Inc.
Terms of Use | Privacy Policy | DMCA Policy
2006-2021 Rsmanuals.com