Transcript
What’s New in WatchGuard Dimension v1.1
WatchGuard Training
What’s New in Dimension v1.1 Hyper-V Support Upgrade to Dimension v1.1 Log Server Database
• • •
Status Report [77253] Back up and restore the Log Server database at an external location [76550] External PostgreSQL server support [76223]
Log Server Management
• •
IP address mapping for devices with static or dynamic IP addresses [77934] Support for SMTP gateways that require STARTTLS [77091]
Reporting
• •
New detail reports for Gateway AntiVirus and Intrusion Prevention Service [77106 and 76656] Publish scheduled reports to an external directory [75587 and 75908]
WatchGuard Training
2
Hyper-V Support
WatchGuard Training
3
Hyper-V Support You can now deploy Dimension with Hyper-V for Microsoft Windows Server 2008 R2, 2012, or 2012 R2 Download the Dimension VHD file and use Microsoft Server Hyper-V Manager, or another Hyper-V environment, to install the Dimension VM. Complete installation instructions are included in the Dimension Release Notes and Dimension Help. To summarize:
1. Deploy and start the Dimension VM. 2. Add an IDE hard disk to the Dimension VM. 3. Run the WatchGuard Dimension Setup Wizard to configure Dimension.
WatchGuard Training
4
Upgrade to Dimension v1.1
WatchGuard Training
5
Upgrade to Dimension v1.1 The procedure to upgrade Dimension from v1.0 to v1.1 is a two-step process:
1. Upgrade Dimension with the v1.1 upgrade preparation file. This updates the Dimension Upgrade feature.
2. Upgrade Dimension with the v1.1 upgrade file. This file contains the v1.1 feature upgrades for Dimension.
WatchGuard Training
6
Upgrade to Dimension v1.1 To upgrade Dimension:
1. Connect to Dimension at https:// and log in. 2. Select Manage System > System Settings. 3. Click Upgrade and select the first upgrade file: watchguard-dimension_1_1_amd64.deb
4. Wait for the upgrade to complete and Dimension to reboot.
Do not reboot the Dimension VM before the upgrade is complete.
5. Log in again. 6. Select Administration > System Settings. 7. Click Upgrade and select the second upgrade file: watchguard-dimension_1_1_apt.tgz Wait for the upgrade to complete. If the upgrade requires the Dimension services to restart, Dimension will reboot.
8. Select
Administration > System Settings and verify the version number is
correct.
WatchGuard Training
7
Log Server Database
WatchGuard Training
8
Status Report The Status Report for the Dimension database is available on the Administration > Database page. The Status Report includes statistics for the Log Server database, and log message and report statistics for the devices that are connected to Dimension.
WatchGuard Training
9
External Backup and Restore You can configure an SFTP server as a location for remote backups.
• •
Select Administration > System Settings > Configuration Remote Backup settings are used with the Database Backup settings on the Administration > Log Server Management > Configuration > General page.
WatchGuard Training
10
External PostgreSQL Server Support You can now specify an external PostgreSQL Server for the Log Server database Dimension supports PostgreSQL server v9.2, 9.1.9, or 9.1.11 Select Administration > Log Server Management > Configuration
WatchGuard Training
11
Log Server Management
WatchGuard Training
12
IP Address Mapping Enable Dimension to replace device IP addresses with a name in some Dimension Dashboards and reports. Available for both dynamically addressed devices and devices with a static IP address. Select Administration > IP Address Mapping.
IP Address Mapping
WatchGuard Training
14
IP Address Mapping — Dynamic IP Address Resolution If the source IP address is a private address, as defined in RFC 1918, Dimension can send a reverse DNS request to its name server and resolve the IP address to a name. Provides name resolution for DHCP environments. Requires the name server used by Dimension to provide reverse DNS lookups. When enabled, Dimension replaces the private IP address for dynamically addressed devices with the name the DNS server returns. This name appears in some Dimension Dashboards and reports.
WatchGuard Training
15
IP Address Mapping — Dynamic IP Address Resolution To enable dynamic IP address resolution:
1. Select Administration > Log Server Management > IP Address Mapping. 2. In the Dynamic IP Address Resolution section, click Configure and enable the feature.
WatchGuard Training
16
IP Address Mapping — Static IP Address Map You can now manually create an IP address/name pair to replace a static IP address with a designated name in some Dimension Dashboards and reports. Names can be host names or other descriptive names. You can add IP address/name pairs for devices that are connected to Dimension and for devices that have not connected to Dimension.
WatchGuard Training
17
IP Address Mapping — Static IP Address Map Manually manage individual IP address/name pairs:
1. Select Administration > Log Server Management > IP Address Mapping. 2. In the Static IP Address Map section, add, edit, or remove IP address/name pairs in the Static IP Address Map list.
WatchGuard Training
18
IP Address Mapping — Static IP Address Map To add many IP address/name pairs to the Static IP Address Map list, import a CSV file that includes the pairs. To modify the names assigned to any of the IP addresses in the list, export a CSV file of all the IP address/name pairs, change the names, and import the list again. The names are automatically updated. You cannot change the IP address in any IP address/name pair. You must remove the pair and add a new pair with the correct IP address. Reset the Static IP Address Map list to remove all IP address/name pairs from the list. Changes to the Static IP Address Map list are committed automatically. You do not have to save changes to the page before they take effect. Changes to the Static IP Address Map do not affect the settings for dynamic IP address resolution.
WatchGuard Training
19
IP Address Mapping — Reports for IP Address Mapping The names that replace the IP addresses for dynamically addressed devices, and the names you specify for devices with static IP addresses, appear in some of the Dimension Dashboard pages and reports. Dashboard Reports
• • •
Executive Dashboard — Top Clients section Security Dashboard — Blocked Clients section FireWatch Source tab — Remains available when you filter on a name All tabs — When you select View connections for for a name
WatchGuard Training
20
IP Address Mapping — Reports for IP Address Mapping Available Reports
• • •
• • • • •
Application Usage Top Applications by Host Top Hosts by Application
Blocked Applications Top Blocked by Host Top Hosts Blocked
Top Clients by Bandwidth Hosts (Sent and Received) pivot Hosts (Sent) pivot Hosts (Received) pivot
Top Clients by Hits — Hosts pivot Most Active Clients Report Web Audit — Client pivot (for log messages without an authenticated user) WebBlocker — Client pivot (for log messages without an authenticated user) Per Client Report — If you specify the name in the search criteria
WatchGuard Training
21
SMTP with TLS Dimension now supports sending notifications to SMTP gateways that require STARTTLS. Select Administration > Log Server Management > Configuration > Notifications. Make sure to verify that the CA of the SMTP server certificate is trusted by Dimension. If the CA is not trusted, import the CA certificate to Dimension.
WatchGuard Training
22
Reporting
WatchGuard Training
23
Gateway AntiVirus and Intrusion Prevention Service Reports If your device sends log message data about the Gateway AntiVirus (GAV) and Intrusion Prevention Service (IPS) subscription services, you can now see reports of the GAV and IPS data in Dimension. To see a GAV or IPS report:
1. From the Home page, select a 2. 3.
device or group. Select the Reports tab. In the Detail section, select Gateway AntiVirus or Intrusion Prevention Service.
WatchGuard Training
24
Send Scheduled Reports to an External Directory You can now send your scheduled reports may to an external directory on an FTP server or your remote backup directory. Before you can select to send a scheduled report to an external directory, you must add an FTP server to your Log Server configuration or specify a remote backup location.
• •
Add an FTP Server: Administration > Log Server Management > Reporting > FTP Servers Specify a remote backup location: Administration > System Settings > Configuration > Remote Backup
WatchGuard Training
25
Send Scheduled Reports to an External Directory To send reports to an external directory:
1. Select Administration > 2. 3.
Schedule Reports. Add or edit a report schedule. Select Send reports to the specified directory and select an FTP server or remote backup location that you have already configured.
WatchGuard Training
26
Thank You!
WatchGuard Training
27