Available for All XTM Appliances
WatchGuard is excited to announce the release of Fireware XTM v11.5.1 and WatchGuard System Manager (WSM) v11.5.1, the latest security operating system for our award-winning XTM appliance line. You can install Fireware XTM OS v11.5.1 on any WatchGuard XTM device, including 2 Series, the new XTM 330, 5 Series, 8 Series, XTM 1050, and XTM 2050 appliances.
Fireware XTM and WSM v11.5.1 marks the first 11.5.x release of our software, and delivers many valuable new capabilities and enhanced features to our already feature-rich XTM products. Though primarily a feature release, v11.5.1 also demonstrates WatchGuard’s continuing commitment to quality with a significant number of bug fixes.
We highlight just a few Fireware XTM v11.5.1’s new features below:
- A newly designed Log and Report Manager Web UI – We have updated our already information-rich logging and reporting UI to make it dramatically faster and easier to use. It now offers drill-down capabilities on users, applications, URLs visited, and more, as well as pivot capabilities that allow you to find the information you need much faster than before. Some other logging and reporting related updates include:
- UTC log time stamping, which allows you to always know what time logs arrived, regardless of which time zone your XTM appliance and log server resides in.
- Report integration with ConnectWise, which allows ConnectWise administrators to automate WatchGuard XTM report creation and delivery to their customers.
- Mobile VPN with IPSec support for Apple® iOS devices – We have updated our XTM IPSec gateway to allow iPhones, iPads, and iPods to make secure connections to your XTM appliance using Apple’s built-in IPSec client. This update also allows OS X Lion Macs to connect using Lion’s built-in IPSec client as well.
- Mobile VPN with SSL support 64-bit Mac clients – Our Mac SSL client now supports 64-bit OS X installations.
- IPv6 Routing Support – Your XTM appliance can now receive an IPv6 address, use IPv6 DNS/WINS servers, create static IPv6 routes, and support SLAAC router advertisement. 11.5.1 has achieved IPv6ready.org Gold logo for routing, confirming that the basic “plumbing” — the packet routing building blocks of IPv6 — works correctly. It’s important to note that v11.5.1 does not yet support IPv6 firewall policies, which will come in a later release.
- Improved Dynamic Routing support – We have updated and improved our Dynamic Routing engine, and it now supports Dynamic Routing in FireCluster configurations as well.
- SMTP Proxy enhancements to support TLS encryption – Our SMTP proxy now supports and enforces TLS encrypted user authentication and end-to-end message body encryption.
- Clientless Single Sign-On (SSO) – Fireware XTM v11.5.1 delivers improved SSO accuracy without the need to install SSO client software on all your computers.
- FIPS Support – XTM devices now meet the overall requirements for FIPS 140-2 Level 2 security, when configured in a FIPS-compliant manner.
In addition to the features and enhancements listed above, 11.5.1 also includes numerous smaller enhancements and many bug fixes in different areas of Fireware and WSM.
If you’re an active LiveSecurity subscriber, you can upgrade to Fireware XTM v11.5.1 free of charge. You can install Fireware XTM v11.5.1 software on any WatchGuard XTM device. Although WatchGuard System Manager v11.5.1 has been designed to manage devices running earlier versions of Fireware XTM v11, it is not possible to install Fireware XTM v11.5.1 on WatchGuard e-Series appliances.
For more information about the feature enhancements included in Fireware XTM v11.5.1, see the Release Notes or What’s New in Fireware XTM v11.5.1.
Does This Release Pertain to Me?
Fireware XTM 11.5.1 is a feature release that also includes many bug fixes. If you have any XTM series appliance and wish to take advantage of the enhancements listed above, or those mentioned in the Release Notes, you should consider upgrading to version 11.5.1. Please read the Release Notes before you upgrade, to understand what’s involved.
How Do I Get the Release?
XTM series owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Support section of WatchGuard’s Support Center, which also includes clear installation instructions. Fireware XTM 11.5.1 is an XTM Series only release, and does not work on e-Series appliances. As always, if you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)
- U.S. End Users: 877.232.3531
- International End Users: +1.206.613.0456
- Authorized WatchGuard Resellers: +1.206.521.8375
Mark says
Does this mean those of us still using Fireboxes aren’t getting anymore updates past the 11.3.4?
Corey Nachreiner says
Not at all! We will continue releasing Firebox e-Series updates. We just split the code trees between 11.4.x and 11.3.x Anything above 11.4.x will not run on e-Series (primarily due to the resources needed for Application Control). However, you will still see more 11.3.x releases in the future adding more fixes and updates, etc.
In fact, I believe you can look forward to an 11.3.5 release before the end of the year. I think that is planned for sometime in December, but don’t hold me to that exact date, since I’d have to ask the relevant PM for sure. In any case, 11.3.5 is coming soon.
Cheers
Deejinoz says
Hi Corey, Regarding the Apple iOS VPN support… The only way to allow domain based VPN-on-demand in Apple’s iOS is if there is an SSL client for the iOS. I know that a third party Japanese developer has already released an unsupported SSL client, through the Apple App Store, which is great for Japanese users. However, do you know when we should expect to see a proper natively supported SSL client released by WatchGuard for Apple iOS devices?
Deejinoz says
I don’t get a response at all!? 🙁
Corey Nachreiner says
That Japanese release is not an SSL client, as I understand it. It is an authentication app that works to create guest log ins for the SSL Appliance a particular partner manages.
At WatchGuard, we are certainly very interested in creating SSL clients for many mobile devices… for both our XTM and SSL VPN appliances lines. That said, in the past, Apple’s public SDK was limited in its exposure of VPN hooks for normal App developers. There are a few full tunnel SSL clients for iOS, but only from a few vendors who got special exposure.
That said, there may have been some recent developments in the iOS SDK that may allow us to create a full tunnel client. I can’t give any specific dates or info, but do know our product management team highly desires mobile device SSL clients, so we are working on bringing customers such solutions as quickly as we can.
Renaud Boisjoly says
Just saw this post and thought I could add some info for other people finding this post… this is actually not quite correct. iOS supports VPN on demand via IPSec but only when configured via Apple’s Iphone Config Utility. No need for ssh for this to work. Now, wether this applies to Watchguard products is beyond me. The specs in iOS documents states this is IPSec (Cisco only). I’d love to know if this will work with WatchGuard products.
saurabh says
Hi, I have Watchguard XTM510 model. I am running 11.4 version and I want to update it to 11.5.1 version. I have downloaded 11.5.1 OS. Which WSM would I require to Update it ? I currently have Watchguard System Manager 11.3.2. Please Help.
Corey Nachreiner says
Is there any particular reason you don’t want to upgrade to WSM 11.5.1 first? I would recommend upgrading to WSM 11.5.1, then upgrading the Fireware OS to 11.5.1. I’m not sure if it’s possible to apply the 11.5.1 OS upgrade in an older OS. I can find out for you, but I really would upgrade WSM first. It is capable of managing older appliances still.
Stuart says
Please note that 11.5.1 has known issues on the XTM 2 Series boxes, they can randomly lockup. We have been advised by Watch Guard support to downgrade these boxes and that this should be fixed in 11.5.2
David Jones says
Hi Corey, Was just wondering if there had been any developments on the iOS SSL client from you guys at all?
Corey Nachreiner says
No huge new developments I can share, other than we have started collaboratively working with Apple (and others) in hopes of bring our customers this type of SSL VPN solution (full tunnel). Stay tuned.
David Jones says
That’s great news Corey, let’s hope the new collaboration efforts pay off. Let me know if you need any WatchGuard partner/engineer help in testing…
oneloveamaru says
Will 11.3.5 support iOS IPSec clients? Also is 11.3.5 the last release for the e series?
Corey Nachreiner says
11.3.5 will not be the last release for e-series. I can ask our product management if we will extent the iOS support to 11.3.x. That seems like a possibility (as it is not a feature that relies on better hardware).