Available for XTM 25/25-W/26/26-W, 3 Series, 5 Series, 8 Series, 1050 and 2050 devices
WatchGuard is excited to announce the general release of Fireware XTM and WatchGuard System Manager v11.7. Our newest XTM OS release super-charges XTM appliances with a host of enhancements and powerful new features including performance boosts, new management tools, increased BYOD security options, and much, much more.
You can install Fireware XTM OS v11.7 on XTM 25/25-W/26/26-W, 3 Series, 5 Series, 8 Series, 1050 and 2050 devices. It does not support the wired or wireless versions of XTM 21/22/23. The new features, enhancements, and bug fixes included in this release have been carefully chosen to improve the capabilities, performance, and reliability of our XTM devices.
Here are just some of the enhancements Fireware XTM 11.7 has to offer:
- Improved UTM throughput performance numbers across the XTM product line.
- Policy Grouping simplifies the setup and admin of larger network environments.
- Link Aggregation combines interfaces and links for greater throughput and high availability.
- WebBlocker can now point to the cloud, instead of requiring a server set up onsite. And the new URL database from Websense, with over 100 categories, is more accurate – especially in non-English languages.
- The scope of central policy management has expanded to devices behind third-party network appliances.
- L2TP VPN protocol, included natively in many different operating systems, enables more widespread VPN access.
- WatchGuard VPN applications on iOS and Android make it easier to set up and configure VPN connectivity. Administrators can simply share configuration files by email.
- IPv6 firewall policies expand support beyond network and routing capabilities.
- IPS and Application Control on https policies deliver security even when traffic is encrypted. This enables granular controls on social media applications.
- More interoperability with different VoIP phone setup, with DHCP options for TFTP server and boot file name.
- Rock solid reliability means no business interruptions even if failures occur. Expanded high availability features include:
- Hardware health monitoring – Alarms are generated and proactive HA failover can be initiated when hardware failures, such as fans stopping, are detected
- HA on wireless models – XTM 25-W/26-W/33-W
- Full support for Windows 8 and Windows Server 2012
In addition to the features and enhancements listed above, 11.7 also includes numerous smaller enhancements, bug fixes, and improvements to the product based on customer feedback. If you manage an XTM appliance, we recommend you download and install 11.7 to enjoy its new features and zipper performance.
For more information about the feature enhancements included in Fireware XTM v11.7, see the Release Notes or What’s New in Fireware XTM v11.7 [PPT file].
Does This Release Pertain to Me?
Fireware XTM 11.7 is a feature release that also includes many other improvements. If you have a XTM 25/25-W/26/26-W, 3 Series, 5 Series, 8 Series, 1050 and 2050 device and wish to take advantage of the enhancements listed above, or those mentioned in the Release Notes, you should consider upgrading to version 11.7. Please read the Release Notes before you upgrade, to understand what’s involved. As always, the Release Notes contain a comprehensive list of fixed bugs and current known issues.
How Do I Get the Release?
XTM appliances owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Support section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button. You can install Fireware XTM 11.7 on XTM 25/25-W/26/26-W, 3 Series, 5 Series, 8 Series, 1050 and 2050 devices. It does not support the wired or wireless versions of XTM 21/22/23. If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)
- U.S. End Users: 877.232.3531
- International End Users: +1.206.613.0456
- Authorized WatchGuard Resellers: +1.206.521.8375
Don’t have an active LiveSecurity subscription for your XTM appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a reseller »
Felipe Andrés says
where you can download android app for ipsec ??
Corey Nachreiner says
Felipe,
You will be able to download the Mobile VPN helper application directly from the Google Play marketplace soon (as well as the iOS app from Apple’s appStore). Apparently, there was a small delay to getting the most recent build live. Our engineers believe the Android app should show up on Play next week.
The iOS app is also down, and should show on Apple’s store too… However, it will take a bit longer, because of Apple’s rigorous validation process. Just so you know, I have the app (iPhone version) running on my device, and it works well.
Cheers,
Felipe Andrés says
thanks for reply 🙂
Corey Nachreiner says
Quick update: The iOS WatchGuard VPN is live on the app story as of yesterday… The android one should follow anytime this week (It could be there now, but I don’t have my android with me to check).
Alexander Kushnarev says
This release amazed me with number of technical features. The most important and long waited (here in Russia) are Link Aggregation and VPN L2TP. Very interesting release! And I want to ask – is where any plans for Spanning Tree support?
Alexander Kushnarev says
This release amazed me with number of technical features. The most important and long waited (here in Russia) are Link Aggregation and VPN L2TP. Very interesting release! And I want to ask – is where any plans for Spanning Tree support?
JCS says
Why was XTM 21,22,23 not included? This not been true in the past
JCS says
Why was XTM 21,22,23 not included? This not been true in the past
Clayton says
I hope there is a version for XTM 21,22,23 as these are not old products. If not Watchguard is going to have some upset users on their hands. Me being one of them. I have 4 of these in service and Just finished the Trade-up to these devices last year.
Clayton says
I hope there is a version for XTM 21,22,23 as these are not old products. If not Watchguard is going to have some upset users on their hands. Me being one of them. I have 4 of these in service and Just finished the Trade-up to these devices last year.
Roger B.A. Klorese says
JCS, Clayton, and others…
While the 21/22/23 systems are not “old products,” they have been end-of-sale for several months. And the newer models that have replaced them have specifically been designed with faster CPUs and more (2x to 4x) the memory in order to support many of these new capabilities. Some users have run into the wall in terms of the capacity of the 21/22/23 systems; for us to release some of these new features that consume significantly more memory would have reduced the user capacity or throughput of their boxes. Instead, we will continue to release 11.6.x versions for these systems, and will endeavor to back-port some of the 11.7 enhancements that will not cause resource starvation on the boxes.
(In addition, not all of the new features actually require 11.7 appliances. To support the iOS and Android VPN applications, you need WSM 11.7 to use its Policy Manager to generate the .wgm file, but you can use it in conjunction with any appliance version that supports IPSec for iOS and Android, going back to XTM OS 11.5.1.)
I know that it’s frustrating when new capabilities are released that are not made available for your device, especially when it is a relatively new purchase. But one of the reasons we build newer models is to add not just throughput but capacity for new or enhanced capabilities — sometimes that means they just don’t fit on devices that were introduced 3 years ago… in which case we try to continue supporting them with a compromise between feature availability, performance, and stability.
Roger B.A. Klorese
Director, Product Management
WatchGuard Technologies, Inc.
Joanthan Szymanowski says
“End of sale for several months.” Your support for the predecessor Edge devices I think lasted a lot longer than several months. I want to believe your statement “we will continue to release 11.6.x versions for these systems, and will endeavor to back-port some of the 11.7 enhancements that will not cause resource starvation on the boxes.” However, there will be very little motivation to improve an “end of sale” device. If it was really true you would have done it already.
Roger B.A. Klorese says
The Edge (and Core and Peak) boxes were end-of-sale on 31 December 2010. Fireware XTM OS 11.4 was released in January 2011, and did not support the boxes. So in that case, we dropped new-version support in one month, as opposed to the over six months in this case (XTM 21/22/23 was end-of-sale on 30 June 2012).
As for bug-fixing and new-feature back-porting, the boxes are also an indication that we will follow down the path I have committed. While they were not supported on 11.4, 11.5, 11.6, or 11.7, we released XTM OS 11.3.5 in January 2012 — over a year after end-of-sale — and that release incorporates bug-fixes from 11.4 and 11.5, as well as some of their features. We continue to maintain later fixes in a customer-specific patch version maintained by support, and believe it is likely we will do another release this year off that line.
The path I stated is not only our plan, but something we “have done… already.”
Clayton R. Hardman says
Roger,
Thanks for your reply and explanation. The problem I have is that as a watchguard supporter and owner of 6 appliances, I was given the Tradeup path to the XTM 22 from each of my Edge 10 by watchguard.
This occurred less than 3 years agao as I still have 1.5 years of live security active on the accounts from the tradeup that watchguard provided and recommended! Don’t sell 3 year palns of live security on a product you can fully support for 3 years, in my opinion its a form of fraud.
Edge devices were upgradeable to maximum of xtm 11.3 and now the XTM 22 is MAX upgradeable to 11.6.3? That is too small of a window for the large investment customers have made. You have a problem on your hands! If I cannot maintain a constaint firmware revision on all my devices for the life of the live security contract that I paid in advance for, I will be moving away from you as a Vendor.
Don’t make your customers pay for your mistakes in the design of your devices. These devices were obviuosly not engineered properly. Think of this as an opportunity to earn loyalty from your customers and upgrade them at little or no cost. The customer should not have to pay extra to remain a loyal customer.
It takes 1 minute to lose 10 years of loyal customers.
Choose wisely
Clayton R. Hardman
The Hardman Group Limited
Roger B.A. Klorese says
JCS, Clayton, and others…
While the 21/22/23 systems are not “old products,” they have been end-of-sale for several months. And the newer models that have replaced them have specifically been designed with faster CPUs and more (2x to 4x) the memory in order to support many of these new capabilities. Some users have run into the wall in terms of the capacity of the 21/22/23 systems; for us to release some of these new features that consume significantly more memory would have reduced the user capacity or throughput of their boxes. Instead, we will continue to release 11.6.x versions for these systems, and will endeavor to back-port some of the 11.7 enhancements that will not cause resource starvation on the boxes.
(In addition, not all of the new features actually require 11.7 appliances. To support the iOS and Android VPN applications, you need WSM 11.7 to use its Policy Manager to generate the .wgm file, but you can use it in conjunction with any appliance version that supports IPSec for iOS and Android, going back to XTM OS 11.5.1.)
I know that it’s frustrating when new capabilities are released that are not made available for your device, especially when it is a relatively new purchase. But one of the reasons we build newer models is to add not just throughput but capacity for new or enhanced capabilities — sometimes that means they just don’t fit on devices that were introduced 3 years ago… in which case we try to continue supporting them with a compromise between feature availability, performance, and stability.
Roger B.A. Klorese
Director, Product Management
WatchGuard Technologies, Inc.
Joanthan Szymanowski says
“End of sale for several months.” Your support for the predecessor Edge devices I think lasted a lot longer than several months. I want to believe your statement “we will continue to release 11.6.x versions for these systems, and will endeavor to back-port some of the 11.7 enhancements that will not cause resource starvation on the boxes.” However, there will be very little motivation to improve an “end of sale” device. If it was really true you would have done it already.
Roger B.A. Klorese says
The Edge (and Core and Peak) boxes were end-of-sale on 31 December 2010. Fireware XTM OS 11.4 was released in January 2011, and did not support the boxes. So in that case, we dropped new-version support in one month, as opposed to the over six months in this case (XTM 21/22/23 was end-of-sale on 30 June 2012).
As for bug-fixing and new-feature back-porting, the boxes are also an indication that we will follow down the path I have committed. While they were not supported on 11.4, 11.5, 11.6, or 11.7, we released XTM OS 11.3.5 in January 2012 — over a year after end-of-sale — and that release incorporates bug-fixes from 11.4 and 11.5, as well as some of their features. We continue to maintain later fixes in a customer-specific patch version maintained by support, and believe it is likely we will do another release this year off that line.
The path I stated is not only our plan, but something we “have done… already.”
Clayton R. Hardman says
Roger,
Thanks for your reply and explanation. The problem I have is that as a watchguard supporter and owner of 6 appliances, I was given the Tradeup path to the XTM 22 from each of my Edge 10 by watchguard.
This occurred less than 3 years agao as I still have 1.5 years of live security active on the accounts from the tradeup that watchguard provided and recommended! Don’t sell 3 year palns of live security on a product you can fully support for 3 years, in my opinion its a form of fraud.
Edge devices were upgradeable to maximum of xtm 11.3 and now the XTM 22 is MAX upgradeable to 11.6.3? That is too small of a window for the large investment customers have made. You have a problem on your hands! If I cannot maintain a constaint firmware revision on all my devices for the life of the live security contract that I paid in advance for, I will be moving away from you as a Vendor.
Don’t make your customers pay for your mistakes in the design of your devices. These devices were obviuosly not engineered properly. Think of this as an opportunity to earn loyalty from your customers and upgrade them at little or no cost. The customer should not have to pay extra to remain a loyal customer.
It takes 1 minute to lose 10 years of loyal customers.
Choose wisely
Clayton R. Hardman
The Hardman Group Limited
Mark says
Is there any ETA to release a patch that addresses the Websense issues?
Specifically BUG71018.
Corey Nachreiner says
Just checked the bug status… that has been resolved internally, and the targeted released for the fix is 11.7.1. I’m afraid I don’t know our planned released date for 11.7.1. If you reported the issue, I would ask support (sometimes we release early CSPs in the interim).
Robert says
We have 27 XTM 22’s and 3 XTM 23’s. I too am not happy with your replacement stratergy. Perhaps you could design the new versions to run in previous hardware but add the ability to turn off the functions individual users don’t need.
That would allow us to stay up with the latest Firmware release, while still getting value from our LiveSecurity subscription.