• Articles
    • Editorial Articles
    • Research Articles
    • WatchGuard Articles
  • The 443 Podcast
  • Threat Landscape
  • About
    • About Us
    • Contact Us
    • Contribute to Secplicity

Secplicity - Security Simplified

Powered by WatchGuard Technologies

WatchGuard Announces Fireware XTM and WSM v11.7

January 11, 2013 By The Editor

Available for XTM 25/25-W/26/26-W, 3 Series, 5 Series, 8 Series, 1050 and 2050 devices

WatchGuard is excited to announce the general release of Fireware XTM and WatchGuard System Manager v11.7. Our newest XTM OS release super-charges XTM appliances with a host of enhancements and powerful new features including performance boosts, new management tools, increased BYOD security options, and much, much more.

You can install Fireware XTM OS v11.7 on XTM 25/25-W/26/26-W, 3 Series, 5 Series, 8 Series, 1050 and 2050 devices. It does not support the wired or wireless versions of XTM 21/22/23. The new features, enhancements, and bug fixes included in this release have been carefully chosen to improve the capabilities, performance, and reliability of our XTM devices.

Here are just some of the enhancements Fireware XTM 11.7 has to offer:

  • Improved UTM throughput performance numbers across the XTM product line.
  • Policy Grouping simplifies the setup and admin of larger network environments.
  • Link Aggregation combines interfaces and links for greater throughput and high availability.
  • WebBlocker can now point to the cloud, instead of requiring a server set up onsite. And the new URL database from Websense, with over 100 categories, is more accurate – especially in non-English languages.
  • The scope of central policy management has expanded to devices behind third-party network appliances.
  • L2TP VPN protocol, included natively in many different operating systems, enables more widespread VPN access.
  • WatchGuard VPN applications on iOS and Android make it easier to set up and configure VPN connectivity. Administrators can simply share configuration files by email.
  • IPv6 firewall policies expand support beyond network and routing capabilities.
  • IPS and Application Control on https policies deliver security even when traffic is encrypted. This enables granular controls on social media applications.
  • More interoperability with different VoIP phone setup, with DHCP options for TFTP server and boot file name.
  • Rock solid reliability means no business interruptions even if failures occur. Expanded high availability features include:
    • Hardware health monitoring – Alarms are generated and proactive HA failover can be initiated when hardware failures, such as fans stopping, are detected
    • HA on wireless models – XTM 25-W/26-W/33-W
  • Full support for Windows 8 and Windows Server 2012

In addition to the features and enhancements listed above, 11.7 also includes numerous smaller enhancements, bug fixes, and improvements to the product based on customer feedback. If you manage an XTM appliance, we recommend you download and install 11.7 to enjoy its new features and zipper performance.

For more information about the feature enhancements included in Fireware XTM v11.7, see the Release Notes or What’s New in Fireware XTM v11.7 [PPT file].

Does This Release Pertain to Me?

Fireware XTM 11.7 is a feature release that also includes many other improvements. If you have a XTM 25/25-W/26/26-W, 3 Series, 5 Series, 8 Series, 1050 and 2050 device and wish to take advantage of the enhancements listed above, or those mentioned in the Release Notes, you should consider upgrading to version 11.7. Please read the Release Notes before you upgrade, to understand what’s involved. As always, the Release Notes contain a comprehensive list of fixed bugs and current known issues.

How Do I Get the Release?

XTM appliances owners who have a current LiveSecurity Service subscription can obtain this update without additional charge by downloading the applicable packages from the Articles & Support section of WatchGuard’s Support Center. To make it easier to find the relevant software, be sure to uncheck the “Article” and “Known Issue” search options, and press the Go button. You can install Fireware XTM 11.7 on XTM 25/25-W/26/26-W, 3 Series, 5 Series, 8 Series, 1050 and 2050 devices. It does not support the wired or wireless versions of XTM 21/22/23. If you need support, please enter a support incident online or call our support staff directly. (When you contact Technical Support, please have your registered Product Serial Number, LiveSecurity Key, or Partner ID available.)

  • U.S. End Users: 877.232.3531
  • International End Users: +1.206.613.0456
  • Authorized WatchGuard Resellers: +1.206.521.8375

Don’t have an active LiveSecurity subscription for your XTM appliance? It’s easy to renew. Contact your WatchGuard reseller today. Find a reseller »

Share This:

Related

Filed Under: WatchGuard Articles Tagged With: BYOD, Fireware, software update, WSM

Comments

  1. Felipe Andrés says

    January 11, 2013 at 5:32 am

    where you can download android app for ipsec ??

    Reply
    • Corey Nachreiner says

      January 11, 2013 at 5:56 pm

      Felipe,

      You will be able to download the Mobile VPN helper application directly from the Google Play marketplace soon (as well as the iOS app from Apple’s appStore). Apparently, there was a small delay to getting the most recent build live. Our engineers believe the Android app should show up on Play next week.

      The iOS app is also down, and should show on Apple’s store too… However, it will take a bit longer, because of Apple’s rigorous validation process. Just so you know, I have the app (iPhone version) running on my device, and it works well.

      Cheers,

      Reply
      • Felipe Andrés says

        January 12, 2013 at 8:03 am

        thanks for reply 🙂

        Reply
      • Corey Nachreiner says

        January 15, 2013 at 4:41 pm

        Quick update: The iOS WatchGuard VPN is live on the app story as of yesterday… The android one should follow anytime this week (It could be there now, but I don’t have my android with me to check).

        Reply
  2. Alexander Kushnarev says

    January 12, 2013 at 10:14 pm

    This release amazed me with number of technical features. The most important and long waited (here in Russia) are Link Aggregation and VPN L2TP. Very interesting release! And I want to ask – is where any plans for Spanning Tree support?

    Reply
  3. Alexander Kushnarev says

    January 12, 2013 at 10:14 pm

    This release amazed me with number of technical features. The most important and long waited (here in Russia) are Link Aggregation and VPN L2TP. Very interesting release! And I want to ask – is where any plans for Spanning Tree support?

    Reply
  4. JCS says

    January 13, 2013 at 8:21 am

    Why was XTM 21,22,23 not included? This not been true in the past

    Reply
  5. JCS says

    January 13, 2013 at 8:21 am

    Why was XTM 21,22,23 not included? This not been true in the past

    Reply
  6. Clayton says

    January 14, 2013 at 9:16 am

    I hope there is a version for XTM 21,22,23 as these are not old products. If not Watchguard is going to have some upset users on their hands. Me being one of them. I have 4 of these in service and Just finished the Trade-up to these devices last year.

    Reply
  7. Clayton says

    January 14, 2013 at 9:16 am

    I hope there is a version for XTM 21,22,23 as these are not old products. If not Watchguard is going to have some upset users on their hands. Me being one of them. I have 4 of these in service and Just finished the Trade-up to these devices last year.

    Reply
  8. Roger B.A. Klorese says

    January 15, 2013 at 12:07 pm

    JCS, Clayton, and others…

    While the 21/22/23 systems are not “old products,” they have been end-of-sale for several months. And the newer models that have replaced them have specifically been designed with faster CPUs and more (2x to 4x) the memory in order to support many of these new capabilities. Some users have run into the wall in terms of the capacity of the 21/22/23 systems; for us to release some of these new features that consume significantly more memory would have reduced the user capacity or throughput of their boxes. Instead, we will continue to release 11.6.x versions for these systems, and will endeavor to back-port some of the 11.7 enhancements that will not cause resource starvation on the boxes.

    (In addition, not all of the new features actually require 11.7 appliances. To support the iOS and Android VPN applications, you need WSM 11.7 to use its Policy Manager to generate the .wgm file, but you can use it in conjunction with any appliance version that supports IPSec for iOS and Android, going back to XTM OS 11.5.1.)

    I know that it’s frustrating when new capabilities are released that are not made available for your device, especially when it is a relatively new purchase. But one of the reasons we build newer models is to add not just throughput but capacity for new or enhanced capabilities — sometimes that means they just don’t fit on devices that were introduced 3 years ago… in which case we try to continue supporting them with a compromise between feature availability, performance, and stability.

    Roger B.A. Klorese
    Director, Product Management
    WatchGuard Technologies, Inc.

    Reply
    • Joanthan Szymanowski says

      January 15, 2013 at 5:41 pm

      “End of sale for several months.” Your support for the predecessor Edge devices I think lasted a lot longer than several months. I want to believe your statement “we will continue to release 11.6.x versions for these systems, and will endeavor to back-port some of the 11.7 enhancements that will not cause resource starvation on the boxes.” However, there will be very little motivation to improve an “end of sale” device. If it was really true you would have done it already.

      Reply
      • Roger B.A. Klorese says

        January 16, 2013 at 6:28 am

        The Edge (and Core and Peak) boxes were end-of-sale on 31 December 2010. Fireware XTM OS 11.4 was released in January 2011, and did not support the boxes. So in that case, we dropped new-version support in one month, as opposed to the over six months in this case (XTM 21/22/23 was end-of-sale on 30 June 2012).

        As for bug-fixing and new-feature back-porting, the boxes are also an indication that we will follow down the path I have committed. While they were not supported on 11.4, 11.5, 11.6, or 11.7, we released XTM OS 11.3.5 in January 2012 — over a year after end-of-sale — and that release incorporates bug-fixes from 11.4 and 11.5, as well as some of their features. We continue to maintain later fixes in a customer-specific patch version maintained by support, and believe it is likely we will do another release this year off that line.

        The path I stated is not only our plan, but something we “have done… already.”

        Reply
    • Clayton R. Hardman says

      January 16, 2013 at 5:08 am

      Roger,

      Thanks for your reply and explanation. The problem I have is that as a watchguard supporter and owner of 6 appliances, I was given the Tradeup path to the XTM 22 from each of my Edge 10 by watchguard.

      This occurred less than 3 years agao as I still have 1.5 years of live security active on the accounts from the tradeup that watchguard provided and recommended! Don’t sell 3 year palns of live security on a product you can fully support for 3 years, in my opinion its a form of fraud.

      Edge devices were upgradeable to maximum of xtm 11.3 and now the XTM 22 is MAX upgradeable to 11.6.3? That is too small of a window for the large investment customers have made. You have a problem on your hands! If I cannot maintain a constaint firmware revision on all my devices for the life of the live security contract that I paid in advance for, I will be moving away from you as a Vendor.

      Don’t make your customers pay for your mistakes in the design of your devices. These devices were obviuosly not engineered properly. Think of this as an opportunity to earn loyalty from your customers and upgrade them at little or no cost. The customer should not have to pay extra to remain a loyal customer.

      It takes 1 minute to lose 10 years of loyal customers.

      Choose wisely

      Clayton R. Hardman
      The Hardman Group Limited

      Reply
  9. Roger B.A. Klorese says

    January 15, 2013 at 12:07 pm

    JCS, Clayton, and others…

    While the 21/22/23 systems are not “old products,” they have been end-of-sale for several months. And the newer models that have replaced them have specifically been designed with faster CPUs and more (2x to 4x) the memory in order to support many of these new capabilities. Some users have run into the wall in terms of the capacity of the 21/22/23 systems; for us to release some of these new features that consume significantly more memory would have reduced the user capacity or throughput of their boxes. Instead, we will continue to release 11.6.x versions for these systems, and will endeavor to back-port some of the 11.7 enhancements that will not cause resource starvation on the boxes.

    (In addition, not all of the new features actually require 11.7 appliances. To support the iOS and Android VPN applications, you need WSM 11.7 to use its Policy Manager to generate the .wgm file, but you can use it in conjunction with any appliance version that supports IPSec for iOS and Android, going back to XTM OS 11.5.1.)

    I know that it’s frustrating when new capabilities are released that are not made available for your device, especially when it is a relatively new purchase. But one of the reasons we build newer models is to add not just throughput but capacity for new or enhanced capabilities — sometimes that means they just don’t fit on devices that were introduced 3 years ago… in which case we try to continue supporting them with a compromise between feature availability, performance, and stability.

    Roger B.A. Klorese
    Director, Product Management
    WatchGuard Technologies, Inc.

    Reply
    • Joanthan Szymanowski says

      January 15, 2013 at 5:41 pm

      “End of sale for several months.” Your support for the predecessor Edge devices I think lasted a lot longer than several months. I want to believe your statement “we will continue to release 11.6.x versions for these systems, and will endeavor to back-port some of the 11.7 enhancements that will not cause resource starvation on the boxes.” However, there will be very little motivation to improve an “end of sale” device. If it was really true you would have done it already.

      Reply
      • Roger B.A. Klorese says

        January 16, 2013 at 6:28 am

        The Edge (and Core and Peak) boxes were end-of-sale on 31 December 2010. Fireware XTM OS 11.4 was released in January 2011, and did not support the boxes. So in that case, we dropped new-version support in one month, as opposed to the over six months in this case (XTM 21/22/23 was end-of-sale on 30 June 2012).

        As for bug-fixing and new-feature back-porting, the boxes are also an indication that we will follow down the path I have committed. While they were not supported on 11.4, 11.5, 11.6, or 11.7, we released XTM OS 11.3.5 in January 2012 — over a year after end-of-sale — and that release incorporates bug-fixes from 11.4 and 11.5, as well as some of their features. We continue to maintain later fixes in a customer-specific patch version maintained by support, and believe it is likely we will do another release this year off that line.

        The path I stated is not only our plan, but something we “have done… already.”

        Reply
    • Clayton R. Hardman says

      January 16, 2013 at 5:08 am

      Roger,

      Thanks for your reply and explanation. The problem I have is that as a watchguard supporter and owner of 6 appliances, I was given the Tradeup path to the XTM 22 from each of my Edge 10 by watchguard.

      This occurred less than 3 years agao as I still have 1.5 years of live security active on the accounts from the tradeup that watchguard provided and recommended! Don’t sell 3 year palns of live security on a product you can fully support for 3 years, in my opinion its a form of fraud.

      Edge devices were upgradeable to maximum of xtm 11.3 and now the XTM 22 is MAX upgradeable to 11.6.3? That is too small of a window for the large investment customers have made. You have a problem on your hands! If I cannot maintain a constaint firmware revision on all my devices for the life of the live security contract that I paid in advance for, I will be moving away from you as a Vendor.

      Don’t make your customers pay for your mistakes in the design of your devices. These devices were obviuosly not engineered properly. Think of this as an opportunity to earn loyalty from your customers and upgrade them at little or no cost. The customer should not have to pay extra to remain a loyal customer.

      It takes 1 minute to lose 10 years of loyal customers.

      Choose wisely

      Clayton R. Hardman
      The Hardman Group Limited

      Reply
  10. Mark says

    January 31, 2013 at 2:57 pm

    Is there any ETA to release a patch that addresses the Websense issues?
    Specifically BUG71018.

    Reply
    • Corey Nachreiner says

      January 31, 2013 at 3:26 pm

      Just checked the bug status… that has been resolved internally, and the targeted released for the fix is 11.7.1. I’m afraid I don’t know our planned released date for 11.7.1. If you reported the issue, I would ask support (sometimes we release early CSPs in the interim).

      Reply
  11. Robert says

    February 26, 2013 at 5:49 pm

    We have 27 XTM 22’s and 3 XTM 23’s. I too am not happy with your replacement stratergy. Perhaps you could design the new versions to run in previous hardware but add the ability to turn off the functions individual users don’t need.

    That would allow us to stay up with the latest Firmware release, while still getting value from our LiveSecurity subscription.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

The 443 Podcast

A weekly podcast featuring the leading white-hat hackers and security researchers. Listen Now
the 443 podcast

Threat Landscape

Filter and view Firebox Feed data by type of attack, region, country, and date range. View Now
threat landscape

Top Posts

  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
  • US National Cybersecurity Strategy
  • Here Come The Regulations
  • Cybersecurity’s Toll on Mental Health

Email Newsletter

Sign up to get the latest security news and threat analysis delivered straight to your inbox

By signing up you agree to our Privacy Policy.


The views and opinions expressed on this website are those of the authors and do not necessarily reflect the policy or position of WatchGuard Technologies.

Stay in Touch

Recent Posts

  • Cybersecurity News: LastPass Incident Revealed, White House Issues Cybersecurity Strategy, FBI Purchases Leaked USHOR PII Data, and a Slew of Other Breaches
  • An Update on Section 230
  • Here Come The Regulations
  • US National Cybersecurity Strategy
  • Cybersecurity News: Free Cybersecurity Training, TrickBot Group Exposed, Major GoDaddy Breach, and Russia to Legalize cybercrime?!
View All

Search

Archives

Copyright © 2023 WatchGuard Technologies · Cookie Policy · Privacy Policy · Terms of Use