RELEASE NOTES MAY 12, 2005 PAGE 1
WatchGuard System Manager
Release Notes for WSM 8.0
Introduction
WatchGuard
®
is pleased to release WatchGuard System Manager (WSM) 8.0. WSM is the next version of our
unified management and monitoring software and delivers a host of new feature enhancements. One of the most
significant advancements comes with availability of Fireware
™
Pro – the next generation security software
system for the Firebox
®
X Core and Firebox X Peak lines of security appliances. It represents the convergence of
the WatchGuard Firebox System security capabilities with the WatchGuard Firebox Vclass advanced networking
features.
New WatchGuard System Manager features
We made the VPN Manager Device view the default view for all the Firebox devices, log servers, and Manage-
ment Servers in your network. From WatchGuard System Manager, you can start monitor and configuration tools
such as Policy Manager, HostWatch, and the Firebox System Manager.
WatchGuard System Manager also includes:
Simple management of a network with more than one WatchGuard hardware platform:
• Firebox III
• Firebox X Core
• Firebox X Edge (VPN management only)
• Firebox X Peak with Fireware Pro
• Firebox SOHO6 and Firebox SOHO6 Wireless (VPN management only)
• Firebox S6 and Firebox S6 Wireless (VPN management only)
A Management Server that operates on a Windows server instead of on a gateway Firebox. This solution is
more scalable and flexible and lets you easily set up a large network with many offices and VPN tunnels.
Log messages in XML format.
Features introduced with Fireware Pro
The Fireware Pro appliance software improves WatchGuard’s ability to supply new features on the same
hardware platform. Fireware Pro is available for all Firebox®X Core and Firebox X Peak devices. You can use
WatchGuard System Manager 8.0 to manage a Firebox with Fireware Pro appliance software. Fireware Pro is
an upgrade for the Firebox X Core model line. Features of Fireware Pro include:
Enhancements to the Gateway AntiVirus service such as a feature to examine outgoing messages, to lock
attachments with suspicious content, and better reports
Interface independence
Signature-based intrusion prevention with stateful signature matching
Multi-WAN for more flexibility and network connection time
Dynamic routing of these protocols: BGP, OSPF, RIPv1 and v2
Quality of Service (QoS) which uses “virtual pipes” to regulate the traffic to align with your business
requirements
Support for Active Directory and LDAP authentication servers
Enhanced policy management interface for support of Fireware Pro features, and more granular control of
your security policy
WATCHGUARD SYSTEM MANAGER WSM 8.0
RELEASE NOTES MAY 12, 2005 PAGE 2
Support for SNMP to monitor important device statistics. You can also transmit SNMP traps to SNMP
servers.
For more information or to purchase the upgrade for a Firebox X Core device, contact your reseller or browse to
the WatchGuard Web site.
Enhancements to WFS appliance software
The WatchGuard System Manager 8.0 includes WFS 7.4 appliance software. This version has two important
features.
WSM 8.0 uses a Management Server that operates on a Windows server instead of on a gateway Firebox.
This allows for much more scalability and flexibility when you set up a large network with many locations.
The Log Server saves log messages in an XML format.
Changes in WFS Appliance Software 7.3 to 7.4
WatchGuard released the final version of WFS 7.3 on December 23, 2004. WatchGuard System Manager
includes the WFS 7.4. This is the WFS 7.3 appliance software with some minor differences.
WFS 7.4 includes the SYNFlood (Hotfix 050209) and Link Negotiation (Hotfix 050216).
WFS 7.4 does not include the PPPoE (Hotfix 050330) hotfix. You can not install this hotfix on WFS 7.4. If
you installed the hotfix and upgrade your device to WFS 7.4, you no longer have the corrections to the
problems identified and resolved with this hotfix.
[5517]
WFS 7.4 does not include the Gateway AntiVirus for E-mail Engine Update version 0.8, 1.0.1. You can not
install this update on WFS 7.4. If you installed the update and upgrade your device to WFS 7.4, your device
will use the original Gateway AntiVirus for E-mail Engine.
WFS 7.4 requires that you move your DVCP server from the Firebox to a computer.
WFS 7.4 does not support Basic DVCP.
The Management Server is the computer you use as the DVCP server. It can not be a Firebox.
The VPN Manager is now known as the WatchGuard System Manager.
You can not use the WatchGuard System Manager to connect to a Firebox DVCP server with WFS 7.3 or
earlier firmware. The WSM will only connect to WSM 8.0 DVCP servers. It will also connect directly to
Firebox devices with WFS 7.4 or Fireware 8.0 firmware.
Technical Assistance
For technical assistance, please contact WatchGuard Technical Support via telephone (see the numbers in the
table below) or check the website at http://www.watchguard.com/support
. When contacting Technical Support,
please have your registered LiveSecurity® key, serial number, or Partner ID ready.
Phone Number
U.S. End Users 877.232.3531
International End User +1.206.613.0456
Authorized WatchGuard Resellers 206.521.8375
WATCHGUARD SYSTEM MANAGER WSM 8.0
RELEASE NOTES MAY 12, 2005 PAGE 3
Installation and Upgrade
Before installing the WatchGuard System Manager software, please read the information in the Known Issues
section.
If you are migrating a DVCP server to a WSM 8.0 Management Server
Make sure you obtain the WatchGuard System Manager 8.0 HF050505WSM80 hotfix to correct an error that
occurs when you migrate an existing DVCP server to the new WSM 8.0 Management Server. (You do not need
this hotfix if you plan to set up a new Management Server instead of migrating a previous one, or if you do not
want to use the WSM 8.0 Management Server.)
Also, you must have your VPN Manager license before you can migrate a DVCP server to a Management
Server. You can use a VPN Manager license or a WatchGuard System Manager license to increase the total
number of devices managed by the Management Server.
To get and install the WSM 8.0 management station software
Use the instructions in the WSM 8.0 Upgrade Guide to install this release. You can find the Upgrade Guide
posted on your LiveSecurity site at the same location as the software download and these Release Notes.
To get and install the MUVPN 7.3 client software
Follow the instructions in the MUVPN 7.3 release notes which are posted on your LiveSecurity site. This is not a
new release. You do not need to upgrade your client computers.
To get and install Fireware Pro appliance software
Fireware Pro is available as an upgrade to the WatchGuard System Manager. Speak to your reseller or browse
to the WatchGuard Web site for more information.
Platform Compatibility
Software Component Install On
Fireware 8.0 Appliance Software Firebox X500, X700, X1000, X2500, X5000, X6000, X8000
WFS 7.4 Appliance Software Firebox X500, X700, X1000, X2500, Firebox III
WatchGuard System Manager 8.0 Windows 2000 Professional, Windows 2000 Server, Windows XP Professional, Windows 2003 Server
Server Components Windows 2000 Professional, Windows 2000 Server, Windows XP Professional, Windows 2003 Server
WSM 8.0 System Requirements
Minimum required
platform:
Pentium-III, 750MHz CPU
394MB RAM
300MB disk space for software (no data)
Recommended platform:
Pentium-IV 1GHz
512MB RAM
300MB disk space for software
10+ GB for application data (logs)
WATCHGUARD SYSTEM MANAGER WSM 8.0
RELEASE NOTES MAY 12, 2005 PAGE 4
Before You Start
This software release is an important step forward for WatchGuard management software and appliance
firmware. There are significant changes and enhancements to the software you install on the management
station. We also introduce the new, next generation firmware for the Firebox X called Fireware 8.0.
Please read the Known Issues and Limitations section below for important information about limits to this
release. You can also learn more about known issues and methods to avoid these possible issues.
Before you install this release, make sure that you have:
One or more Firebox III, Firebox X Core and Firebox X Peak devices
An Ethernet cable
The installation software for the management station
The documentation we include to help you install and use this product
A backup copy your current WFS 7.x configuration file
A full backup of the Firebox X WFS image
Known Issues and Limitations
The following are known issues with this release of the WatchGuard System Manager. Where available, we
include a way to work around the issue.
Upgrade
The Management Server Setup Wizard can not convert all the Basic DVCP tunnels that you have in your
network. It can only convert the tunnels that use the gateway Firebox as one of the endpoints. Tunnels
which do not use the DVCP server as an endpoint do not appear in the Management Server after you
migrate. For more information, see the WSM 8.0 Upgrade Instructions.
[4888]
WatchGuard System Manager
The certificate information for your gateway Firebox does not appear in WatchGuard System Manager until
you select Update Device for that appliance.
[403]
When you install an additional WatchGuard server component on a management station, the new server
does not appear in the toolbar.
[4616]
Workaround: Disable the WatchGuard toolbar, and then enable the toolbar again.
Management Server
The time on the computer which you use for WatchGuard servers (Log Server, WebBlocker Server, and
Management Server) must be the same as the Firebox device(s) which connects to them. We recommend
that you use network time protocol (NTP) to do this.
[5356, 3464, 5585]
If you frequently update Managed Firebox Clients, your CRL can get large. You can use the CA manager to
delete old entries.
[5563]
You can only set the Key Bits property for Client Certificates with the Management Server Configuration
Wizard.
[3980]
On the Management Server, you can enter an invalid value for the Publication Interval of the Certificate
Revocation List.
[3996]
Workaround: Only use positive integers for the Publication Interval setting.
WATCHGUARD SYSTEM MANAGER WSM 8.0
RELEASE NOTES MAY 12, 2005 PAGE 5
In some conditions, a managed Firebox can not connect to the Management Server. This can occur if the
Firebox does not download the certificate correctly.
[4401]
Workaround: Change the Management Server Distribution IP Address and update the Firebox
client.
Virtual Private Networking, DVCP, Management Server
In some conditions, Internet Explorer 5.0 can not open the WatchGuard Certificate Authority Web page.
[3714]
Logging
The Roll Log Files by File Size and Roll Log Files by Time Interval options do not work correctly. The Log
Server rolls the log file at intervals which do not match the values you set for these features.
[5615]
The tool to convert log files from WFS 7.x format to XML does not convert all log messages. It only converts
log messages that the system uses for Historical Reports or LogViewer.
[301]
Feedback
To provide input about the software, documentation, or help systems associated with this release, we encourage
you to contact us at any time at manual@watchguard.com
. We look forward to hearing your feedback and
comments.
/
