What should I know before I upgrade from WSM/Fireware v9.x to WSM/Fireware v10.0?

Introduction
The newest versions of WatchGuard System Manager (WSM) and Fireware contain many new features, improvements, and fixes designed to help you manage your network. Some features in WSM/Fireware v10.0 operate differently than in previous versions, and other features have new configuration options. The purpose of this document is to give you information about features with functionality in v10.0 that is different than the functionality of v9.x. We recommend that you check these areas of your configuration immediately after your upgrade to WSM/Fireware v10.0 to make sure that your configuration operates as expected after your upgrade.

WebBlocker
WatchGuard System Manager (WSM) v10.0 includes support for many new WebBlocker categories. The total number of WebBlocker categories has increased from 40 to 54, and some of the categories have changed or been renamed. The subsequent table shows a list of each old category and its new, associated categories. After you upgrade to WSM/Fireware v10.0, only the first new category associated with your previously selected category is selected in your configuration. Some sites that belonged to an old category have been moved to a new, associated category. For example, if you selected the Drugs, Alcohol, Tobacco category in your WSM/Fireware v9.x configuration, only the Illegal Drugs category is selected when you upgrade to WSM/Fireware v10.0. You must also select the Alcohol & Tobacco category after you upgrade if you want to block all of the sites that the Drugs, Alcohol, Tobacco category blocked in WSM/Fireware v9.x. WSM/Fireware v10.0 also includes two new options to control uncategorized web traffic. Use the Other category to block new sites and categories released by SurfControl that are not yet part of a Firebox software update. The Uncategorized category includes sites that do not meet the criteria for any other category. We recommend that you thoroughly check your WebBlocker configuration after you upgrade and review the category list for changes in your selections.
You must download and install a new WebBlocker database from the LiveSecurity web site before you upgrade. If you do not install a new WebBlocker database, WebBlocker may block a different selection of categories than you selected in your configuration.

New and changed categories

Old Category Arts & Entertainment Drugs, Alcohol, Tobacco Violence Hacking Computing & Internet New Categories Arts Entertainment Illegal Drugs Alcohol & Tobacco Violence Tasteless & Offensive Hacking Spyware Computing & Internet Downloads Ringtones/Mobile Phone Downloads Criminal Skills Glamour & Intimate Apparel Government & Politics Lifestyle & Culture Remote Proxies [New] [New] [New] Criminal Activity Phishing & Fraud Intimate Apparel & Swimwear Fashion & Beauty Government Politics Society & Culture Philanthropic & Professional Orgs. Proxies & Translators Peer-to-Peer Spam URLs Infrastructure Business

Renamed categories
Old Category Name Usenet News Hate Speech New Category Name Blogs & Forums Intolerance & Hate

Reporting
WatchGuard System Manager v10.0 includes many improvements to logging and reporting. The new reporting features scale to meet the needs of your organization, with faster report generation and several new report types. In this release, the Log Server uses SQL (Structured Query Language) to store log information. The Report Server uses data from the Log Server to create reports. You can use the Report Manager to see these reports or convert them into different formats. We recommend that you carefully review the reports available in WSM v10.0 to see if the reporting features you want are included. For example, report filters are planned for a future release and are not included in WSM/Fireware v10.0. If you use report filters frequently, you can upgrade your Firebox to WSM/Fireware v10.0 but continue to use Historical Reports from WSM/Fireware v9.x. You must keep WSM/Fireware v9.x and the v9.x Log Server installed on a management workstation.

You can install Log Server, Report Server, and Report Manager on the same management workstation for easy access to reporting information. We recommend that large organizations, with dozens or hundreds of Firebox devices, install these WSM/Fireware components on separate workstations for maximum performance.
If you use reporting features from WSM/Fireware v9.x that are not included in WSM/ Fireware v10.0, please contact WatchGuard. Your feedback helps us continue to offer the best customer experience.

Previous Reports in WSM 10.0

Report Title HTTP Most Popular Domain HTTP Summary HTTP URL Detail IPS Summary IPSby Protocol IPSby Severity IPSby Source IPSby Signature AV Summary AVby Protocol AVby Severity AVby Source AVby Signature WebBlocker Detail Denied Packet Summary Denied Packet Detail Incoming Denied Packet Detail Outgoing SMTP Summary Firebox Statistics POP3 Summary POP3 Detail Alarms Packet Filter Host Summary Proxy Host Summary This shows all denied web activity as governed by WebBlocker. This is a parent report for the AV reports below. This is a parent report for the IPS reports below. Comments

New Reports in WSM 10.0

Report HTTP Most Active Client Web Activity Report Comments Details activities of the most active web users on your network Shows allowed and denied web activities, as governed by WebBlocker and by the HTTP proxy itself (contrast with the WebBlocker report, above, which shows only denies) Shows bandwidth used over time by the external interface(s) on the Firebox Keeps a record of activities by administrators on the Management Server Includes the optional comments that administrators can enter when they save configuration files Which administrators logged into the Management Server, and when A report for MSS providers, summarizing the total managed ecosystem

External Interface Bandwidth Report Management Server Audit Trail Management Server Audit Trail Detail Management Server Authentication Boxes Under Management

Previous Reports not in WSM 10.0

Report Authentication Detail Packet Filter Service, Time, and Detail Proxy Time and Session FTP Detail Denied Outgoing Packet Detail Denied Service Detail Denied Authentication Detail Denied Service Summary Network Statistics

Application Blocking
In WatchGuard System Manager and Fireware v9.x, you could use the HTTP proxy together with the TCP proxy to deny network traffic that matched patterns of Instant Messaging (IM) or peer-to-peer (P2P) packets. This signature-based application blocking was designed to improve user productivity, reduce organizational liability, and maintain appropriate levels of network use. However, this feature was only available if you had an Intrusion Prevention Service (IPS) subscription. To improve the user experience for all customers, IM and P2P application blocking is now available without an IPS subscription. Now, you only need to configure the TCP-UDP proxy to use this feature. If you previously used this feature in WSM/Fireware v9.x with the TCP proxy, application blocking is automatically enabled and configured when you upgrade to WSM/Fireware v10.0. If you previously used this feature in WSM/Fireware v9.x with the HTTP proxy, only application blocking is not automatically enabled and configured when you upgrade. You must enable the TCP-UDP proxy and configure the feature again. For more information, see the WatchGuard System Manager User Guide.

HTTP-based IM services
Some Instant Messaging (IM) applications, including the web-based versions of MSN, Yahoo!, and ICQ, have web-based versions that send traffic on TCP port 80. You can prevent network traffic from these applications when you configure the application blocking feature of the TCP-UDP proxy. You must select the check box for each IM application you want to block. However, if you configure an HTTP proxy in addition to the TCP-UDP proxy, the HTTP proxy has precedence and the application blocking feature does not operate on HTTP traffic. To block web-based traffic for MSN, Yahoo!, and ICQ when you have both an HTTP and TCP-UDP proxy configured, you must configure WebBlocker or the HTTP proxy to deny access to those web sites. If you have a WebBlocker security subscription, you can block the Chat category to deny this traffic. For more information, see the WatchGuard System Manager User Guide. If you do not have a WebBlocker security subscription, you can add URLs to the URL Paths category in your HTTP proxy configuration. You can use the rules below, or construct other rules to block additional sites.

MSN Messenger: /login\.srf.+http://webmessenger\.msn\.com Yahoo! IM: /crossdomain\.xml ICQ: /icq2go/flicq

Was this document helpful? Please send your feedback to faq@watchguard.com.

SUPPORT:

COPYRIGHT 2007 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Firebox, Core, and Fireware are registered trademarks or www.watchguard.com/support trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. U.S. and Canada +877.232.3531 All Other Countries +1.206.613.0456