Posted on

Watchguard 11.11 adds Network Discovery tool

What is in Version 11.11

Watchguard Fireware v11.11 Network Discovery Watchguard Fireware v11.11 Network Discovery

Version 11.11 of the Watchguard Fireware OS for the Firebox systems adds a full Network Discovery tool. This allows an Administrator to see the devices and open ports for all machines on the local network. Other things that can be seen are rogue Access points attached to the network, and unauthorised computers or phones.

Knowledge of what is on the network gives you that visibility to deal with any threats that they represent. For example, are all devices connected to your network controlled by you, with the appropriate Anti-virus tools? Has anyone added an Access Point to the network, either for convenience or malicious purposes, and even if for convenience, is it properly secured? Until you know it is there, you cannot even ask the question, let alone find the answer.

Full integration with the traffic monitor and Firewatch functions allows you also to check all that is happening from any device found thereby giving you total visibility of what type of threat it represents in your network.

Why would I need Network Discovery?

Reasons that this could be useful include checking for PCI or other regulatory compliance – someone plugging an unauthorised device into the incorrect place could leave you vulnerable not only to a leak of information, but also to fines or disconnection from resources like taking Credit Card payments. Can you afford that?

Other possibilities are new admins who simply need to check or create a view of what is on the network they are asked to be responsible for. With this, you can get an overview of what is connected, which ports are open, and even if they are being used.

It can also be a good tool for simply getting a clear view of how the network compares to what you expect. Someone plugs a new device in without authorisation, and you can see what the effects are of this, then take any action that is needed based on that knowledge.


The feature is unfortunately only available on the later Firebox appliances; that is all T-series and M-Series boxes only, the older XTM series will not benefit. Licensing is automatically included for all Security Suite licensed boxes, and can be purchased additionally for any without the full suite.

My Firebox is too old, now what?

If this feature is one that sounds good to you, but you have an XTM-series, then Watchguard promotions usually include a trade-up program, for the latest offerings, please talk to us about your current requirements, and we can show you the current upgrade deals available.

Why have this  on the UTM?

Experienced administrators will already run something like this on a separate machine on the network, but even they can benefit from moving it from at least a simple installation to the UTM. Once an unknown machine or port is found, a single click will allow you to see what traffic is currently flowing to/from that machine, or port using Firewatch or traffic monitor. Using various fingerprinting methods on the traffic via the UTM will allow for more accurate definition of the OS involved.

Posted on

Watchguard’s Corey discusses the largest ever Oracle Critical Patch set

Watchguard publish regular security video updates to help keep us informed on the security landscape. In this episode, Corey talks about latest Oracle Critical Patch set, the largest set of patches ever release, fixing over 256 vulnerabilities in software including the ever popular Java.


For the links mentioned, look at the Watchguard security centre site

Posted on

New Watchguard Firebox T30 and Firebox T50 tabletop UTMs

We now have available the New Watchguard Firebox T30 and T50 UTM appliances. These replace the XTM-25, XTM-26, XTM-33 and XTM-330 models which are now end of sale.

Watchguard T10, T30 and T50 stack
Watchguard T10, T30 and T50 stack

These are both fanless desktop models that are perfect for any office or home office environment, and perfectly fill the area between the recent T10 and M-series releases. The Firebox T50 provides a quiet alternative to the XTM-330 for any case where they are to be installed into the office environment without compromising on the ability to secure even a full speed FTTC connection.

Uniquely, they both offer a Power Over Ethernet port. While this is mainly intended to handle an additional wireless access point, it is perfectly capable of handling any device that may be needed. If used with the Wireless version, this will allow a fully integrated wireless option for a medium sized office, or large house. Remember that if more wireless points are needed, these can be implemented with localised power.

Connectivity is perfect for everyone with 5 Gigabit ports in the T30, and 7 in the T50, all with the standard Watchguard complete flexibility of use. Combine this with a total throughput of up to 1.2Gbps in Firewall only mode, 165Mbps in full UTM mode and you can see how these can be a great fit.

And remember that from Rallye, we supply an initial configuration and ongoing support. That make sure that these are a perfect fit for all your needs. If you need something with a bit more power or ports, look to the M-series range. If unsure, please call or email to discuss your needs.


Posted on

Corey from Watchguard discusses the some of the issues this week, including some coming out of the Black Hat Conference

Watchguard publish regular security video updates to help keep us informed on the security landscape, in this episode, Corey talks about the Carphone Warehouse Data loss, a MAC firmware issue called Thunder, the Car hacking revolution (as reported at Black Hat), and a reported issue of Cisco iOS ROMMON being altered.


For the links mentioned, look at the Watchguard security centre site

Posted on

Watchguard’s Corey talks about Bind flaws

Watchguard publish regular security video updates to help keep us informed on the security landscape, in this episode, Corey talks about a Denial of Service flaw in Bind

For the links mentioned, look at the Watchguard security centre site

Posted on

Watchguard’s Corey talks about IoT flaws

Watchguard publish regular security video updates to help keep us informed on the security landscape, in this episode, Corey talks about how a sniper rifle hack shows what is needed on the Internet of Things (IoT).

For the links mentioned, look at the Watchguard security centre site

Posted on

Watchguard’s Corey talks about an Android MMS flaw

Watchguard publish regular security video updates to help keep us informed on the security landscape, in this episode, Corey talks about a major Android MMS flaw

For the links mentioned, look at the Watchguard security centre site

Posted on

Watchguard Bundles – LiveSecurity, SecurityBundle and Optional extras

Watchguard bundles are important for getting the most out of your Watchguard, and come initally supplied therefore, we will explain the different options here. These can be renewed for as long as the product is deemed viable, which can be 10 or more years for a newly released product. Renewals (and thus initial purchase) are available in either 1 year or 3 year packages.

One of the great advantages of the Watchguard solution is that you can easily turn on or off any of the features and change between levels simply with a licence change.

Live Security Bundle

LiveSecurity® Service provides high-value, innovative support services to IT administrators. With this multifaceted program you’ll have technical support with a targeted four-hour response time, and a hardware warranty that includes advance hardware replacement. It supplies software updates that cover feature enhancements, full-rev updates, and new capabilities. Concise threat alerts come with clear instructions on how to reduce or eliminate new threats and link directly to vendor patches to save time. Ground-breaking security education tools include videos, podcasts, best practices editorials, and handy security-training modules for end users. No other security vendor does as much to educate you in the role of security-savvy network administrator.

It is possible to add any of the below options onto LiveSecurity to give the protection required without needing the full bundle. The modules included in the LiveSecurity are:

Packet Filtering

WatchGuard gives you everything you expect from a firewall, and more. Multi-gigabit packet filtering and transparent proxies mean true, line-speed security inspection on all traffic. You also get Virtual Private Networking (VPN) with the strongest encryption to secure connections from†branch offices and mobile users.

We always sweat the small stuff.
• Tie security policies to specific users and groups with directory integration
• Stop traffic from dangerous sources with cloud-based reputation services
• Get real-time and historical visibility into what’s happening in your network at every level
• Unique drag-and-drop virtual private networking (VPN)

Intrusion Prevention Service (IPS)

Don’t let malicious activity run amok in your network. WatchGuard’s Intrusion Prevention Service (IPS) lets you Shut. Intrusions. Down.

Never leave your network exposed.
• IPS works hand-in-hand with application-layer content inspection to monitor network traffic and system activities
• Continually updated signatures give you real-time protection from spyware, SQL injections, cross-site scripting, and buffer overflows
• You get full granular control to block network, application, and protocol-based attacks

Application Control

There’s control – and then there’s strangle-hold. You can’t afford to let malicious or inappropriate applications through your defenses, but you don’t want to ding productivity with app controls that are too strict or wide-ranging. WatchGuard gives you highly granular control by category, application, or application sub-function to keep your network flowing and your environment safe.

It’s okay. Let all that power go to your head.
• Control over 1,800 web and business applications by category, application, or application sub-function
• Granular control over social networking applications and their functions, so employees can use Facebook, Twitter, and other important apps for work, not play
• Ability to select, manage, and report on application usage by user, group, and time of day

Security Bundle

Security Bundle includes all of the advantages of LiveSecurity as well as taking the appliance from being a NextGen Firewall to being a full UTM with most of the available modules. The modules included at this time are :


On the web, people can find themselves in a bad place without even trying. WebBlocker’s content and URL filtering lets you control where people on your network go, and protects them (and you) from landing in places they shouldn’t be.

Who’s in charge here? Right, that would be you.
• Get broad control (by URL category) and deep (by specific users, groups, domains, or time of day) so you can block for security, productivity, and legal compliance
• Customize policies to create exception lists for mission-critical access
• Allow access by users, groups, domains, and time of day requirements to meet specific business and user needs

Gateway AntiVirus

Hackers don’t stick to one approach, and neither do we. Our continuously updated signatures identify and block known spyware, viruses, trojans, and blended threats – including new variants of known viruses. At the same time, heuristic analysis tracks down suspicious data constructions and actions to make sure unknown viruses don’t slip by.

Whatever they throw at you? You can take them.
• Scans all major protocols, including HTTP, HTTPS, FTP, TCP, SMTP, and POP3 to block all types of malware
• Optimized for best network performance
• Works with APT Blocker to catch even zero-day attacks


Spam: we love it on a plate, hate it in your network. Our spamBlocker is so fast and effective, it can review up to 4 billion messages per day. That could be a lot of spam, but don’t worry. We’re always hungry.

Don’t let our voracious appetite scare you.
• Block spam regardless of language, format, or content – even image-based spam that other blockers miss
• Our patented cloud-based technology is the only effective anti-spam solution for low-footprint UTM appliances
• Identify and block viral payloads for an additional layer of real-time, anti-virus protection

Reputation Enabled Defense

Your reputation precedes you – and the same goes for web sites. Our powerful, cloud-based reputation lookup service protects web users from malicious sites, while dramatically improving web processing overhead. WatchGuard is the only UTM that includes this service, to give you faster, safer web surfing. We thought that’s what you wanted.

We’ve got a reputation. We’re okay with that.
• Faster browsing times and greater throughput at the gateway
• Continuous updates keep current with dynamic web content and changing web conditions

Unbundled modules

There are currently two additional modules that are not included in the security bundle that can be added to almost any XTM device, these are:

Data Loss Prevention (DLP)

Sure, mistakes happen, but that doesn’t mean you should leave your company’s crown jewels at risk. WatchGuard’s optional DLP service prevents accidental or malicious data breaches by scanning text and common file types to detect sensitive information. Even if all else fails, you can still prevent data exfiltration.

We’ve got your back, no matter what.
• Easily create and update corporate data policies with a predefined library of over 200 rules for 18 countries
• Establish rules for personally identifiable information, financial and healthcare data, and more
• Parse data from more than 30 file types including Excel, Word, Visio, PowerPoint, and PDFs

APT Blocker

Advanced. Persistent. Threats. Even the name is scary. But stopping them doesn’t have to be. We make it easy to take down the meanest malware and the sneakiest zero-day threats. Our APT Blocker gives you all the power, without the fear of complex implementation rules – and it’s all at a fraction of the price you’d expect.

All the power. No fear.
• Optional service works in conjunction with our signature-based antivirus to detect and block advanced malware and zero-day attacks
• Easy point-and-click configuration even against sophisticated polymorphic threats
• Instant, single-pane-of-glass visibility into real-time attacks