What is in Version 11.11
Version 11.11 of the Watchguard Fireware OS for the Firebox systems adds a full Network Discovery tool. This allows an Administrator to see the devices and open ports for all machines on the local network. Other things that can be seen are rogue Access points attached to the network, and unauthorised computers or phones.
Knowledge of what is on the network gives you that visibility to deal with any threats that they represent. For example, are all devices connected to your network controlled by you, with the appropriate Anti-virus tools? Has anyone added an Access Point to the network, either for convenience or malicious purposes, and even if for convenience, is it properly secured? Until you know it is there, you cannot even ask the question, let alone find the answer.
Full integration with the traffic monitor and Firewatch functions allows you also to check all that is happening from any device found thereby giving you total visibility of what type of threat it represents in your network.
Why would I need Network Discovery?
Reasons that this could be useful include checking for PCI or other regulatory compliance – someone plugging an unauthorised device into the incorrect place could leave you vulnerable not only to a leak of information, but also to fines or disconnection from resources like taking Credit Card payments. Can you afford that?
Other possibilities are new admins who simply need to check or create a view of what is on the network they are asked to be responsible for. With this, you can get an overview of what is connected, which ports are open, and even if they are being used.
It can also be a good tool for simply getting a clear view of how the network compares to what you expect. Someone plugs a new device in without authorisation, and you can see what the effects are of this, then take any action that is needed based on that knowledge.
The feature is unfortunately only available on the later Firebox appliances; that is all T-series and M-Series boxes only, the older XTM series will not benefit. Licensing is automatically included for all Security Suite licensed boxes, and can be purchased additionally for any without the full suite.
My Firebox is too old, now what?
If this feature is one that sounds good to you, but you have an XTM-series, then Watchguard promotions usually include a trade-up program, for the latest offerings, please talk to us about your current requirements, and we can show you the current upgrade deals available.
Why have this on the UTM?
Experienced administrators will already run something like this on a separate machine on the network, but even they can benefit from moving it from at least a simple installation to the UTM. Once an unknown machine or port is found, a single click will allow you to see what traffic is currently flowing to/from that machine, or port using Firewatch or traffic monitor. Using various fingerprinting methods on the traffic via the UTM will allow for more accurate definition of the OS involved.