1 / 7

What’s New in Fireware XTM v11.5.3

What’s New in Fireware XTM v11.5.3. Changes in Fireware XTM v11.5.3. Routing table changes Feature key global expiration for some XTMv keys IP address validity checks and warnings. Routing Table Changes in v11.5.3.

lynette
Download Presentation

What’s New in Fireware XTM v11.5.3

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. What’s New inFireware XTM v11.5.3

  2. Changes in Fireware XTM v11.5.3 • Routing table changes • Feature key global expiration for some XTMv keys • IP address validity checks and warnings WatchGuard Training

  3. Routing Table Changes in v11.5.3 • The Routes section of the FSM Status Report now displays the routes in a different format. • This improves consistency in the way IPv4 and IPv6 routes are displayed. • The Routes section can contain these route tables: • Route Table: main — shows all IPv4 and IPv6 static routes • Route Table: default — shows information about the default route • Route Table: ethx.out — shows active routes for an external interface, ethx, where x is the interface number. • Route Table: zebra— shows dynamic routes received from a peer • If a route table has no entries, it does not appear. • For example, the zebra table does not appear if dynamic routing is disabled. • The zebra route table shows only the first 20 dynamic routes. • To see a complete list of the dynamic routes, see the OSPF, RIP, or BGP section of the Status Report. WatchGuard Training

  4. Routing Table Changes in v11.5.3 Comparison of FSM Status Report Routes section in v11.5.2 and v11.5.3 Routes in v11.5.3 Routes in v11.5.2 Route Table: main ------------------- 172.16.20.0/30 dev eth2 proto kernel scope link 10.0.20.0/24 dev eth1 proto kernel scope link 10.0.5.0/24 via 203.0.113.10 dev eth0 metric 1 203.0.113.0/24 dev eth0 proto kernel scope link 127.0.0.0/24 dev lo scope link default via 203.0.113.1 dev eth0 ::1/128 dev lo proto kernel metric 256 Route Table: default ------------------- default via 203.0.113.1 dev eth0 metric 50 Route Table: eth0.out ------------------- 10.0.5.0/24 via 203.0.113.10 dev eth0 metric 1 203.0.113.0/24 dev eth0 scope link metric 1 default via 203.0.113.1 dev eth0 metric 1 Route Table: zebra ------------------- 10.0.10.0/24 via 203.0.113.10 dev eth0 proto zebra metric 20 Routes ------------ Destination Gateway Flags Metric Ref Use Iface 172.16.20.0/30 * U 0 0 0 eth2 10.0.20.0/24 * U 0 0 0 eth1 10.0.5.0/24 203.0.113.10 UG 1 0 0 eth0 203.0.113.0/24 * U 0 0 0 eth0 127.0.0.0/24 * U 0 0 0 lo 10.0.10.0/24 203.0.113.10 UG 20 0 0 eth0 default 203.0.113.1 UG 0 0 0 eth0 default 203.0.113.1 UG 50 0 0 eth0 Special routing tables ------------ eth0.out: 10.0.5.0/24 via 203.0.113.10 dev eth0 metric 1 203.0.113.0/24 dev eth0 scope link metric 1 10.0.10.0/24 via 203.0.113.10 dev eth0 metric 20 default via 203.0.113.1 dev eth0 metric 1 zebra: 10.0.10.0/24 via 203.0.113.10 dev eth0 metric 20 WatchGuard Training

  5. Routing Table Changes in v11.5.3 • A route bound to an XTM device interface appears in this format: <destination> dev <device> proto kernel scope link Example: 203.0.113.0/24 dev eth0 proto kernel scope link • A static route that you add appears in this format: <destination> via <gateway> dev <device> metric <link> Example: 10.0.30.0/24 via 10.0.10.254 dev eth1 metric 1 • A dynamic route appears in the zebra route table in this format: <destination> via <gateway> dev <device> proto zebra metric <metric> Example: 10.0.10.0/24 via 203.0.113.10 dev eth0 proto zebra metric 20 • Information that can appear for each route includes: • <destination> — the destination IP address for the route • dev <device> — indicates which device (usually an interface number) the route applies to; for example eth0 for interface 0, or lo for loopback. • proto kernel —route was created by the Linux kernel • proto zebra — route is a dynamic route learned via a dynamic routing protocol • scope link — route is bound to an XTM device interface • metric <number> — the routing metric, or cost for the route WatchGuard Training

  6. IP Address Validity Checks • Error when you try to configure a primary or backup cluster IP address that overlaps the address pool used in Mobile VPN with SSL, Mobile VPN with IPSec, or Mobile VPN with PPTP. • You cannot save a change that would cause this type of IP address overlap. • The IP address validation and error occurs: • When you create or save changes to a FireCluster configuration • When you create or save changes to the Mobile VPN with SSL, Mobile VPN with IPSec, or Mobile VPN with PPTP configuration • Warning when primary or backup IP addresses for Mobile VPN for SSL or Mobile VPN for IPSec do not match an external IP address. • The warning allows the user to continue (save the change) or cancel. • The IP address validation and warning occurs: • When you save the Mobile VPN with IPSec configuration • When you save to the Mobile VPN with SSL configuration • When you save changes to the network configuration WatchGuard Training

  7. THANK YOU!

More Related