User guide

ManualsBrandsWatchguard ManualsNetworkingV10

WATCHGUARD SYSTEM MANAGER AND FIREWARE WSM/FIREWARE 10.2.7

RELEASE NOTES JANUARY 22, 2009 PAGE 4

To install Single Sign-On (SSO) software

If you are upgrading from a previous SSO implementation, you must first uninstall the existing SSO agent.

With the v10.2.4 release, you can install a new SSO client software package to improve the efficiency and

accuracy of your Single Sign-On implementation. See the help system for your Firebox for more

information about the new SSO implementation.

To install v10.2.4 Single Sign-On agent software

1. Go to

http://www.watchguard.com/support and log in with your LiveSecurity user name and

passphrase. Follow the link to the Software Downloads page and download the WatchGuard

Single Sign-On Agent 10.2.4. Save the WG-Authentication-Gateway.exe file to your hard disk.

2. Install the file on a domain computer with a static IP address and complete the setup wizard. It

is a good idea to install the SSO agent software on your domain controller. For more setup

instructions see the Single Sign-On (SSO) Implementation Notes section near the end of this

document.

To install v10.2.4 Single Sign-On client software

1. Go to

http://www.watchguard.com/support and log in with your LiveSecurity user name and

passphrase. Follow the link to the Software Downloads page and download the WatchGuard

Single Sign-On Agent 10.2.4. Save the WatchGuard-Authentication-Client.msi file to your hard

disk.

2. Because the SSO client installer is an MSI file, you can choose to automatically install it on

your user's computers when they log on to your domain. You can use Active Directory Group

Policy to automatically install software when users log on to your domain. For more

information about software installation deployment for Active Directory group policy objects,

go to http://www.microsoft.com.

Resolved Issues

General

 This release resolves a kernel crash associated with branch office VPN and Mobile VPN with

IPSec traffic through the Firebox X Core or Peak e-Series.

[29491]

 The Firebox no longer stops passing traffic when you save a configuration.

[27821]

 Policy Manager no longer prevents the entry of host ranges for 1-to-1 NAT on the BOVPN

tunnel route settings page.

[30010]

 The Server Load Balancing feature in Fireware now correctly detects that a server is not

responding and stops sending traffic to that server.

[27276]

WatchGuard System Manager (WSM)

 You can now apply QoS and a schedule when you create a VPN firewall; policy template for

managed BOVPN tunnels.

[10270]

 You should no longer see the error message "

HTTP response code: 500 for URL

https://x.x.x.x:4117/cmm/cmd" when you try to connect to WSM. [29336]

High Availability

 If there is an active Mobile VPN with PPTP tunnel connected to the Firebox during a

configuration save, Firebox System Manager no longer shows the HA peer status as "in-

transition."

[27557]