WatchGuard Technologies is announcing software upgrades for its Core and Peak security devices that give them more uptime and make it simpler to provision VPNs.
Called Fireware 9.0, the software supports failover for VPNs by automatically seeking a backup WAN line when the primary Internet
connection fails. The devices support up to four different WAN connections.
It was possible to configure failover manually before, but it was cumbersome, WatchGuard says.
The software enables policy-based WAN routing to multiple ISPs. This means VPN traffic might be routed over a link that supports
QoS, while general Web traffic is sent over a low-cost DSL link.
The software also balances loads among WAN connections. Previously the device performed round-robin load-balancing, alternating
traffic among available connections without regard for whether a link was congested. Now when a link is saturated, the software
stops sending traffic its way until more bandwidth becomes available.
Fireware 9.0 expands the number of QoS levels from two to eight.
The new software supports importing Internet-key-exchange certificates from devices made by other vendors including RSA Security, Entrust, VeriSign and Microsoft. Some industries require that certificates not be stored on the VPN gear itself, so this capability will let WatchGuard gear
be used in those situations. Previously the devices used pre-stored certificates or certificates issued by a WatchGuard Management
Server.
Customers now can use drag-and-drop tools to create VPN tunnels when WatchGuard gear is deployed in high-availability mode
with a redundant backup appliance. Before this, the devices either could be deployed as high-availability pairs or could be
configured using the drag-and-drop tool, but not both. Tunnels had to be arranged manually if the devices were paired.
Devices controlled by the software now support virtual LAN tagging and trunking. Previously, the devices switched only through
physical ports, with no option for making logical groupings.
