[互聯(lián)網(wǎng)]watchguard最新版本介紹-文庫(kù)吧資料
2025-02-20 09:10本頁(yè)面
【正文】 n a FIPSpliant manner 10 WatchGuard Training FIPS Support in Fireware XTM ? FIPS Mode ? You must use the CLI to enable FIPS mode on an XTM device ? When the XTM device operates in FIPS mode, each time the device is powered on, it runs a set of selftests required by the FIPS 1402 specification ? If any of the tests fail, the XTM device writes a message to the log file and shuts down ? If you start the device in safe mode or recovery mode, the device is not in FIPS mode ? Use the CLI mand fips enable to enable FIPS mode operation ? You can use the CLI mand show fips to determine if the XTM device is configured in FIPS mode 11 WatchGuard Training FIPS Mode Constraints ? FIPS Mode does not enforce a FIPS pliant configuration ? Configure the Admin and Status administrative accounts to use passwords with a minimum of 8 characters ? When you configure VPN tunnels, you must choose only FIPSapproved authentication and encryption algorithms: SHA1, SHA256, SHA512, 3DES, AES128, AES192, and AES256. ? When you configure VPN tunnels, you must choose DiffieHellman Group 2 or Group 5 for IKE Phase 1 negotiation ? Use a minimum of 1024bits for all RSA keys ? Do not configure FireCluster for high availability ? Do not use Mobile VPN with PPTP ? Do not use PPPoE ? Do not use WatchGuard System Manager to manage the device ? For access to Fireware XTM Web UI, the web browser must be configured to use only TLS and FIPS approved cipher suites ? For work access to the CLI, clients must use SSH protocol 12 WatchGuard Training Dynamic Routing Enhancements 14 WatchGuard Training Dynamic Routing Enhancements ? FireCluster is now supported ? Configuration validation ensures working configuration ? Enhanced troubleshooting capabilities ? Enable debugging at runtime ? Obtain more logs from Quagga ? Enhanced output in the Firebox System Manager Status Report Dynamic Routing – Diagnostic Logging ? Change the Diagnostic Log Level setting for Dynamic Routing to the Debug level to see detailed log messages from all log levels. 15 WatchGuard Training Clientless Single SignOn (SSO) Clientless SSO ? Use the SSO Agent and Event Log Monitor for SSO, without the SSO Client ? Support for both single domain and multiple domains ? Provides the same accuracy as the SSO Client solution ? Token Groups ? SSO Client ? SSO ELM ? Manual Authentication with samAccountName ? Group Attribute ? Manual Authentication and NonActive Directory ? Does not return nested groups 17 WatchGuard Training Clientless SSO Process ? Install the SSO Agent on your work. ? Install the Event Log Monitor on each domain controller in your work. ? The Event Log Monitor collects user credentials when users log on to the domain.
教學(xué)課件相關(guān)推薦
鄂ICP備17016276號(hào)-1