Utilise a Firewall or UTM Appliance with IPS (Intrusion Prevention System)
Submit malicious files and URLs to https://www.virustotal.com this helps improve detections and raises awareness of the impact malware is having around the world
If your Firewall or UTM Appliance provides IPS then ensure that the Signatures protect against the following exploits
A number of kernel crashes have been resolved. [73624, 73714, 72553]
An issue that caused the firewalld process to crash has been resolved. [72724]
MSS handling has been improved to enable the MTU to be adjusted independently for inbound and outbound proxy connections. This improvement prevents applications such as Facebook from stalling.[72722]
Proxies and Subscription Services
Several problems that caused spamBlocker process crashes to occur have been resolved. [72730, 73427, 73429]
You can now configure spamBlocker thresholds with the Web UI. [73092]
You can now show the serial number variable in the HTTP proxy deny message. [72665]
The HTTPS proxy now correctly handles Multiple-Domain Certificates. [73273]
This release offers improved site name detection when you use WebBlocker with the HTTPS proxy. [72935]
This release resolves several issues that caused the Gateway AV scanning process to fail and restart. [73100, 72788, 62451, 69866, 67509]
Logging and Reporting
The loggerd process no longer uses excessive CPU. [72672]
Networking
Dynamic DNS updates no longer fail. [73114]
This release resolves a memory leak that occurred when DHCP is enabled on the external interface but the DHCP server is not responding. [72725]
The XTM device DHCP server now correctly sends a NACK reply for devices that have an existing DHCP lease. [72726, 72551]
Wireless
This release includes numerous improvements to XTM wireless stability. [73386, 73126, 72568, 72569, 72414, 72033, 72034, 72035, 72036, 72054, 71606]
VPN
This release resolves an issue that caused branch office VPN to stop functioning after you upgrade from Fireware XTM v11.4.x to v11.6.x. [72382]
This release offers improved VPN stability when using aggressive mode branch office tunnels. [73388]
This release resolves an issue that caused traffic through a branch office VPN tunnel to stop for XTM 3 Series and XTM 25/26 devices. [72549, 72547, 72548]
This release improves the Mobile VPN with SSL authentication page error handling to prevent cross-site scripting attacks. [72270]
This release resolves an issue that prevented the XTM 800, XTM 1500, and XTM 2500 Series devices from correctly using the IPSec encryption chipset under certain conditions. [73130]
SNMP now displays an accurate number of branch office VPN tunnels. [73098]