WatchGuard Technologies is announcing software upgrades for its Core and Peak security devices that give them more uptime and make it simpler to provision VPNs.

Called Fireware 9.0, the software supports failover for VPNs by automatically seeking a backup WAN line when the primary Internet connection fails. The devices support up to four different WAN connections.

It was possible to configure failover manually before, but it was cumbersome, WatchGuard says.

The software enables policy-based WAN routing to multiple ISPs. This means VPN traffic might be routed over a link that supports QoS, while general Web traffic is sent over a low-cost DSL link.

The software also balances loads among WAN connections. Previously the device performed round-robin load-balancing, alternating traffic among available connections without regard for whether a link was congested. Now when a link is saturated, the software stops sending traffic its way until more bandwidth becomes available.

Fireware 9.0 expands the number of QoS levels from two to eight.

The new software supports importing Internet-key-exchange certificates from devices made by other vendors including RSA Security, Entrust, VeriSign and Microsoft. Some industries require that certificates not be stored on the VPN gear itself, so this capability will let WatchGuard gear be used in those situations. Previously the devices used pre-stored certificates or certificates issued by a WatchGuard Management Server.

Customers now can use drag-and-drop tools to create VPN tunnels when WatchGuard gear is deployed in high-availability mode with a redundant backup appliance. Before this, the devices either could be deployed as high-availability pairs or could be configured using the drag-and-drop tool, but not both. Tunnels had to be arranged manually if the devices were paired.

Devices controlled by the software now support virtual LAN tagging and trunking. Previously, the devices switched only through physical ports, with no option for making logical groupings.

WatchGuard lists as its competitors Check Point, Cisco, Fortinet, Juniper Networks, Nokia, SonicWall and Symantec.

WatchGuard is dropping from $3,000 to $2,000 the price of its unified-threat-management bundle for the low-end Firebox X550e Core appliance. The device supports a VPN; firewall; URL filtering; and antivirus, antispyware and antispam software.