Watchguard Firebox X1000 User's Guide

WatchGuard®Firebox® System User GuideWatchGuard Firebox System

x WatchGuard Firebox SystemAdding Basic Services to Policy Manager ... 61Configuring Routes ...

Chapter 7: Configuring Network Address Translation84 WatchGuard Firebox SystemAdding simple dynamic NAT entriesUsing built-in host aliases, you can qu

Using Simple Dynamic NATUser Guide 855 Click OK.The new entry appears in the Dynamic NAT Entries list.Reordering simple dynamic NAT entriesTo reorder

Chapter 7: Configuring Network Address Translation86 WatchGuard Firebox SystemUsing Service-Based Dynamic NATUsing service-based dynamic NAT, you can

Configuring a Service for Incoming Static NATUser Guide 87Disable NAT Disables dynamic NAT for outgoing packets using this service. Use this setting

Chapter 7: Configuring Network Address Translation88 WatchGuard Firebox SystemSetting static NAT for a serviceStatic NAT, like service-based NAT, is c

Using 1-to-1 NATUser Guide 899 Click OK to close the Add Address dialog box. Click OK to close the services’s Properties dialog box.Using 1-to-1 NAT1-

Chapter 7: Configuring Network Address Translation90 WatchGuard Firebox System2 Click Advanced.The Advanced NAT Settings dialog box appears.3 Click th

Using 1-to-1 NATUser Guide 91Proxies and NATThis table identifies each proxy and what types of NAT it supports.Simple dynamicStatic Service-based 1-to

Chapter 7: Configuring Network Address Translation92 WatchGuard Firebox System

User Guide 93CHAPTER 8 Configuring Filtered ServicesYou add filtered services–in addition to proxied services–to control and monitor the flow of IP pa

User Guide xiEnabling simple dynamic NAT ... 83Adding simple dynamic NAT entries ... 8

Chapter 8: Configuring Filtered Services94 WatchGuard Firebox SystemSelecting Services for your Security Policy ObjectivesThe WatchGuard Firebox Syste

Adding and Configuring ServicesUser Guide 95• Allowing a service to the optional network is safer than allowing it to the trusted network.• Allowing i

Chapter 8: Configuring Filtered Services96 WatchGuard Firebox SystemYou can also add unique or custom services. However, if you do, take steps to perm

Adding and Configuring ServicesUser Guide 97Configurable parameters for servicesSeveral service parameters can be configured:Sources and DestinationsY

Chapter 8: Configuring Filtered Services98 WatchGuard Firebox System2 Expand either the Packet Filters or Proxies folder by clicking the plus (+) sign

Adding and Configuring ServicesUser Guide 995 (Optional) You can customize both the name and the comments that appear when the service is being config

Chapter 8: Configuring Filtered Services100 WatchGuard Firebox SystemCreating a new serviceIn addition to built-in filtered services provided by Watch

Adding and Configuring ServicesUser Guide 101IgnoreSource port can be any number (0—65565). (If you are not sure which port setting to use, choose thi

Chapter 8: Configuring Filtered Services102 WatchGuard Firebox System 11 Click OK.The Services dialog box appears with the new service displayed under

Defining Service PropertiesUser Guide 103Defining Service PropertiesYou use the service’s Properties dialog box to configure the incoming and outgoing

xii WatchGuard Firebox SystemAdding a proxy service for HTTP ... 121Configuring a caching proxy server ...

Chapter 8: Configuring Filtered Services104 WatchGuard Firebox SystemAdding service propertiesThe method used to add incoming and outgoing service pro

Defining Service PropertiesUser Guide 105Working with wg_iconsService icons beginning with “wg_” are created automatically when you enable features su

Chapter 8: Configuring Filtered Services106 WatchGuard Firebox SystemFrom the Properties dialog box:1 Click the Incoming tab.2 Click Logging.The Loggi

Service PrecedenceUser Guide 107The remaining controls are active when you select the Send notification checkbox:EmailTriggers an email message when t

Chapter 8: Configuring Filtered Services108 WatchGuard Firebox System“Multiservices” can contain subservices of more than one precedence group. “Filte

Service PrecedenceUser Guide 109based on the specificity of targets, from most specific to least specific. The following order is used:IP refers to ex

Chapter 8: Configuring Filtered Services110 WatchGuard Firebox System

User Guide 111CHAPTER 9 Configuring Proxied ServicesProxy filtering goes a step beyond packet filtering by examining a packet’s content, not just the

Chapter 9: Configuring Proxied Services112 WatchGuard Firebox SystemConfiguring an SMTP Proxy ServiceThe SMTP proxy limits several potentially harmful

Configuring an SMTP Proxy ServiceUser Guide 113the Services Arena. (For information on how to add a service, see the previous chapter.) From the Servi

User Guide xiiiSetting logging and notification for blocked ports ... 156Blocking Sites Temporarily with Service Settings ... 157Conf

Chapter 9: Configuring Proxied Services114 WatchGuard Firebox SystemBlocking email content typesMIME stands for Multipurpose Internet Mail Extensions,

Configuring an SMTP Proxy ServiceUser Guide 115• A string is a wildcard pattern if it contains a question mark (?), an asterisk (*), or a right parent

Chapter 9: Configuring Proxied Services116 WatchGuard Firebox System2 Select Allowed To from the Category drop list.3 In the text box to the left of t

Configuring an SMTP Proxy ServiceUser Guide 117• Accounting and auditing information.Configuring the Outgoing SMTP ProxyUse the Outgoing SMTP Proxy di

Chapter 9: Configuring Proxied Services118 WatchGuard Firebox Systemmight be inside.salesdept.bigcompany.com, which would become the public address bi

Configuring an FTP Proxy ServiceUser Guide 119Configuring an FTP Proxy ServiceThe FTP proxy service enables you to access another computer (on a separ

Chapter 9: Configuring Proxied Services120 WatchGuard Firebox SystemSelecting an HTTP ServiceBecause of the extensive security implications of HTTP tr

Selecting an HTTP ServiceUser Guide 121 NOTEThe WatchGuard service called “HTTP” is not to be confused with an HTTP caching proxy. An HTTP caching pr

Chapter 9: Configuring Proxied Services122 WatchGuard Firebox SystemFor detailed information about the HTTP proxy, see the online support resources at

Configuring the DNS Proxy ServiceUser Guide 123The Firebox communicates with proxy servers exactly the same way that clients normally do. Instead of a

xiv WatchGuard Firebox SystemViewing the WSEP application ... 180Starting and stopping the WSEP ...

Chapter 9: Configuring Proxied Services124 WatchGuard Firebox Systemattacks that cause a buffer overflow, which crash the targeted server and enable t

Configuring the DNS Proxy ServiceUser Guide 1255 Click the Incoming tab. Use the Incoming DNS-Proxy connections are drop list to select Enabled and A

Chapter 9: Configuring Proxied Services126 WatchGuard Firebox System

User Guide 127CHAPTER 10 Creating Aliases and Implementing AuthenticationAliases are shortcuts used to identify groups of hosts, networks, or users. T

Chapter 10: Creating Aliases and Implementing Authentication128 WatchGuard Firebox Systema user workstation may have several different IP addresses ov

Using AliasesUser Guide 1292 Click Add.3 In the Host Alias Name text box, enter the name used to identify the alias when configuring services and auth

Chapter 10: Creating Aliases and Implementing Authentication130 WatchGuard Firebox System8 When you finish adding members, click OK.The Host Alias dia

Authentication Server TypesUser Guide 131Enabling remote authenticationUse this procedure to allow remote users to authenticate from the External inte

Chapter 10: Creating Aliases and Implementing Authentication132 WatchGuard Firebox SystemTo specify authentication type:1 From Policy Manager, select

Defining Firebox Users and Groups for AuthenticationUser Guide 133computers. As your organization changes, you can add or remove users or systems from

User Guide xvEditing an existing report ... 205Deleting a report ...

Chapter 10: Creating Aliases and Implementing Authentication134 WatchGuard Firebox System4 To add a new user, click the Add button beneath the Users l

Configuring RADIUS Server AuthenticationUser Guide 1352 Click the NT Server tab.The information appears as shown in the following figure.3 To identify

Chapter 10: Creating Aliases and Implementing Authentication136 WatchGuard Firebox Systemauthentication key that identifies it to the RADIUS server. N

Configuring CRYPTOCard Server AuthenticationUser Guide 1377 Click OK.8 Gather the IP address of the Firebox and the user or group aliases you want to

Chapter 10: Creating Aliases and Implementing Authentication138 WatchGuard Firebox SystemProperties dialog box, and the IP address of the Firebox on t

Configuring SecurID AuthenticationUser Guide 139On the CRYPTOCard server:1 Add the IP address of the Firebox where appropriate according to CRYPTOCard

Chapter 10: Creating Aliases and Implementing Authentication140 WatchGuard Firebox System3 Enter the IP address of the SecurID server.4 Enter or verif

User Guide 141CHAPTER 11 Protecting Your Network From AttacksThe WatchGuard Firebox System can protect your network from many types of attacks. In add

Chapter 11: Protecting Your Network From Attacks142 WatchGuard Firebox SystemLogging options help you identify sites that exhibit suspicious behavior

Default Packet HandlingUser Guide 143that the packet apparently originated from a host that is trusted, and therefore doesn’t require validation or a

xvi WatchGuard Firebox SystemSetting privileges ... 223Creating WebBlocker exceptions ...

Chapter 11: Protecting Your Network From Attacks144 WatchGuard Firebox Systemwhich services are running on the hosts inside that network. From Policy

Default Packet HandlingUser Guide 145They are stored in a backlog until they are completed or time out. When the server’s backlog is full, no new conn

Chapter 11: Protecting Your Network From Attacks146 WatchGuard Firebox Systemrecorded. If these messages occur frequently when your server is not unde

Integrating Intrusion DetectionUser Guide 147and either allow or deny packets. Little extra bandwidth is available to conduct sophisticated analysis o

Chapter 11: Protecting Your Network From Attacks148 WatchGuard Firebox Systemadd_hostileThis command adds a site to the Auto-Blocked Site list, with t

Blocking SitesUser Guide 149Example 2The IDS adds a message to the Firebox’s log stream:fbidsmate 10.0.0.1 secure1 add_log_message 3 "IDS system

Chapter 11: Protecting Your Network From Attacks150 WatchGuard Firebox System• Permanently blocked sites–which are listed in the configuration file an

Blocking SitesUser Guide 151From Policy Manager:1 On the toolbar, click the Blocked Sites icon (shown at right).You can also select Setup => Blocke

Chapter 11: Protecting Your Network From Attacks152 WatchGuard Firebox SystemCreating exceptions to the Blocked Sites listA blocked site exception is

Blocking PortsUser Guide 153Blocking PortsYou can block ports to explicitly disable external network services from accessing ports that are vulnerable

User Guide 1CHAPTER 1 IntroductionWelcome to WatchGuard®In the past, a connected enterprise needed a complex set of tools, systems, and personnel for

Chapter 11: Protecting Your Network From Attacks154 WatchGuard Firebox Systemintrusions can be difficult or impossible to detect by all but the most k

Blocking PortsUser Guide 155port 0Port 0 is reserved by IANA, but many programs that scan ports start their search on port 0.port 1Port 1 is for the r

Chapter 11: Protecting Your Network From Attacks156 WatchGuard Firebox SystemTo remove a blocked port, select the port to remove. Click Remove.Auto-bl

Blocking Sites Temporarily with Service SettingsUser Guide 157Blocking Sites Temporarily with Service SettingsUse service properties to automatically

Chapter 11: Protecting Your Network From Attacks158 WatchGuard Firebox System

User Guide 159CHAPTER 12 Monitoring Firebox ActivityAn important part of an effective network security policy is the monitoring of network events. Mon

Chapter 12: Monitoring Firebox Activity160 WatchGuard Firebox SystemStarting Firebox Monitors and connecting to a FireboxFrom Control Center:1 On the

Firebox MonitorsUser Guide 161BandwidthMeterThe BandwidthMeter tab on the Firebox Monitors display, shown in the following figure, shows real-time ban

Chapter 12: Monitoring Firebox Activity162 WatchGuard Firebox SystemAdding services to ServiceWatchBy default, ServiceWatch graphs the SMTP, FTP, and

Firebox MonitorsUser Guide 163Log hostsThe IP addresses of the log host or hosts.Log host(s): 206.148.32.16Network configurationStatistics about the

Chapter 1: Introduction2 WatchGuard Firebox SystemWatchGuard Firebox System ComponentsThe WatchGuard Firebox System has all of the components needed t

Chapter 12: Monitoring Firebox Activity164 WatchGuard Firebox SystemMemoryStatistics on the memory usage of the currently running Firebox. Numbers sho

Firebox MonitorsUser Guide 165 73 fblightd S 464 308 3927:05.75 ( 5) 0 (nice) 74 /bin/logger S 1372 592 1:2

Chapter 12: Monitoring Firebox Activity166 WatchGuard Firebox SystemThe interfaces used in this section are as follows:eth0 - External (public) interf

HostWatchUser Guide 167Authentication listThe Authentication List tab displays the host IP addresses and user names of everyone currently authenticate

Chapter 12: Monitoring Firebox Activity168 WatchGuard Firebox SystemThe HostWatch display uses the logging settings configured with Policy Manager. Fo

HostWatchUser Guide 169Connecting HostWatch to a Firebox:From HostWatch:1 Select File => Connect.Or, on the Hostwatch toolbar, click the Connect ic

Chapter 12: Monitoring Firebox Activity170 WatchGuard Firebox System3 To restart the display, click Continue (shown at right).4 To step through the di

User Guide 171CHAPTER 13 Setting Up Logging and NotificationAn event is any single activity that occurs at the Firebox, such as denying a packet from

Chapter 13: Setting Up Logging and Notification172 WatchGuard Firebox Systemboth flexible and powerful. You can configure your firewall to log and not

Developing Logging and Notification PoliciesUser Guide 173only by a small number of people in an organization. In that case you might want to log all

Minimum RequirementsUser Guide 3Historical ReportsCreates HTML reports that display session types, most active hosts, most used services, URLs, and ot

Chapter 13: Setting Up Logging and Notification174 WatchGuard Firebox SystemFailover LoggingWatchGuard uses failover logging to minimize the possibili

Designating Log Hosts for a FireboxUser Guide 175 - Set the log encryption key on each log host identical to the key set in Policy ManagerDesignating

Chapter 13: Setting Up Logging and Notification176 WatchGuard Firebox System3 Enter the IP address to be used by the log host.When typing IP addresses

Designating Log Hosts for a FireboxUser Guide 177Changing the log encryption keyEdit a log host entry to change the log encryption key. From Policy Ma

Chapter 13: Setting Up Logging and Notification178 WatchGuard Firebox SystemThe Firebox sets its clock to the current log host. If the Firebox and the

Setting up the WatchGuard Security Event ProcessorUser Guide 179By default, the WSEP application is installed to run as a Windows service, starting au

Chapter 13: Setting Up Logging and Notification180 WatchGuard Firebox SystemAs a service, using the Command PromptIf the WSEP application was not inst

Setting up the WatchGuard Security Event ProcessorUser Guide 181If the WatchGuard Security Event Processor icon is not in the tray, in Control Center,

Chapter 13: Setting Up Logging and Notification182 WatchGuard Firebox SystemFrom the WatchGuard Security Event Processor user interface:1 Select File

Setting Global Logging and Notification PreferencesUser Guide 183entries in two weeks, whereas a large one with many services enabled might easily log

ii WatchGuard Firebox SystemNotice to UsersInformation in this guide is subject to change without notice. Companies, names, and data used in examples

Chapter 1: Introduction4 WatchGuard Firebox SystemWindows NT requirements•Microsoft Windows NT 4.0• Microsoft Service Pack 4, Service Pack 5, or Servi

Chapter 13: Setting Up Logging and Notification184 WatchGuard Firebox SystemScheduling log reportsYou can use the WSEP application to schedule the aut

Customizing Logging and Notification by Service or OptionUser Guide 185Setting a Firebox friendly name for log filesYou can give the Firebox a friendl

Chapter 13: Setting Up Logging and Notification186 WatchGuard Firebox SystemCategoryThe event types that can be logged by the service or option. This

Customizing Logging and Notification by Service or OptionUser Guide 187 NOTEWatchGuard allows only one notification type per event.Setting Launch Int

Chapter 13: Setting Up Logging and Notification188 WatchGuard Firebox SystemThe repeat count multiplied by the launch interval equals the amount of ti

Customizing Logging and Notification by Service or OptionUser Guide 1892 Click Logging.3 Modify logging and notification properties according to your

Chapter 13: Setting Up Logging and Notification190 WatchGuard Firebox System

User Guide 191CHAPTER 14 Reviewing and Working with Log FilesLog files are a valuable tool for monitoring your network, identifying potential attacks,

Chapter 14: Reviewing and Working with Log Files192 WatchGuard Firebox SystemThe log file to which the WSEP is currently writing records can be named

Viewing Files with LogViewerUser Guide 193Searching for specific entriesLogViewer has a search tool to enable you to find specific transactions quickl

WatchGuard OptionsUser Guide 5.WatchGuard OptionsThe WatchGuard Firebox System is enhanced by optional features designed to accommodate the needs of d

Chapter 14: Reviewing and Working with Log Files194 WatchGuard Firebox SystemCopying log data1 Select the log entries you want to copy.Use the SHIFT k

Displaying and Hiding FieldsUser Guide 195Displaying and Hiding FieldsThe following figure shows an example of the type of display you normally see in

Chapter 14: Reviewing and Working with Log Files196 WatchGuard Firebox SystemTimeThe time the record entered the log file. Default = ShowThe Firebox r

Working with Log FilesUser Guide 197IP header lengthLength, in octets, of the IP header for this packet. A header length that is not equal to 20 indic

Chapter 14: Reviewing and Working with Log Files198 WatchGuard Firebox System• Right-click the WSEP icon (shown at right) in the Windows system tray a

Working with Log FilesUser Guide 199log rollover” on page 183. However, you may occasionally want to force the rollover of a log file.• From the WSEP

Chapter 14: Reviewing and Working with Log Files200 WatchGuard Firebox SystemSending logs to a log host at another locationBecause they are encrypted

Working with Log FilesUser Guide 2015 Save the new configuration to the remote office Firebox. On the log host:You must use the same log encryption ke

Chapter 14: Reviewing and Working with Log Files202 WatchGuard Firebox System

User Guide 203CHAPTER 15 Generating Reports of Network ActivityAccounting for Internet usage can be a challenging network administration task. One of

Chapter 1: Introduction6 WatchGuard Firebox SystemVPN Manager is bundled with the WFS software, but it is available for use only if you enable the VPN

Chapter 15: Generating Reports of Network Activity204 WatchGuard Firebox SystemCreating and Editing ReportsTo start Historical Reports, from Control C

Specifying a Report Time SpanUser Guide 205Editing an existing report At any time, you can modify the properties of an existing report. From Historica

Chapter 15: Generating Reports of Network Activity206 WatchGuard Firebox SystemSpecifying Report SectionsUse the Sections tab on the Report Properties

Setting Report PropertiesUser Guide 207Setting Report PropertiesReports contain either Summary sections or Detail sections. Each can be presented in d

Chapter 15: Generating Reports of Network Activity208 WatchGuard Firebox Systeminclude the name and time of the report. Each report is filed in one of

Using Report FiltersUser Guide 209 NOTEWatchGuard HTTP proxy logging must be turned on to supply WebTrends the logging information required for its r

Chapter 15: Generating Reports of Network Activity210 WatchGuard Firebox SystemHostFilter a report based on host IP address.PortFilter a report based

Scheduling and Running ReportsUser Guide 211Deleting a report filterTo remove a filter from the list of available filters, highlight the filter. Click

Chapter 15: Generating Reports of Network Activity212 WatchGuard Firebox System6 Click OK.Manually running a reportAt any time, you can run one or mor

Report Sections and Consolidated SectionsUser Guide 213Time Summary – Packet FilteredA table, and optionally a graph, of all accepted connections dist

About this GuideUser Guide 7SpamScreen is bundled with the WFS software, but it is available for use only if you enable the SpamScreen checkbox when i

Chapter 15: Generating Reports of Network Activity214 WatchGuard Firebox SystemSession Summary – Proxied TrafficA table, and optionally a graph, of th

Report Sections and Consolidated SectionsUser Guide 215Denied Incoming Packet DetailA list of denied incoming packets, sorted by time. The fields are

Chapter 15: Generating Reports of Network Activity216 WatchGuard Firebox SystemService SummaryA table, and optionally a graph, of traffic for all serv

User Guide 217CHAPTER 16 Controlling Web Site AccessWebBlocker is a feature of the WatchGuard Firebox System that works in conjunction with the HTTP

Chapter 16: Controlling Web Site Access218 WatchGuard Firebox SystemWFS under high load conditions, consider installing the WebBlocker server on a ded

Getting Started with WebBlockerUser Guide 219• Install or remove the server• Start or stop the serverTo run the WebBlocker utility, select Start =>

Chapter 16: Controlling Web Site Access220 WatchGuard Firebox System Configuring the WebBlocker ServiceWebBlocker is a built-in feature of several ser

Configuring the WebBlocker ServiceUser Guide 2214 Next to the WebBlocker Servers box, click Add.5 In the dialog box that appears, type the IP address

Chapter 16: Controlling Web Site Access222 WatchGuard Firebox SystemRequest for URL www.badsite.com denied by WebBlocker: host blocked for violence/pr

Configuring the WebBlocker ServiceUser Guide 223Setting privilegesWebBlocker differentiates URLs based on their content. Select the types of content a

Chapter 1: Introduction8 WatchGuard Firebox System• Code, messages, and file names appear in monospace font; for example: .wgl and .idx files• In comm

Chapter 16: Controlling Web Site Access224 WatchGuard Firebox System NOTEYou cannot use WebBlocker exceptions to make an internal host exempt from We

Managing the WebBlocker ServerUser Guide 2256 To remove an item from either the Allow or the Deny list, select the address. Click the corresponding Re

Chapter 16: Controlling Web Site Access226 WatchGuard Firebox Systemprocess called WebDBdownload.bat, which appears in your WatchGuard directory under

Automating WebBlocker Database DownloadsUser Guide 227If the message “cannot find Windows Update Files on this computer” appears, open Internet Explor

Chapter 16: Controlling Web Site Access228 WatchGuard Firebox System

User Guide 229CHAPTER 17 Connecting with Out-of-Band ManagementThe WatchGuard Firebox System out-of-band (OOB) management feature enables the Manageme

Chapter 17: Connecting with Out-of-Band Management230 WatchGuard Firebox SystemEnabling the Management StationFor a dial-up PPP connection to work bet

Enabling the Management StationUser Guide 231Configure the dial-up connection1 From the Desktop, click My Network Places => Network and Dial-up Con

Chapter 17: Connecting with Out-of-Band Management232 WatchGuard Firebox System2 Click Next. Select Connect to the network at my workplace. Click Next

Establishing an OOB ConnectionUser Guide 233can pass. After the connection is established, you can use Control Center and by specifying the dial-up PP

User Guide 9CHAPTER 2 Service and SupportNo Internet security solution is complete without systematic updates and security intelligence. From the late

Chapter 17: Connecting with Out-of-Band Management234 WatchGuard Firebox System

User Guide 227APPENDIX A Troubleshooting Firebox ConnectivityThis chapter provides four ways of connecting to your Firebox should you lose connectivit

Appendix A: Troubleshooting Firebox Connectivity228 WatchGuard Firebox System2 Connect one end of the crossover cable to the Optional Interface and th

Method 2: The Flash Disk Management UtilityUser Guide 22910 When the Firebox Flash Disk dialog box appears, as shown in the following figure, select t

Appendix A: Troubleshooting Firebox Connectivity230 WatchGuard Firebox Systemsame network as the configuration file, preferably the Trusted network, s

Method 3: Using the Reset Button - Firebox Models 500, 700, 1000, 2500, 4500User Guide 231configuration passphrase. Use the address you used as the te

Appendix A: Troubleshooting Firebox Connectivity232 WatchGuard Firebox System4 Open a DOS prompt, and ping the Firebox with 192.168.253.1. You should

Method 4: Serial Dongle (Firebox II only)User Guide 2333 Take out one end of the serial cable from the Firebox to break the loop effect.4 On the Manag

Appendix A: Troubleshooting Firebox Connectivity234 WatchGuard Firebox System

User Guide 235Index.cfg files 43.ftr files 210.idx files 192.rep files 205.wgl files 192.wts files 2091-1 Mapping dialog box 901-to-1 NAT. See NAT, 1-

Chapter 2: Service and Support10 WatchGuard Firebox SystemThreat alerts and expert adviceAfter a new threat is identified, you’ll receive a LiveSecuri

236 WatchGuard Firebox Systemand Firebox interfaces 150and IDS applications 147auto-block duration 152auto-blocked 150blocking with service settings 1

User Guide 237setting up 59DHCP Server dialog box 59DHCP Subnet Properties dialog box 60DHCP support on External interface 31, 36, 54dialog boxes1-1 M

238 WatchGuard Firebox SystemExternal interfacedescribed26dynamic addressing on 54external network 26, 43Ffailover 6failover logging 174FAQs 7, 13, 77

User Guide 239viewing uptime and version 162Flash Disk management tool 229FTPand Optional network43and security policy 94FTP proxyand NAT91configuring

240 WatchGuard Firebox Systementering 38in example network 23netmask 69of authentication servers 163of Firebox interfaces 52of log hosts 163typing 74W

User Guide 241synchronizing NT log hosts 178logging and notificationconfiguring Firebox for174customizing by blocking option 185customizing by service

242 WatchGuard Firebox Systemdescribed 81setting for a service 88typically used for 81types of 81types supported by proxies 91NAT Setup dialog box 83,

User Guide 243status 37tips for creating 48permanently blocked sites 150ping command for source of deny messages 72Policy Manageras view of configurat

244 WatchGuard Firebox Systemproxy summary 213reasons for generating 203running manually 212scheduling 211sections in 206, 212service summary 213sessi

User Guide 245rsh 154setting logging and notification for 188setting static NAT for 88viewing number of connections by 161wg_ 105X Font service 154X W

LiveSecurity® BroadcastsUser Guide 11Threat ResponseAfter a newly discovered threat is identified, the Rapid Response Team transmits an update specifi

246 WatchGuard Firebox Systemviewing status of 69Uunconnected network addresses 150user authentication. See authenticationusers, viewing in HostWatch

User Guide 247and Firebox System requirements 4local and global groups 135preparing Management Station for out-of-band management230running log host o

Chapter 2: Service and Support12 WatchGuard Firebox SystemTo activate the LiveSecurity Service through the Web:1 Be sure that you have the LiveSecurit

LiveSecurity® Self Help ToolsUser Guide 13 NOTEYou must register for LiveSecurity Service before you can access the online support services.Advanced

User Guide iii Hudson ([email protected]).© 1995-1998 Eric Young ([email protected]) All rights reserved. This package is an SSL implementation writte

Chapter 2: Service and Support14 WatchGuard Firebox SystemTo access the online support services:1 From your Web browser, go to http://www.watchguard.c

Online HelpUser Guide 15called Help. In addition, a “live,” continually updated version of Online Help is available at:http://help.watchguard.com/lss/

Chapter 2: Service and Support16 WatchGuard Firebox SystemHelp directory from the WatchGuard installation directory on the Management Station. It is i

Product DocumentationUser Guide 17Product DocumentationWatchGuard products are fully documented on our Web site at:http://help.watchguard.com/document

Chapter 2: Service and Support18 WatchGuard Firebox SystemWeb Contacthttp://www.watchguard.com/supportResponse TimeFour (4) business hours maximum tar

Training and CertificationUser Guide 19VPN Installation ServicesWatchGuard Remote VPN Installation Services are designed to provide you with comprehen

Chapter 2: Service and Support20 WatchGuard Firebox System

User Guide 21CHAPTER 3 Getting StartedThe WatchGuard Firebox System acts as a barrier between your networks and the public Internet, protecting them f

Chapter 3: Getting Started22 WatchGuard Firebox SystemBefore installing the WatchGuard Firebox System, check the package contents to make sure you hav

Gathering Network InformationUser Guide 23Network addressesOne good way to set up your network is to create two worksheets: the first worksheet repres

iv WatchGuard Firebox SystemTORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIB

Chapter 3: Getting Started24 WatchGuard Firebox SystemAn example of a network before the Firebox is installed appears in the following figure. In this

Selecting a Firewall Configuration ModeUser Guide 25In the example, the secondary network represents the local LAN. Because the Trusted Interface is b

Chapter 3: Getting Started26 WatchGuard Firebox SystemExternal InterfaceConnects to the external network (typically the Internet) that presents the se

Selecting a Firewall Configuration ModeUser Guide 27Characteristics of a routed configuration:• All interfaces of the Firebox must be on different net

Chapter 3: Getting Started28 WatchGuard Firebox SystemCharacteristics of a drop-in configuration:• A single network that is not subdivided into smalle

Selecting a Firewall Configuration ModeUser Guide 29Choosing a Firebox configurationThe decision between routed and drop-in mode is based on your curr

Chapter 3: Getting Started30 WatchGuard Firebox SystemWhen you add a secondary network, you map an IP address from the secondary network to the IP add

Selecting a Firewall Configuration ModeUser Guide 31Dynamic IP support on the External interfaceIf you are supporting dynamic IP addressing, you must

Chapter 3: Getting Started32 WatchGuard Firebox SystemSetting Up the Management StationThe Management Station runs the Control Center software, which

Cabling the FireboxUser Guide 33more information on the WebBlocker databasem see Chapter 16, “Controlling Web Site Access.” Software encryption level

User Guide v1. Ownership and License. The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties, as well as other inte

Chapter 3: Getting Started34 WatchGuard Firebox System• Plug the power cord into the Firebox power input and into a power source.

Running the QuickSetup WizardUser Guide 35Using TCP/IPRefer to Firebox Rear Panel image on the previous page.• Use the red (crossover) cable to connec

Chapter 3: Getting Started36 WatchGuard Firebox SystemManager, use wizard.cfg as the base file to which you make changes. For more information on chan

Running the QuickSetup WizardUser Guide 37Enter the Firebox Default Gateway(Not applicable if using DHCP or PPPoE on the External interface.) Enter th

Chapter 3: Getting Started38 WatchGuard Firebox SystemYou can remove the blue serial cable from the Management Station and Firebox after the QuickSetu

Deploying the Firebox into Your NetworkUser Guide 39Deploying the Firebox into Your NetworkCongratulations! You have completed the installation of you

Chapter 3: Getting Started40 WatchGuard Firebox Systemaddition to the ones listed in the previous section, are HTTP (Internet service) and SMTP (email

User Guide 41CHAPTER 4 Firebox Basics This chapter describes the basic tasks you perform to set up and maintain a Firebox:• Opening a configuration fi

Chapter 4: Firebox Basics42 WatchGuard Firebox System NOTEThere are no user-serviceable parts within the Firebox. If a user opens a Firebox case, it

Opening a Configuration FileUser Guide 43Trusted networkThe network behind the firewall that must be protected from the security challenge.External ne

vi WatchGuard Firebox SystemOBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY FOR LOSS OR DAMAGE TO, OR CAUSED BY OR CONTRIBUTED TO BY, THE SOFTWARE PRODU

Chapter 4: Firebox Basics44 WatchGuard Firebox SystemOpening a configuration from the Firebox1 Select File => Open => Firebox.The Firebox drop l

Saving a Configuration FileUser Guide 45Saving a Configuration FileAfter making changes to a configuration file, you can either save it directly to th

Chapter 4: Firebox Basics46 WatchGuard Firebox System5 Enable the checkbox marked Save To Firebox. If you want to make a backup of the current image,

Resetting Firebox PassphrasesUser Guide 477 If you are making a backup, in the Backup Image field, enter the path where you want to save the backup of

Chapter 4: Firebox Basics48 WatchGuard Firebox System3 Use the Firebox drop list to select a Firebox or enter the Firebox IP address. Enter the config

Setting the Time ZoneUser Guide 49Setting the Time ZoneThe Firebox time zone determines the date and time stamp that appear on logs and that are displ

Chapter 4: Firebox Basics50 WatchGuard Firebox System

User Guide 51CHAPTER 5 Using Policy Manager to Configure Your Network Normally, you incorporate the Firebox into your network when you run the QuickSe

Chapter 5: Using Policy Manager to Configure Your Network52 WatchGuard Firebox SystemStarting a New Configuration FileTo start a new configuration fil

Setting IP Addresses of Firebox InterfacesUser Guide 53Setting addresses in drop-in modeIf you are using drop-in mode, all interfaces use the same IP

User Guide viiContents CHAPTER 1 Introduction ... 1Welcome to WatchGuard® ...

Chapter 5: Using Policy Manager to Configure Your Network54 WatchGuard Firebox SystemSetting addresses in routed modeIf you are using routed mode, the

Setting DHCP or PPPoE Support on the External InterfaceUser Guide 55 2 Configure the properties in the dialog box. For a description of each control,

Chapter 5: Using Policy Manager to Configure Your Network56 WatchGuard Firebox SystemConfiguring Drop-in ModeIf you selected drop-in mode, you can set

Adding Secondary NetworksUser Guide 57Adding Secondary NetworksYour configuration may require that you add secondary networks to any of the Firebox in

Chapter 5: Using Policy Manager to Configure Your Network58 WatchGuard Firebox SystemEntering WINS and DNS Server AddressesSeveral advanced features o

Defining a Firebox as a DHCP ServerUser Guide 59Defining a Firebox as a DHCP ServerDynamic Host Configuration Protocol (DHCP) is an Internet protocol

Chapter 5: Using Policy Manager to Configure Your Network60 WatchGuard Firebox SystemAdding a new subnetTo make available (private) IP addresses acces

Adding Basic Services to Policy ManagerUser Guide 61Removing a subnetYou can remove an existing subnet; however, you should be aware that doing so can

Chapter 5: Using Policy Manager to Configure Your Network62 WatchGuard Firebox SystemIf you need more detailed information on how to add services, see

Configuring RoutesUser Guide 633 Click the Net option.4 Enter the network IP address.5 In the Gateway text box, enter the IP address of the router.Be

viii WatchGuard Firebox SystemActivating the LiveSecurity® Service ... 11LiveSecurity® Self Help Tools ...

Chapter 5: Using Policy Manager to Configure Your Network64 WatchGuard Firebox System

User Guide 65CHAPTER 6 Using the WatchGuard Control CenterThe WatchGuard Control Center combines access to WatchGuard Firebox System applications and

Chapter 6: Using the WatchGuard Control Center66 WatchGuard Firebox System5 Click OK.Control Center ComponentsControl Center consists of:• A QuickGuid

Control Center ComponentsUser Guide 67QuickGuideThe top part of the display just below the title bar is the QuickGuide. It contains buttons to:Open th

Chapter 6: Using the WatchGuard Control Center68 WatchGuard Firebox SystemPause the display (appears only when connected to Firebox)Connect to Firebox

Control Center ComponentsUser Guide 69Firebox and VPN tunnel statusThe section in Control Center directly below the front panel shows the current stat

Chapter 6: Using the WatchGuard Control Center70 WatchGuard Firebox System• MAC (Media Access Control) address of each interface• Number of packets se

Control Center ComponentsUser Guide 71• The amount of data sent and received on the tunnel in both bytes and packets.• The time at which the key expir

Chapter 6: Using the WatchGuard Control Center72 WatchGuard Firebox System(WSEP) or Management Station. A red exclamation point next to a tunnel listi

Working with Control CenterUser Guide 73• To issue a traceroute command to a source or destination IP address of a deny message, right-click the messa

User Guide ixCustomizing your security policy ... 39What to expect from LiveSecurity® Service ...

Chapter 6: Using the WatchGuard Control Center74 WatchGuard Firebox SystemOpen the WatchGuard Security Event Processor interface. (See “Opening the WS

Working with Control CenterUser Guide 75Changing the polling rateYou can change the interval of time (in seconds) at which Control Center polls the Fi

Chapter 6: Using the WatchGuard Control Center76 WatchGuard Firebox System4 To change the color, click the arrow next to Text Color. Click one of the

Manipulating Traffic MonitorUser Guide 77Home PageSelect to bring up the WatchGuard home page at:http://www.watchguard.comProduct SupportSelect to bri

Chapter 6: Using the WatchGuard Control Center78 WatchGuard Firebox SystemMaximizeDouble-click the Traffic Monitor title bar to maximize the window.

Using Control Center ApplicationsUser Guide 79Launching Firebox MonitorsFirebox Monitors combines an extensive set of WatchGuard monitoring tools into

Chapter 6: Using the WatchGuard Control Center80 WatchGuard Firebox SystemOpening the WSEP user interfaceThe WatchGuard Security Event Processor (WSEP

User Guide 81CHAPTER 7 Configuring Network Address TranslationNetwork address translation (NAT) protects your network by hiding its internal structure

Chapter 7: Configuring Network Address Translation82 WatchGuard Firebox System1-to-1 NATThe Firebox uses private and public IP ranges that you specify

Using Simple Dynamic NATUser Guide 83 NOTEMachines making incoming requests over a VPN connection are allowed to access masqueraded hosts by their ac