WatchGuard Firebox System 7.0 User Guide
WatchGuard Firebox System 7.0 User Guide WatchGuard Firebox System 7.0 User Guide
Chapter 8: Configuring Filtered ServicesCustom programRuns a program when the event occurs. Enter thepath of the executable file in the box provided, orbrowse to specify a path.Launch interval and repeat count work in conjunction tocontrol notification timing. For more information on thissetting, see “Setting Launch Interval and Repeat Count” onpage 217.Service PrecedencePrecedence is generally given to the most specific serviceand descends to the most general service. However, exceptionsexist. There are three different precedence groups forservices:• The “Any” service (see the Reference Guide for moreinformation about the “Any” filtered service). Thisgroup has the highest precedence.• IP and ICMP services and all TCP/UDP services thathave a port number specified. This group has thesecond highest precedence and is the largest of thethree.• “Outgoing” services that do not specify a port number(they apply to any port). This group includes OutgoingTCP, Outgoing UDP, and Proxy.“Multiservices” can contain subservices of more than oneprecedence group. “Filtered-HTTP” and “Proxied-HTTP,”for example, contain both a port-specific TCP subservicefor port 80 as well as a nonport subservice that covers allother TCP connections. When precedence is being determined,individual subservices are given precedenceaccording to their group (described previously) independentof the other subservices contained in the multiservice.Precedence is determined by group first. As shown in thefollowing diagram, services from a higher precedence130 WatchGuard Firebox System
Service Precedencegroup always have higher precedence than the services ofa lower precedence group, regardless of their individualsettings. For example, because the “Any” service is in thehighest precedence group, all incidences of the “Any” servicewill take precedence over the highest precedence Telnetservice.The precedences of services that are in the same precedencegroup are ordered from the most specific services(based on source and destination targets) to the least specificservice. The method used to sort services is based onthe specificity of targets, from most specific to least specific.User Guide 131
- Page 101 and 102: Viewing Basic Firebox Status• The
- Page 103 and 104: Monitoring Firebox TrafficSetting t
- Page 105 and 106: Performing Basic Tasks with System
- Page 107 and 108: Performing Basic Tasks with System
- Page 109 and 110: Viewing Bandwidth Usage(shown above
- Page 111 and 112: Viewing Details on Firebox Activity
- Page 113 and 114: Viewing Details on Firebox Activity
- Page 115 and 116: Viewing Details on Firebox Activity
- Page 117 and 118: Viewing Details on Firebox Activity
- Page 119 and 120: HostWatchHostWatchHostWatch is a re
- Page 121 and 122: HostWatch3 Enter the Firebox status
- Page 123 and 124: CHAPTER 7Configuring NetworkAddress
- Page 125 and 126: Using Simple Dynamic NATService-bas
- Page 127 and 128: Using Simple Dynamic NAT3 Use the T
- Page 129 and 130: Using Service-Based Dynamic NATEnab
- Page 131 and 132: Configuring a Service for Incoming
- Page 133 and 134: Using 1-to-1 NATA one-to-one mappin
- Page 135 and 136: CHAPTER 8Configuring FilteredServic
- Page 137 and 138: Selecting Services for your Securit
- Page 139 and 140: Adding and Configuring Servicesrigh
- Page 141 and 142: Adding and Configuring Services5 (O
- Page 143 and 144: Adding and Configuring Services3 In
- Page 145 and 146: Adding and Configuring Services11 C
- Page 147 and 148: Defining Service PropertiesEnabled
- Page 149 and 150: Defining Service Properties6 Click
- Page 151: Defining Service Propertiesthe serv
- Page 155 and 156: Service Precedencether down the pre
- Page 157 and 158: CHAPTER 9Configuring ProxiedService
- Page 159 and 160: Customizing Logging and Notificatio
- Page 161 and 162: Configuring an SMTP Proxy Service3
- Page 163 and 164: Configuring an SMTP Proxy Service2
- Page 165 and 166: Configuring an SMTP Proxy ServiceAd
- Page 167 and 168: Configuring an SMTP Proxy ServiceEn
- Page 169 and 170: Configuring an SMTP Proxy ServiceCo
- Page 171 and 172: Configuring an FTP Proxy Service6 S
- Page 173 and 174: Selecting an HTTP Service4 Select t
- Page 175 and 176: Selecting an HTTP Servicefrom Any t
- Page 177 and 178: Configuring the DNS Proxy ServiceGE
- Page 179 and 180: Configuring the DNS Proxy Service3
- Page 181 and 182: Configuring the DNS Proxy ServiceYo
- Page 183 and 184: CHAPTER 10Creating Aliases andImple
- Page 185 and 186: Using AliasesGroupfireboxtrustedopt
- Page 187 and 188: How User Authentication WorksHow Us
- Page 189 and 190: Defining Firebox Users and Groups f
- Page 191 and 192: Defining Firebox Users and Groups f
- Page 193 and 194: Configuring RADIUS Server Authentic
- Page 195 and 196: Configuring CRYPTOCard Server Authe
- Page 197 and 198: Configuring SecurID AuthenticationC
- Page 199 and 200: CHAPTER 11Intrusion Detectionand Pr
- Page 201 and 202: Default Packet Handlingtion. In con
Service Precedencegroup always have higher precedence than the services ofa lower precedence group, regardless of their individualsettings. For example, because the “Any” service is in thehighest precedence group, all incidences of the “Any” servicewill take precedence over the highest precedence Telnetservice.The precedences of services that are in the same precedencegroup are ordered from the most specific services(based on source and destination targets) to the least specificservice. The method used to sort services is based onthe specificity of targets, from most specific to least specific.<strong>User</strong> <strong>Guide</strong> 131