WatchGuard Firebox System 7.0 User Guide
WatchGuard Firebox System 7.0 User Guide WatchGuard Firebox System 7.0 User Guide
Chapter 15: Controlling Web Site AccessInstalling the WebBlocker serverYou install the WebBlocker server when you first run thesetup program for the WatchGuard Firebox System, asdescribed in “Setting Up the Management Station” onpage 36. By default, the setup program installs the Web-Blocker server on the same server as the WatchGuard SecurityEvent Processor. However, to preserve performance ifyou are running WFS under high load conditions, considerinstalling the WebBlocker server on a dedicated server runningWindows NT 4.0. or Windows 2000.To install the WebBlocker server on a dedicated platform,rerun the setup program on the dedicated server and–onthe Select Components screen–unselect all componentsexcept the WebBlocker server.You must start the WebBlocker server for WebBlockerrequests from the Firebox to be processed.Downloading the database usingWebBlocker UtilityAfter you install the WebBlocker server, you are askedwhether you want to run the WebBlocker utility. Click Yes.The WebBlocker Utility dialog box appears, as shown inthe following figure. Select Download Database to downloadthe current database.NOTEThe WebBlocker database is over 60 MB in size and maytake 30 minutes or more to download.254 WatchGuard Firebox System
Getting Started with WebBlockerYou can run the WebBlocker utility at any time to:• Download a new version of the database.• View the current database status• Upload the database• View the current WebBlocker server status• Install or remove the server• Start or stop the serverTo run the WebBlocker utility, select Start => Programs =>WatchGuard => WebBlocker Utility.Configuring the WatchGuard service iconBecause WebBlocker relies on copying updated versions ofthe WebBlocker database to the event processor, you mustconfigure the WatchGuard service setting Allow Outgoingto Any. It is possible to narrow this setting and use the IPaddress of webblocker.watchguard.com. However, thisaddress may change without notice.Add an HTTP serviceTo use WebBlocker, add the Proxied-HTTP, Proxy, or HTTPservice. WatchGuard recommends using Proxied-HTTP,which provides filtering on all ports. (HTTP without theProxy service manages only port 80.) WebBlocker takesprecedence over other settings in the HTTP or Proxy ser-User Guide 255
- Page 225 and 226: WatchGuard Logging Architecturehost
- Page 227 and 228: Designating Log Hosts for a Firebox
- Page 229 and 230: Setting up the WatchGuard Security
- Page 231 and 232: Setting up the WatchGuard Security
- Page 233 and 234: Setting Global Logging and Notifica
- Page 235 and 236: Setting Global Logging and Notifica
- Page 237 and 238: Customizing Logging and Notificatio
- Page 239 and 240: Customizing Logging and Notificatio
- Page 241 and 242: Customizing Logging and Notificatio
- Page 243 and 244: CHAPTER 13Reviewing andWorking with
- Page 245 and 246: Viewing Files with LogViewer2 Brows
- Page 247 and 248: Displaying and Hiding FieldsCopying
- Page 249 and 250: Displaying and Hiding Fieldsthen co
- Page 251 and 252: Working with Log Filescurrent log f
- Page 253 and 254: Working with Log Files5 Stop and re
- Page 255 and 256: Working with Log Filesappear until
- Page 257 and 258: CHAPTER 14Generating Reportsof Netw
- Page 259 and 260: Creating and Editing Reports2 Enter
- Page 261 and 262: Specifying Report Sections3 From th
- Page 263 and 264: Exporting ReportsSetting a Firebox
- Page 265 and 266: Using Report Filtersdrive:\WatchGua
- Page 267 and 268: Scheduling and Running ReportsDelet
- Page 269 and 270: Report Sections and Consolidated Se
- Page 271 and 272: Report Sections and Consolidated Se
- Page 273 and 274: Report Sections and Consolidated Se
- Page 275: CHAPTER 15 Controlling Web SiteAcce
- Page 279 and 280: Configuring the WebBlocker Service3
- Page 281 and 282: Configuring the WebBlocker ServiceF
- Page 283 and 284: Configuring the WebBlocker ServiceF
- Page 285 and 286: Automating WebBlocker Database Down
- Page 287 and 288: CHAPTER 16Connecting with Outof-Ban
- Page 289 and 290: Enabling the Management StationInst
- Page 291 and 292: Configuring the Firebox for OOBConf
- Page 293 and 294: APPENDIX ATroubleshootingFirebox Co
- Page 295 and 296: Method 1: Ethernet Dongle Method7 O
- Page 297 and 298: Method 2: The Flash Disk Management
- Page 299 and 300: Method 4: Serial Dongle (Firebox II
- Page 301 and 302: IndexSymbols.cfg files 49.ftr files
- Page 303 and 304: default lease time for 67described
- Page 305 and 306: viewing active connections on 97vie
- Page 307 and 308: log rollover 212loggingarchitecture
- Page 309 and 310: Pestablishing connection 269install
- Page 311 and 312: and FTP 115, 149and HTTP 115and POP
- Page 313 and 314: and wg_dvcp service 127described 5V
Chapter 15: Controlling Web Site AccessInstalling the WebBlocker serverYou install the WebBlocker server when you first run thesetup program for the <strong>WatchGuard</strong> <strong>Firebox</strong> <strong>System</strong>, asdescribed in “Setting Up the Management Station” onpage 36. By default, the setup program installs the Web-Blocker server on the same server as the <strong>WatchGuard</strong> SecurityEvent Processor. However, to preserve performance ifyou are running WFS under high load conditions, considerinstalling the WebBlocker server on a dedicated server runningWindows NT 4.0. or Windows 2000.To install the WebBlocker server on a dedicated platform,rerun the setup program on the dedicated server and–onthe Select Components screen–unselect all componentsexcept the WebBlocker server.You must start the WebBlocker server for WebBlockerrequests from the <strong>Firebox</strong> to be processed.Downloading the database usingWebBlocker UtilityAfter you install the WebBlocker server, you are askedwhether you want to run the WebBlocker utility. Click Yes.The WebBlocker Utility dialog box appears, as shown inthe following figure. Select Download Database to downloadthe current database.NOTEThe WebBlocker database is over 60 MB in size and maytake 30 minutes or more to download.254 <strong>WatchGuard</strong> <strong>Firebox</strong> <strong>System</strong>