WatchGuard Firebox System 7.0 User Guide
WatchGuard Firebox System 7.0 User Guide WatchGuard Firebox System 7.0 User Guide
Appendix A: Troubleshooting Firebox Connectivity2 Power-cycle the Firebox. The light sequence shouldlook like this:Armed light: SteadySys B: Steady (On some Fireboxes, the Sys B light may flicker.)(Do not be concerned with the lights on the Security TriangleDisplay indicating traffic between interfaces.)3 Take out one end of the serial cable from the Firebox tobreak the loop effect.4 On the management station, open a DOS prompt. Pingthe Firebox with a 192.168.253.1.You should get a reply.5 In Policy Manager, select File => Open =>Configuration File. Select the configuration file youwant to load onto the Firebox and load it into PolicyManager.6 In Policy Manager, select File => Save => To Firebox.When you are prompted for an IP address, use192.168.253.1 with wg as the passphrase.7 When the Firebox Flash Disk dialog box appears,select the button marked Save Configuration File andNew Flash Image.8 After the file has been restored on the Firebox, you willhave to reassign the IP address of your managementstation such that it is on the same network as thetrusted interface from the configuration file that youjust used. This will enable you to reconnect to theFirebox with the trusted IP address that is listed in theconfiguration file and your status passphrase.278 WatchGuard Firebox System
IndexSymbols.cfg files 49.ftr files 244.idx files 222.rep files 238.wgl files 222.wts files 242Numerics1-1 Mapping dialog box 1111-to-1 NAT. See NAT, 1-to-1Aactive connections on Firebox,viewing 97ActiveX applets 154Add Address dialog box 109, 126, 163Add Exception dialog box 105, 111Add External IP Address dialogbox 109Add External IP dialog box 108Add Firebox Group dialog box 169Add IP Address dialog box 204Add Member dialog box 126, 164Add Port dialog box 121Add Route dialog box 70, 71Add Static NAT dialog box 109address space probes, blocking 180Advanced dialog box 61, 62Advanced NAT Settings dialogbox 105, 111aliasesadding 163deleting 164described 161, 162dvcp_local_nets 163dvcp_nets 163external 163firebox 163host 162modifying 164optional 163trusted 163Aliases dialog box 163anonymous FTP 115Any service, precedence 130ARP cache, flushing 83ARP table, viewing 95attacks, spoofing. See spoofingattacks.attacks, types of 177AUTH types for ESMTP 139authenticationCRYPTOCard server 173defining groups for 167described 161, 165for VPNs, viewing 79from External interface 165from outside Firebox 165Java applet for 165specifying server type 167viewing types used 90authentication serversCRYPTOCard 174network location for 166RADIUS 171SecurID on RADIUS server 175types 166viewing IP addresses of 90Windows NT 170Authentication Servers dialogbox 168, 170, 172, 174, 175auto-block duration, changing 187BBandwidth Meter tab 87bandwidth usage, viewing 87Berkeley Internet Name Domain(BIND) 155blocked portsauto-blocking sites that attempt touse 192avoiding problems with legitimateusers 191default 189described 188logging activity 192permanent 191reasons for 188setting logging and notificationfor 219User Guide 279
- Page 249 and 250: Displaying and Hiding Fieldsthen co
- Page 251 and 252: Working with Log Filescurrent log f
- Page 253 and 254: Working with Log Files5 Stop and re
- Page 255 and 256: Working with Log Filesappear until
- Page 257 and 258: CHAPTER 14Generating Reportsof Netw
- Page 259 and 260: Creating and Editing Reports2 Enter
- Page 261 and 262: Specifying Report Sections3 From th
- Page 263 and 264: Exporting ReportsSetting a Firebox
- Page 265 and 266: Using Report Filtersdrive:\WatchGua
- Page 267 and 268: Scheduling and Running ReportsDelet
- Page 269 and 270: Report Sections and Consolidated Se
- Page 271 and 272: Report Sections and Consolidated Se
- Page 273 and 274: Report Sections and Consolidated Se
- Page 275 and 276: CHAPTER 15 Controlling Web SiteAcce
- Page 277 and 278: Getting Started with WebBlockerYou
- Page 279 and 280: Configuring the WebBlocker Service3
- Page 281 and 282: Configuring the WebBlocker ServiceF
- Page 283 and 284: Configuring the WebBlocker ServiceF
- Page 285 and 286: Automating WebBlocker Database Down
- Page 287 and 288: CHAPTER 16Connecting with Outof-Ban
- Page 289 and 290: Enabling the Management StationInst
- Page 291 and 292: Configuring the Firebox for OOBConf
- Page 293 and 294: APPENDIX ATroubleshootingFirebox Co
- Page 295 and 296: Method 1: Ethernet Dongle Method7 O
- Page 297 and 298: Method 2: The Flash Disk Management
- Page 299: Method 4: Serial Dongle (Firebox II
- Page 303 and 304: default lease time for 67described
- Page 305 and 306: viewing active connections on 97vie
- Page 307 and 308: log rollover 212loggingarchitecture
- Page 309 and 310: Pestablishing connection 269install
- Page 311 and 312: and FTP 115, 149and HTTP 115and POP
- Page 313 and 314: and wg_dvcp service 127described 5V
IndexSymbols.cfg files 49.ftr files 244.idx files 222.rep files 238.wgl files 222.wts files 242Numerics1-1 Mapping dialog box 1111-to-1 NAT. See NAT, 1-to-1Aactive connections on <strong>Firebox</strong>,viewing 97ActiveX applets 154Add Address dialog box 109, 126, 163Add Exception dialog box 105, 111Add External IP Address dialogbox 109Add External IP dialog box 108Add <strong>Firebox</strong> Group dialog box 169Add IP Address dialog box 204Add Member dialog box 126, 164Add Port dialog box 121Add Route dialog box 70, 71Add Static NAT dialog box 109address space probes, blocking 180Advanced dialog box 61, 62Advanced NAT Settings dialogbox 105, 111aliasesadding 163deleting 164described 161, 162dvcp_local_nets 163dvcp_nets 163external 163firebox 163host 162modifying 164optional 163trusted 163Aliases dialog box 163anonymous FTP 115Any service, precedence 130ARP cache, flushing 83ARP table, viewing 95attacks, spoofing. See spoofingattacks.attacks, types of 177AUTH types for ESMTP 139authenticationCRYPTOCard server 173defining groups for 167described 161, 165for VPNs, viewing 79from External interface 165from outside <strong>Firebox</strong> 165Java applet for 165specifying server type 167viewing types used 90authentication serversCRYPTOCard 174network location for 166RADIUS 171SecurID on RADIUS server 175types 166viewing IP addresses of 90Windows NT 170Authentication Servers dialogbox 168, 170, 172, 174, 175auto-block duration, changing 187BBandwidth Meter tab 87bandwidth usage, viewing 87Berkeley Internet Name Domain(BIND) 155blocked portsauto-blocking sites that attempt touse 192avoiding problems with legitimateusers 191default 189described 188logging activity 192permanent 191reasons for 188setting logging and notificationfor 219<strong>User</strong> <strong>Guide</strong> 279