WatchGuard Firebox System 7.0 User Guide
WatchGuard Firebox System 7.0 User Guide WatchGuard Firebox System 7.0 User Guide
Chapter 3: Getting StartedCharacteristics of a routed configuration:• All interfaces of the Firebox must be on differentnetworks. The minimum setup involves the externaland trusted interfaces.• The trusted and optional interfaces must be onseparate networks and all machines behind the trustedand optional interfaces must be configured with an IPaddress from that network.The benefit of a routed configuration is that the networksare well defined and easier to manage, especially regardingVPNs.Drop-in configurationIn a drop-in configuration, the Firebox is put in place withthe same network address on all Firebox interfaces. Allthree Firebox interfaces must be configured. Because thisconfiguration mode distributes the network’s logical30 WatchGuard Firebox System
Selecting a Firewall Configuration Modeaddress space across the Firebox interfaces, you can “drop”the Firebox between the router and the LAN withoutreconfiguring any local machines. Public servers behindthe Firebox use public addresses, and traffic is routedthrough the Firebox with no network address translation.Characteristics of a drop-in configuration:• A single network that is not subdivided into smallernetworks or subnetted.• The Firebox performs proxy ARP, a technique in whichone host answers Address Resolution Protocol requestsfor machines behind that Firebox that cannot hear thebroadcasts. The trusted interface ARP address replacesthe router’s ARP address.• The Firebox can be placed in a network withoutchanging default gateways on the trusted hosts. This isbecause the Firebox answers for the router, eventhough the router cannot hear the trusted host’s ARPrequests.User Guide 31
- Page 1: WatchGuard ®Firebox ® SystemUser
- Page 7 and 8: somewhere reasonably visible in you
- Page 9 and 10: (B) Use any backup or archival copy
- Page 11 and 12: 8.Miscellaneous Provisions. This AG
- Page 13 and 14: ContentsCHAPTER 1 Introduction ....
- Page 15 and 16: Testing the connection ............
- Page 17 and 18: Controlling the HostWatch display .
- Page 19 and 20: Detecting Man-in-the-Middle Attacks
- Page 21 and 22: Deleting a report .................
- Page 23 and 24: CHAPTER 1IntroductionWelcome to Wat
- Page 25 and 26: Minimum RequirementsHistorical Repo
- Page 27 and 28: .WatchGuard OptionsHardwarefeatureC
- Page 29 and 30: About this Guideallowed to enter yo
- Page 31 and 32: CHAPTER 2Service and SupportNo Inte
- Page 33 and 34: LiveSecurity® Broadcastsdivided in
- Page 35 and 36: LiveSecurity® Self Help Tools3 Com
- Page 37 and 38: WatchGuard Users GroupGuard Technic
- Page 39 and 40: Online Helpto display a list of top
- Page 41 and 42: Assisted Supportto assist you in ma
- Page 43 and 44: Training and Certificationto speed
- Page 45 and 46: CHAPTER 3Getting StartedThe WatchGu
- Page 47 and 48: Gathering Network InformationNetwor
- Page 49 and 50: .Gathering Network InformationThe f
- Page 51: Selecting a Firewall Configuration
- Page 55 and 56: Selecting a Firewall Configuration
- Page 57 and 58: Selecting a Firewall Configuration
- Page 59 and 60: Setting Up the Management Station4
- Page 61 and 62: Cabling the FireboxUser Guide 39
- Page 63 and 64: Running the QuickSetup WizardProvid
- Page 65 and 66: Entering IP addressesRunning the Qu
- Page 67 and 68: What’s Nextservices, in addition
- Page 69 and 70: CHAPTER 4Firebox BasicsThis chapter
- Page 71 and 72: Opening a Configuration FileTrusted
- Page 73 and 74: Saving a Configuration File3 From t
- Page 75 and 76: Resetting Firebox Passphrasesenter
- Page 77 and 78: Setting the Time Zone2 Select the m
- Page 79 and 80: CHAPTER 5Using PolicyManager toConf
- Page 81 and 82: Setting IP Addresses of Firebox Int
- Page 83 and 84: Setting DHCP or PPPoE Support on th
- Page 85 and 86: Defining External IP Aliases2 Confi
- Page 87 and 88: Entering WINS and DNS Server Addres
- Page 89 and 90: Defining a Firebox as a DHCP Server
- Page 91 and 92: Adding Basic Services to Policy Man
- Page 93 and 94: Configuring Routes3 Click the Net o
- Page 95 and 96: CHAPTER 6Managing andMonitoring the
- Page 97 and 98: Viewing Basic Firebox StatusThe top
- Page 99 and 100: Viewing Basic Firebox Statusbut the
- Page 101 and 102: Viewing Basic Firebox Status• The
Selecting a Firewall Configuration Modeaddress space across the <strong>Firebox</strong> interfaces, you can “drop”the <strong>Firebox</strong> between the router and the LAN withoutreconfiguring any local machines. Public servers behindthe <strong>Firebox</strong> use public addresses, and traffic is routedthrough the <strong>Firebox</strong> with no network address translation.Characteristics of a drop-in configuration:• A single network that is not subdivided into smallernetworks or subnetted.• The <strong>Firebox</strong> performs proxy ARP, a technique in whichone host answers Address Resolution Protocol requestsfor machines behind that <strong>Firebox</strong> that cannot hear thebroadcasts. The trusted interface ARP address replacesthe router’s ARP address.• The <strong>Firebox</strong> can be placed in a network withoutchanging default gateways on the trusted hosts. This isbecause the <strong>Firebox</strong> answers for the router, eventhough the router cannot hear the trusted host’s ARPrequests.<strong>User</strong> <strong>Guide</strong> 31