WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
Configuring Static NAT for a Policy4 Click NAT.The Add Static NAT dialog box appears.5 From the External IP Address drop-down list, select the public IP address to use for this service.6 Type the internal IP address.The internal IP address is the destination on the trusted or optional network.7 If necessary, select the Set internal port to different port than this policy check box. This enablesport address translation (PAT).You usually do not use this feature. It enables you to change the packet destination not only to a specified internalhost but also to a different port. If you select this check box, type the different port number or use the arrow buttonsin the Internal Port box.8 Click OK to close the Add Static NAT dialog box.The static NAT route appears in the Members and Addresses list.9 Click OK to close the Add Address dialog box. Click OK to close the Properties dialog box of theservice.120 WatchGuard System Manager
CHAPTER 10Implementing AuthenticationUser authentication allows user names to be associated with connections through the Firebox. Whenyou use user authentication, a Firebox administrator can see user names and IP addresses when theymonitor connections through the Firebox. Without authentication, you see only the IP address of eachconnection. With authentication, a user can log in to the network from any computer, but see only theinformation for which they are authorized. All the connections that the user starts from that IP addressalso transmit the session name while the user is authenticated.The Firebox allows you to create policies that include groups and user names. As a result, the policy isapplied to any computer a person uses to log in. Monitor by user name:• If you use Dynamic Host Configuration Protocol (DHCP). DHCP can cause the IP address of acomputer to change.• If many different users can use the same IP address in a day, such as in a university or computerlab environment.In these cases, authentication gives you more information about the employee actions.How User Authentication WorksAn HTTPS server operates on the Firebox® to accept authentication requests. To authenticate, a usermust connect to the authentication web page on the Firebox. The address is:https://IP address of a Firebox interface:4100/orhttps://Host name of the Firebox:4100An authentication web form appears. The user must type their user name and password. The Fireboxsends the name and password to the authentication server using PAP (Password Authentication Protocol).When the user is authenticated, the user is then allowed to use the approved network resources.The user is authenticated for some time after they close their last authenticated connection. Thisauthentication time-out is set by the Firebox administrator in Policy Manager > Setup > Global Settings.To close an authenticated session before the authentication time-out occurs, a user can click Logout onthe Authentication web page. If the page is closed, the user must open it again to disconnect. To pre-User Guide 121
- Page 88 and 89: Opening a Configuration Fileto a se
- Page 90 and 91: About Firebox Backup ImagesSaving a
- Page 92 and 93: Working with AliasesAlias names are
- Page 94 and 95: Using Global SettingsEnable TOS for
- Page 96 and 97: Managing a Firebox from a Remote Lo
- Page 98 and 99: Managing a Firebox from a Remote Lo
- Page 100 and 101: Setting Up the Log ServerSetting Up
- Page 102 and 103: Setting up the Firebox for a Design
- Page 104 and 105: Setting Global Logging and Notifica
- Page 106 and 107: Setting Global Logging and Notifica
- Page 108 and 109: Types of Log MessagesTypes of Log M
- Page 110 and 111: LogViewer SettingsLogViewer Setting
- Page 112 and 113: Using LogViewerSearching in LogView
- Page 114 and 115: Using LogViewerTo convert a log fil
- Page 116 and 117: Changing Firebox Interface IP Addre
- Page 118 and 119: Changing Firebox Interface IP Addre
- Page 120 and 121: About Multiple WAN Support3 Under H
- Page 122 and 123: About Multiple WAN SupportConfiguri
- Page 124 and 125: Adding Secondary NetworksIf your Fi
- Page 126 and 127: Configuring Dynamic DNSMake sure th
- Page 128 and 129: Configuring RoutesFor more informat
- Page 130 and 131: Configuring Related Hostsfor that I
- Page 132 and 133: Using Dynamic NATUsing Dynamic NATD
- Page 134 and 135: Using 1-to-1 NAT4 Click OK. Save th
- Page 136 and 137: Using 1-to-1 NATa VPN tunnel is con
- Page 140 and 141: How User Authentication Worksvent a
- Page 142 and 143: Configuring the Firebox as an Authe
- Page 144 and 145: Configuring the Firebox as an Authe
- Page 146 and 147: Configuring SecurID Authentication6
- Page 148 and 149: Configuring LDAP Authentication3 In
- Page 150 and 151: Configuring a Policy with User Auth
- Page 152 and 153: Configuring a Policy with User Auth
- Page 154 and 155: Using Default Packet Handling Optio
- Page 156 and 157: Setting Blocked Sitesconfigure the
- Page 158 and 159: Setting Blocked SitesUsing an exter
- Page 160 and 161: Blocking PortsBlocking PortsYou can
- Page 162 and 163: Blocking Ports144 WatchGuard System
- Page 164 and 165: Adding Policies• Attacks that use
- Page 166 and 167: Adding Policies4 Click Add.The New
- Page 168 and 169: Configuring Policy Properties- ESP-
- Page 170 and 171: Configuring Policy Properties2 To a
- Page 172 and 173: Configuring Policy PropertiesRepeat
- Page 174 and 175: Configuring Policy PropertiesSettin
- Page 176 and 177: Setting Policy Precedence2 Traffic
- Page 178 and 179: Setting Policy Precedence160 WatchG
- Page 180 and 181: Defining RulesThe fields you use fo
- Page 182 and 183: Customizing Logging and Notificatio
- Page 184 and 185: Configuring the SMTP ProxyConfiguri
- Page 186 and 187: Configuring the SMTP Proxyand 8-bit
CHAPTER 10Implementing Authentication<strong>User</strong> authentication allows user names to be associated with connections through the Firebox. Whenyou use user authentication, a Firebox administrator can see user names and IP addresses when theymonitor connections through the Firebox. Without authentication, you see only the IP address of eachconnection. With authentication, a user can log in to the network from any computer, but see only theinformation for which they are authorized. All the connections that the user starts from that IP addressalso transmit the session name while the user is authenticated.The Firebox allows you to create policies that include groups and user names. As a result, the policy isapplied to any computer a person uses to log in. Monitor by user name:• If you use Dynamic Host Configuration Protocol (DHCP). DHCP can cause the IP address of acomputer to change.• If many different users can use the same IP address in a day, such as in a university or computerlab environment.In these cases, authentication gives you more information about the employee actions.How <strong>User</strong> Authentication WorksAn HTTPS server operates on the Firebox® to accept authentication requests. To authenticate, a usermust connect to the authentication web page on the Firebox. The address is:https://IP address of a Firebox interface:4100/orhttps://Host name of the Firebox:4100An authentication web form appears. The user must type their user name and password. The Fireboxsends the name and password to the authentication server using PAP (Password Authentication Protocol).When the user is authenticated, the user is then allowed to use the approved network resources.The user is authenticated for some time after they close their last authenticated connection. Thisauthentication time-out is set by the Firebox administrator in Policy Manager > Setup > Global Settings.To close an authenticated session before the authentication time-out occurs, a user can click Logout onthe Authentication web page. If the page is closed, the user must open it again to disconnect. To pre-<strong>User</strong> <strong>Guide</strong> 121