WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
Configuring the SMTP ProxyDefining content type rulesYou use the ruleset for the SMTP-Incoming proxy action to set values for incoming SMTP content filtering.You use the ruleset for the SMTP-Outgoing proxy action to set values for outgoing SMTP content filtering.1 From the Categories section, select Content Types.2 Do the steps used to create rules. For more information, see “Defining Rulesets” on page 79.Defining file name rulesYou use the ruleset for the SMTP-Incoming proxy action to put limits on file names for incoming e-mailattachments. You use the ruleset for the SMTP-Outgoing proxy action to put limits on file names for outgoinge-mail attachments.1 From the Categories section, select Filenames.2 Do the steps used to create rules. For more information, see “Defining Rules” on page 79.Configuring the Mail From and Mail To rulesThe Mail From ruleset can put limits on e-mail to allow e-mail into your network only from specifiedsenders. The default configuration is to allow e-mail from all senders.The Mail To ruleset can put limits on e-mail to allow e-mail out of your network only to specified recipients.The default configuration allows e-mail to all recipients out of your network. On an SMTP-Incomingproxy action, you can use the Mail To ruleset to prevent people from using your e-mail server for e-mailrelaying. To do this, make sure that all domains your e-mail server accepts e-mail for appear in the rulelist. Then, make sure the Action to Take if None Matched is set to Deny. Any e-mail with an addressthat does not match the listed domains is denied.You can also use the Rewrite As feature included in this rule configuration dialog box to have the Fireboxchange the From and To components of your e-mail address to a different value. This feature is alsoknown as “SMTP masquerading.”1 From the Categories section, select Mail From or Mail To.2 Do the steps used to create rules. For more information, see “Defining Rules” on page 79.Defining header rulesHeader rulesets allow you to set values for incoming or outgoing SMTP header filtering.1 From the Categories section, select Headers.2 Do the steps used to create rules. For more information, see “Defining Rules” on page 79.Defining antivirus responsesThe fields in this dialog box set the actions necessary if a virus is found in an e-mail message. It also setsactions for when an e-mail message contains an attachment that is too large or that the Firebox cannotscan.Although you can use the proxy definition screens to activate and configure Gateway AntiVirus, it is easierto use the Tasks menu in Policy Manager to do this. For more information on how to do this, or to usethe antivirus screens in the proxy definition, see the chapter “Using Signature-Based Security Services.”170 WatchGuard System Manager
Configuring the SMTP ProxyChanging the deny messageThe Firebox gives a default deny message that replaces denied content. You can replace that deny messagewith one that you write. You can write a custom deny message with standard HTML. The first line ofthe deny message is a section of the HTTP header. There must be an empty line between the first lineand the body of the message.1 From the Categories section, select Deny Message.2 Type the deny message in the deny message box. You can use these variables:%(reason)%Puts the cause for the Firebox to deny the content.%(type)%Puts the type of content that was denied.%(filename)%Puts the file name of the denied content.%(virus)%Puts the name or status of a virus, for Gateway AntiVirus users only.%(action)%Puts the name of the action taken: lock, strip, and so on.%(recovery)%Allows you to set the text to fill this sentence: “Your network administrator %(recovery)% thisattachment.Configuring the IPS (Intrusion Prevention System) for SMTPHackers use many methods to attack computers on the Internet. The function of these attacks is tocause damage to your network, get sensitive information, or use your computers to attack other networks.These attacks are known as intrusions.Although you can use the proxy definition screens to activate and configure IPS, it is easier to use theTasks menu in Policy Manager to do this. For more information on how to do this, or to use the IPSscreens in the proxy definition, see the chapter “Using Signature-Based Security Services.”Configuring spamBlockerUnwanted e-mail, also known as spam, fills the average inbox at an astonishing rate. A large volume ofspam decreases bandwidth, degrades employee productivity, and wastes network resources. TheWatchGuard® spamBlocker option increases your capacity to catch spam at the edge of your networkwhen it tries to come into your system.Although you can use the proxy definition screens to activate and configure spamBlocker, it is easier touse the Tasks menu in Policy Manager to do this. For more information on how to do this, or to use thespamBlocker screens in the proxy definition, see the chapter “Using spamBlocker.”Configuring proxy and antivirus alarms for SMTPYou can set the action the Firebox does when proxy or antivirus (AV) alarm events occur:1 From the Categories section, select Proxy and AV Alarms.User Guide 171
- Page 138 and 139: Configuring Static NAT for a Policy
- Page 140 and 141: How User Authentication Worksvent a
- Page 142 and 143: Configuring the Firebox as an Authe
- Page 144 and 145: Configuring the Firebox as an Authe
- Page 146 and 147: Configuring SecurID Authentication6
- Page 148 and 149: Configuring LDAP Authentication3 In
- Page 150 and 151: Configuring a Policy with User Auth
- Page 152 and 153: Configuring a Policy with User Auth
- Page 154 and 155: Using Default Packet Handling Optio
- Page 156 and 157: Setting Blocked Sitesconfigure the
- Page 158 and 159: Setting Blocked SitesUsing an exter
- Page 160 and 161: Blocking PortsBlocking PortsYou can
- Page 162 and 163: Blocking Ports144 WatchGuard System
- Page 164 and 165: Adding Policies• Attacks that use
- Page 166 and 167: Adding Policies4 Click Add.The New
- Page 168 and 169: Configuring Policy Properties- ESP-
- Page 170 and 171: Configuring Policy Properties2 To a
- Page 172 and 173: Configuring Policy PropertiesRepeat
- Page 174 and 175: Configuring Policy PropertiesSettin
- Page 176 and 177: Setting Policy Precedence2 Traffic
- Page 178 and 179: Setting Policy Precedence160 WatchG
- Page 180 and 181: Defining RulesThe fields you use fo
- Page 182 and 183: Customizing Logging and Notificatio
- Page 184 and 185: Configuring the SMTP ProxyConfiguri
- Page 186 and 187: Configuring the SMTP Proxyand 8-bit
- Page 190 and 191: Configuring the FTP Proxy2 For info
- Page 192 and 193: Configuring the HTTP ProxyConfiguri
- Page 194 and 195: Configuring the HTTP ProxyBrowsers
- Page 196 and 197: Configuring the HTTP ProxyThis rule
- Page 198 and 199: Configuring the DNS ProxyConfigurin
- Page 200 and 201: Configuring the DNS ProxyAdding a n
- Page 202 and 203: Configuring the TCP Proxy184 WatchG
- Page 204 and 205: Creating and Editing ReportsStartin
- Page 206 and 207: Setting Report Properties“yesterd
- Page 208 and 209: Exporting ReportsSetting report pro
- Page 210 and 211: Using Report FiltersExcludeTo make
- Page 212 and 213: Report Sections and Consolidated Se
- Page 214 and 215: Report Sections and Consolidated Se
- Page 216 and 217: WatchGuard Management Server Passph
- Page 218 and 219: Changing the Management Server Conf
- Page 220 and 221: Configuring the Certificate Authori
- Page 222 and 223: Backing up or Restoring the Managem
- Page 224 and 225: Moving the WatchGuard Management Se
- Page 226 and 227: Managing Devices with the Managemen
- Page 228 and 229: Managing Devices with the Managemen
- Page 230 and 231: Managing Devices with the Managemen
- Page 232 and 233: Adding Devices to the Management Se
- Page 234 and 235: Using the Device Management Page17
- Page 236 and 237: Using the Device Management PageCon
Configuring the SMTP ProxyDefining content type rulesYou use the ruleset for the SMTP-Incoming proxy action to set values for incoming SMTP content filtering.You use the ruleset for the SMTP-Outgoing proxy action to set values for outgoing SMTP content filtering.1 From the Categories section, select Content Types.2 Do the steps used to create rules. For more information, see “Defining Rulesets” on page 79.Defining file name rulesYou use the ruleset for the SMTP-Incoming proxy action to put limits on file names for incoming e-mailattachments. You use the ruleset for the SMTP-Outgoing proxy action to put limits on file names for outgoinge-mail attachments.1 From the Categories section, select Filenames.2 Do the steps used to create rules. For more information, see “Defining Rules” on page 79.Configuring the Mail From and Mail To rulesThe Mail From ruleset can put limits on e-mail to allow e-mail into your network only from specifiedsenders. The default configuration is to allow e-mail from all senders.The Mail To ruleset can put limits on e-mail to allow e-mail out of your network only to specified recipients.The default configuration allows e-mail to all recipients out of your network. On an SMTP-Incomingproxy action, you can use the Mail To ruleset to prevent people from using your e-mail server for e-mailrelaying. To do this, make sure that all domains your e-mail server accepts e-mail for appear in the rulelist. Then, make sure the Action to Take if None Matched is set to Deny. Any e-mail with an addressthat does not match the listed domains is denied.You can also use the Rewrite As feature included in this rule configuration dialog box to have the Fireboxchange the From and To components of your e-mail address to a different value. This feature is alsoknown as “SMTP masquerading.”1 From the Categories section, select Mail From or Mail To.2 Do the steps used to create rules. For more information, see “Defining Rules” on page 79.Defining header rulesHeader rulesets allow you to set values for incoming or outgoing SMTP header filtering.1 From the Categories section, select Headers.2 Do the steps used to create rules. For more information, see “Defining Rules” on page 79.Defining antivirus responsesThe fields in this dialog box set the actions necessary if a virus is found in an e-mail message. It also setsactions for when an e-mail message contains an attachment that is too large or that the Firebox cannotscan.Although you can use the proxy definition screens to activate and configure Gateway AntiVirus, it is easierto use the Tasks menu in Policy Manager to do this. For more information on how to do this, or to usethe antivirus screens in the proxy definition, see the chapter “Using Signature-Based Security Services.”170 <strong>WatchGuard</strong> System Manager