WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
Monitoring VPNsAdding a Firebox VPN tunnelThe tunnels section of the Firebox management page shows all tunnels for which the device is an endpoint.You can also add a VPN tunnel in this section.1 On the Firebox management page, find the VPN Tunnels section.2 Click Add to add a new VPN tunnel.The Add VPN Wizard starts. Follow the prompts in the wizard to configure the VPN.Monitoring VPNsManually configured VPNs are shown in the Device Status tab for each Firebox®. Managed VPNs thatare created automatically on a Management Server appear on the Device Management tab.VPN policies that you create manually with Policy Manager are not shown on the Device Managementtab.220 WatchGuard System Manager
CHAPTER 17Managing Certificates and theCertificate AuthorityWhen you create a VPN tunnel, you can select from two types of tunnel authentication: shared secrets orcertificates. Shared secrets are an authentication method used to create trust between computers in aVPN. A shared secret is used with a passphrase. Certificates usually give more security than sharedsecrets during the authentication procedure.A certificate is an electronic document that contains a public key. A Certificate Authority (CA) is a trustedthird party that gives certificates to clients. In WatchGuard® System Manager, the workstation that isconfigured as the Management Server also operates as a CA. The CA can give certificates to managedFirebox® clients when they contact the Management Server to receive configuration updates.Certificate Authorities are a component of a system of key creation, key management and certificationwith the name Public Key Infrastructure (PKI). The PKI supplies certificate and directory services that cancreate, supply, keep, and when necessary revoke the certificates.Public Key Cryptography and Digital CertificatesPublic key cryptography is a central component of a PKI. This cryptographic system includes two mathematicallyrelated keys, known as an asymmetric key pair. The user keeps one key, the private key, secret.The user can supply the other key, known as the public key, to other users.The keys in the key pair go together. Only the owner of the private key can decrypt data encrypted withthe public key. Any person with the public key can decrypt data encrypted with the private key.Certificates are used to make sure public keys are valid. Certificates contain a digital signature createdwith the public key of a CA certificate. To make sure a certificate is legitimate, you can get the CA publickey. You can compute the digital signature of the certificate and compare it to the digital signature inthe certificate itself. If the signatures match, the key is legitimate.Certificates have a lifetime that is set when they are created. But certificates are occasionally revokedbefore the end date and time that was set for their lifetime. The CA keeps an online, current list ofrevoked certificates. This list is the certificate revocation list (CRL).User Guide 221
- Page 188 and 189: Configuring the SMTP ProxyDefining
- Page 190 and 191: Configuring the FTP Proxy2 For info
- Page 192 and 193: Configuring the HTTP ProxyConfiguri
- Page 194 and 195: Configuring the HTTP ProxyBrowsers
- Page 196 and 197: Configuring the HTTP ProxyThis rule
- Page 198 and 199: Configuring the DNS ProxyConfigurin
- Page 200 and 201: Configuring the DNS ProxyAdding a n
- Page 202 and 203: Configuring the TCP Proxy184 WatchG
- Page 204 and 205: Creating and Editing ReportsStartin
- Page 206 and 207: Setting Report Properties“yesterd
- Page 208 and 209: Exporting ReportsSetting report pro
- Page 210 and 211: Using Report FiltersExcludeTo make
- Page 212 and 213: Report Sections and Consolidated Se
- Page 214 and 215: Report Sections and Consolidated Se
- Page 216 and 217: WatchGuard Management Server Passph
- Page 218 and 219: Changing the Management Server Conf
- Page 220 and 221: Configuring the Certificate Authori
- Page 222 and 223: Backing up or Restoring the Managem
- Page 224 and 225: Moving the WatchGuard Management Se
- Page 226 and 227: Managing Devices with the Managemen
- Page 228 and 229: Managing Devices with the Managemen
- Page 230 and 231: Managing Devices with the Managemen
- Page 232 and 233: Adding Devices to the Management Se
- Page 234 and 235: Using the Device Management Page17
- Page 236 and 237: Using the Device Management PageCon
- Page 240 and 241: PKI in a WatchGuard VPNPKI in a Wat
- Page 242 and 243: Managing the Certificate Authority2
- Page 244 and 245: Tunneling ProtocolsVirtual private
- Page 246 and 247: IP Addressingsecurity of the networ
- Page 248 and 249: Network TopologyThis topology is th
- Page 250 and 251: WatchGuard VPN SolutionsSplit tunne
- Page 252 and 253: VPN Scenarios• You make tunnels b
- Page 254 and 255: VPN ScenariosSmall Company Using Ex
- Page 256 and 257: Adding VPN Resourcesapplies a VPN r
- Page 258 and 259: Making Tunnels Between Devices3 To
- Page 260 and 261: Removing Tunnels and Devices2 Expan
- Page 262 and 263: Configuring a GatewayTo configure t
- Page 264 and 265: Making a Manual Tunnel18 When you c
- Page 266 and 267: Making a Manual Tunnel7 From the Ty
- Page 268 and 269: Making a Tunnel Policy2 Make the ch
- Page 270 and 271: Setting up Outgoing Dynamic NAT thr
- Page 272 and 273: Working with Devices on a Managemen
- Page 274 and 275: Working with Devices on a Managemen
- Page 276 and 277: Working with Devices on a Managemen
- Page 278 and 279: Scheduling Firebox X Edge Firmware
- Page 280 and 281: Using the Firebox X Edge Management
- Page 282 and 283: Using the Firebox X Edge Management
- Page 284 and 285: Using the Firebox SOHO 6 Management
- Page 286 and 287: Creating and Applying Edge Configur
Monitoring VPNsAdding a Firebox VPN tunnelThe tunnels section of the Firebox management page shows all tunnels for which the device is an endpoint.You can also add a VPN tunnel in this section.1 On the Firebox management page, find the VPN Tunnels section.2 Click Add to add a new VPN tunnel.The Add VPN Wizard starts. Follow the prompts in the wizard to configure the VPN.Monitoring VPNsManually configured VPNs are shown in the Device Status tab for each Firebox®. Managed VPNs thatare created automatically on a Management Server appear on the Device Management tab.VPN policies that you create manually with Policy Manager are not shown on the Device Managementtab.220 <strong>WatchGuard</strong> System Manager