WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
Configuring WebBlocker2 Select the policy you want to configure and click Configure.The WebBlocker Configuration dialog box for that policy appears.The WebBlocker Configuration dialog box includes tabs to configure servers, categories, exceptions,and advanced settings.Adding new serversYou can add more than one WebBlocker Server so the Firebox® can fail over to a backup server if it cannotconnect to the primary server. The first server in the list is the primary server. You cannot add morethan five WebBlocker Servers to a configuration.1 To add a server, click the plus sign (+).The Add WebBlocker Server dialog box appears.2 Next to Server IP, type the IP address of the WebBlocker Server. Type the port number.Selecting categories to blockWhen you used the Activate WebBlocker wizard, you selected categories of web sites you want to block.You can use this dialog box to make changes to your original configuration. Select the check box adjacentto the categories of web sites you want to block. To read a description of the category, click on it.The description appears in the box at the bottom of the screen. If you want to block access to web sitesthat match any category, select Deny All Categories.NoteTo stop users from going to anonymizer web sites to try to avoid WebBlocker, select to block the RemoteProxies category in WebBlocker.294 WatchGuard System Manager
Configuring WebBlockerDefining WebBlocker exceptionsYou can override a WebBlocker action with an exception. You can add a web site that is allowed ordenied as an exception to the WebBlocker categories. The web sites you add apply only to HTTP traffic.They are not added to the Blocked Sites list.The exceptions are based on URL patterns, not IP addresses. You can have the Firebox block an URL withan exact match. Usually, it is more convenient to have the Firebox look for URL patterns. The URL patternsdo not include the leading "http://". To match a URL path on all web sites, the pattern must have aleading “/*”.The host in the URL can be the host name specified in the HTTP request, or the IP address of the server.Network addresses are not supported at this time, though you can use subnets in a pattern (for example,10.0.0.*).For servers on port 80, do not include the port. For servers on ports other than 80, add “ :port”, for example:10.0.0.1:8080. You can also use a wildcard for the port—for example,10.0.0.1:*—but this does notapply to port 80.You can create WebBlocker exceptions with the use of any part of a URL. You can set a port number, pathname, or string that must be blocked for a special web site. For example, if it is necessary to block onlywww.sharedspace.com/~dave because it has inappropriate photographs, you type “www.sharedspace.com/~dave/*”.This gives the users the ability to browse to www.sharedspace.com/~julia, whichcould contain content you want your users to see.To block URLs that contain the word “sex” in the path, you can type “*/*sex*”. To block URLs that contain“sex” in the path or the host name, type “*sex*”.You can block ports in an URL. For example, look at the URL http://www.hackerz.com/warez/index.html:8080. This URL has the browser use the HTTP protocol on TCP port 8080 instead of thedefault method that uses TCP 80. You can block the port by matching *8080.1 To create exceptions to the WebBlocker categories, click the Exceptions tab.2 Click the “+” sign to add a new exception rule.User Guide 295
- Page 262 and 263: Configuring a GatewayTo configure t
- Page 264 and 265: Making a Manual Tunnel18 When you c
- Page 266 and 267: Making a Manual Tunnel7 From the Ty
- Page 268 and 269: Making a Tunnel Policy2 Make the ch
- Page 270 and 271: Setting up Outgoing Dynamic NAT thr
- Page 272 and 273: Working with Devices on a Managemen
- Page 274 and 275: Working with Devices on a Managemen
- Page 276 and 277: Working with Devices on a Managemen
- Page 278 and 279: Scheduling Firebox X Edge Firmware
- Page 280 and 281: Using the Firebox X Edge Management
- Page 282 and 283: Using the Firebox X Edge Management
- Page 284 and 285: Using the Firebox SOHO 6 Management
- Page 286 and 287: Creating and Applying Edge Configur
- Page 288 and 289: Creating and Applying Edge Configur
- Page 290 and 291: Creating and Applying Edge Configur
- Page 292 and 293: Managing Firebox X Edge Network Set
- Page 294 and 295: Using AliasesNaming aliases on the
- Page 296 and 297: Using Aliases3 Click Aliases.The al
- Page 298 and 299: Configuring WINS and DNS Servers•
- Page 300 and 301: Adding New Users to the PPTP_Users
- Page 302 and 303: Preparing the Client Computers- To:
- Page 304 and 305: Creating and Connecting a PPTP RUVP
- Page 306 and 307: Creating and Connecting a PPTP RUVP
- Page 308 and 309: Getting Started with WebBlocker4 In
- Page 310 and 311: Activating WebBlocker4 Click Next.5
- Page 314 and 315: Configuring WebBlocker3 Click the A
- Page 316 and 317: Scheduling a WebBlocker Action298 W
- Page 318 and 319: Installing the Software Licensespam
- Page 320 and 321: Activating spamBlocker3 From Policy
- Page 322 and 323: Creating Rules for Bulk and Suspect
- Page 324 and 325: Customizing spamBlocker Using Multi
- Page 326 and 327: Installing the Software LicensesIns
- Page 328 and 329: Configuring Gateway AntiVirusConfig
- Page 330 and 331: Configuring Gateway AntiVirus2 To s
- Page 332 and 333: Activating Intrusion Prevention (IP
- Page 334 and 335: Configuring Intrusion PreventionCon
- Page 336 and 337: Configuring Intrusion Prevention2 S
- Page 338 and 339: Configuring Intrusion PreventionCon
- Page 340 and 341: Getting Intrusion Prevention Servic
- Page 342 and 343: Creating QoS Actionsmanagement syst
- Page 344 and 345: Dynamic RoutingDynamic RoutingA rou
- Page 346 and 347: Using RIPSection Command Descriptio
- Page 348 and 349: Using RIP2 In the New Policy Proper
- Page 350 and 351: Using OSPF2 In the New Policy Prope
- Page 352 and 353: Using OSPFSection Command Descripti
- Page 354 and 355: Using OSPF4 Click Import to import
- Page 356 and 357: Using BGPRegion Registry Name Web S
- Page 358 and 359: Using BGPConfiguring Fireware Pro t
- Page 360 and 361: Using BGP342 WatchGuard System Mana
Configuring WebBlocker2 Select the policy you want to configure and click Configure.The WebBlocker Configuration dialog box for that policy appears.The WebBlocker Configuration dialog box includes tabs to configure servers, categories, exceptions,and advanced settings.Adding new serversYou can add more than one WebBlocker Server so the Firebox® can fail over to a backup server if it cannotconnect to the primary server. The first server in the list is the primary server. You cannot add morethan five WebBlocker Servers to a configuration.1 To add a server, click the plus sign (+).The Add WebBlocker Server dialog box appears.2 Next to Server IP, type the IP address of the WebBlocker Server. Type the port number.Selecting categories to blockWhen you used the Activate WebBlocker wizard, you selected categories of web sites you want to block.You can use this dialog box to make changes to your original configuration. Select the check box adjacentto the categories of web sites you want to block. To read a description of the category, click on it.The description appears in the box at the bottom of the screen. If you want to block access to web sitesthat match any category, select Deny All Categories.NoteTo stop users from going to anonymizer web sites to try to avoid WebBlocker, select to block the RemoteProxies category in WebBlocker.294 <strong>WatchGuard</strong> System Manager