WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
Activating Intrusion Prevention (IPS)Updating GAV signatures or the GAV engine manuallyGateway AntiVirus can be configured to update signatures and the GAV engine automatically. You canalso update signatures or the GAV engine manually. If the signatures or engine on the Firebox are notcurrent, you are not protected from the latest viruses and attacks. To update the services manually:1 Start Firebox System Manager.2 Click the Security Services tab.Security service status appears.3 Click Update for the service you want to update. You must type your configuration passphrase.The Firebox downloads the most recent available signature update or the most recent available engine for GatewayAntiVirus. You see information about the update in Traffic Monitor.If no updates are available, the Update button is not active.Updating the antivirus softwareBecause there are new types of attacks all the time, you must regularly update your antivirus software.When it is necessary, WatchGuard releases updates to the antivirus database and to the antivirus software.When we release an update, you get an e-mail message from LiveSecurity. You have access to allupdates while your Gateway AntiVirus subscription is active.To download software updates, log in to your LiveSecurity® account at:www.watchguard.com/supportActivating Intrusion Prevention (IPS)Hackers use many methods to attack computers on the Internet. The function of these attacks is tocause damage to your network, get sensitive information, or use your computers to attack other networks.These attacks are known as intrusions.You use Intrusion Prevention Service to find and stop attacks with the WatchGuard proxies. The Firebox®Intrusion Prevention Service examines DNS, FTP, HTTP, and SMTP traffic. It uses the TCP proxy to scanother TCP-based traffic.Before you use IPS in a proxy policy, you must run the Activate Intrusion Prevention wizard to activatethe feature and create a basic configuration. To do this:1 From WatchGuard System Manager, select the Firebox that will use IPS.2 Select Tools > Policy Manager.You can also click the Policy Manager icon on the WatchGuard System Manager toolbar.314 WatchGuard System Manager
Activating Intrusion Prevention (IPS)3 From Policy Manager, select Tasks > Intrusion Prevention > Activate.The Activate Intrusion Prevention wizard starts.4 Click Next.5 Click through the wizard and add the information it asks for. The wizard shows different screensdepending on if you already have proxy policies in your configuration. I f you do not, the wizardhelps you create a proxy policy. You can then use the wizard again to configure IPS, or see theinstructions in the subsequent section. The screens are:Select proxy policies to enableThis screen shows a list of proxy policies that are already defined on your Firebox. From the list,select the proxy policies you want to enable IPS for. Any policies that have IPS already enabled aregrayed out.Create new proxy policiesThis screen shows the proxy types whose corresponding policies do not currently exist. If, forexample, you have already created an SMTP policy, it does not appear in the list.To create a policy, select the corresponding check box. If you select SMTP, enter the mail server IPaddress. This wizard creates a default SMTP policy, which is a static NAT policy. To create this defaultSMTP policy, you must have at least one external interface with a static IP address or PPPoE. Onlyone policy is created even if you have more than one external interface. The To field of the policy isa static NAT entry (the static IP address of the first external interface to the specified mail service IPaddress). If this default policy does not meet your requirements, you can create an SMTP policy inPolicy Manager before you run this wizard.Select Advanced Intrusion Prevention settings (HTTP and TCP only)If you use the wizard to add an HTTP or TCP policy, you can select protection against InstantMessaging (IM), Peer-to-Peer (P2P), and Spyware.User Guide 315
- Page 282 and 283: Using the Firebox X Edge Management
- Page 284 and 285: Using the Firebox SOHO 6 Management
- Page 286 and 287: Creating and Applying Edge Configur
- Page 288 and 289: Creating and Applying Edge Configur
- Page 290 and 291: Creating and Applying Edge Configur
- Page 292 and 293: Managing Firebox X Edge Network Set
- Page 294 and 295: Using AliasesNaming aliases on the
- Page 296 and 297: Using Aliases3 Click Aliases.The al
- Page 298 and 299: Configuring WINS and DNS Servers•
- Page 300 and 301: Adding New Users to the PPTP_Users
- Page 302 and 303: Preparing the Client Computers- To:
- Page 304 and 305: Creating and Connecting a PPTP RUVP
- Page 306 and 307: Creating and Connecting a PPTP RUVP
- Page 308 and 309: Getting Started with WebBlocker4 In
- Page 310 and 311: Activating WebBlocker4 Click Next.5
- Page 312 and 313: Configuring WebBlocker2 Select the
- Page 314 and 315: Configuring WebBlocker3 Click the A
- Page 316 and 317: Scheduling a WebBlocker Action298 W
- Page 318 and 319: Installing the Software Licensespam
- Page 320 and 321: Activating spamBlocker3 From Policy
- Page 322 and 323: Creating Rules for Bulk and Suspect
- Page 324 and 325: Customizing spamBlocker Using Multi
- Page 326 and 327: Installing the Software LicensesIns
- Page 328 and 329: Configuring Gateway AntiVirusConfig
- Page 330 and 331: Configuring Gateway AntiVirus2 To s
- Page 334 and 335: Configuring Intrusion PreventionCon
- Page 336 and 337: Configuring Intrusion Prevention2 S
- Page 338 and 339: Configuring Intrusion PreventionCon
- Page 340 and 341: Getting Intrusion Prevention Servic
- Page 342 and 343: Creating QoS Actionsmanagement syst
- Page 344 and 345: Dynamic RoutingDynamic RoutingA rou
- Page 346 and 347: Using RIPSection Command Descriptio
- Page 348 and 349: Using RIP2 In the New Policy Proper
- Page 350 and 351: Using OSPF2 In the New Policy Prope
- Page 352 and 353: Using OSPFSection Command Descripti
- Page 354 and 355: Using OSPF4 Click Import to import
- Page 356 and 357: Using BGPRegion Registry Name Web S
- Page 358 and 359: Using BGPConfiguring Fireware Pro t
- Page 360 and 361: Using BGP342 WatchGuard System Mana
- Page 362 and 363: Selecting a Primary High Availabili
- Page 364 and 365: Configuring HA for Firebox X (non e
- Page 366 and 367: Upgrading Software in an HA Configu
- Page 368 and 369: (B) To use the SOFTWARE PRODUCT on
- Page 370 and 371: RENEWAL/UPGRADE REQUEST WILL NOT BE
- Page 372 and 373: conditions of use by WatchGuard of
- Page 374 and 375: LicensesDATA, OR PROFITS; OR BUSINE
- Page 376 and 377: Licenses"Derivative Works" shall me
- Page 378 and 379: LicensesANY DIRECT, INDIRECT, INCID
- Page 380 and 381: Licenses2. You may modify your copy
Activating Intrusion Prevention (IPS)Updating GAV signatures or the GAV engine manuallyGateway AntiVirus can be configured to update signatures and the GAV engine automatically. You canalso update signatures or the GAV engine manually. If the signatures or engine on the Firebox are notcurrent, you are not protected from the latest viruses and attacks. To update the services manually:1 Start Firebox System Manager.2 Click the Security Services tab.Security service status appears.3 Click Update for the service you want to update. You must type your configuration passphrase.The Firebox downloads the most recent available signature update or the most recent available engine for GatewayAntiVirus. You see information about the update in Traffic Monitor.If no updates are available, the Update button is not active.Updating the antivirus softwareBecause there are new types of attacks all the time, you must regularly update your antivirus software.When it is necessary, <strong>WatchGuard</strong> releases updates to the antivirus database and to the antivirus software.When we release an update, you get an e-mail message from LiveSecurity. You have access to allupdates while your Gateway AntiVirus subscription is active.To download software updates, log in to your LiveSecurity® account at:www.watchguard.com/supportActivating Intrusion Prevention (IPS)Hackers use many methods to attack computers on the Internet. The function of these attacks is tocause damage to your network, get sensitive information, or use your computers to attack other networks.These attacks are known as intrusions.You use Intrusion Prevention Service to find and stop attacks with the <strong>WatchGuard</strong> proxies. The Firebox®Intrusion Prevention Service examines DNS, FTP, HTTP, and SMTP traffic. It uses the TCP proxy to scanother TCP-based traffic.Before you use IPS in a proxy policy, you must run the Activate Intrusion Prevention wizard to activatethe feature and create a basic configuration. To do this:1 From <strong>WatchGuard</strong> System Manager, select the Firebox that will use IPS.2 Select Tools > Policy Manager.You can also click the Policy Manager icon on the <strong>WatchGuard</strong> System Manager toolbar.314 <strong>WatchGuard</strong> System Manager