WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
Packet Filter Policies• Port Number(s): TCP 37, UDP 37traceroutetraceroute is a software application that creates maps of networks. It is used for network troubleshooting,network route troubleshooting, and finding the Internet service provider of a site. The WatchGuardtraceroute policy controls UNIX-based, UDP-style traceroute only. For a DOS-based or Windows-basedtraceroute packet filter, use the ping policy (see “ping” on page 42).traceroute uses ICMP and UDP packets to create paths across networks. It uses the UDP TTL field to sendback packets from each router and computer between a source and a destination. If you allowtraceroute incoming to a network, this can enable a hacker to create a map of your private network. But,outgoing traceroute is good for troubleshooting.Characteristics• Internet Protocol(s): UDP• Port Number(s): 33401-65535UUCPUnix-to-Unix Copy (UUCP) is a Unix tool and protocol that enables one computer to send files to anothercomputer. This tool is not used frequently, as users more often use FTP, SMTP, and NNTP to transfer files.Characteristics• Internet Protocol(s): TCP• Port Number(s): 540WAISWide Area Information Services (WAIS) is a protocol you can use to find documents on the Internet.Thinking Machines Incorporated first developed WAIS. Some web sites use WAIS to look for searchableindices, but it is not used frequently.WAIS is created on the ANSI Z39.50 search protocol, and the words Z39.50 and WAIS refer to the sametechnology.Characteristics• Internet Protocol(s): TCP• Port Number(s): 210, but servers can be (and frequently are) configured on other ports, much likeHTTP serversWinFrameCitrix ICA is a protocol used by Citrix for its software applications, which includes the Winframe product.Winframe gives access to Windows from different types of clients. Citrix uses TCP port 1494 for its ICAprotocol. Citrix MPS 3.0 uses Session Reliability by default. This changes the ICA protocol to use TCP2598. If you use Citrix MPS, you must add a policy for TCP port 2598.396 WatchGuard System Manager
Packet Filter PoliciesA WinFrame policy could put your network security at risk because it allows traffic through the firewallwithout authentication. In addition, your Winframe server can receive denial-of-service attacks. We recommendthat you use VPN options to give more security for ICA connections. You can use all of theusual log options with WinFrame.Characteristics• Internet Protocol(s): TCP• Port Number(s): 1494WG-AuthThe WatchGuard® Authentication policy allows users to authenticate to the Firebox.Characteristics• Internet Protocol(s): TCP• Port Number(s): 4100WG-Firebox-MgmtThe WatchGuard Firebox Management policy allows configuration and monitoring connections to bemade to the Firebox. We recommend that you allow this policy only to the management station. Thepolicy is usually set up on the trusted interface.Characteristics• Internet Protocol(s): TCP• Port Number(s): 4103, 4105, 4117, 4118WG-LoggingThe WatchGuard Logging policy is necessary only if a second Firebox must get access to a log host onthe trusted interface of a Firebox. If there is only one Firebox, this policy is not necessary.Characteristics• Internet Protocol(s): TCP• Port Number(s): 4107, 4115WG-Mgmt-ServerWhen you use the WatchGuard Management Server Setup wizard to configure a Management Server,the wizard automatically adds this policy to the gateway Firebox. It controls incoming connections tothe Management Server.Characteristics• Internet Protocol(s): TCP• Port Number(s): 4110, 4112, 4113User Guide 397
- Page 364 and 365: Configuring HA for Firebox X (non e
- Page 366 and 367: Upgrading Software in an HA Configu
- Page 368 and 369: (B) To use the SOFTWARE PRODUCT on
- Page 370 and 371: RENEWAL/UPGRADE REQUEST WILL NOT BE
- Page 372 and 373: conditions of use by WatchGuard of
- Page 374 and 375: LicensesDATA, OR PROFITS; OR BUSINE
- Page 376 and 377: Licenses"Derivative Works" shall me
- Page 378 and 379: LicensesANY DIRECT, INDIRECT, INCID
- Page 380 and 381: Licenses2. You may modify your copy
- Page 382 and 383: Licenses8. You may not copy, modify
- Page 384 and 385: LicensesYou may charge a fee for th
- Page 386 and 387: LicensesINCLUDING, BUT NOT LIMITED
- Page 388 and 389: Licenses1.2. "Compilation" means a
- Page 390 and 391: LicensesTHE VRT CERTIFIED RULES AND
- Page 392 and 393: LicensesNoteAll other trademarks or
- Page 394 and 395: Default File LocationsFile TypeHelp
- Page 396 and 397: Default File Locations378 WatchGuar
- Page 398 and 399: Packet Filter PoliciesAOLThe Americ
- Page 400 and 401: Packet Filter PoliciesCharacteristi
- Page 402 and 403: Packet Filter PoliciesCharacteristi
- Page 404 and 405: Packet Filter PoliciesIRCInternet R
- Page 406 and 407: Packet Filter PoliciesCharacteristi
- Page 408 and 409: Packet Filter PoliciesPPTPPPTP is a
- Page 410 and 411: Packet Filter PoliciesSecurIDRSA Se
- Page 412 and 413: Packet Filter PoliciesCharacteristi
- Page 416 and 417: Packet Filter PoliciesWG-SmallOffic
- Page 418 and 419: Proxied Policiesmessages to flow fr
- Page 420 and 421: about SYN flood setting 137address
- Page 422 and 423: Domain Name System. See DNSDon’t
- Page 424 and 425: selecting for tunnel 247Gateways di
- Page 426 and 427: icon on toolbar for 4installing on
- Page 428 and 429: Perfect Forward Secrecy 248Performa
- Page 430 and 431: Secondary Networks dialog box 107Se
- Page 432: Wand strong passwords 227and WatchG
Packet Filter Policies• Port Number(s): TCP 37, UDP 37traceroutetraceroute is a software application that creates maps of networks. It is used for network troubleshooting,network route troubleshooting, and finding the Internet service provider of a site. The <strong>WatchGuard</strong>traceroute policy controls UNIX-based, UDP-style traceroute only. For a DOS-based or Windows-basedtraceroute packet filter, use the ping policy (see “ping” on page 42).traceroute uses ICMP and UDP packets to create paths across networks. It uses the UDP TTL field to sendback packets from each router and computer between a source and a destination. If you allowtraceroute incoming to a network, this can enable a hacker to create a map of your private network. But,outgoing traceroute is good for troubleshooting.Characteristics• Internet Protocol(s): UDP• Port Number(s): 33401-65535UUCPUnix-to-Unix Copy (UUCP) is a Unix tool and protocol that enables one computer to send files to anothercomputer. This tool is not used frequently, as users more often use FTP, SMTP, and NNTP to transfer files.Characteristics• Internet Protocol(s): TCP• Port Number(s): 540WAISWide Area Information Services (WAIS) is a protocol you can use to find documents on the Internet.Thinking Machines Incorporated first developed WAIS. Some web sites use WAIS to look for searchableindices, but it is not used frequently.WAIS is created on the ANSI Z39.50 search protocol, and the words Z39.50 and WAIS refer to the sametechnology.Characteristics• Internet Protocol(s): TCP• Port Number(s): 210, but servers can be (and frequently are) configured on other ports, much likeHTTP serversWinFrameCitrix ICA is a protocol used by Citrix for its software applications, which includes the Winframe product.Winframe gives access to Windows from different types of clients. Citrix uses TCP port 1494 for its ICAprotocol. Citrix MPS 3.0 uses Session Reliability by default. This changes the ICA protocol to use TCP2598. If you use Citrix MPS, you must add a policy for TCP port 2598.396 <strong>WatchGuard</strong> System Manager