WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
Proxied Policiesmessages to flow freely from behind the Firebox to the many SMTP servers on the Internet that useauth. It allows these servers to send messages back through the Firebox to the senders.Logging incoming SMTP is recommended, but this can cause a large quantity of logs. To not use theSMTP proxy but have SMTP operate correctly, create a new policy in Policy Manager that uses TCP protocoland port 25.Characteristics• Internet Protocol(s): TCP• Port Number(s): 25TCP ProxyThe TCP Proxy policy gives configuration options for HTTP on port 80 and adds a rule that allows TCPconnections from networks behind the Firebox to networks external to the Firebox by default. The TCPProxy rule makes sure that all HTTP traffic from behind the Firebox on all ports is proxied with the HTTPproxy rules.We recommend that you allow HTTP only to any public HTTP servers kept behind the Firebox. Externalhosts can be spoofed. WatchGuard cannot make sure that these packets were sent from the correctlocation.Configure WatchGuard to add the source IP address to the Blocked Sites list when an HTTP connectionto a host behind your Firebox is denied. Configure the parameters and MIME types the same as you dofor the HTTP Proxy.400 WatchGuard System Manager
IndexSymbols.cfg file. See configuration file.ftr files 192.wgl filesconverting to .xml format 95described 91Numerics1-1 Mapping dialog box 1181-to-1 NAT. See NAT, 1-to-1AActivate Gateway AntiVirus wizard 309Activate Intrusion Prevention wizard 314–315Activate spamBlocker wizard 302Activate WebBlocker wizard 291–293active connections on Firebox, viewing 53Active Directory authentication 131active features, viewing 60Add Address dialog box 119, 152, 155, 249, 281Add Alias dialog box 74Add Device wizard 214Add Dynamic NAT dialog box 115Add Event Processor dialog box 84Add Exception Rule dialog box 304Add Firebox Group dialog box 125Add Firebox License Key dialog box 59, 301Add Policies dialog box 147Add Policy wizardadding custom Edge Configuration Templateswith 270adding existing Edge Configuration Templateswith 269Add Protocol dialog box 149, 271Add Route dialog box 110, 111Add Search Rule dialog box 93Add Site dialog box 138Add Static NAT dialog box 120, 155Add User or Group dialog box 132Add VPN wizard 240, 264Add WebBlocker Server dialog box 294Advanced Diagnostics dialog box 86Advanced Encryption Standard (AES) 227advanced rules view (in Proxy definitions) 163Advanced Settings dialog box 111AH (Authentication Header) 226alarmsand FTP 174configuring 164configuring for DNS proxy 182configuring for proxy rules 164configuring proxy and antivirus 171described 163for Gateway AntiVirus responses 311aliasesand managed Firebox X Edge devices 275creating 74default 73defining on Firebox X Edge 277described 73for IP addresses 21naming on Management Server 276Aliases dialog box 74, 276allow (proxy action) 162anonymizer web sites 293ANSI Z39.50 396Antispyware Blocklist Categories dialog box 139Any policyand precedence 158and RUVPN 284described 379Any-External alias 73Any-Optional alias 73Any-Trusted alias 73AOL policy 380Archie policy 380ARP cache, flushing 40ARP table, viewing 49attacksReference Guide 401
- Page 368 and 369: (B) To use the SOFTWARE PRODUCT on
- Page 370 and 371: RENEWAL/UPGRADE REQUEST WILL NOT BE
- Page 372 and 373: conditions of use by WatchGuard of
- Page 374 and 375: LicensesDATA, OR PROFITS; OR BUSINE
- Page 376 and 377: Licenses"Derivative Works" shall me
- Page 378 and 379: LicensesANY DIRECT, INDIRECT, INCID
- Page 380 and 381: Licenses2. You may modify your copy
- Page 382 and 383: Licenses8. You may not copy, modify
- Page 384 and 385: LicensesYou may charge a fee for th
- Page 386 and 387: LicensesINCLUDING, BUT NOT LIMITED
- Page 388 and 389: Licenses1.2. "Compilation" means a
- Page 390 and 391: LicensesTHE VRT CERTIFIED RULES AND
- Page 392 and 393: LicensesNoteAll other trademarks or
- Page 394 and 395: Default File LocationsFile TypeHelp
- Page 396 and 397: Default File Locations378 WatchGuar
- Page 398 and 399: Packet Filter PoliciesAOLThe Americ
- Page 400 and 401: Packet Filter PoliciesCharacteristi
- Page 402 and 403: Packet Filter PoliciesCharacteristi
- Page 404 and 405: Packet Filter PoliciesIRCInternet R
- Page 406 and 407: Packet Filter PoliciesCharacteristi
- Page 408 and 409: Packet Filter PoliciesPPTPPPTP is a
- Page 410 and 411: Packet Filter PoliciesSecurIDRSA Se
- Page 412 and 413: Packet Filter PoliciesCharacteristi
- Page 414 and 415: Packet Filter Policies• Port Numb
- Page 416 and 417: Packet Filter PoliciesWG-SmallOffic
- Page 420 and 421: about SYN flood setting 137address
- Page 422 and 423: Domain Name System. See DNSDon’t
- Page 424 and 425: selecting for tunnel 247Gateways di
- Page 426 and 427: icon on toolbar for 4installing on
- Page 428 and 429: Perfect Forward Secrecy 248Performa
- Page 430 and 431: Secondary Networks dialog box 107Se
- Page 432: Wand strong passwords 227and WatchG
Proxied Policiesmessages to flow freely from behind the Firebox to the many SMTP servers on the Internet that useauth. It allows these servers to send messages back through the Firebox to the senders.Logging incoming SMTP is recommended, but this can cause a large quantity of logs. To not use theSMTP proxy but have SMTP operate correctly, create a new policy in Policy Manager that uses TCP protocoland port 25.Characteristics• Internet Protocol(s): TCP• Port Number(s): 25TCP ProxyThe TCP Proxy policy gives configuration options for HTTP on port 80 and adds a rule that allows TCPconnections from networks behind the Firebox to networks external to the Firebox by default. The TCPProxy rule makes sure that all HTTP traffic from behind the Firebox on all ports is proxied with the HTTPproxy rules.We recommend that you allow HTTP only to any public HTTP servers kept behind the Firebox. Externalhosts can be spoofed. <strong>WatchGuard</strong> cannot make sure that these packets were sent from the correctlocation.Configure <strong>WatchGuard</strong> to add the source IP address to the Blocked Sites list when an HTTP connectionto a host behind your Firebox is denied. Configure the parameters and MIME types the same as you dofor the HTTP Proxy.400 <strong>WatchGuard</strong> System Manager