WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
about SYN flood setting 137address space 137DDoS 137Denial of Service (DoS) 137flood 137IPsource route 136Ping of death 136port space 137stopping 135–138auth (ident) policy 380authenticationActive Directory 131and ssh 393defining groups for 123described 74, 121, 227for VPNs, viewing 6from external interface 122from outside Firebox 122MD5-HMAC 227of remote users 124selecting method for 227setting idle time-out for 77SHA-HMAC 227through Firebox to other Firebox 122using external server 227Authentication Header 226authentication idle time-out, setting 77Authentication List tab (Firebox System Manager) 49authentication serversand policies 132configuring Fireboxes as 125described 227LDAP 129RADIUS 127SecurID on RADIUS server 128types of 123types supported 281using backup 123using Fireboxes as 123Authentication Servers dialog box 125, 282Auto Adjustment setting, TCP segment size 77BBackup dialog box 73backup imagescreating 72described 72restoring 73backup of configuration file 14Bandwidth Meter tabadding/removing lines in 46changing colors in 46changing interface names in 46changing scale of 45described 45bandwidth usage, viewing 45base encryption 14block (proxy action) 162blocked portsavoiding problems with legitimate users 143blocking sites that use 143default 142logging and notification for 143permanent 143reasons for 142Blocked Ports dialog box 143Blocked Ports list 143blocked sitesadding from HostWatch 55auto-blocked 138blocking with policy settings 141described 138dynamic 141exceptions to 140logging and notification for 140permanent 138spyware sites 139storing in external file 140temporary 141viewing current 49Blocked Sites Configuration dialog box 138Blocked Sites listadding/removing sites from 50and Gateway AntiVirus 311described 138exceptions to 140using proxy definitions for 162viewing 50Border Gateway Protocol (BGP)allowing traffic through Firebox 341configuring Fireware to use 340daemon configuration 338–339described 337, 380BOVPNand certificate-based authentication 233described 233multi-WAN not supported in 102BOVPN with Manual IPSecadding gateways 243and strong encryption 14configuring a gateway 243configuring a tunnel with manual security 246creating tunnel policies 250described 233, 243encryption levels for 233, 243listed on Device Status tab 220outgoing dynamic NAT and 250Phase 1 settings 245specifying authentication method 245specifying encryption type 245BOVPN with WatchGuard System Manageradding security templates 239creating tunnels 240defining Fireboxes as managed clients 237described 233editing tunnels 241listed on Device Management tab 220removing devices/tunnels 241scenario 234Branch Office IPSec Tunnels dialog box 246branch office VPN. See BOVPNCCA. See Certificate Authoritycables, installing 22Certificate Authorityconfiguring certificate for 201described 201, 221, 228managing 222recording diagnostic log messages for 204Certificate Revocation List (CRL)configuring properties for 203, 204402 WatchGuard System Manager
described 221publishing 223certificatesdescribed 227, 228destroying 223generating new 223listing current 223printing to the screen 223reinstating 223revoking 223searching for 223viewing CA fingerprint 37viewing expiration date and time of 37viewing status of 36Change Passphrases dialog box 65Citrix ICA policy 380Clarent-command policy 381Clarent-gateway policy 381clock, synchronizing to NTP server 61configuration fileand Policy Manager 69backing up 14customizing 19making a new 71opening 69opening local 71saving 71saving to Firebox 72saving to local drive 72configuration modes, described 11configuration passphrasechanging 64–65described 18, 64setting 16Configure Log Servers dialog box 84Configure Syslog dialog box 84Configure WINS and DNS screen 258Connect to Device dialog box 18Connect to Firebox dialog boxdescribed 31troubleshooting 70connection status, viewing 6Connections For dialog box 53cookies 177CPU use, graphing 41CRL. See certificate revocation listCU-SeeMe policy 382custom idle time-out for policies, setting 157DDDoS attacks 137default gatewaysand drop-in configuration 12for secondary private networks 21viewing IP address of 6, 36default packet handlingand address space attacks 137and address space probes 137and DDoS attacks 137and Denial of Service (DoS) attacks 137and flood attacks 137and IP source route attacks 136and Ping of death attacks 136and port space attacks 137and port space probes 137and spoofing attacks 136described 135options for 135Default Packet Handling dialog box 135–138Denial of Service (DoS) attacks 137deny (proxy action) 162deny message, changing default 171Device Configuration dialog box 62Device Management Pagedescribed 216for Firebox 216, 218for Firebox X Edge 217starting other tools from 219updating device 218VPN resources 219VPN tunnels 220Device Management taband managed VPNs 220configuring settings on 216described 5removing a device from 242starting other tools from 219Device Policy dialog box 239Device Properties dialog box 218, 262, 266Device Status taband BOVPN with Manual IPSec 220described 4, 5removing a device from 242devices, removing from WatchGuard SystemManager 241devices. See also Firebox, SOHO, etc.DHCP 99DHCP relay, configuring 99DHCP serverconfiguring Firebox as 99default lease time for 99described 99using for external interface addressing 101using server remote from client 99DHCP support on external interface 21, 100DHCP-Server policy 382diagnostic log file, setting location for 49diagnostic loggingdescribed 90for Certificate Authority 204for Management Server 201selecting level of 85Diffie-Hellman groupschanging settings 245described 228, 245digital certificates. See certificatesDMZ (Demilitarized Zone) 11DNSpolicy for 382DNS proxyadding new query types rules 182and Intrusion Prevention Service 314, 319and intrusion protection 182configuring 180–182configuring alarms 182configuring DNS query names 182configuring DNS query types 181configuring general settings for 180described 180, 399OPcodes, configuring 181DNS serversaddresses for 107configuring 280Reference Guide 403
- Page 370 and 371: RENEWAL/UPGRADE REQUEST WILL NOT BE
- Page 372 and 373: conditions of use by WatchGuard of
- Page 374 and 375: LicensesDATA, OR PROFITS; OR BUSINE
- Page 376 and 377: Licenses"Derivative Works" shall me
- Page 378 and 379: LicensesANY DIRECT, INDIRECT, INCID
- Page 380 and 381: Licenses2. You may modify your copy
- Page 382 and 383: Licenses8. You may not copy, modify
- Page 384 and 385: LicensesYou may charge a fee for th
- Page 386 and 387: LicensesINCLUDING, BUT NOT LIMITED
- Page 388 and 389: Licenses1.2. "Compilation" means a
- Page 390 and 391: LicensesTHE VRT CERTIFIED RULES AND
- Page 392 and 393: LicensesNoteAll other trademarks or
- Page 394 and 395: Default File LocationsFile TypeHelp
- Page 396 and 397: Default File Locations378 WatchGuar
- Page 398 and 399: Packet Filter PoliciesAOLThe Americ
- Page 400 and 401: Packet Filter PoliciesCharacteristi
- Page 402 and 403: Packet Filter PoliciesCharacteristi
- Page 404 and 405: Packet Filter PoliciesIRCInternet R
- Page 406 and 407: Packet Filter PoliciesCharacteristi
- Page 408 and 409: Packet Filter PoliciesPPTPPPTP is a
- Page 410 and 411: Packet Filter PoliciesSecurIDRSA Se
- Page 412 and 413: Packet Filter PoliciesCharacteristi
- Page 414 and 415: Packet Filter Policies• Port Numb
- Page 416 and 417: Packet Filter PoliciesWG-SmallOffic
- Page 418 and 419: Proxied Policiesmessages to flow fr
- Page 422 and 423: Domain Name System. See DNSDon’t
- Page 424 and 425: selecting for tunnel 247Gateways di
- Page 426 and 427: icon on toolbar for 4installing on
- Page 428 and 429: Perfect Forward Secrecy 248Performa
- Page 430 and 431: Secondary Networks dialog box 107Se
- Page 432: Wand strong passwords 227and WatchG
described 221publishing 223certificatesdescribed 227, 228destroying 223generating new 223listing current 223printing to the screen 223reinstating 223revoking 223searching for 223viewing CA fingerprint 37viewing expiration date and time of 37viewing status of 36Change Passphrases dialog box 65Citrix ICA policy 380Clarent-command policy 381Clarent-gateway policy 381clock, synchronizing to NTP server 61configuration fileand Policy Manager 69backing up 14customizing 19making a new 71opening 69opening local 71saving 71saving to Firebox 72saving to local drive 72configuration modes, described 11configuration passphrasechanging 64–65described 18, 64setting 16Configure Log Servers dialog box 84Configure Syslog dialog box 84Configure WINS and DNS screen 258Connect to Device dialog box 18Connect to Firebox dialog boxdescribed 31troubleshooting 70connection status, viewing 6Connections For dialog box 53cookies 177CPU use, graphing 41CRL. See certificate revocation listCU-SeeMe policy 382custom idle time-out for policies, setting 157DDDoS attacks 137default gatewaysand drop-in configuration 12for secondary private networks 21viewing IP address of 6, 36default packet handlingand address space attacks 137and address space probes 137and DDoS attacks 137and Denial of Service (DoS) attacks 137and flood attacks 137and IP source route attacks 136and Ping of death attacks 136and port space attacks 137and port space probes 137and spoofing attacks 136described 135options for 135Default Packet Handling dialog box 135–138Denial of Service (DoS) attacks 137deny (proxy action) 162deny message, changing default 171Device Configuration dialog box 62Device Management Pagedescribed 216for Firebox 216, 218for Firebox X Edge 217starting other tools from 219updating device 218VPN resources 219VPN tunnels 220Device Management taband managed VPNs 220configuring settings on 216described 5removing a device from 242starting other tools from 219Device Policy dialog box 239Device Properties dialog box 218, 262, 266Device Status taband BOVPN with Manual IPSec 220described 4, 5removing a device from 242devices, removing from <strong>WatchGuard</strong> SystemManager 241devices. See also Firebox, SOHO, etc.DHCP 99DHCP relay, configuring 99DHCP serverconfiguring Firebox as 99default lease time for 99described 99using for external interface addressing 101using server remote from client 99DHCP support on external interface 21, 100DHCP-Server policy 382diagnostic log file, setting location for 49diagnostic loggingdescribed 90for Certificate Authority 204for Management Server 201selecting level of 85Diffie-Hellman groupschanging settings 245described 228, 245digital certificates. See certificatesDMZ (Demilitarized Zone) 11DNSpolicy for 382DNS proxyadding new query types rules 182and Intrusion Prevention Service 314, 319and intrusion protection 182configuring 180–182configuring alarms 182configuring DNS query names 182configuring DNS query types 181configuring general settings for 180described 180, 399OPcodes, configuring 181DNS serversaddresses for 107configuring 280Reference <strong>Guide</strong> 403