WSM User Guide - WatchGuard Technologies
WSM User Guide - WatchGuard Technologies WSM User Guide - WatchGuard Technologies
Clearing the ARP CacheLearning more about a traffic log messageTo learn more about a traffic log message, you can:Copy the IP address of the source or destinationMake a copy of the source or destination IP address of a traffic log message, and paste it into adifferent software application. To copy the source IP address, right-click the message, and selectSource IP Address > Copy Source IP Address. To copy the destination IP address, right-clickthe message, and select Destination IP Address > Copy Destination IP Address.Ping the source or destinationTo ping the source or destination IP address of a traffic log message, do this: Right-click themessage, and select Source IP Address > Ping or Destination IP Address > Ping. A pop-upwindow shows the results.Trace the route to the source or destinationTo use a traceroute command to the source or destination IP address of a traffic log message, dothis: Right-click the message, and select Source IP Address > Trace Route or Destination IPAddress > Trace Route. A pop-up window shows you the results of the traceroute.Temporarily block the IP address of the source or destinationTo temporarily block all traffic from a source or destination IP address of a traffic log message,do this: Right-click the message, select Source IP Address > Block: [IP address] or DestinationIP Address > Block: [IP address]. The length of time that an IP address is temporarily blocked bythis command is set in Policy Manager. To use this command you must give the configurationpassword.Clearing the ARP CacheThe ARP (Address Resolution Protocol) cache on the Firebox® keeps the hardware addresses (also knownas MAC addresses) of TCP/IP hosts. Before an ARP request starts, the system makes sure that a hardwareaddress is in the cache. You must clear the ARP cache on the Firebox after installation when your networkhas a drop-in configuration.1 From Firebox System Manager, select Tools > Clear ARP Cache.2 Type the Firebox configuration passphrase. Click OK.This flushes the cache entries.When a Firebox is in drop-in mode, this procedure clears only the content of the ARP table and not theMAC table. The oldest MAC entries in the MAC table are removed if the table has more than 2000 entries.If you want to clear the MAC table, you must restart the Firebox.Using the Performance ConsoleThe Performance Console is a Firebox® utility that you use to make graphs that show how different partsof the Firebox are operating. To get the information, you define the counters that identify the informationthat is used to make the graph.Types of countersYou can monitor these types of performance counters:40 WatchGuard System Manager
Using the Performance ConsoleSystem InformationShow how the CPU is used.InterfacesMonitor and report on the events of selected interfaces. For example, you can set up a counterthat monitors the number of packets a specified interface receives.PoliciesMonitor and report on the events of selected policies. For example, you can set up a counterthat monitors the number of packets that a specified policy examines.VPN PeersMonitor and report on the events of selected VPN policies.TunnelsMonitor and report on the events of selected VPN tunnels.Defining countersTo identify a counter for any of the categories:1 From Firebox System Manager, select the Performance Console icon. Or, selectTools > Performance Console.The Add Chart window appears.User Guide 41
- Page 8 and 9: Setting Blocked Sites .............
- Page 10 and 11: Exporting Reports .................
- Page 12 and 13: Configuring a Gateway .............
- Page 14 and 15: Configuring GAV engine settings ...
- Page 16 and 17: MSSQL-Monitor .....................
- Page 18 and 19: xviiiWatchGuard System Manager
- Page 20 and 21: Fireware Features and ToolsYour org
- Page 22 and 23: WatchGuard System Manager (WSM) Use
- Page 24 and 25: WatchGuard System Manager (WSM) Use
- Page 26 and 27: WatchGuard System Manager (WSM) Use
- Page 28 and 29: Installing WatchGuard System Manage
- Page 30 and 31: Installing WatchGuard System Manage
- Page 32 and 33: Quick Setup Wizardtion, you must ha
- Page 34 and 35: Putting the Firebox into Operation
- Page 36 and 37: Starting WatchGuard System ManagerT
- Page 38 and 39: Upgrading to a New Version of Firew
- Page 40 and 41: Installation Topics• High Availab
- Page 42 and 43: LiveSecurity Service Broadcastslear
- Page 44 and 45: WatchGuard Users ForumAdvanced FAQs
- Page 46 and 47: Product Documentation• Netscape N
- Page 48 and 49: Training and Certification30 WatchG
- Page 50 and 51: Firebox System Manager Menus and To
- Page 52 and 53: Seeing Basic Firebox and Network St
- Page 54 and 55: Seeing Basic Firebox and Network St
- Page 56 and 57: Monitoring Firebox TrafficMonitorin
- Page 60 and 61: Using the Performance Console2 From
- Page 62 and 63: Using the Performance ConsoleWorkin
- Page 64 and 65: Viewing Number of Connections by Po
- Page 66 and 67: Viewing Information About Firebox S
- Page 68 and 69: Viewing Information About Firebox S
- Page 70 and 71: Viewing Information About Firebox S
- Page 72 and 73: Using HostWatchWhile the top part o
- Page 74 and 75: Using HostWatchPausing the HostWatc
- Page 76 and 77: Working with Licenses3 Below Option
- Page 78 and 79: Working with Licenses2 Expand Licen
- Page 80 and 81: Setting a Friendly Name and Time Zo
- Page 82 and 83: Changing the Firebox Passphrases10
- Page 84 and 85: Recovering a FireboxTo manually res
- Page 86 and 87: Recovering a Firebox68 WatchGuard S
- Page 88 and 89: Opening a Configuration Fileto a se
- Page 90 and 91: About Firebox Backup ImagesSaving a
- Page 92 and 93: Working with AliasesAlias names are
- Page 94 and 95: Using Global SettingsEnable TOS for
- Page 96 and 97: Managing a Firebox from a Remote Lo
- Page 98 and 99: Managing a Firebox from a Remote Lo
- Page 100 and 101: Setting Up the Log ServerSetting Up
- Page 102 and 103: Setting up the Firebox for a Design
- Page 104 and 105: Setting Global Logging and Notifica
- Page 106 and 107: Setting Global Logging and Notifica
Clearing the ARP CacheLearning more about a traffic log messageTo learn more about a traffic log message, you can:Copy the IP address of the source or destinationMake a copy of the source or destination IP address of a traffic log message, and paste it into adifferent software application. To copy the source IP address, right-click the message, and selectSource IP Address > Copy Source IP Address. To copy the destination IP address, right-clickthe message, and select Destination IP Address > Copy Destination IP Address.Ping the source or destinationTo ping the source or destination IP address of a traffic log message, do this: Right-click themessage, and select Source IP Address > Ping or Destination IP Address > Ping. A pop-upwindow shows the results.Trace the route to the source or destinationTo use a traceroute command to the source or destination IP address of a traffic log message, dothis: Right-click the message, and select Source IP Address > Trace Route or Destination IPAddress > Trace Route. A pop-up window shows you the results of the traceroute.Temporarily block the IP address of the source or destinationTo temporarily block all traffic from a source or destination IP address of a traffic log message,do this: Right-click the message, select Source IP Address > Block: [IP address] or DestinationIP Address > Block: [IP address]. The length of time that an IP address is temporarily blocked bythis command is set in Policy Manager. To use this command you must give the configurationpassword.Clearing the ARP CacheThe ARP (Address Resolution Protocol) cache on the Firebox® keeps the hardware addresses (also knownas MAC addresses) of TCP/IP hosts. Before an ARP request starts, the system makes sure that a hardwareaddress is in the cache. You must clear the ARP cache on the Firebox after installation when your networkhas a drop-in configuration.1 From Firebox System Manager, select Tools > Clear ARP Cache.2 Type the Firebox configuration passphrase. Click OK.This flushes the cache entries.When a Firebox is in drop-in mode, this procedure clears only the content of the ARP table and not theMAC table. The oldest MAC entries in the MAC table are removed if the table has more than 2000 entries.If you want to clear the MAC table, you must restart the Firebox.Using the Performance ConsoleThe Performance Console is a Firebox® utility that you use to make graphs that show how different partsof the Firebox are operating. To get the information, you define the counters that identify the informationthat is used to make the graph.Types of countersYou can monitor these types of performance counters:40 <strong>WatchGuard</strong> System Manager