WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
Preparing the client computers• Public IP addressRemote host operating systemThe remote client must be running Windows and have the most recent MSDUN(Microsoft Dial-Up Networking) upgrades installed and may need other extensionsand updates for proper configuration. Currently, Remote User VPN with PPTPrequires these upgrades according to platform:Encryption Platform ApplicationBoth Windows 95 DUN 1.3Both Windows 98 DUN 4.0Base Windows 98 SE Second EditionStrong Windows 98 SE DUN 128-bitBase Windows NT 40-bit SP4Strong Windows NT 128-bit SP4Base Windows 2000 40-bit SP4*Strong Windows 2000 128-bit SP4*40-bit encryption is the default for Windows 2000. If you areupgrading from Windows 95 or 98, in which you had set strongencryption, Windows 2000 will automatically define strongencryption for the new installation.Due to security concerns, RUVPN does not work with earlier versions of MSDUN.If you install new software, you may have to reinstall the upgrades. Theupgrades can be found at the Microsoft Download Center Web site at:http://www.microsoft.com/downloads/search.asp.You may need the Windows installation CD to prepare the clientcomputers.Windows 95/98 platform preparationInstall the MSDUN upgrade on the remote client. The client is availablefree from Microsoft. For Windows 95, use DUN 1.3. For Windows 98, useDUN 4.0.For 128-bit encryption, install the MSDUN upgrade 128-bit enhancement.This level of encryption is available for installations approved byWatchGuard and/or the U.S. government for strong encryption.From the Windows Desktop:1 Select Start => Settings => Control Panel. Double-click Network.2 Verify that Client for Microsoft Networks is installed.If Client for Microsoft Networks is not installed, you must install it. For instructions, see“Installing Client for Microsoft Networks” on page 143.3 Click the Identification tab.4 Enter a name for the remote client.This must be a unique name on the remote network.142
Preparing the client computers5 Enter the domain name you are connecting to.This should be the same as the “Log on to Windows NT domain” value.6 Enter a description for your computer (optional).7 Verify that Dial-Up Adapter #2 (VPN Support) is installed.If you do not have Dial-Up Adapter #2 (VPN Support), you must install it. For instructions, see“Installing Dial-Up Adapter #2 (VPN Support)” on page 143.8 Click OK. Click OK to close and save changes to the Network control panel.9 Restart the machine.Installing Client for Microsoft NetworksFrom the Networks dialog box:1 Click the Configuration tab. Click Add.2 Select Client. Click Add.3 Select Microsoft from the list on the left. Select Client for Microsoft Networksfrom the list on the right. Click OK.4 Select Client for Microsoft Networks.5 Click Properties.6 Enable the Logon and Restore Network Connections checkbox.7 Proceed with Step 3 of “Windows 95/98 platform preparation.”Installing Dial-Up Adapter #2 (VPN Support)1 Click Add.2 Select Adapter. Click Add.3 Select Microsoft from the list on the left. Select Dial-Up Adapter from the list onthe right. Click OK.4 Proceed with Step 8 of “Windows 95/98 platform preparation.”Windows NT platform preparationInstall the 40-bit or 128-bit service pack 4 available from the Microsoft Web site athttp://support.microsoft.com/download/support/mslfiles/NT4MIN4I.EXE. If theremote host is not eligible for strong encryption, you must install the 40-bit version.From the Windows NT Desktop of the client computer:1 Click Start => Settings => Control Panel. Double-click Network.2 Click the Protocols tab.3 Click Add.4 Select Point To Point Tunneling Protocol.5 Choose the number of VPNs.Unless a separate host will be connecting to this machine, you need only one VPN.6 In the Remote Access Setup box, click Add.7 Select VPN on the left. Select VPN2-RASPPTPM on the right.8 Click Configure for the newly added device.9 Click Dial Out Only. Click Continue.User Guide 143
- Page 102 and 103: Using authentication to define remo
- Page 104 and 105: Firebox MonitorsSetting Firebox Mon
- Page 106 and 107: Firebox MonitorsLogging optionsLogg
- Page 108 and 109: HostWatchARP tableA snapshot of the
- Page 110 and 111: HostWatch6 To change playback prope
- Page 112 and 113: HostWatch102
- Page 114 and 115: Viewing files with LogViewer2 Confi
- Page 116 and 117: Working with log filesIP header len
- Page 118 and 119: Working with log files108
- Page 120 and 121: Specifying report sectionsCreating
- Page 122 and 123: Exporting reports6 Enter the number
- Page 124 and 125: Scheduling and running reportsDelet
- Page 126 and 127: Report sections and consolidated se
- Page 128 and 129: Report sections and consolidated se
- Page 130 and 131: 120
- Page 132 and 133: Using DVCP to connect to devices•
- Page 134 and 135: Branch office VPN with IPSecFrom Po
- Page 136 and 137: Branch office VPN with IPSecdescrib
- Page 138 and 139: Branch office VPN with IPSecbe acce
- Page 140 and 141: Configuring WatchGuard VPNConfiguri
- Page 142 and 143: Configuring WatchGuard VPN• Watch
- Page 144 and 145: Configuring shared servers for RUVP
- Page 146 and 147: Configuring the Firebox for Remote
- Page 148 and 149: Configuring the Firebox for Mobile
- Page 150 and 151: Configuring debugging optionsA prom
- Page 154 and 155: Preparing the client computers10 Cl
- Page 156 and 157: Using Remote User PPTPInstalling a
- Page 158 and 159: Configuring debugging options148
- Page 160 and 161: CChangingan interface IP address 39
- Page 162 and 163: monitors 2, 32, 93BandwidthMeter 94
- Page 164 and 165: for blocked sites 44global preferen
- Page 166 and 167: pull-down menus 32services arena 32
- Page 168 and 169: introduction 37Routes 97network con
- Page 170: manager 17mobile user 18multiple-bo
Preparing the client computers• Public IP addressRemote host operating systemThe remote client must be running Windows and have the most recent MSDUN(Microsoft Dial-Up Networking) upgrades installed and may need other extensionsand updates for proper configuration. Currently, Remote <strong>User</strong> VPN with PPTPrequires these upgrades according to platform:Encryption Platform ApplicationBoth Windows 95 DUN 1.3Both Windows 98 DUN 4.0Base Windows 98 SE Second EditionStrong Windows 98 SE DUN 128-bitBase Windows NT 40-bit SP4Strong Windows NT 128-bit SP4Base Windows 2000 40-bit SP4*Strong Windows 2000 128-bit SP4*40-bit encryption is the default for Windows 2000. If you areupgrading from Windows 95 or 98, in which you had set strongencryption, Windows 2000 will automatically define strongencryption for the new installation.Due to security concerns, RUVPN does not work with earlier versions of MSDUN.If you install new software, you may have to reinstall the upgrades. Theupgrades can be found at the Microsoft Download Center Web site at:http://www.microsoft.com/downloads/search.asp.You may need the Windows installation CD to prepare the clientcomputers.Windows 95/98 platform preparationInstall the MSDUN upgrade on the remote client. The client is availablefree from Microsoft. For Windows 95, use DUN 1.3. For Windows 98, useDUN 4.0.For 128-bit encryption, install the MSDUN upgrade 128-bit enhancement.This level of encryption is available for installations approved by<strong>WatchGuard</strong> and/or the U.S. government for strong encryption.From the Windows Desktop:1 Select Start => Settings => Control Panel. Double-click Network.2 Verify that Client for Microsoft Networks is installed.If Client for Microsoft Networks is not installed, you must install it. For instructions, see“Installing Client for Microsoft Networks” on page 143.3 Click the Identification tab.4 Enter a name for the remote client.This must be a unique name on the remote network.142