WatchGuard Firebox System 4.6 User Guide

13.07.2015 Views
DisclaimerInformation in this guide is subject to change without notice. Companies, names, and data used inexamples herein are fictitious unless otherwise noted. No part of this guide may be reproduced ortransmitted in any form or by any means, electronic or mechanical, for any purpose, without theexpress written permission of WatchGuard Technologies, Inc.Copyright and Patent InformationCopyright© 1998 - 2001 WatchGuard Technologies, Inc. All rights reserved.WatchGuard, Firebox, LiveSecurity, and SpamScreen are either registered trademarks ortrademarks of WatchGuard Technologies, Inc. in the United States and other countries. This productis covered by one or more pending patent applications.Red Hat® is a registered trademark of Red Hat, Inc. This product is not a product of Red Hat, Inc.and is not endorsed by Red Hat, Inc. This is a product of WatchGuard and we have no relationshipwith Red Hat, Inc.Adobe, Acrobat, the Acrobat logo, and PostScript are trademarks of Adobe Systems Incorporated.© 1999 BackWeb Technologies, Inc. All rights reserved. BackWeb is a registered trademark ofBackWeb Technologies, Inc.CyberNOT, CyberNOT List, CyberYES, and CyberYES List are trademarks of Learning CompanyProperties Inc.© Hi/fn, Inc. 1993, including one or more U.S. Patents: 4701745, 5016009, 5126739, and5146221 and other patents pending.© 1995-1998 Eric Young (eay@cryptsoft). All rights reserved.© 1998-1999 The OpenSSL Project. All rights reserved.Java and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc.in the United States and other countries.Microsoft®, Internet Explorer®, Windows® 95, Windows® 98, Windows NT® and Windows®2000 are either registered trademarks or trademarks of Microsoft Corporation in the United Statesand/or other countries.Netscape and Netscape Navigator are registered trademarks of Netscape CommunicationsCorporation in the United States and other countries.RC2 Symmetric Block Cipher, RC4 Symmetric Stream Cipher, RC5 Symmetric Block Cipher,BSAFE, TIPEM, RSA Public Key Cryptosystem, MD, MD2, MD4, and MD5 are either trademarksor registered trademarks of RSA Data Security, Inc. Certain materials herein are Copyright ©1992-1999 RSA Data Security, Inc. All rights reserved.RealNetworks, RealAudio, and RealVideo are either a registered trademark or trademark ofRealNetworks, Inc. in the United States and/or other countries.VPCom Copyright © 1997-1999 Ashley Laurent, Inc. All rights reserved.All other trademarks and tradenames are the property of their respective owners.Printed in the United States of America.DocVer: WatchGuard Firebox Security System 4.6 User Guide - 4.6.1WatchGuard Technologies, Inc.Firebox System SoftwareEnd-User License AgreementWatchGuard Firebox System (WFS) End-User License AgreementIMPORTANT — READ CAREFULLY BEFORE ACCESSING WATCHGUARD SOFTWARE:This WFS End-User License Agreement (“AGREEMENT”) is a legal agreement between you (eitheran individual or a single entity) and WatchGuard Technologies, Inc. (“WATCHGUARD”)for theWATCHGUARD WFS software product identified above, which includes computer software and mayinclude associated media, printed materials, and on-line or electronic documentation (“SOFTWAREPRODUCT”). WATCHGUARD is willing to license the SOFTWARE PRODUCT to you only on theii

condition that you accept all of the terms contained in this Agreement. Please read this Agreementcarefully. By installing or using the SOFTWARE PRODUCT you agree to be bound by the terms ofthis Agreement. If you do not agree to the terms of this AGREEMENT, WATCHGUARD will notlicense the SOFTWARE PRODUCT to you, and you will not have any rights in the SOFTWAREPRODUCT. In that case, promptly return the SOFTWARE PRODUCT, along with proof of payment,to the authorized dealer from whom you obtained the SOFTWARE PRODUCT for a full refund of theprice you paid.1. Ownership and License. The SOFTWARE PRODUCT is protected by copyright laws andinternational copyright treaties, as well as other intellectual property laws and treaties. This is alicense agreement and NOT an agreement for sale. All title and copyrights in and to theSOFTWARE PRODUCT (including but not limited to any images, photographs, animations, video,audio, music, text, and applets incorporated into the SOFTWARE PRODUCT), the accompanyingprinted materials, and any copies of the SOFTWARE PRODUCT are owned by WATCHGUARD orits suppliers. Your rights to use the SOFTWARE PRODUCT are as specified in this AGREEMENT,and WATCHGUARD retains all rights not expressly granted to you in this AGREEMENT. Nothingin this AGREEMENT constitutes a waiver of our rights under U.S. copyright law or any other law ortreaty.2. Permitted Uses. You are granted the following rights to the SOFTWARE PRODUCT:(A) You may install and use the SOFTWARE PRODUCT on any single computer at any singlelocation. If you wish to use the SOFTWARE PRODUCT on a different computer, you must erase theSOFTWARE PRODUCT from the first computer on which you installed it before you install it ontoa second.(B) To use the SOFTWARE PRODUCT on more than one computer at once, you must license anadditional copy of the SOFTWARE PRODUCT for each additional computer on which you want touse it.(C)You may make a single copy of the SOFTWARE PRODUCT for backup or archival purposes only.3. Prohibited Uses. You may not, without express written permission from WATCHGUARD:(A) Use, copy, modify, merge or transfer copies of the SOFTWARE PRODUCT or printed materialsexcept as provided in this AGREEMENT;(B) Use any backup or archival copy of the SOFTWARE PRODUCT(or allow someone else to usesuch a copy) for any purpose other than to replace the original copy in the event it is destroyed orbecomes defective;(C) Sublicense, lend, lease or rent the SOFTWARE PRODUCT;(D) Transfer this license to another party unless (i) the transfer is permanent, (ii) the third partyrecipient agrees to the terms of this AGREEMENT, and (iii) you do not retain any copies of theSOFTWARE PRODUCT; or(E) Reverse engineer, disassemble or decompile the SOFTWARE PRODUCT.4. Limited Warranty. WATCHGUARD makes the following limited warranties for a period of ninety(90) days from the date you obtained the SOFTWARE PRODUCT from WatchGuard Technologies oran authorized dealer:(A) Media. The disks and documentation will be free from defects in materials and workmanshipunder normal use. If the disks or documentation fail to conform to this warranty, you may, as yoursole and exclusive remedy, obtain a replacement free of charge if you return the defective disk ordocumentation to us with a dated proof of purchase.(B) SOFTWARE PRODUCT. The SOFTWARE PRODUCT will materially conform to thedocumentation that accompanies it. If the SOFTWARE PRODUCT fails to operate in accordancewith this warranty, you may, as your sole and exclusive remedy, return all of the SOFTWAREPRODUCT and the documentation to the authorized dealer from whom you obtained it, along with adated proof of purchase, specifying the problems, and they will provide you with a new version of theSOFTWARE PRODUCT or a full refund, at their election.Disclaimer and Release. THE WARRANTIES, OBLIGATIONS AND LIABILITIES OFWATCHGUARD, AND YOUR REMEDIES, SET FORTH IN PARAGRAPHS 4, 4(A) AND 4(B)User Guideiii

Page 1: WatchGuard ®Firebox SystemUser Gu

Page 5: Declaration of ConformityWatchGuard

Page 8 and 9: Resetting Firebox passphrases .....

Page 10 and 11: CHAPTER 15 Reviewing and Working wi

Page 12 and 13: WatchGuard Firebox System component

Page 14 and 15: Minimum requirementsHardware requir

Page 17 and 18: CHAPTER 1LiveSecurity ServiceNo Int

Page 19 and 20: LiveSecurity broadcasts• The Lice

Page 21 and 22: CHAPTER 2Technical SupportDevelopin

Page 23 and 24: TrainingAfter you enter your LiveSe

Page 25 and 26: Online Help• On any platform, bro

Page 27 and 28: CHAPTER 3WatchGuard OptionsThe Watc

Page 29 and 30: PART IIIConfiguring a SecurityPolic

Page 31 and 32: CHAPTER 4Firebox BasicsThis chapter

Page 33 and 34: Opening a configuration fileOpening

Page 35 and 36: Setting the time zone• Use a comb

Page 37 and 38: CHAPTER 5Using the WatchGuardContro

Page 39 and 40: Control Center componentsThe first

Page 41 and 42: Policy ManagerManipulating the Traf

Page 43 and 44: Historical ReportsHistorical Report

Page 45 and 46: CHAPTER 6Configuring a NetworkConfi

Page 47 and 48: Setting up a routed network• All

Page 49 and 50: Defining a host routeDefining a hos

Page 51 and 52: Defining a Firebox as a DHCP server

Page 53 and 54: CHAPTER 7Blocking Sites and PortsMa

Page 55 and 56: Blocking a port permanently3 In the

Page 57 and 58: CHAPTER 8Configuring ServicesThe Se

Page 59 and 60: Defining service properties8 In the

Page 61 and 62: Modifying a serviceThe following ex

Page 63 and 64: Setting up proxy servicesSelecting

Page 65 and 66: Setting up proxy servicesand transm

Page 67 and 68: Service precedencecheck. In the lat

Page 69 and 70: CHAPTER 9Controlling Web TrafficWeb

Page 71 and 72: Configuring the WebBlocker serviceP

Page 73 and 74: CHAPTER 10Setting Up NetworkAddress

Page 75 and 76: Using service-based NATUsing servic

Page 77 and 78: Configuring a service for incoming

Page 79 and 80: CHAPTER 11Setting Up Logging andNot

Page 81 and 82: Designating Event Processors for a

Page 83 and 84: Setting up the LiveSecurity Event P

Page 85 and 86: Setting global logging and notifica

Page 87 and 88: Customizing logging and notificatio

Page 89 and 90: CHAPTER 12Connect with Out-of-Band

Page 91 and 92: Configuring the Firebox for OOB5 En

Page 93: PART IVAdministering a SecurityPoli

Page 96 and 97: Using host aliasesAdding a host ali

Page 98 and 99: Configuring Firebox authenticationC

Page 100 and 101: Configuring CRYPTOCard server authe

Page 102 and 103: Using authentication to define remo

Page 104 and 105: Firebox MonitorsSetting Firebox Mon

Page 106 and 107: Firebox MonitorsLogging optionsLogg

Page 108 and 109: HostWatchARP tableA snapshot of the

Page 110 and 111: HostWatch6 To change playback prope

Page 112 and 113: HostWatch102

Page 114 and 115: Viewing files with LogViewer2 Confi

Page 116 and 117: Working with log filesIP header len

Page 118 and 119: Working with log files108

Page 120 and 121: Specifying report sectionsCreating

Page 122 and 123: Exporting reports6 Enter the number

Page 124 and 125: Scheduling and running reportsDelet

Page 126 and 127: Report sections and consolidated se

Page 128 and 129: Report sections and consolidated se

Page 130 and 131: 120

Page 132 and 133: Using DVCP to connect to devices•

Page 134 and 135: Branch office VPN with IPSecFrom Po

Page 136 and 137: Branch office VPN with IPSecdescrib

Page 138 and 139: Branch office VPN with IPSecbe acce

Page 140 and 141: Configuring WatchGuard VPNConfiguri

Page 142 and 143: Configuring WatchGuard VPN• Watch

Page 144 and 145: Configuring shared servers for RUVP

Page 146 and 147: Configuring the Firebox for Remote

Page 148 and 149: Configuring the Firebox for Mobile

Page 150 and 151: Configuring debugging optionsA prom

Page 152 and 153: Preparing the client computers• P

Page 154 and 155: Preparing the client computers10 Cl

Page 156 and 157: Using Remote User PPTPInstalling a

Page 158 and 159: Configuring debugging options148

Page 160 and 161: CChangingan interface IP address 39

Page 162 and 163: monitors 2, 32, 93BandwidthMeter 94

Page 164 and 165: for blocked sites 44global preferen

Page 166 and 167: pull-down menus 32services arena 32

Page 168 and 169: introduction 37Routes 97network con

Page 170: manager 17mobile user 18multiple-bo

firebox

watchguard

dialog

configuration

properties

server

processor

logging

authentication

livesecurity

WatchGuard Firebox System 4.6 User Guide

WatchGuard Firebox System 4.6 User Guide ... View more WatchGuard Firebox System 4.6 User Guide

Delete template?

Save as template ?

WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide