WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
DisclaimerInformation in this guide is subject to change without notice. Companies, names, and data used inexamples herein are fictitious unless otherwise noted. No part of this guide may be reproduced ortransmitted in any form or by any means, electronic or mechanical, for any purpose, without theexpress written permission of WatchGuard Technologies, Inc.Copyright and Patent InformationCopyright© 1998 - 2001 WatchGuard Technologies, Inc. All rights reserved.WatchGuard, Firebox, LiveSecurity, and SpamScreen are either registered trademarks ortrademarks of WatchGuard Technologies, Inc. in the United States and other countries. This productis covered by one or more pending patent applications.Red Hat® is a registered trademark of Red Hat, Inc. This product is not a product of Red Hat, Inc.and is not endorsed by Red Hat, Inc. This is a product of WatchGuard and we have no relationshipwith Red Hat, Inc.Adobe, Acrobat, the Acrobat logo, and PostScript are trademarks of Adobe Systems Incorporated.© 1999 BackWeb Technologies, Inc. All rights reserved. BackWeb is a registered trademark ofBackWeb Technologies, Inc.CyberNOT, CyberNOT List, CyberYES, and CyberYES List are trademarks of Learning CompanyProperties Inc.© Hi/fn, Inc. 1993, including one or more U.S. Patents: 4701745, 5016009, 5126739, and5146221 and other patents pending.© 1995-1998 Eric Young (eay@cryptsoft). All rights reserved.© 1998-1999 The OpenSSL Project. All rights reserved.Java and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc.in the United States and other countries.Microsoft®, Internet Explorer®, Windows® 95, Windows® 98, Windows NT® and Windows®2000 are either registered trademarks or trademarks of Microsoft Corporation in the United Statesand/or other countries.Netscape and Netscape Navigator are registered trademarks of Netscape CommunicationsCorporation in the United States and other countries.RC2 Symmetric Block Cipher, RC4 Symmetric Stream Cipher, RC5 Symmetric Block Cipher,BSAFE, TIPEM, RSA Public Key Cryptosystem, MD, MD2, MD4, and MD5 are either trademarksor registered trademarks of RSA Data Security, Inc. Certain materials herein are Copyright ©1992-1999 RSA Data Security, Inc. All rights reserved.RealNetworks, RealAudio, and RealVideo are either a registered trademark or trademark ofRealNetworks, Inc. in the United States and/or other countries.VPCom Copyright © 1997-1999 Ashley Laurent, Inc. All rights reserved.All other trademarks and tradenames are the property of their respective owners.Printed in the United States of America.DocVer: WatchGuard Firebox Security System 4.6 User Guide - 4.6.1WatchGuard Technologies, Inc.Firebox System SoftwareEnd-User License AgreementWatchGuard Firebox System (WFS) End-User License AgreementIMPORTANT — READ CAREFULLY BEFORE ACCESSING WATCHGUARD SOFTWARE:This WFS End-User License Agreement (“AGREEMENT”) is a legal agreement between you (eitheran individual or a single entity) and WatchGuard Technologies, Inc. (“WATCHGUARD”)for theWATCHGUARD WFS software product identified above, which includes computer software and mayinclude associated media, printed materials, and on-line or electronic documentation (“SOFTWAREPRODUCT”). WATCHGUARD is willing to license the SOFTWARE PRODUCT to you only on theii
condition that you accept all of the terms contained in this Agreement. Please read this Agreementcarefully. By installing or using the SOFTWARE PRODUCT you agree to be bound by the terms ofthis Agreement. If you do not agree to the terms of this AGREEMENT, WATCHGUARD will notlicense the SOFTWARE PRODUCT to you, and you will not have any rights in the SOFTWAREPRODUCT. In that case, promptly return the SOFTWARE PRODUCT, along with proof of payment,to the authorized dealer from whom you obtained the SOFTWARE PRODUCT for a full refund of theprice you paid.1. Ownership and License. The SOFTWARE PRODUCT is protected by copyright laws andinternational copyright treaties, as well as other intellectual property laws and treaties. This is alicense agreement and NOT an agreement for sale. All title and copyrights in and to theSOFTWARE PRODUCT (including but not limited to any images, photographs, animations, video,audio, music, text, and applets incorporated into the SOFTWARE PRODUCT), the accompanyingprinted materials, and any copies of the SOFTWARE PRODUCT are owned by WATCHGUARD orits suppliers. Your rights to use the SOFTWARE PRODUCT are as specified in this AGREEMENT,and WATCHGUARD retains all rights not expressly granted to you in this AGREEMENT. Nothingin this AGREEMENT constitutes a waiver of our rights under U.S. copyright law or any other law ortreaty.2. Permitted Uses. You are granted the following rights to the SOFTWARE PRODUCT:(A) You may install and use the SOFTWARE PRODUCT on any single computer at any singlelocation. If you wish to use the SOFTWARE PRODUCT on a different computer, you must erase theSOFTWARE PRODUCT from the first computer on which you installed it before you install it ontoa second.(B) To use the SOFTWARE PRODUCT on more than one computer at once, you must license anadditional copy of the SOFTWARE PRODUCT for each additional computer on which you want touse it.(C)You may make a single copy of the SOFTWARE PRODUCT for backup or archival purposes only.3. Prohibited Uses. You may not, without express written permission from WATCHGUARD:(A) Use, copy, modify, merge or transfer copies of the SOFTWARE PRODUCT or printed materialsexcept as provided in this AGREEMENT;(B) Use any backup or archival copy of the SOFTWARE PRODUCT(or allow someone else to usesuch a copy) for any purpose other than to replace the original copy in the event it is destroyed orbecomes defective;(C) Sublicense, lend, lease or rent the SOFTWARE PRODUCT;(D) Transfer this license to another party unless (i) the transfer is permanent, (ii) the third partyrecipient agrees to the terms of this AGREEMENT, and (iii) you do not retain any copies of theSOFTWARE PRODUCT; or(E) Reverse engineer, disassemble or decompile the SOFTWARE PRODUCT.4. Limited Warranty. WATCHGUARD makes the following limited warranties for a period of ninety(90) days from the date you obtained the SOFTWARE PRODUCT from WatchGuard Technologies oran authorized dealer:(A) Media. The disks and documentation will be free from defects in materials and workmanshipunder normal use. If the disks or documentation fail to conform to this warranty, you may, as yoursole and exclusive remedy, obtain a replacement free of charge if you return the defective disk ordocumentation to us with a dated proof of purchase.(B) SOFTWARE PRODUCT. The SOFTWARE PRODUCT will materially conform to thedocumentation that accompanies it. If the SOFTWARE PRODUCT fails to operate in accordancewith this warranty, you may, as your sole and exclusive remedy, return all of the SOFTWAREPRODUCT and the documentation to the authorized dealer from whom you obtained it, along with adated proof of purchase, specifying the problems, and they will provide you with a new version of theSOFTWARE PRODUCT or a full refund, at their election.Disclaimer and Release. THE WARRANTIES, OBLIGATIONS AND LIABILITIES OFWATCHGUARD, AND YOUR REMEDIES, SET FORTH IN PARAGRAPHS 4, 4(A) AND 4(B)User Guideiii
- Page 1: WatchGuard ®Firebox SystemUser Gu
- Page 5: Declaration of ConformityWatchGuard
- Page 8 and 9: Resetting Firebox passphrases .....
- Page 10 and 11: CHAPTER 15 Reviewing and Working wi
- Page 12 and 13: WatchGuard Firebox System component
- Page 14 and 15: Minimum requirementsHardware requir
- Page 17 and 18: CHAPTER 1LiveSecurity ServiceNo Int
- Page 19 and 20: LiveSecurity broadcasts• The Lice
- Page 21 and 22: CHAPTER 2Technical SupportDevelopin
- Page 23 and 24: TrainingAfter you enter your LiveSe
- Page 25 and 26: Online Help• On any platform, bro
- Page 27 and 28: CHAPTER 3WatchGuard OptionsThe Watc
- Page 29 and 30: PART IIIConfiguring a SecurityPolic
- Page 31 and 32: CHAPTER 4Firebox BasicsThis chapter
- Page 33 and 34: Opening a configuration fileOpening
- Page 35 and 36: Setting the time zone• Use a comb
- Page 37 and 38: CHAPTER 5Using the WatchGuardContro
- Page 39 and 40: Control Center componentsThe first
- Page 41 and 42: Policy ManagerManipulating the Traf
- Page 43 and 44: Historical ReportsHistorical Report
- Page 45 and 46: CHAPTER 6Configuring a NetworkConfi
- Page 47 and 48: Setting up a routed network• All
- Page 49 and 50: Defining a host routeDefining a hos
- Page 51 and 52: Defining a Firebox as a DHCP server
DisclaimerInformation in this guide is subject to change without notice. Companies, names, and data used inexamples herein are fictitious unless otherwise noted. No part of this guide may be reproduced ortransmitted in any form or by any means, electronic or mechanical, for any purpose, without theexpress written permission of <strong>WatchGuard</strong> Technologies, Inc.Copyright and Patent InformationCopyright© 1998 - 2001 <strong>WatchGuard</strong> Technologies, Inc. All rights reserved.<strong>WatchGuard</strong>, <strong>Firebox</strong>, LiveSecurity, and SpamScreen are either registered trademarks ortrademarks of <strong>WatchGuard</strong> Technologies, Inc. in the United States and other countries. This productis covered by one or more pending patent applications.Red Hat® is a registered trademark of Red Hat, Inc. This product is not a product of Red Hat, Inc.and is not endorsed by Red Hat, Inc. This is a product of <strong>WatchGuard</strong> and we have no relationshipwith Red Hat, Inc.Adobe, Acrobat, the Acrobat logo, and PostScript are trademarks of Adobe <strong>System</strong>s Incorporated.© 1999 BackWeb Technologies, Inc. All rights reserved. BackWeb is a registered trademark ofBackWeb Technologies, Inc.CyberNOT, CyberNOT List, CyberYES, and CyberYES List are trademarks of Learning CompanyProperties Inc.© Hi/fn, Inc. 1993, including one or more U.S. Patents: 4701745, 5016009, 5126739, and5146221 and other patents pending.© 1995-1998 Eric Young (eay@cryptsoft). All rights reserved.© 1998-1999 The OpenSSL Project. All rights reserved.Java and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc.in the United States and other countries.Microsoft®, Internet Explorer®, Windows® 95, Windows® 98, Windows NT® and Windows®2000 are either registered trademarks or trademarks of Microsoft Corporation in the United Statesand/or other countries.Netscape and Netscape Navigator are registered trademarks of Netscape CommunicationsCorporation in the United States and other countries.RC2 Symmetric Block Cipher, RC4 Symmetric Stream Cipher, RC5 Symmetric Block Cipher,BSAFE, TIPEM, RSA Public Key Cryptosystem, MD, MD2, MD4, and MD5 are either trademarksor registered trademarks of RSA Data Security, Inc. Certain materials herein are Copyright ©1992-1999 RSA Data Security, Inc. All rights reserved.RealNetworks, RealAudio, and RealVideo are either a registered trademark or trademark ofRealNetworks, Inc. in the United States and/or other countries.VPCom Copyright © 1997-1999 Ashley Laurent, Inc. All rights reserved.All other trademarks and tradenames are the property of their respective owners.Printed in the United States of America.DocVer: <strong>WatchGuard</strong> <strong>Firebox</strong> Security <strong>System</strong> <strong>4.6</strong> <strong>User</strong> <strong>Guide</strong> - <strong>4.6</strong>.1<strong>WatchGuard</strong> Technologies, Inc.<strong>Firebox</strong> <strong>System</strong> SoftwareEnd-<strong>User</strong> License Agreement<strong>WatchGuard</strong> <strong>Firebox</strong> <strong>System</strong> (WFS) End-<strong>User</strong> License AgreementIMPORTANT — READ CAREFULLY BEFORE ACCESSING WATCHGUARD SOFTWARE:This WFS End-<strong>User</strong> License Agreement (“AGREEMENT”) is a legal agreement between you (eitheran individual or a single entity) and <strong>WatchGuard</strong> Technologies, Inc. (“WATCHGUARD”)for theWATCHGUARD WFS software product identified above, which includes computer software and mayinclude associated media, printed materials, and on-line or electronic documentation (“SOFTWAREPRODUCT”). WATCHGUARD is willing to license the SOFTWARE PRODUCT to you only on theii