DisclaimerInformation in this guide is subject to change without notice. Companies, names, and data used inexamples herein are fictitious unless otherwise noted. No part of this guide may be reproduced ortransmitted in any form or by any means, electronic or mechanical, for any purpose, without theexpress written permission of <strong>WatchGuard</strong> Technologies, Inc.Copyright and Patent InformationCopyright© 1998 - 2001 <strong>WatchGuard</strong> Technologies, Inc. All rights reserved.<strong>WatchGuard</strong>, <strong>Firebox</strong>, LiveSecurity, and SpamScreen are either registered trademarks ortrademarks of <strong>WatchGuard</strong> Technologies, Inc. in the United States and other countries. This productis covered by one or more pending patent applications.Red Hat® is a registered trademark of Red Hat, Inc. This product is not a product of Red Hat, Inc.and is not endorsed by Red Hat, Inc. This is a product of <strong>WatchGuard</strong> and we have no relationshipwith Red Hat, Inc.Adobe, Acrobat, the Acrobat logo, and PostScript are trademarks of Adobe <strong>System</strong>s Incorporated.© 1999 BackWeb Technologies, Inc. All rights reserved. BackWeb is a registered trademark ofBackWeb Technologies, Inc.CyberNOT, CyberNOT List, CyberYES, and CyberYES List are trademarks of Learning CompanyProperties Inc.© Hi/fn, Inc. 1993, including one or more U.S. Patents: 4701745, 5016009, 5126739, and5146221 and other patents pending.© 1995-1998 Eric Young (eay@cryptsoft). All rights reserved.© 1998-1999 The OpenSSL Project. All rights reserved.Java and all Java-based marks are trademarks or registered trademarks of Sun Microsystems, Inc.in the United States and other countries.Microsoft®, Internet Explorer®, Windows® 95, Windows® 98, Windows NT® and Windows®2000 are either registered trademarks or trademarks of Microsoft Corporation in the United Statesand/or other countries.Netscape and Netscape Navigator are registered trademarks of Netscape CommunicationsCorporation in the United States and other countries.RC2 Symmetric Block Cipher, RC4 Symmetric Stream Cipher, RC5 Symmetric Block Cipher,BSAFE, TIPEM, RSA Public Key Cryptosystem, MD, MD2, MD4, and MD5 are either trademarksor registered trademarks of RSA Data Security, Inc. Certain materials herein are Copyright ©1992-1999 RSA Data Security, Inc. All rights reserved.RealNetworks, RealAudio, and RealVideo are either a registered trademark or trademark ofRealNetworks, Inc. in the United States and/or other countries.VPCom Copyright © 1997-1999 Ashley Laurent, Inc. All rights reserved.All other trademarks and tradenames are the property of their respective owners.Printed in the United States of America.DocVer: <strong>WatchGuard</strong> <strong>Firebox</strong> Security <strong>System</strong> <strong>4.6</strong> <strong>User</strong> <strong>Guide</strong> - <strong>4.6</strong>.1<strong>WatchGuard</strong> Technologies, Inc.<strong>Firebox</strong> <strong>System</strong> SoftwareEnd-<strong>User</strong> License Agreement<strong>WatchGuard</strong> <strong>Firebox</strong> <strong>System</strong> (WFS) End-<strong>User</strong> License AgreementIMPORTANT — READ CAREFULLY BEFORE ACCESSING WATCHGUARD SOFTWARE:This WFS End-<strong>User</strong> License Agreement (“AGREEMENT”) is a legal agreement between you (eitheran individual or a single entity) and <strong>WatchGuard</strong> Technologies, Inc. (“WATCHGUARD”)for theWATCHGUARD WFS software product identified above, which includes computer software and mayinclude associated media, printed materials, and on-line or electronic documentation (“SOFTWAREPRODUCT”). WATCHGUARD is willing to license the SOFTWARE PRODUCT to you only on theii
condition that you accept all of the terms contained in this Agreement. Please read this Agreementcarefully. By installing or using the SOFTWARE PRODUCT you agree to be bound by the terms ofthis Agreement. If you do not agree to the terms of this AGREEMENT, WATCHGUARD will notlicense the SOFTWARE PRODUCT to you, and you will not have any rights in the SOFTWAREPRODUCT. In that case, promptly return the SOFTWARE PRODUCT, along with proof of payment,to the authorized dealer from whom you obtained the SOFTWARE PRODUCT for a full refund of theprice you paid.1. Ownership and License. The SOFTWARE PRODUCT is protected by copyright laws andinternational copyright treaties, as well as other intellectual property laws and treaties. This is alicense agreement and NOT an agreement for sale. All title and copyrights in and to theSOFTWARE PRODUCT (including but not limited to any images, photographs, animations, video,audio, music, text, and applets incorporated into the SOFTWARE PRODUCT), the accompanyingprinted materials, and any copies of the SOFTWARE PRODUCT are owned by WATCHGUARD orits suppliers. Your rights to use the SOFTWARE PRODUCT are as specified in this AGREEMENT,and WATCHGUARD retains all rights not expressly granted to you in this AGREEMENT. Nothingin this AGREEMENT constitutes a waiver of our rights under U.S. copyright law or any other law ortreaty.2. Permitted Uses. You are granted the following rights to the SOFTWARE PRODUCT:(A) You may install and use the SOFTWARE PRODUCT on any single computer at any singlelocation. If you wish to use the SOFTWARE PRODUCT on a different computer, you must erase theSOFTWARE PRODUCT from the first computer on which you installed it before you install it ontoa second.(B) To use the SOFTWARE PRODUCT on more than one computer at once, you must license anadditional copy of the SOFTWARE PRODUCT for each additional computer on which you want touse it.(C)You may make a single copy of the SOFTWARE PRODUCT for backup or archival purposes only.3. Prohibited Uses. You may not, without express written permission from WATCHGUARD:(A) Use, copy, modify, merge or transfer copies of the SOFTWARE PRODUCT or printed materialsexcept as provided in this AGREEMENT;(B) Use any backup or archival copy of the SOFTWARE PRODUCT(or allow someone else to usesuch a copy) for any purpose other than to replace the original copy in the event it is destroyed orbecomes defective;(C) Sublicense, lend, lease or rent the SOFTWARE PRODUCT;(D) Transfer this license to another party unless (i) the transfer is permanent, (ii) the third partyrecipient agrees to the terms of this AGREEMENT, and (iii) you do not retain any copies of theSOFTWARE PRODUCT; or(E) Reverse engineer, disassemble or decompile the SOFTWARE PRODUCT.4. Limited Warranty. WATCHGUARD makes the following limited warranties for a period of ninety(90) days from the date you obtained the SOFTWARE PRODUCT from <strong>WatchGuard</strong> Technologies oran authorized dealer:(A) Media. The disks and documentation will be free from defects in materials and workmanshipunder normal use. If the disks or documentation fail to conform to this warranty, you may, as yoursole and exclusive remedy, obtain a replacement free of charge if you return the defective disk ordocumentation to us with a dated proof of purchase.(B) SOFTWARE PRODUCT. The SOFTWARE PRODUCT will materially conform to thedocumentation that accompanies it. If the SOFTWARE PRODUCT fails to operate in accordancewith this warranty, you may, as your sole and exclusive remedy, return all of the SOFTWAREPRODUCT and the documentation to the authorized dealer from whom you obtained it, along with adated proof of purchase, specifying the problems, and they will provide you with a new version of theSOFTWARE PRODUCT or a full refund, at their election.Disclaimer and Release. THE WARRANTIES, OBLIGATIONS AND LIABILITIES OFWATCHGUARD, AND YOUR REMEDIES, SET FORTH IN PARAGRAPHS 4, 4(A) AND 4(B)<strong>User</strong> <strong>Guide</strong>iii
- Page 1: WatchGuard ®Firebox SystemUser Gu
- Page 5: Declaration of ConformityWatchGuard
- Page 8 and 9: Resetting Firebox passphrases .....
- Page 10 and 11: CHAPTER 15 Reviewing and Working wi
- Page 12 and 13: WatchGuard Firebox System component
- Page 14 and 15: Minimum requirementsHardware requir
- Page 17 and 18: CHAPTER 1LiveSecurity ServiceNo Int
- Page 19 and 20: LiveSecurity broadcasts• The Lice
- Page 21 and 22: CHAPTER 2Technical SupportDevelopin
- Page 23 and 24: TrainingAfter you enter your LiveSe
- Page 25 and 26: Online Help• On any platform, bro
- Page 27 and 28: CHAPTER 3WatchGuard OptionsThe Watc
- Page 29 and 30: PART IIIConfiguring a SecurityPolic
- Page 31 and 32: CHAPTER 4Firebox BasicsThis chapter
- Page 33 and 34: Opening a configuration fileOpening
- Page 35 and 36: Setting the time zone• Use a comb
- Page 37 and 38: CHAPTER 5Using the WatchGuardContro
- Page 39 and 40: Control Center componentsThe first
- Page 41 and 42: Policy ManagerManipulating the Traf
- Page 43 and 44: Historical ReportsHistorical Report
- Page 45 and 46: CHAPTER 6Configuring a NetworkConfi
- Page 47 and 48: Setting up a routed network• All
- Page 49 and 50: Defining a host routeDefining a hos
- Page 51 and 52: Defining a Firebox as a DHCP server
- Page 53 and 54:
CHAPTER 7Blocking Sites and PortsMa
- Page 55 and 56:
Blocking a port permanently3 In the
- Page 57 and 58:
CHAPTER 8Configuring ServicesThe Se
- Page 59 and 60:
Defining service properties8 In the
- Page 61 and 62:
Modifying a serviceThe following ex
- Page 63 and 64:
Setting up proxy servicesSelecting
- Page 65 and 66:
Setting up proxy servicesand transm
- Page 67 and 68:
Service precedencecheck. In the lat
- Page 69 and 70:
CHAPTER 9Controlling Web TrafficWeb
- Page 71 and 72:
Configuring the WebBlocker serviceP
- Page 73 and 74:
CHAPTER 10Setting Up NetworkAddress
- Page 75 and 76:
Using service-based NATUsing servic
- Page 77 and 78:
Configuring a service for incoming
- Page 79 and 80:
CHAPTER 11Setting Up Logging andNot
- Page 81 and 82:
Designating Event Processors for a
- Page 83 and 84:
Setting up the LiveSecurity Event P
- Page 85 and 86:
Setting global logging and notifica
- Page 87 and 88:
Customizing logging and notificatio
- Page 89 and 90:
CHAPTER 12Connect with Out-of-Band
- Page 91 and 92:
Configuring the Firebox for OOB5 En
- Page 93:
PART IVAdministering a SecurityPoli
- Page 96 and 97:
Using host aliasesAdding a host ali
- Page 98 and 99:
Configuring Firebox authenticationC
- Page 100 and 101:
Configuring CRYPTOCard server authe
- Page 102 and 103:
Using authentication to define remo
- Page 104 and 105:
Firebox MonitorsSetting Firebox Mon
- Page 106 and 107:
Firebox MonitorsLogging optionsLogg
- Page 108 and 109:
HostWatchARP tableA snapshot of the
- Page 110 and 111:
HostWatch6 To change playback prope
- Page 112 and 113:
HostWatch102
- Page 114 and 115:
Viewing files with LogViewer2 Confi
- Page 116 and 117:
Working with log filesIP header len
- Page 118 and 119:
Working with log files108
- Page 120 and 121:
Specifying report sectionsCreating
- Page 122 and 123:
Exporting reports6 Enter the number
- Page 124 and 125:
Scheduling and running reportsDelet
- Page 126 and 127:
Report sections and consolidated se
- Page 128 and 129:
Report sections and consolidated se
- Page 130 and 131:
120
- Page 132 and 133:
Using DVCP to connect to devices•
- Page 134 and 135:
Branch office VPN with IPSecFrom Po
- Page 136 and 137:
Branch office VPN with IPSecdescrib
- Page 138 and 139:
Branch office VPN with IPSecbe acce
- Page 140 and 141:
Configuring WatchGuard VPNConfiguri
- Page 142 and 143:
Configuring WatchGuard VPN• Watch
- Page 144 and 145:
Configuring shared servers for RUVP
- Page 146 and 147:
Configuring the Firebox for Remote
- Page 148 and 149:
Configuring the Firebox for Mobile
- Page 150 and 151:
Configuring debugging optionsA prom
- Page 152 and 153:
Preparing the client computers• P
- Page 154 and 155:
Preparing the client computers10 Cl
- Page 156 and 157:
Using Remote User PPTPInstalling a
- Page 158 and 159:
Configuring debugging options148
- Page 160 and 161:
CChangingan interface IP address 39
- Page 162 and 163:
monitors 2, 32, 93BandwidthMeter 94
- Page 164 and 165:
for blocked sites 44global preferen
- Page 166 and 167:
pull-down menus 32services arena 32
- Page 168 and 169:
introduction 37Routes 97network con
- Page 170:
manager 17mobile user 18multiple-bo