WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
What is a Firebox?Placing a Firebox within a networkThe most common location for a Firebox is directly behind the Internet router, aspictured below:InternetThe Security ChallengeRouterEvent ProcessorFirebox IIManagementStationTrusted NetworkOptional NetworkSMTP ServerHTTP ServerFTP ServerOther parts of the network are as follows:Management StationThe computer on which you install and run the WatchGuard LiveSecurity ControlCenter.Event ProcessorThe computer that receives and stores log messages and sends alerts andnotifications. You can configure the Management Station to also serve as the EventProcessor.Trusted networkThe network behind the firewall that must be protected from the securitychallenge.External networkThe network presenting the security challenge, typically the Internet.Optional networkA network protected by the firewall but still accessible from the trusted and theexternal networks. Typically, the optional network is used for public servers suchas an FTP or Web server.22
Opening a configuration fileOpening a configuration filePolicy Manager is a comprehensive software tool for creating, modifying, and savingconfiguration files. A configuration file, with the extension .cfg, contains all thesettings, options, addresses, and information that together constitute your Fireboxsecurity policy. You can open and edit a configuration file residing on either yourlocal hard disk or in the primary area of the Firebox flash disk. From Policy Manager:1 Select Start => Programs => WatchGuard => Control Center.2 If you are prompted to run the Quick Setup wizard, click Continue.3 If you are prompted to connect to the Firebox, click Cancel.4 From within the WatchGuard Control Center (or WatchGuard VPNManager if you purchased this option), click the Policy Manager icon(shown at right).Opening a configuration from the FireboxFrom Policy Manager in the Advanced view:1 Click File => Open => Firebox.2 Use the Firebox drop list to select a Firebox.You can also type the IP address or DNS name of the Firebox.3 In the Passphrase text box, type the Firebox monitoring passphrase. Click OK.You can use either the monitoring (read-only) or configuration (read-write) passphrase. However,to save the configuration to the Firebox you must use the configuration passphrase. Theconfiguration file stored on the primary area of the Firebox flash disk opens, and configuredservices appear in the Services Arena.Opening a configuration from a local hard diskFrom Policy Manager in the Advanced View:1 Select File => Open => Configuration File.To bring up the Advanced view of Policy Manager, select View => Advanced. A checkmark willappear next to the menu option.2 Locate and select the configuration file to open. Click Open.The configuration file opens and configured services appear in the Services Arena.Saving a configuration fileAfter making changes to a configuration file, you must save it to a local hard disk.When you save a new configuration directly to a Firebox, Policy Manager promptsyou to restart that Firebox so that it will use the new configuration. The new policy isnot active until the Firebox finishes rebooting. Some tasks, such as adding newFirebox users and changing certain IPSec settings, do not require a restart in order totake effect.VPN Manager Guide 23
- Page 1 and 2: WatchGuard ®Firebox SystemUser Gu
- Page 3 and 4: condition that you accept all of th
- Page 5: Declaration of ConformityWatchGuard
- Page 8 and 9: Resetting Firebox passphrases .....
- Page 10 and 11: CHAPTER 15 Reviewing and Working wi
- Page 12 and 13: WatchGuard Firebox System component
- Page 14 and 15: Minimum requirementsHardware requir
- Page 17 and 18: CHAPTER 1LiveSecurity ServiceNo Int
- Page 19 and 20: LiveSecurity broadcasts• The Lice
- Page 21 and 22: CHAPTER 2Technical SupportDevelopin
- Page 23 and 24: TrainingAfter you enter your LiveSe
- Page 25 and 26: Online Help• On any platform, bro
- Page 27 and 28: CHAPTER 3WatchGuard OptionsThe Watc
- Page 29 and 30: PART IIIConfiguring a SecurityPolic
- Page 31: CHAPTER 4Firebox BasicsThis chapter
- Page 35 and 36: Setting the time zone• Use a comb
- Page 37 and 38: CHAPTER 5Using the WatchGuardContro
- Page 39 and 40: Control Center componentsThe first
- Page 41 and 42: Policy ManagerManipulating the Traf
- Page 43 and 44: Historical ReportsHistorical Report
- Page 45 and 46: CHAPTER 6Configuring a NetworkConfi
- Page 47 and 48: Setting up a routed network• All
- Page 49 and 50: Defining a host routeDefining a hos
- Page 51 and 52: Defining a Firebox as a DHCP server
- Page 53 and 54: CHAPTER 7Blocking Sites and PortsMa
- Page 55 and 56: Blocking a port permanently3 In the
- Page 57 and 58: CHAPTER 8Configuring ServicesThe Se
- Page 59 and 60: Defining service properties8 In the
- Page 61 and 62: Modifying a serviceThe following ex
- Page 63 and 64: Setting up proxy servicesSelecting
- Page 65 and 66: Setting up proxy servicesand transm
- Page 67 and 68: Service precedencecheck. In the lat
- Page 69 and 70: CHAPTER 9Controlling Web TrafficWeb
- Page 71 and 72: Configuring the WebBlocker serviceP
- Page 73 and 74: CHAPTER 10Setting Up NetworkAddress
- Page 75 and 76: Using service-based NATUsing servic
- Page 77 and 78: Configuring a service for incoming
- Page 79 and 80: CHAPTER 11Setting Up Logging andNot
- Page 81 and 82: Designating Event Processors for a
Opening a configuration fileOpening a configuration filePolicy Manager is a comprehensive software tool for creating, modifying, and savingconfiguration files. A configuration file, with the extension .cfg, contains all thesettings, options, addresses, and information that together constitute your <strong>Firebox</strong>security policy. You can open and edit a configuration file residing on either yourlocal hard disk or in the primary area of the <strong>Firebox</strong> flash disk. From Policy Manager:1 Select Start => Programs => <strong>WatchGuard</strong> => Control Center.2 If you are prompted to run the Quick Setup wizard, click Continue.3 If you are prompted to connect to the <strong>Firebox</strong>, click Cancel.4 From within the <strong>WatchGuard</strong> Control Center (or <strong>WatchGuard</strong> VPNManager if you purchased this option), click the Policy Manager icon(shown at right).Opening a configuration from the <strong>Firebox</strong>From Policy Manager in the Advanced view:1 Click File => Open => <strong>Firebox</strong>.2 Use the <strong>Firebox</strong> drop list to select a <strong>Firebox</strong>.You can also type the IP address or DNS name of the <strong>Firebox</strong>.3 In the Passphrase text box, type the <strong>Firebox</strong> monitoring passphrase. Click OK.You can use either the monitoring (read-only) or configuration (read-write) passphrase. However,to save the configuration to the <strong>Firebox</strong> you must use the configuration passphrase. Theconfiguration file stored on the primary area of the <strong>Firebox</strong> flash disk opens, and configuredservices appear in the Services Arena.Opening a configuration from a local hard diskFrom Policy Manager in the Advanced View:1 Select File => Open => Configuration File.To bring up the Advanced view of Policy Manager, select View => Advanced. A checkmark willappear next to the menu option.2 Locate and select the configuration file to open. Click Open.The configuration file opens and configured services appear in the Services Arena.Saving a configuration fileAfter making changes to a configuration file, you must save it to a local hard disk.When you save a new configuration directly to a <strong>Firebox</strong>, Policy Manager promptsyou to restart that <strong>Firebox</strong> so that it will use the new configuration. The new policy isnot active until the <strong>Firebox</strong> finishes rebooting. Some tasks, such as adding new<strong>Firebox</strong> users and changing certain IPSec settings, do not require a restart in order totake effect.VPN Manager <strong>Guide</strong> 23