WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
Resetting Firebox passphrasesSaving a configuration to the local hard diskFrom Policy Manager in the Advanced view:1 Select File => Save => As File.The Save dialog box appears.2 Enter the name of the file.The default is to save the file to the WatchGuard directory.3 Click Save.The configuration file is saved to the local hard disk.Saving a configuration to the FireboxFrom Policy Manager in the Advanced view:1 Select File => Save => To Firebox.2 Use the Firebox drop list to select a Firebox.3 Enter the configuration (read-write) passphrase. Click OK.The configuration file is saved first to the local hard disk and then to the primary area of theFirebox flash disk. You are prompted to restart the Firebox. The new Firebox configuration willnot be enabled until the Firebox is restarted.4 If you entered the IP address of a different Firebox, you are asked to confirm yourchoice. Click Yes.Resetting Firebox passphrasesWatchGuard recommends that for optimum security you periodically change theFirebox passphrases. To do this, you must have the current configuration passphrase.From Policy Manager:1 Open the configuration file running on the Firebox.For more information, see “Opening a configuration from the Firebox” on page 23.2 Select File => Save => To Firebox.3 Use the Firebox drop list to select a Firebox. Enter the configuration passphrase.Click OK.4 Enable the Save To Firebox checkbox. Select Save Configuration File and NewFlash Image. Click Continue.5 Enter the new monitoring (read-only) and configuration (read-write) passphrases.Click OK.The new image, including the new passphrases, is saved to the Firebox, and the Fireboxautomatically restarts.Make certain that your monitoring and configuration passphrases are different from one another.Tips for creating secure passphrasesAlthough an attacker could crack any passphrase eventually, you can toughen yourpassphrases using the following tips:• Don’t use words in standard dictionaries, even if you use them backward or in aforeign language. Create your own acronyms instead.• Don’t use proper names, especially company names or those of famous people.24
Setting the time zone• Use a combination of uppercase and lowercase characters, numerals, and specialcharacters (such as Im4e@tiN9).Setting the time zoneThe Firebox time zone determines the date and time stamp that appear on logs andthat are displayed by services such as LogViewer, Historical Reports, andWebBlocker. Use the time zone to view log information in local time. The default timezone is Greenwich Mean Time (Coordinated Universal Time).From Policy Manager in the Advanced view:1 Select Setup => Time Zone.2 Use the drop list to select a time zone. Click OK.Check the drop list carefully. WatchGuard provides a comprehensive list of time zones toaccommodate areas in the same general time zone that follow different rules regarding theobservance and/or onset and rollback of Daylight Saving Time, and other timekeeping details.Reinitializing a misconfigured FireboxThe Firebox can boot from the primary area of the flash disk (Sys A) in a mode thatprovides fail-safe access in cases when you need to:• Install a Firebox for the first time• Troubleshoot problems in which all access to the Firebox is lost• Reset Firebox passwords when you do not know or have forgotten themThis Enhanced System Mode is the default mode for new Fireboxes shipped from thefactory. If a Firebox is in this mode, its Sys A light blinks. A Firebox can also be placedinto Enhanced System Mode by connecting any two of the Firebox Ethernet interfacesin a loopback configuration. Use a red crossover cable included with the Firebox forthis purpose.To access a Firebox in Enhanced System Mode:1 Establish a physical Ethernet connection between the Trusted interface of theFirebox and the Management Station on the same segment.2 Attach the red crossover cable between the remaining two Firebox interfaces, andthen turn the power on the Firebox off and then on. If a small, “factory default”switch is present on the rear of the Firebox, press and hold that switch while youturn the Firebox power off and then on.The Firebox boots into the Enhanced System Mode. This is indicated by a blinking Sys A light.3 Reinitialize the Firebox using the QuickSetup wizard.For more information on the QuickSetup wizard, see the Install Guide.4 When you complete the QuickSetup wizard, remove the loopback cable (assumingyour Firebox has one) and return the Firebox to its regular position in yournetwork. The Firebox resumes normal operation the next time it restarts.Some Fireboxes have a factory default button. To place the unit into factory defaultmode, press and hold this button during power-upVPN Manager Guide 25
- Page 1 and 2: WatchGuard ®Firebox SystemUser Gu
- Page 3 and 4: condition that you accept all of th
- Page 5: Declaration of ConformityWatchGuard
- Page 8 and 9: Resetting Firebox passphrases .....
- Page 10 and 11: CHAPTER 15 Reviewing and Working wi
- Page 12 and 13: WatchGuard Firebox System component
- Page 14 and 15: Minimum requirementsHardware requir
- Page 17 and 18: CHAPTER 1LiveSecurity ServiceNo Int
- Page 19 and 20: LiveSecurity broadcasts• The Lice
- Page 21 and 22: CHAPTER 2Technical SupportDevelopin
- Page 23 and 24: TrainingAfter you enter your LiveSe
- Page 25 and 26: Online Help• On any platform, bro
- Page 27 and 28: CHAPTER 3WatchGuard OptionsThe Watc
- Page 29 and 30: PART IIIConfiguring a SecurityPolic
- Page 31 and 32: CHAPTER 4Firebox BasicsThis chapter
- Page 33: Opening a configuration fileOpening
- Page 37 and 38: CHAPTER 5Using the WatchGuardContro
- Page 39 and 40: Control Center componentsThe first
- Page 41 and 42: Policy ManagerManipulating the Traf
- Page 43 and 44: Historical ReportsHistorical Report
- Page 45 and 46: CHAPTER 6Configuring a NetworkConfi
- Page 47 and 48: Setting up a routed network• All
- Page 49 and 50: Defining a host routeDefining a hos
- Page 51 and 52: Defining a Firebox as a DHCP server
- Page 53 and 54: CHAPTER 7Blocking Sites and PortsMa
- Page 55 and 56: Blocking a port permanently3 In the
- Page 57 and 58: CHAPTER 8Configuring ServicesThe Se
- Page 59 and 60: Defining service properties8 In the
- Page 61 and 62: Modifying a serviceThe following ex
- Page 63 and 64: Setting up proxy servicesSelecting
- Page 65 and 66: Setting up proxy servicesand transm
- Page 67 and 68: Service precedencecheck. In the lat
- Page 69 and 70: CHAPTER 9Controlling Web TrafficWeb
- Page 71 and 72: Configuring the WebBlocker serviceP
- Page 73 and 74: CHAPTER 10Setting Up NetworkAddress
- Page 75 and 76: Using service-based NATUsing servic
- Page 77 and 78: Configuring a service for incoming
- Page 79 and 80: CHAPTER 11Setting Up Logging andNot
- Page 81 and 82: Designating Event Processors for a
- Page 83 and 84: Setting up the LiveSecurity Event P
Setting the time zone• Use a combination of uppercase and lowercase characters, numerals, and specialcharacters (such as Im4e@tiN9).Setting the time zoneThe <strong>Firebox</strong> time zone determines the date and time stamp that appear on logs andthat are displayed by services such as LogViewer, Historical Reports, andWebBlocker. Use the time zone to view log information in local time. The default timezone is Greenwich Mean Time (Coordinated Universal Time).From Policy Manager in the Advanced view:1 Select Setup => Time Zone.2 Use the drop list to select a time zone. Click OK.Check the drop list carefully. <strong>WatchGuard</strong> provides a comprehensive list of time zones toaccommodate areas in the same general time zone that follow different rules regarding theobservance and/or onset and rollback of Daylight Saving Time, and other timekeeping details.Reinitializing a misconfigured <strong>Firebox</strong>The <strong>Firebox</strong> can boot from the primary area of the flash disk (Sys A) in a mode thatprovides fail-safe access in cases when you need to:• Install a <strong>Firebox</strong> for the first time• Troubleshoot problems in which all access to the <strong>Firebox</strong> is lost• Reset <strong>Firebox</strong> passwords when you do not know or have forgotten themThis Enhanced <strong>System</strong> Mode is the default mode for new <strong>Firebox</strong>es shipped from thefactory. If a <strong>Firebox</strong> is in this mode, its Sys A light blinks. A <strong>Firebox</strong> can also be placedinto Enhanced <strong>System</strong> Mode by connecting any two of the <strong>Firebox</strong> Ethernet interfacesin a loopback configuration. Use a red crossover cable included with the <strong>Firebox</strong> forthis purpose.To access a <strong>Firebox</strong> in Enhanced <strong>System</strong> Mode:1 Establish a physical Ethernet connection between the Trusted interface of the<strong>Firebox</strong> and the Management Station on the same segment.2 Attach the red crossover cable between the remaining two <strong>Firebox</strong> interfaces, andthen turn the power on the <strong>Firebox</strong> off and then on. If a small, “factory default”switch is present on the rear of the <strong>Firebox</strong>, press and hold that switch while youturn the <strong>Firebox</strong> power off and then on.The <strong>Firebox</strong> boots into the Enhanced <strong>System</strong> Mode. This is indicated by a blinking Sys A light.3 Reinitialize the <strong>Firebox</strong> using the QuickSetup wizard.For more information on the QuickSetup wizard, see the Install <strong>Guide</strong>.4 When you complete the QuickSetup wizard, remove the loopback cable (assumingyour <strong>Firebox</strong> has one) and return the <strong>Firebox</strong> to its regular position in yournetwork. The <strong>Firebox</strong> resumes normal operation the next time it restarts.Some <strong>Firebox</strong>es have a factory default button. To place the unit into factory defaultmode, press and hold this button during power-upVPN Manager <strong>Guide</strong> 25