WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Setting up a drop-in networkThe QuickSetup wizard also writes a basic configuration file calledwizard.cfg to the hard disk of the Management Station. If you later want to expandor change the basic <strong>Firebox</strong> configuration using Policy Manager, use wizard.cfg asthe base file to which you make changes.You can run the QuickSetup wizard again at any time to a create new, basicconfiguration file.The QuickSetup wizard replaces the configuration file, writing over any priorversion. To make a backup copy of the configuration file on the flash disk, seethe <strong>Firebox</strong> <strong>System</strong> Area chapter in the Reference <strong>Guide</strong>.To run the QuickSetup wizard:1 Complete the Network Configuration Worksheet.A copy is included with the Install <strong>Guide</strong>. It can also be found as a .pdf file in the <strong>WatchGuard</strong>Documentation directory.2 From the Windows Desktop, select Start => Programs => <strong>WatchGuard</strong> =>QuickSetup Wizard.You can also, from the Control Center, select LiveSecurity => QuickSetup Wizard. TheQuickSetup wizard prompts for information about your network and security policy preferences.Documentation for running the QuickSetup wizard is contained in thewizard’s on-panel instructions, Install <strong>Guide</strong>, and Online Help.When the wizard prompts you to enter monitoring (read-only) andconfiguration (read-write) passphrases, use two completely differentpassphrases.Setting up a drop-in networkA drop-in network configuration is useful for situations where you can distributenetwork address space across the <strong>Firebox</strong> interfaces. In a drop-in configuration, youplace the <strong>Firebox</strong> physically between the router and the LAN, without reconfiguringany of the machines on the Trusted interface.Characteristics of a drop-in configuration:• A single network that is not subdivided into smaller networks; the network is notsubnetted.• <strong>WatchGuard</strong> performs proxy ARP.- The <strong>Firebox</strong> answers ARP requests for machines that cannot hear thebroadcasts.- The <strong>Firebox</strong> can be placed in a network without changing default gateways onthe Trusted hosts. This is because the <strong>Firebox</strong> answers for the router, eventhough the router cannot hear the Trusted host’s ARP requests.- To enable proxy ARP, you must assign the same IP address to all threeinterfaces for the <strong>Firebox</strong>. This is the only supported address assignment indrop-in configuration.• All Trusted computers must have their ARP caches flushed.• The Trusted interface ARP address replaces the router’s ARP address.36