WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
Defining a Firebox as a DHCP server42
CHAPTER 7Blocking Sites and PortsMany types of network security attacks are easily identified by patterns found inpacket headers. Port space probes, address space probes, and spoofing attacks allexhibit characteristic behavior that a good firewall can recognize and protect against.WatchGuard allows both manual and dynamic blocking of ports and sites, and usesdefault packet-handling options to automatically and temporarily block hosts thatoriginate probes and attacks. Logging options can assist you in identifying suspectsites that repeatedly exhibit suspicious behavior. You can then manually andpermanently block a suspect site. In addition, you can protect ports with knownvulnerabilities by blocking their unauthorized use.Configuring default packet handlingThe WatchGuard Firebox System examines and handles packets according to defaultpacket-handling options that you set. The firewall examines the source of the packetand its intended destination by IP address and port number. It also watches forpatterns in successive packets that indicate unauthorized attempts to access thenetwork.The default packet-handling configuration determines whether and how the firewallhandles incoming communications that appear to be attacks on a network. Packethandling can:• Reject potentially threatening packets• Automatically block all communication from a source site• Add an event to the log• Send notification of potential security threatsFrom Policy Manager in the Advanced view:1 Select Setup => Default Packet Handling.User Guide 43
- Page 1 and 2: WatchGuard ®Firebox SystemUser Gu
- Page 3 and 4: condition that you accept all of th
- Page 5: Declaration of ConformityWatchGuard
- Page 8 and 9: Resetting Firebox passphrases .....
- Page 10 and 11: CHAPTER 15 Reviewing and Working wi
- Page 12 and 13: WatchGuard Firebox System component
- Page 14 and 15: Minimum requirementsHardware requir
- Page 17 and 18: CHAPTER 1LiveSecurity ServiceNo Int
- Page 19 and 20: LiveSecurity broadcasts• The Lice
- Page 21 and 22: CHAPTER 2Technical SupportDevelopin
- Page 23 and 24: TrainingAfter you enter your LiveSe
- Page 25 and 26: Online Help• On any platform, bro
- Page 27 and 28: CHAPTER 3WatchGuard OptionsThe Watc
- Page 29 and 30: PART IIIConfiguring a SecurityPolic
- Page 31 and 32: CHAPTER 4Firebox BasicsThis chapter
- Page 33 and 34: Opening a configuration fileOpening
- Page 35 and 36: Setting the time zone• Use a comb
- Page 37 and 38: CHAPTER 5Using the WatchGuardContro
- Page 39 and 40: Control Center componentsThe first
- Page 41 and 42: Policy ManagerManipulating the Traf
- Page 43 and 44: Historical ReportsHistorical Report
- Page 45 and 46: CHAPTER 6Configuring a NetworkConfi
- Page 47 and 48: Setting up a routed network• All
- Page 49 and 50: Defining a host routeDefining a hos
- Page 51: Defining a Firebox as a DHCP server
- Page 55 and 56: Blocking a port permanently3 In the
- Page 57 and 58: CHAPTER 8Configuring ServicesThe Se
- Page 59 and 60: Defining service properties8 In the
- Page 61 and 62: Modifying a serviceThe following ex
- Page 63 and 64: Setting up proxy servicesSelecting
- Page 65 and 66: Setting up proxy servicesand transm
- Page 67 and 68: Service precedencecheck. In the lat
- Page 69 and 70: CHAPTER 9Controlling Web TrafficWeb
- Page 71 and 72: Configuring the WebBlocker serviceP
- Page 73 and 74: CHAPTER 10Setting Up NetworkAddress
- Page 75 and 76: Using service-based NATUsing servic
- Page 77 and 78: Configuring a service for incoming
- Page 79 and 80: CHAPTER 11Setting Up Logging andNot
- Page 81 and 82: Designating Event Processors for a
- Page 83 and 84: Setting up the LiveSecurity Event P
- Page 85 and 86: Setting global logging and notifica
- Page 87 and 88: Customizing logging and notificatio
- Page 89 and 90: CHAPTER 12Connect with Out-of-Band
- Page 91 and 92: Configuring the Firebox for OOB5 En
- Page 93: PART IVAdministering a SecurityPoli
- Page 96 and 97: Using host aliasesAdding a host ali
- Page 98 and 99: Configuring Firebox authenticationC
- Page 100 and 101: Configuring CRYPTOCard server authe
Defining a <strong>Firebox</strong> as a DHCP server42