WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
Creating a new service7 You can add multiple services to the Services Arena while the Services dialog boxis open. When you finish adding services, click Close.The Services Arena displays an icon for each service added.8 Click File => Save => To Firebox to save your changes to the Firebox. Specify thelocation and name of the new configuration file.Creating a new serviceIn addition to well-known services, you can create and add a new or custom service.From Policy Manager:1 On the toolbar, click Add Services.2 Click New.3 Enter the name of the new service.It must be a unique name not already listed under Services in the Services dialog box.4 Enter a description of the new service.The description appears in the Details section of the Services dialog box when you select theservice.5 Click Add.Use the Add Port dialog box to configure the port for the new service.6 Use the Protocol drop list to select a protocol:TCPTCP-based servicesUDPUDP-based servicesHTTPServices examined by the HTTP proxyIPFilter a service using something other than TCP (protocol number 6) or UDP(protocol 17) for the next-level protocol. Select IP to create a protocol numberservice.7 Use the Client Port drop list to select a client port:IgnoreClient ports will ignore the source port.SecureClient is dynamically allocated a port less than 1024 (for secure services such asSSH).PortClient port uses same port as listed in the Port number field of the service’s icon.ClientClient is dynamically allocated a port above 1000.48
Defining service properties8 In the Port text box, enter the well-known port number for this service.For a list of well-known services and their associated ports, see the Reference Guide or OnlineHelp.9 Click OK.Policy Manager adds the port configuration to the New Service dialog box.10 Verify that the name, description, and configuration of this service are correct.11 Click Add to configure another port for this service. Repeat the process until allports for the service are configured. When you finish, click OK.The Services dialog box appears with the new service. You can now add the custom service to theServices Arena just as you would an existing service. For more information, see “Adding anexisting service” on page 47.12 Click File => Save => To Firebox to save your changes to the Firebox. Specify thelocation and name of the new configuration file.Defining service propertiesUse the Properties dialog box to configure a service’s incoming and outgoing accessrules. Defining service properties includes:• Adding incoming hosts, networks, and users• Adding outgoing hosts, networks, and usersThe Properties dialog box for a typical service displays Incoming and Outgoing tabs.The Incoming tab defines which hosts and users outside the Firebox can use theservice to initiate sessions with your protected users and hosts. The Outgoing tabdefines which hosts and users behind the Firebox can use the service to initiatesessions with an outside host. You can make any service a one-directional filter bysetting the Connections Are drop list to Disabled.After defining service properties, you need to save your configuration file, asdescribed at the end of the previous procedures.Adding incoming service propertiesFrom Policy Manager:1 In the Services Arena, double-click the service.The Properties dialog box appears, displaying the Incoming tab.2 Use the Incoming Connections Are drop list to select Enabled and Allowed.3 To define specific external users or hosts that the service will allow in, click Addbeneath the From list.The Add Address dialog box appears. For a description, see “Adding addresses to serviceproperties” on page 50.4 To define specific destinations within the Trusted network that can receivethrough the service, click Add beneath the To list.5 To customize logging and notification for incoming traffic for this service, clickLogging. Configure logging and notification according to your security policypreferences.For a description of each control, right-click the control and then click What’s This?6 Click OK.User Guide 49
- Page 8 and 9: Resetting Firebox passphrases .....
- Page 10 and 11: CHAPTER 15 Reviewing and Working wi
- Page 12 and 13: WatchGuard Firebox System component
- Page 14 and 15: Minimum requirementsHardware requir
- Page 17 and 18: CHAPTER 1LiveSecurity ServiceNo Int
- Page 19 and 20: LiveSecurity broadcasts• The Lice
- Page 21 and 22: CHAPTER 2Technical SupportDevelopin
- Page 23 and 24: TrainingAfter you enter your LiveSe
- Page 25 and 26: Online Help• On any platform, bro
- Page 27 and 28: CHAPTER 3WatchGuard OptionsThe Watc
- Page 29 and 30: PART IIIConfiguring a SecurityPolic
- Page 31 and 32: CHAPTER 4Firebox BasicsThis chapter
- Page 33 and 34: Opening a configuration fileOpening
- Page 35 and 36: Setting the time zone• Use a comb
- Page 37 and 38: CHAPTER 5Using the WatchGuardContro
- Page 39 and 40: Control Center componentsThe first
- Page 41 and 42: Policy ManagerManipulating the Traf
- Page 43 and 44: Historical ReportsHistorical Report
- Page 45 and 46: CHAPTER 6Configuring a NetworkConfi
- Page 47 and 48: Setting up a routed network• All
- Page 49 and 50: Defining a host routeDefining a hos
- Page 51 and 52: Defining a Firebox as a DHCP server
- Page 53 and 54: CHAPTER 7Blocking Sites and PortsMa
- Page 55 and 56: Blocking a port permanently3 In the
- Page 57: CHAPTER 8Configuring ServicesThe Se
- Page 61 and 62: Modifying a serviceThe following ex
- Page 63 and 64: Setting up proxy servicesSelecting
- Page 65 and 66: Setting up proxy servicesand transm
- Page 67 and 68: Service precedencecheck. In the lat
- Page 69 and 70: CHAPTER 9Controlling Web TrafficWeb
- Page 71 and 72: Configuring the WebBlocker serviceP
- Page 73 and 74: CHAPTER 10Setting Up NetworkAddress
- Page 75 and 76: Using service-based NATUsing servic
- Page 77 and 78: Configuring a service for incoming
- Page 79 and 80: CHAPTER 11Setting Up Logging andNot
- Page 81 and 82: Designating Event Processors for a
- Page 83 and 84: Setting up the LiveSecurity Event P
- Page 85 and 86: Setting global logging and notifica
- Page 87 and 88: Customizing logging and notificatio
- Page 89 and 90: CHAPTER 12Connect with Out-of-Band
- Page 91 and 92: Configuring the Firebox for OOB5 En
- Page 93: PART IVAdministering a SecurityPoli
- Page 96 and 97: Using host aliasesAdding a host ali
- Page 98 and 99: Configuring Firebox authenticationC
- Page 100 and 101: Configuring CRYPTOCard server authe
- Page 102 and 103: Using authentication to define remo
- Page 104 and 105: Firebox MonitorsSetting Firebox Mon
- Page 106 and 107: Firebox MonitorsLogging optionsLogg
Defining service properties8 In the Port text box, enter the well-known port number for this service.For a list of well-known services and their associated ports, see the Reference <strong>Guide</strong> or OnlineHelp.9 Click OK.Policy Manager adds the port configuration to the New Service dialog box.10 Verify that the name, description, and configuration of this service are correct.11 Click Add to configure another port for this service. Repeat the process until allports for the service are configured. When you finish, click OK.The Services dialog box appears with the new service. You can now add the custom service to theServices Arena just as you would an existing service. For more information, see “Adding anexisting service” on page 47.12 Click File => Save => To <strong>Firebox</strong> to save your changes to the <strong>Firebox</strong>. Specify thelocation and name of the new configuration file.Defining service propertiesUse the Properties dialog box to configure a service’s incoming and outgoing accessrules. Defining service properties includes:• Adding incoming hosts, networks, and users• Adding outgoing hosts, networks, and usersThe Properties dialog box for a typical service displays Incoming and Outgoing tabs.The Incoming tab defines which hosts and users outside the <strong>Firebox</strong> can use theservice to initiate sessions with your protected users and hosts. The Outgoing tabdefines which hosts and users behind the <strong>Firebox</strong> can use the service to initiatesessions with an outside host. You can make any service a one-directional filter bysetting the Connections Are drop list to Disabled.After defining service properties, you need to save your configuration file, asdescribed at the end of the previous procedures.Adding incoming service propertiesFrom Policy Manager:1 In the Services Arena, double-click the service.The Properties dialog box appears, displaying the Incoming tab.2 Use the Incoming Connections Are drop list to select Enabled and Allowed.3 To define specific external users or hosts that the service will allow in, click Addbeneath the From list.The Add Address dialog box appears. For a description, see “Adding addresses to serviceproperties” on page 50.4 To define specific destinations within the Trusted network that can receivethrough the service, click Add beneath the To list.5 To customize logging and notification for incoming traffic for this service, clickLogging. Configure logging and notification according to your security policypreferences.For a description of each control, right-click the control and then click What’s This?6 Click OK.<strong>User</strong> <strong>Guide</strong> 49