WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
Setting up the LiveSecurity Event Processorcontrold -nt-install2 Start the LiveSecurity Event Processor service.Select Start => Settings => Control Panel. Double-click Services. Click WG LiveSecurity EventProcessor. Click Start. You can also restart your computer. The service starts automaticallyevery time the host reboots.3 To remove the Event Processor as a service, stop it using Control Panel. Then, atthe command line, type:controld -nt-removeIn addition, if the Event Processor is running as a service and you are using pop-upnotifications, you must ensure that the service can interact with the Desktop:1 In Control Panel, double-click Services. In Windows 2000, click Start => Settings =>Control Panel => Administrative Tools => Services.2 Click WG LiveSecurity Event Processor. Click Startup.3 Verify that the Allow Service To Interact With Desktop checkbox is enabled.If the Event Processor was running, restart it after saving the changes.Interactive mode from a DOS windowOn the Event Processor:1 Open a DOS window.Select Start => Programs => Command Prompt.2 Change directories to the WatchGuard installation directory.The default installation directory is C:\Program Files\WatchGuard.3 Type the following command:controld -NT-interactiveThe Event Processor starts. You can minimize the DOS window. Do not, however, close thewindow. Closing the DOS window halts the Event Processor.Viewing the Event ProcessorWhile the LiveSecurity Event Processor is running, a Firebox-and-traffic icon appearsin the Windows Desktop tray. To view the Event Processor, right-click the tray iconand select Log Center.If the Event Processor icon is not in the tray, in the Control Center, select LiveSecurity=> Logging => Event Processor Interface. To start the Event Processor interface whenyou log in to the system, add a shortcut to the Startup folder in the Start menu. TheWatchGuard installation program does this automatically if you set up logging.Starting and stopping the Event ProcessorThe Event Processor starts automatically when you start the host on which it resides.However, it is possible to stop or restart the Event Processor from its interface at anytime. Open the Event Processor interface:• To start the Event Processor, select File => Start Service.• To stop the Event Processor, select File => Stop Service.74
Setting global logging and notification preferencesSetting the log encryption keyThe log connection (but not the log file) between the Firebox and an Event Processoris encrypted for security purposes. Both the Management Station and the EventProcessor must possess the same encryption key.You must enter an encryption key in order for the Event Processor to receivelogs from the Firebox. It must be the same key used when adding an EventProcessor to the Management Station.From the LiveSecurity Event Processor:1 Select File => Set Log Encryption Key.2 Enter the log encryption key in both text boxes. Click OK.Setting global logging and notification preferencesThe LiveSecurity Event Processor lists the connected Firebox and displays its status. Ithas three control areas:• Log File tab – Specify the maximum number of records stored in the log file.• Reports tab – Schedule regular reports of log activity.• Notification tab – Control to whom and how notification takes place.Together, these controls set the general parameters for most global event processingand notification properties.Setting the interval for log rolloverLog records accumulate at different rates depending on the volume of network trafficand the logging and notification settings configured for services and properties. Youcan control when the Event Processor rolls log entries from one file to the next usingthe Log Files tab in the Event Processor. For example, configure the Event Processorto roll over from one log file to the next by time interval, number of entries, or both.From the Event Processor interface:1 Click the Log Files tab.2 For a time interval, enable the By Time Interval checkbox. Select the frequency.Use the Schedule First Log Roll For drop list to select a date. Use the scroll controlor enter the first time of day.3 For a record size, enable the By Number of Entries checkbox. Use the scroll controlor enter a number of log record entries.The Approximate Size field changes to display the approximate file size of the final log file. For adetailed description of each control, right-click it, and then select What’s This?.4 Click OK.The Event Processor Interface closes and saves your entries. New settings take effectimmediately.User Guide 75
- Page 33 and 34: Opening a configuration fileOpening
- Page 35 and 36: Setting the time zone• Use a comb
- Page 37 and 38: CHAPTER 5Using the WatchGuardContro
- Page 39 and 40: Control Center componentsThe first
- Page 41 and 42: Policy ManagerManipulating the Traf
- Page 43 and 44: Historical ReportsHistorical Report
- Page 45 and 46: CHAPTER 6Configuring a NetworkConfi
- Page 47 and 48: Setting up a routed network• All
- Page 49 and 50: Defining a host routeDefining a hos
- Page 51 and 52: Defining a Firebox as a DHCP server
- Page 53 and 54: CHAPTER 7Blocking Sites and PortsMa
- Page 55 and 56: Blocking a port permanently3 In the
- Page 57 and 58: CHAPTER 8Configuring ServicesThe Se
- Page 59 and 60: Defining service properties8 In the
- Page 61 and 62: Modifying a serviceThe following ex
- Page 63 and 64: Setting up proxy servicesSelecting
- Page 65 and 66: Setting up proxy servicesand transm
- Page 67 and 68: Service precedencecheck. In the lat
- Page 69 and 70: CHAPTER 9Controlling Web TrafficWeb
- Page 71 and 72: Configuring the WebBlocker serviceP
- Page 73 and 74: CHAPTER 10Setting Up NetworkAddress
- Page 75 and 76: Using service-based NATUsing servic
- Page 77 and 78: Configuring a service for incoming
- Page 79 and 80: CHAPTER 11Setting Up Logging andNot
- Page 81 and 82: Designating Event Processors for a
- Page 83: Setting up the LiveSecurity Event P
- Page 87 and 88: Customizing logging and notificatio
- Page 89 and 90: CHAPTER 12Connect with Out-of-Band
- Page 91 and 92: Configuring the Firebox for OOB5 En
- Page 93: PART IVAdministering a SecurityPoli
- Page 96 and 97: Using host aliasesAdding a host ali
- Page 98 and 99: Configuring Firebox authenticationC
- Page 100 and 101: Configuring CRYPTOCard server authe
- Page 102 and 103: Using authentication to define remo
- Page 104 and 105: Firebox MonitorsSetting Firebox Mon
- Page 106 and 107: Firebox MonitorsLogging optionsLogg
- Page 108 and 109: HostWatchARP tableA snapshot of the
- Page 110 and 111: HostWatch6 To change playback prope
- Page 112 and 113: HostWatch102
- Page 114 and 115: Viewing files with LogViewer2 Confi
- Page 116 and 117: Working with log filesIP header len
- Page 118 and 119: Working with log files108
- Page 120 and 121: Specifying report sectionsCreating
- Page 122 and 123: Exporting reports6 Enter the number
- Page 124 and 125: Scheduling and running reportsDelet
- Page 126 and 127: Report sections and consolidated se
- Page 128 and 129: Report sections and consolidated se
- Page 130 and 131: 120
- Page 132 and 133: Using DVCP to connect to devices•
Setting up the LiveSecurity Event Processorcontrold -nt-install2 Start the LiveSecurity Event Processor service.Select Start => Settings => Control Panel. Double-click Services. Click WG LiveSecurity EventProcessor. Click Start. You can also restart your computer. The service starts automaticallyevery time the host reboots.3 To remove the Event Processor as a service, stop it using Control Panel. Then, atthe command line, type:controld -nt-removeIn addition, if the Event Processor is running as a service and you are using pop-upnotifications, you must ensure that the service can interact with the Desktop:1 In Control Panel, double-click Services. In Windows 2000, click Start => Settings =>Control Panel => Administrative Tools => Services.2 Click WG LiveSecurity Event Processor. Click Startup.3 Verify that the Allow Service To Interact With Desktop checkbox is enabled.If the Event Processor was running, restart it after saving the changes.Interactive mode from a DOS windowOn the Event Processor:1 Open a DOS window.Select Start => Programs => Command Prompt.2 Change directories to the <strong>WatchGuard</strong> installation directory.The default installation directory is C:\Program Files\<strong>WatchGuard</strong>.3 Type the following command:controld -NT-interactiveThe Event Processor starts. You can minimize the DOS window. Do not, however, close thewindow. Closing the DOS window halts the Event Processor.Viewing the Event ProcessorWhile the LiveSecurity Event Processor is running, a <strong>Firebox</strong>-and-traffic icon appearsin the Windows Desktop tray. To view the Event Processor, right-click the tray iconand select Log Center.If the Event Processor icon is not in the tray, in the Control Center, select LiveSecurity=> Logging => Event Processor Interface. To start the Event Processor interface whenyou log in to the system, add a shortcut to the Startup folder in the Start menu. The<strong>WatchGuard</strong> installation program does this automatically if you set up logging.Starting and stopping the Event ProcessorThe Event Processor starts automatically when you start the host on which it resides.However, it is possible to stop or restart the Event Processor from its interface at anytime. Open the Event Processor interface:• To start the Event Processor, select File => Start Service.• To stop the Event Processor, select File => Stop Service.74