WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
Using host aliasesAdding a host aliasFrom Policy Manager:1 Select Setup => Authentication.The Member Access and Authentication Setup dialog box appears.2 Click the Aliases tab.3 Click Add.4 In the Host Alias Name text box, enter the name used to identify the alias whenconfiguring services and authentication.5 Click Add.The Add Address dialog box appears.6 Define the alias by adding hosts or users. To add an existing member, click thename in the Members list. Click Add.7 To configure a new member, click Add Other.The Add Member dialog box appears.8 Use the Choose Type drop list to select a category. In the Value text box, enter theaddress or host name. Click OK.9 When you finish adding members, click OK.The Host Alias dialog box appears listing the new alias. Click the alias to view its members.Modifying a host aliasUse the Host Alias dialog box to review or modify a host alias configuration. FromPolicy Manager:1 Select Setup => Authentication. Click the Aliases tab.The Member Access and Authentication Setup dialog box appears displaying the Aliases tab.2 Click the host to review or modify. Click Edit.The Host Alias dialog box appears, displaying the host’s members.3 To add new members, click Add and follow the directions described in steps 6—9 ofthe previous procedure. To delete members, select them and click Remove.4 When you finish reviewing or modifying the host alias, click OK.Removing a host aliasWhen you remove a host alias from the Aliases list, you must also remove the aliasfrom any services configured to use the alias. From Policy Manager:1 Select Setup =>Authentication. Click the Aliases tab.The Member Access and Authentication Setup dialog box appears, displaying the Aliases tab.2 Click the host to remove. Click Remove.3 Click OK.The Member Access and Authentication dialog box closes.4 In the Services Arena, double-click a service that is configured to use the alias.The service’s Properties dialog box appears and displays the Incoming tab.5 Remove the alias from the Incoming and Outgoing tabs as appropriate.For more information, see “Defining service properties” on page 49.6 Repeat these steps for every service configured with the host alias you removed.86
What is user authentication?What is user authentication?User authentication allows the tracking of connections based on name rather than IPaddress. With authentication, it no longer matters what IP address is used or fromwhich machine a person chooses to work; the username defines the permissions ofthe user, and follows the user from workstation to workstation.To gain access to Internet services (such as outgoing HTTP or outgoing FTP), the userprovides authenticating data in the form of a username and password. For theduration of the authentication, the session name is tied to connections originatingfrom the IP address from which the individual authenticated.For more information about authentication, see the Network Security Handbook.User authentication typesThe WatchGuard Firebox System supports five authentication methods identified bythe server type used:• Firebox• Windows NT• RADIUS• CRYPTOCard• SecurIDA client performs the same sequence of tasks to authenticate against any of the fivetypes of authentication. For the administrator, the Firebox method requires theadministrator to add usernames, passwords, and groups using Policy Manager, whilethe other four methods require storing the data on the server performingauthentication.While more than one type of authentication scheme can be implemented, onlyone type of authentication can be applied to a single user session.How user authentication worksA specialized-HTTP server runs on the Firebox. To authenticate, clients must connectto the authentication server using a Java-enabled Web browser pointed tohttp://IP address of any Firebox interface:4100/A Java applet loads a prompt for a username and password that it then passes to theauthentication server using a challenge-response protocol. Once successfullyauthenticated, users minimize the Java applet and browser window and begin usingallowed network services.As long as the Java window remains active (it can be minimized but not closed) andthe Firebox doesn’t reboot, users remain authenticated until the session times out. Toprevent an account from authenticating, disable the account on the authenticationserver.VPN Manager Guide 87
- Page 45 and 46: CHAPTER 6Configuring a NetworkConfi
- Page 47 and 48: Setting up a routed network• All
- Page 49 and 50: Defining a host routeDefining a hos
- Page 51 and 52: Defining a Firebox as a DHCP server
- Page 53 and 54: CHAPTER 7Blocking Sites and PortsMa
- Page 55 and 56: Blocking a port permanently3 In the
- Page 57 and 58: CHAPTER 8Configuring ServicesThe Se
- Page 59 and 60: Defining service properties8 In the
- Page 61 and 62: Modifying a serviceThe following ex
- Page 63 and 64: Setting up proxy servicesSelecting
- Page 65 and 66: Setting up proxy servicesand transm
- Page 67 and 68: Service precedencecheck. In the lat
- Page 69 and 70: CHAPTER 9Controlling Web TrafficWeb
- Page 71 and 72: Configuring the WebBlocker serviceP
- Page 73 and 74: CHAPTER 10Setting Up NetworkAddress
- Page 75 and 76: Using service-based NATUsing servic
- Page 77 and 78: Configuring a service for incoming
- Page 79 and 80: CHAPTER 11Setting Up Logging andNot
- Page 81 and 82: Designating Event Processors for a
- Page 83 and 84: Setting up the LiveSecurity Event P
- Page 85 and 86: Setting global logging and notifica
- Page 87 and 88: Customizing logging and notificatio
- Page 89 and 90: CHAPTER 12Connect with Out-of-Band
- Page 91 and 92: Configuring the Firebox for OOB5 En
- Page 93: PART IVAdministering a SecurityPoli
- Page 98 and 99: Configuring Firebox authenticationC
- Page 100 and 101: Configuring CRYPTOCard server authe
- Page 102 and 103: Using authentication to define remo
- Page 104 and 105: Firebox MonitorsSetting Firebox Mon
- Page 106 and 107: Firebox MonitorsLogging optionsLogg
- Page 108 and 109: HostWatchARP tableA snapshot of the
- Page 110 and 111: HostWatch6 To change playback prope
- Page 112 and 113: HostWatch102
- Page 114 and 115: Viewing files with LogViewer2 Confi
- Page 116 and 117: Working with log filesIP header len
- Page 118 and 119: Working with log files108
- Page 120 and 121: Specifying report sectionsCreating
- Page 122 and 123: Exporting reports6 Enter the number
- Page 124 and 125: Scheduling and running reportsDelet
- Page 126 and 127: Report sections and consolidated se
- Page 128 and 129: Report sections and consolidated se
- Page 130 and 131: 120
- Page 132 and 133: Using DVCP to connect to devices•
- Page 134 and 135: Branch office VPN with IPSecFrom Po
- Page 136 and 137: Branch office VPN with IPSecdescrib
- Page 138 and 139: Branch office VPN with IPSecbe acce
- Page 140 and 141: Configuring WatchGuard VPNConfiguri
- Page 142 and 143: Configuring WatchGuard VPN• Watch
- Page 144 and 145: Configuring shared servers for RUVP
Using host aliasesAdding a host aliasFrom Policy Manager:1 Select Setup => Authentication.The Member Access and Authentication Setup dialog box appears.2 Click the Aliases tab.3 Click Add.4 In the Host Alias Name text box, enter the name used to identify the alias whenconfiguring services and authentication.5 Click Add.The Add Address dialog box appears.6 Define the alias by adding hosts or users. To add an existing member, click thename in the Members list. Click Add.7 To configure a new member, click Add Other.The Add Member dialog box appears.8 Use the Choose Type drop list to select a category. In the Value text box, enter theaddress or host name. Click OK.9 When you finish adding members, click OK.The Host Alias dialog box appears listing the new alias. Click the alias to view its members.Modifying a host aliasUse the Host Alias dialog box to review or modify a host alias configuration. FromPolicy Manager:1 Select Setup => Authentication. Click the Aliases tab.The Member Access and Authentication Setup dialog box appears displaying the Aliases tab.2 Click the host to review or modify. Click Edit.The Host Alias dialog box appears, displaying the host’s members.3 To add new members, click Add and follow the directions described in steps 6—9 ofthe previous procedure. To delete members, select them and click Remove.4 When you finish reviewing or modifying the host alias, click OK.Removing a host aliasWhen you remove a host alias from the Aliases list, you must also remove the aliasfrom any services configured to use the alias. From Policy Manager:1 Select Setup =>Authentication. Click the Aliases tab.The Member Access and Authentication Setup dialog box appears, displaying the Aliases tab.2 Click the host to remove. Click Remove.3 Click OK.The Member Access and Authentication dialog box closes.4 In the Services Arena, double-click a service that is configured to use the alias.The service’s Properties dialog box appears and displays the Incoming tab.5 Remove the alias from the Incoming and Outgoing tabs as appropriate.For more information, see “Defining service properties” on page 49.6 Repeat these steps for every service configured with the host alias you removed.86