manualshive.com logo in svg

Watchguard Firebox V10, Installation Manual

The WatchGuard Firebox V10 is a top-tier security appliance designed to protect your network. Ensure optimal performance and understand all its features with the comprehensive Hardware Manual. Download this detailed, user-friendly manual for free from manualshive.com to get the most out of your Firebox V10.

Share
Download
background image

CHAPTER 4: Completing the Vcontroller Installation Wizard

62

Vcontroller 3.2

You can activate the following anti-hacker defense options:

Denial-of-service options

The options included in this dialog box safeguard your servers from 

denial-of-service

 (DOS) attacks.  Basically, all such attacks flood your 

network with requests for information, clogging your servers and 
possibly shutting down your site.  After you activate these options and set 
threshold numbers, the Firebox Vclass appliance will prevent such 
attacks.

ICMP Flood Attack

This option allows you to safeguard your network 
from a sustained flood of ICMP pings.  After 
clicking the checkbox, enter the threshold number 
in the accompanying text field that will trigger the 
denial-of-service protection.

SYN Flood Attack

This option allows you to safeguard your network 
from a sustained flood of TCP SYN requests 
without the corresponding ACK response.  After 
clicking the checkbox, enter the threshold number 
in the text field that will trigger the denial-of-
service protection.

UDP Flood Attack

This option allows you to safeguard your network 
from a sustained flood of UDP packets.  After 
clicking the checkbox, enter the threshold number 
in the text field that will trigger the denial-of-
service protection.

Ping of Death

This option safeguards your network from user-
defined large data-packet pings.  Click the 
checkbox to activate this denial-of-service 
protection.

IP Source Route

This option safeguards your network from a flood 
of false client IP addresses, designed to bypass 
firewall security.  Click the checkbox to activate 
this denial-of-service protection.

Distributed Denial-of-service options

As a subset of denial-of-service attacks, 

distributed DOS

 attacks occur 

when hackers coordinate a number of “borrowed” computers for 

1install_guide.book  Page 62  Friday, June 7, 2002  1:10 PM

Summary of Contents for Firebox V10

Page 1: ...Firebox Vclass Installation Guide Vcontoller 3 2 Notice to Users 1install_guide book Page i Friday June 7 2002 1 10 PM ...

Page 2: ...ht reserved 1995 1998 Eric Young eay cryptsoft All rights reserved 1998 2000 The OpenSSL Project All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met 1 Redistributions of source code must retain the above copyright notice this list of conditions and the following disclaimer 2 Redistributions ...

Page 3: ...ONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE The licence and distributio...

Page 4: ... written permission of the Apache Software Foundation THIS SOFTWARE IS PROVIDED AS IS AND ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DA...

Page 5: ...ource code And you must show them these terms so they know their rights We protect your rights with two steps 1 copyright the software and 2 offer you this license which gives you legal permission to copy distribute and or modify the software Also for each author s protection and ours we want to make certain that everyone understands that there is no warranty for this free software If the software...

Page 6: ...bute or publish that in whole or in part contains or is derived from the Program or any part thereof to be licensed as a whole at no charge to all third parties under the terms of this License c If the modified program normally reads commands interactively when run you must cause it when started running for such interactive use in the most ordinary way to print or display an announcement including...

Page 7: ...y associated interface definition files plus the scripts used to control compilation and installation of the executable However as a special exception the source code distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that component itself ...

Page 8: ...s this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software ...

Page 9: ...S All other trademarks or trade names mentioned herein if any are the property of their respective owners Part No 0774 000 WatchGuard Technologies Inc Firebox Vclass Software End User License Agreement IMPORTANT READ CAREFULLY BEFORE ACCESSING WATCHGUARD SOFTWARE This Firebox Vclass Software End User License Agreement AGREEMENT is a legal agreement between you either an individual or a single enti...

Page 10: ...e the original copy in the event it is destroyed or becomes defective C Sublicense lend lease or rent the SOFTWARE PRODUCT D Transfer this license to another party unless i the transfer is permanent ii the third party recipient agrees to the terms of this AGREEMENT and iii you do not retain any copies of the SOFTWARE PRODUCT or E Reverse engineer disassemble or decompile the SOFTWARE PRODUCT 4 Lim...

Page 11: ... Ave South Suite 500 Seattle WA 98104 6 Export Controls You agree not to directly or indirectly transfer the SOFTWARE PRODUCT or documentation to any country to which such transfer would be prohibited by the U S Export Administration Act and the regulations issued thereunder 7 Termination This license and your right to use the SOFTWARE PRODUCT will automatically terminate if you fail to comply wit...

Page 12: ...xii Vcontroller 3 2 1install_guide book Page xii Friday June 7 2002 1 10 PM ...

Page 13: ...ance 3 WatchGuard Firebox V60 and V80 security appliance 3 WatchGuard Firebox V100 security appliance 3 After unpacking the security appliance 4 Key features of the Firebox V10 security appliance 5 What you should know about these features 5 Features of the appliance s back panel 6 Key features of the Firebox V60 and V80 appliances 8 What you should know about these features 8 Features of the appl...

Page 14: ...onfiguring more than one security appliance 27 Turning on a Firebox Vclass security appliance 28 If problems occur 28 An overview of Vcontroller hardware and software requirements 29 What s next 31 Installing the Vcontroller Windows 31 Installing the Vcontroller Solaris 33 Installing the Vcontroller Linux 35 Discovering a new Firebox Vclass appliance 38 If no appliance is found 40 If an appliance ...

Page 15: ...he installation 66 Relocating the appliance to a permanent network setting 67 After relocation 69 CHAPTER 5 Importing a Profile into a New Appliance 71 Requirements 71 Exporting a profile from an existing security appliance 72 EXTRA Editing the profile 73 Getting started 74 Importing a profile 76 Index 79 1install_guide book Page xv Friday June 7 2002 1 10 PM ...

Page 16: ...xvi Vcontroller 3 2 1install_guide book Page xvi Friday June 7 2002 1 10 PM ...

Page 17: ... Firebox V80 Firebox V100 What s inside a Firebox Vclass security appliance Every Firebox Vclass appliance has three important sets of components that we want to highlight before proceeding with installation and setup instructions The RapidCore hardware ensemble A well integrated chip set and memory system powers every Firebox Vclass appliance in its primary duties protecting your network and effi...

Page 18: ...trol of all the customizable operating system parameters including basic system configurations security policies maintenance and activity logging You can use a more recent version of a client management application to maintain the operations of an appliance with an older version of the OS however you should not use an older client to manage a recently upgraded OS appliance This is important as a c...

Page 19: ...RJ 45 serial cable and DB 9 adapter One APC manufactured appliance to UPS device cable A kit containing rack mounting hardware for this appliance A CD containing the WatchGuard Vcontroller application software for use with three different operating systems Windows 9x 2000 XP Sun Solaris and Linux The CD also provides electronic versions of the complete user guide documentation including this Insta...

Page 20: ...are has been included in this WatchGuard Firebox package If you are mounting the appliance in a rack please note that the Firebox V100 is also 1 U high After unpacking the security appliance Once you have unpacked the contents of the Firebox Vclass security appliance package you may want to take a quick look at the front and back of the appliance itself to acquaint yourself with all the features T...

Page 21: ...however the Ready LED described below is the best indicator of the appliance s readiness for use Alarm The Alarm LED will be lit when certain severe alarms have been triggered The Firebox Vclass appliances support multiple types of alarm notification including Alarm LED activation page e mail messaging and the Alarm Manager feature of the WatchGuard Vcontroller which are discussed in the System Ad...

Page 22: ... interface are two indicator lights labeled 10 and 100 These LEDs indicate 1 a connection to a hub or direct connect workstation is active 2 the speed of the link 10 Mbps or 100 Mbps Ethernet and 3 that traffic is being transmitted When a cable is first plugged into an RJ 45 interface either the 10 or the 100 LED should be lit This indicates that there is a successful link between the Firebox V10 ...

Page 23: ...n open and review the WatchGuard CLI User Guide included on the installer CD 5Vdc3 0A power interface This interface serves as the connection to a 100VAC to 240VAC 50 60Hz source Use the power cord supplied in the package to connect this appliance to a UPS device or to a power outlet NOTE The power supply can auto detect 110 220 voltage Appliance reset This opening allows you to insert a straight ...

Page 24: ...ee status LED s Labeled Alarm Admin and Ready One RJ 45 interface Labeled Console One status LED Labeled Power What you should know about these features Power The Power LED indicates that the appliance has been fully turned on and is ready for administration and or use Alarm The Alarm LED is lit when certain alarms have been triggered The Firebox Vclass appliance supports multiple types of alarm n...

Page 25: ...c Incorporated into each Ethernet interface are two indicator lights labeled 10 and 100 These LEDs indicate 1 a connection to a hub or direct connect workstation is active 2 the speed of the link 10 Mbps or 100 Mbps Ethernet and 3 that traffic is being transmitted When a cable is first plugged into a RJ 45 interface either the 10 or the 100 LED should be lit This indicates that there is a successf...

Page 26: ...onsole interface A single RJ 45 interface labeled Console permits a direct workstation to appliance connection at which time you can use the WatchGuard Command Line Interface CLI to configure and administer this appliance To learn more about this administrative option see the CLI Guide chapter in the System Administration Guide Reset port This opening allows you to insert a straight pin or papercl...

Page 27: ... cut power Amperage switch This switch allows you to change the power source between 115 and 230 volts depending upon your supply NOTE The power supply can auto detect 110 220 voltage UPS interface This interface permits connection of the appliance to an Uninterruptable Power Supply UPS You should use the cable provided in the appliance packaging for this connection This type of connection enables...

Page 28: ...h on the back of the appliance Key features of the Firebox Vclass 100 appliance The front panel of the Firebox Vclass 100 security appliance contains the features shown in the following illustration Two Gigabit Ethernet interfaces Labeled 0 and 1 Three LEDs per interface Labelled RX TX and Link Two Ethernet interfaces Labeled HA1 and HA2 High Availability Three status LED s Labeled Alarm Admin and...

Page 29: ...rd CLI Ready The Ready LED is lit when the Firebox Vclass appliance is ready for network traffic This LED will blink when the appliance is powering up or powering down Gigabit interfaces Two Gigabit Ethernet interfaces labeled 0 and 1 corresponding to Private and Public act as the primary conduits through which passes all of the network data traffic These interfaces are multi mode but they do not ...

Page 30: ... this is the primary appliance and the LED is blinking a failover has occurred and the secondary appliance is on line That appliance s HA LED should be steadily lit indicating that it is now the primary appliance For more information on HA setup see the System Administration Guide Console interface A single RJ 45 interface labelled Console supports a direct workstation to appliance connection at w...

Page 31: ...e perform a software shutdown then wait for the status LEDs on the front to dim Wait 30 seconds after the LEDs go dim At that point it is safe to press this switch to cut power AC power This interface enables you to connect the appliance using the supplied power cord to a 100 to 240VAC 50 60Hz power source NOTE The power supply can auto detect 110 220 voltage DB 9 interface With this interface you...

Page 32: ...r button on the front or the power supply switch on the back of the appliance Connecting to a UPS device It is recommended that the Firebox Vclass appliance be connected to an Uninterruptable Power Supply UPS This device can utilize the built in serial connection to notify the appliance when power is lost at the UPS Currently UPS devices from APC are fully supported Check the WatchGuard web site f...

Page 33: ...here a Firebox Vclass security appliance can best be used in a network environment and how to place or mount your new Firebox Vclass appliance in your particular network setting turn to the next chapter 1install_guide book Page 17 Friday June 7 2002 1 10 PM ...

Page 34: ...CHAPTER 1 A Tour of the WatchGuard Firebox Vclass Security Appliances 18 Vcontroller 3 2 1install_guide book Page 18 Friday June 7 2002 1 10 PM ...

Page 35: ... which is referred to as installing in this chapter any Firebox Vclass security appliance in a specific network setting you should assess your network and strategically determine where this appliance would best be of use The ideal setting allows the appliance to protect network assets and data from attack while efficiently transmitting legitimate data Once this location has been decided you can ph...

Page 36: ...stall the WatchGuard Vcontroller on a local administration workstation 4 Use the Vcontroller to discover the ready to configure appliance 5 Configure the appliance and deploy the needed appliance profile featuring the complete configuration and a full complement of security policies The rest of this Installation Guide will get you to the point where you ve set up the appliance and installed WatchG...

Page 37: ...will protect a specific collection of devices from access by unauthorized internal users As the firewall between your internal network and all external networks Within those two general options you have the following network placement alternatives Protecting one region of the network from unauthorized internal access You may want to protect one subnet or host from unauthorized internal use by othe...

Page 38: ...esenting the inside Establishing load balancing for heavily used network assets As an alternate firewall option you may want to place the Firebox Vclass appliance so that it directs external data requests to a cluster of Web servers that ideally would be utilized by both internal and external users At the same time you may also want to establish a firewall that facilitates access to those servers ...

Page 39: ...etwork terminology with a few minor Vcontroller specific exceptions that include the following Appliance This term refers to a self contained WatchGuard Firebox Vclass security hardware unit that can be configured and maintained with Vcontroller Profile This term refers to the full package of hardware configuration security policies and other specific settings TOS marking tunnel switching etc that...

Page 40: ...abeled 0 is associated in this set of publications with Private trusted networks DMZ The interface labeled 2 is associated with any mixed access DMZ networks Connecting the appliance for setup and software installation After you determine where to place the appliance so that its provides maximum service you should first physically place the appliance where it has access to a network hub or router ...

Page 41: ...nd 2 if a 2 DMZ interface is available on this model 5 Connect the appliance to a nearby source of power either UPS or electrical outlet preferably one that is fully protected 6 If connecting the appliance to a UPS device be sure to use the WatchGuard supplied cable to connect the two devices through their respective RS 232 ports 7 You can now power up the appliance and start the installation proc...

Page 42: ...CHAPTER 2 Installing a Firebox Vclass Security Appliance 26 Vcontroller 3 2 1install_guide book Page 26 Friday June 7 2002 1 10 PM ...

Page 43: ... is detailed in Extra Using the WatchGuard CLI to record an IP address on page 44 Configuring more than one security appliance If you already have one or more operational Firebox Vclass appliances in your network you can shortcut the installation and configuration process on a new factory default appliance To do so you would first export a complete security appliance configuration from an operatio...

Page 44: ...power cord to a UPS or protected outlet then connect the other end to the port on the back of the appliance 2 Press the power switch on the back of the appliance 3 The Ready LED will blink while the appliance initializes itself then will be steadily lit when the appliance is ready for use This may take two or three minutes 4 One of the 0 Private interface 10 100 indicator lights should be lit depe...

Page 45: ...nce you use the Vcontroller to log into the appliance and depending upon your access account s privileges you can record appliance specific profiles including policies system configurations as well as log files alarms activity monitors and more All this is stored in a database on the appliance itself which you can back up frequently onto any local computer or server for use in disaster recovery Yo...

Page 46: ...involving Linux platforms so please see the Sun Web site for particulars processor type Pentium II or later version of Pentium CPU processor speed 500 MHz or faster memory 64 Mb minimum 128 Mb is recommended input device CD ROM or DVD hard disk space 10 Mb minimum network interface NICs or embedded network connections additional resources Java 2 Runtime Environment v1 3 1 requires min 45 MB free s...

Page 47: ...ng the Vcontroller Solaris on page 33 Linux users can turn to Installing the Vcontroller Linux on page 35 NOTE The Vcontroller is a stand alone Java application that can be used in the following software environments Microsoft Windows 98 Me Windows NT 4 0 2000 XP Red Hat Linux 6 0 Sun SPARC station running Solaris 2 5 x 2 6 2 7 and 2 8 For more up to date information please review the Release Note...

Page 48: ...When that window s contents appear double click the setup exe icon to start the installation of the Vcontroller software NOTE Note that the installer may detect an older version of Java Development Kit JDK or a version it cannot verify You can choose at that time to install the Vcontroller version over any existing JDK or to ignore this part of the installation The software installation process is...

Page 49: ...of the network addressing information that will represent the Firebox Vclass security appliance including the IP address and accompanying subnet mask that will replace the default addressing assigned to each of the three data ports of the appliance 0 Private 1 Public and 2 DMZ interfaces where available NOTE BE SURE TO REVIEW the release notes that were included in this package for information abo...

Page 50: ...on the Sun Web site to obtain the proper version of JRE JDK software N B The default JDK install location is the current user s home directory however you can type another directory at this time 6 When the JDK software has been installed and any needed Solaris updates are completed run this command cd cdrom watchguard Then run this command setup sh This will restart the installation process 7 When...

Page 51: ...Vcontroller software onto their workstations Prior to their using the Vcontroller you as the System Administrator should first configure the appliance then use the Vcontroller Account Manager window to set up access privileges and accounts for each additional user These configuration and access management processes are fully detailed in the System Administration Guide Installing the Vcontroller Li...

Page 52: ...hway to the JRE JDK directory The installer will locate and assess this JDK collection NOTE If this is an older version of JDK the installer will alert you and ask if you prefer to use it instead of a more recent version You can do so but we recommend that you obtain and install the most recent version 6 If you haven t installed JRE JDK type N The installer will quit but when it does it will provi...

Page 53: ...onfiguration Guide Chapter 2 Service and Support You can now turn to Discovering a new Firebox Vclass appliance on page 38 for step by step guidance through the process of discovering your new Firebox Vclass appliance via the network Once the appliance has been discovered you can immediately begin the initial software configuration as detailed in the following chapter NOTE If you want others to ha...

Page 54: ...o interface 0 for use in the initial configuration This appliance should be connected to the same LAN segment or subnet as your administration workstation through interface 0 Private so that the discovery process can successfully find this appliance 1 When the Login dialog box first appears following the installation click the binoculars icon to the right of the Server IP Name pop up menu An infor...

Page 55: ...ress of the appropriate card as shown here before proceeding A status dialog box appears and remains open until the discovery process is complete There are two possible results No appliance is found See the following section for more information on how to troubleshoot a failed discovery One or more appliance is found See If an appliance is found on page 41 1install_guide book Page 39 Friday June 7...

Page 56: ...hen inspect your appliance for the following indicators Make sure the appliance has been properly connected to the network Verify that all connections are secure Make sure that the appliance has been fully powered up Look especially for the Ready LED to be steadily lit 2 Click Find Again in the Devices Not Found dialog box to attempt another discovery 1install_guide book Page 40 Friday June 7 2002...

Page 57: ...ocal subnet In this case only your new Firebox Vclass appliance will be listed You can set interface 0 Private IP addresses or import profiles into more than one appliance all at the same time A collection of options that enable you to 1 set the identity of a selected appliance s Private interface or 2 import an existing appliance profile into a selected device The 0 interface IP address assignmen...

Page 58: ...ddress of interface 0 Private to the operational IP address assigned to it for network use Once this is complete you can log in with Vcontroller and perform the initial installation and configuration 1 In the Devices Found window select the appliance that you want to configure 2 Click the button by Set Interface 0 IP An additional set of features appears in the window as shown in the following ill...

Page 59: ... changes made to all appliances 6 If there are no more appliances to be processed click Apply A confirmation dialog box appears as shown here NOTE This dialog box is warning you that once the IP address is changed you won t be able to find it without the correct IP address Assuming you have the IP address assigned to this appliance on record somewhere this will not be a problem 7 Click OK to proce...

Page 60: ...d CLI to record an IP address You can if you prefer reconfigure interface 0 Private of a new appliance with an IP address by means of a terminal window and the WatchGuard CLI The process requires that you connect the new security appliance directly to a workstation by means of the Console interface which implicitly discovers the appliance You can then start up the appliance and use the CLI to comp...

Page 61: ... prompt appears 7 Type conf and press Enter 8 When the WG config prompt appears type system and press Enter 9 When the WG config system prompt appears type interface and press Enter 10 When the WG config if prompt appears type the interface number 0 1 or 2 followed by a space the IP address another space the subnet mask and then press Enter Example WG config if 0 192 168 2 1 255 255 255 0 11 When ...

Page 62: ...ands To most efficiently use the CLI you should familiarize yourself with the Vcontroller and the overall processes involved in administering a security appliance The WatchGuard CLI User Guide contains all of the command syntax and explanations of every command and the related parameters Note however that the CLI syntax does not represent all of the administrative controls incorporated in the Vcon...

Page 63: ... configured a new Firebox Vclass security appliance with a new IP address for the 0 Private interface as described in the previous chapter Before you begin To complete the initial installation of a new Firebox Vclass appliance you will need certain network address information including the following The IP addresses and network masks assigned to the accelerated data interfaces of this appliance Th...

Page 64: ...ss or domain name representing this appliance If no IP address or domain name appears in this menu click in the Server IP Name field and type the newly set name or interface 0 IP address of this appliance 4 Type admin in both Login and Password fields then click OK to proceed The Installation Wizard now appears as shown in the following section You can now start the initial configuration NOTE All ...

Page 65: ...rs Installation Guide 49 2 Click Next to proceed with the actual installation process NOTE If needed you can pause the installation process at any time to gather system information 1install_guide book Page 49 Friday June 7 2002 1 10 PM ...

Page 66: ...er and an abbreviation of the geographical location Or if this appliance has been assigned a DNS name enter it in this field System Location Click in this field and type a brief description of where your new Firebox Vclass appliance will be utilized It may be a building and floor number or a simple description such as Executive Cloakroom There are no restrictions on the number or type of character...

Page 67: ...s field for accuracy 4 If you need to change the date and or time displayed in the System Time field click Change to open the two tabbed Date Time and Time Zone dialog box shown in the following illustration 5 Make any needed adjustments to the settings in this dialog box 6 Click OK when you are finished with this dialog box When you have finished with the General Information wizard s options clic...

Page 68: ...e 0 usually used for private trusted network connections Network Mask Click in this field and type the assigned subnet mask Enable DHCP Server To make the DHCP features active click the empty checkbox Not available on Firebox V100 appliances This permits you to set up the appliance as a DHCP server to make VPN connections and Web access available to a set number of computer users 1install_guide bo...

Page 69: ...onnection Completing interface 1 Public entries Interface 1 usually used for public external network connections incorporates the following network addressing options Static IP address this IP address should be publicly routable DHCP requires an IP address from a DHCP server PPPoE receives an IP address from the PPP connection NOTE The Firebox V100 appliance does not support DHCP or PPPoE Only Sta...

Page 70: ... option then make any relevant entries as noted in the following Click Static IP If this appliance utilizes a publicly routable IP address Click in the blank IP Address and Network Mask fields and type the correct entries NOTE The related DNS server and routing table information should also be entered in their respective Configuration Wizard tabs as noted later in this section 1install_guide book ...

Page 71: ... Name and both Password text fields and type the appropriate entries as assigned to this user by the ISP NOTE If you are configuring PPPoE access be sure to direct the appliance user to the printed instructions on how to change their PPPoE access user name and password if they would like an additional measure of security Completing interface 2 DMZ entries To configure interface 2 usually used for ...

Page 72: ... no matter which model of appliance you are configuring follow these steps 1 When you have finished with the Interface tab entries click Next to proceed An informational dialog box appears providing two options Save Only not recommended Apply recommended 2 If Save Only is selected click OK to proceed NOTE You should click Apply and then click OK if you want to continue to use the Wizard after savi...

Page 73: ...rd routes skip this tab 4 If you want to enter any additional network routes for this appliance click Add NOTE There is a set of basic route options both static and dynamic that are built into the Vcontroller You can access and employ them by opening the System Configuration window and using the Route Table tab features to change or add the needed routing information This can be done after you ent...

Page 74: ...o the destination subnet Interface Open this menu and choose the data interface 0 1 or 2 through which traffic will be exchanged with the gateway Metric Click in this field and type the number of hops separate routers that will be needed to complete the route 6 Click OK to list this route in the Additional Routes table in the Installation Wizard Repeat this process as needed to compile a catalog o...

Page 75: ...field and type the domain name of this Firebox Vclass appliance 10 To add a DNS server to the Servers table click Insert The DNS Server dialog box appears as shown in the following illustration 11 Click in the DNS Server IP field and type the DNS server s IP address 12 Click Add to list this server in the DNS Server table 1install_guide book Page 59 Friday June 7 2002 1 10 PM ...

Page 76: ...ate the three default firewall policies entirely by deselecting the Select a predefined Firewall policy button Apply only one or two default firewall policies by deselecting unchecking the policies you do not want activated The default policies offer the following connection services Allow ping to the device This option allows network administrators to ping the Private interface of this appliance ...

Page 77: ...ss to part or all of your network be sure to activate this policy You can later create custom firewall policies that fine tune the protections afforded by this global option NOTE If you choose not to activate either predefined policy the Firebox Vclass appliance will not permit any traffic to pass through in any direction You will then need to create at least one firewall policy that permits some ...

Page 78: ...ork from a sustained flood of TCP SYN requests without the corresponding ACK response After clicking the checkbox enter the threshold number in the text field that will trigger the denial of service protection UDP Flood Attack This option allows you to safeguard your network from a sustained flood of UDP packets After clicking the checkbox enter the threshold number in the text field that will tri...

Page 79: ...verwhelmed by too many connection requests in a short period of time Per Client Quota Use this option to restrict the number of connection requests from a single client within a second After clicking this checkbox enter a threshold number in the text field that represents the maximum number of requests per second from a single client If there are more than the specified number of connection reques...

Page 80: ...ranslation click Yes Otherwise click No If you click Yes a default DNAT policy will be entered and put into effect NOTE As you may already know dynamic NAT allows internal users to substitute a valid Internet address the Firebox Vclass appliance s principal IP address for their own computer s private non routable IP address for the purposes of Web browsing etc 1install_guide book Page 64 Friday Ju...

Page 81: ...field Password text can include letters or numbers and password entries are case sensitive 20 Type the same new password text in the Retype Password field NOTE Make sure that you write down the new password and store the note in a safe place If you forget the new password and cannot find any written record the appliance will have to be returned to WatchGuard for resetting to a factory default stat...

Page 82: ...Ready to use wizard panel appears the configuration is complete Concluding the installation 1 When the final Wizard panel appears click Finish If you changed the IP address for interface 0 Private a dialog box will appear asking if you want to restart the Firebox Vclass appliance 1install_guide book Page 66 Friday June 7 2002 1 10 PM ...

Page 83: ...ther site turn to the next section for assistance Relocating the appliance to a permanent network setting When reinitialization is complete you should restart the Vcontroller and then perform a software shutdown of the appliance Once the shutdown is complete you can power down the appliance then relocate the appliance to its permanent network setting To accomplish this follow the steps detailed in...

Page 84: ...ou log into as the Vcontroller remembers the IP addresses of all appliances and stores them in this menu saving you the effort of remembering all those addresses You will however need to remember all the separate passwords 3 Type admin in the Name field 4 Type your newly created secure password in the Password field 5 Click OK to connect to the appliance After a short interval the main Vcontroller...

Page 85: ...and Ready LEDs have been dim for 30 seconds as the overall shutdown process is still in progress after this light is dim 8 You can now press the power switch on the back of the appliance to cut power to the appliance Or if this appliance is a V10 simply disconnect the power cord to complete the shutdown 9 Now you can disconnect 1 the power cord then 2 all the cables and relocate the appliance to i...

Page 86: ...0 indicator lights should be lit or in the Firebox V100 the Link light will be lit The Ready LED should blink while initialization is underway then be steadily lit 4 Start the Vcontroller software 5 After successfully logging into the appliance with Vcontroller as described in the System Administration Guide you can now proceed with other set up and customizing tasks also described in the System A...

Page 87: ... needed certificates and have a ready to use appliance in short order Requirements An appliance profile which is an XML format file exported from an existing operational Firebox Vclass appliance The name and directory location of this profile file The temporary IP address that will be assigned to interface 0 of a new unconfigured appliance prior to the profile importation The actual IP address for...

Page 88: ...mat profile follow these steps 1 Open the Vcontroller 2 Click the Backup Restore button 3 When the Backup Restore window appears click the Import Export tab to view its contents 4 Click Export A Save File dialog box appears 5 If you prefer you can use this dialog box s navigation features to pick another folder where this new profile can be stored 6 You can change the default file name at this tim...

Page 89: ...make sure the file type is text only and that the XML extension is still present NOTE If you want you can enter the new Private interface IP address and mask information for the new appliance by opening the XML file in any text editor and searching for the following tags interface interface entry card id 0 card id interface type 0 interface type interface ip IP ADDRESS HERE interface ip interface ...

Page 90: ...a safe power source and pressing the power switch on the back The power cord connection will power up the V10 appliance Wait until the appliance is fully powered up before proceeding as indicated by the Ready LED being steadily lit 3 Start the Vcontroller 4 When the Login dialog box appears click the Binocular icon to the right of the Server IP name pop up menu An informational dialog box appears ...

Page 91: ... the appliance is fully turned on and 2 the cable connecting interface 0 to the network is firmly inserted into the socket When the unconfigured appliance is found the Devices Found window appears This window offers the following features a listing of all factory default Firebox Vclass appliances found in this subnet options related to assigning an IP address to interface 0 or importing a profile ...

Page 92: ...ion features to locate and select the profile file name NOTE If the file name is not visible make sure the file name contains an XML extension If it is missing the Open dialog box will not find the file 5 Click Open When the Devices Found window reappears the file name and directory pathway will appear in the Profile Filename field 6 Click in the Temporary IP field and type the temporary IP addres...

Page 93: ... complete a Results dialog box appears Review the import confirmation message then click Close 10 You must now log into that appliance using the temporary IP address and change the IP address information for interface 0 if you did not open and edit that setting in the profile prior to importation Once the importation and IP address change have been completed you can make any needed revisions to th...

Page 94: ...CHAPTER 5 Importing a Profile into a New Appliance 78 Vcontroller 3 2 1install_guide book Page 78 Friday June 7 2002 1 10 PM ...

Page 95: ...ard changing date and time 51 DHCP server IP address assigned by 55 enable DHCP server 52 entering general information 50 interface 1 entries 53 interface 2 entries 55 interface entries saving 56 interface tab 52 interface tab entries completing 56 IP address 52 leasing time 53 max number of IP addresses 53 network mask 52 pausing during installation 49 PPPoE IP address assigned using 55 public en...

Page 96: ...irebox V60 and V80 3 Firebox V100 pausing installation 49 physical features V10 back panel 6 7 front panel 5 6 V60 V80 back panel 10 12 front panel 8 10 V100 back panel 15 16 front panel 12 14 power requirements UPS interface V60 V80 11 UPS interface V100 15 V10 7 V60 V80 10 V100 15 powerup 28 PPPoE IP address assigned using 55 profile defined 72 editing 73 import procedure 76 77 importing existin...

Page 97: ...d 40 Sun Solaris See installation software requirements 29 31 startup procedures See setup static IP address 54 supported operating systems 31 system administrator identifying 51 system location 50 system name 50 system time entering 51 T troubleshooting no appliance found 40 UPS communication 16 U UPS device connecting to 16 1install_guide book Page 81 Friday June 7 2002 1 10 PM ...

Reviews:

No comments

Related manuals for Firebox V10

PaloAlto Networks PA-7080 Quick Start Manual preview
PA-7080
Brand: PaloAlto Networks Pages: 2
Watchguard DS3AE5 Quick Start Manual preview
DS3AE5
Brand: Watchguard Pages: 27
GajShield GS15nu Quick Start Manual preview
GS15nu
Brand: GajShield Pages: 12
3Com SuperStack 3 User Manual preview
SuperStack 3
Brand: 3Com Pages: 64
PYCH Clone+ User Manual preview
Clone+
Brand: PYCH Pages: 17
Fortinet FortiDDoS 1000B Release Notes preview
FortiDDoS 1000B
Brand: Fortinet Pages: 44
Elastix SIP Firewall User Manual preview
SIP Firewall
Brand: Elastix Pages: 42
Mackie D.2 Specifications preview
D.2
Brand: Mackie Pages: 2
PaloAlto Networks Prisma SD-WAN ION 9000 Hardware Reference Manual preview
Prisma SD-WAN ION 9000
Brand: PaloAlto Networks Pages: 34
Fortinet FortiWiFi FortiWiFi-50B Install Manual preview
FortiWiFi FortiWiFi-50B
Brand: Fortinet Pages: 68
Fortinet FortiGate FortiGate-ADM-XB2 Quick Start Manual preview
FortiGate FortiGate-ADM-XB2
Brand: Fortinet Pages: 1
Fortinet FortiGate FortiGate-5003 Quick Start Manual preview
FortiGate FortiGate-5003
Brand: Fortinet Pages: 2
H3C H3C SECPATH F1000-A Installation Manual preview
H3C SECPATH F1000-A
Brand: H3C Pages: 81
Triton RiskVision Setup Manual preview
RiskVision
Brand: Triton Pages: 26
Freecom Data Tank User Manual preview
Data Tank
Brand: Freecom Pages: 58

Brands by name

Popular brands

Load more brands