manualshive.com logo in svg

Watchguard Firebox X20E, User Manual

Share
Download
Watchguard Firebox X20E User Manual Download Page 163

User Guide

151

Using Microsoft CA to Create a Certificate

4

When you are prompted for the x509 Common Name attribute information, type your fully-
qualified domain name (FQDN). Use other information as appropriate.

5

Follow the instructions from your certificate authority to send the CSR.

To create a temporary, self-signed certificate until the CA returns your signed certificate, type a the 
command line:

openssl x509 -req -days 30 -in request.csr -key privkey.pem -out sscert.cert 

This command creates a certificate inside your current directory that expires in 30 days.

You cannot use a self-signed certificate for VPN remote gateway authentication. We recommend that you 
use certificates signed by a trusted third-party Certificate Authority.

Using Microsoft CA to Create a Certificate

Certification Authority is distributed with Windows Server 2003 as a component. If the Certification 
Authority is not installed in the Administrative Tools folder of the Control Panel, follow the manufac-
turer’s instructions for installation.

When you use this procedure, you act as the certificate authority (CA) and digitally sign your own 
request. For the final certificate to be useful, we recommend that you acquire other certificates that 
connect your private CA to a widely trusted, third-party certificate authority. You can import these 
additional certificates on the Firebox X Edge Certificates page.

Sending the certificate request

1

Open your web browser. In the location or address bar, type the IP address of the server where 
the Certification Authority is installed, followed by 

certsrv

.

Example: http://10.0.2.80/certsrv

2

Click the 

Request a Certificate

 link.

3

Click the 

advanced certificate request

 link.

4

To submit a CSR you created using OpenSSL, click the 

Submit a certificate 

link.

5

Paste the contents of your CSR file into the

 Saved Request

 text box.

The CSR must be in Base-64 PKCS10 or PKCS7 format.

6

Close your web browser.

Issuing the certificate

1

Connect to the server where the Certification Authority is installed, if necessary.

2

From the Start Menu, select 

Control Panel > Administrative Tools > Certification Authority

.

3

From the 

Certification Authority (Local)

 tree in the left navigation pane, select 

Your Domain 

Name > Pending Requests

.

4

Select the CSR in the right navigation pane.

5

From the

 Action

 menu, select 

All Tasks > Issue

.

6

Close the Certification Authority window.

Summary of Contents for Firebox X20E

Page 1: ...WatchGuard Firebox X Edge e Series User Guide Firebox X Edge e Series Firmware Version 8 6 All Firebox X Edge e Series Standard and Wireless Models...

Page 2: ...and international copyright treaties as well as other intellectual property laws and treaties This is a license agreement and NOT an agreement for sale All title and copyrights in and to the SOFTWARE...

Page 3: ...SOFTWARE PRODUCT Limitation of Liability WATCHGUARD S LIABILITY WHETHER IN CONTRACT TORT OR OTHERWISE AND NOTWITHSTANDING ANY FAULT NEGLIGENCE STRICT LIABILITY OR PRODUCT LIABILITY WITH REGARD TO THE...

Page 4: ...BOVPN Branch Office Virtual Private Network DES Data Encryption Standard DNS Domain Name Service DHCP Dynamic Host Configuration Protocol DSL Digital Subscriber Line IP Internet Protocol IPSec Interne...

Page 5: ...n Installation Requirements 9 Package Contents 9 Registering Your Firebox Activating LiveSecurity Service 10 Identifying Your Network Settings 11 About network addressing 11 Static addresses DHCP and...

Page 6: ...yslog 35 Traffic Control 35 VPN Statistics 36 Wireless Statistics 36 4 Configuration and Management Basics Factory Default Settings 37 Restoring the Firebox to the factory default settings 38 Restarti...

Page 7: ...ce by MAC address 63 Configuring the Optional Network 65 Enabling the optional network 65 Using DHCP on the optional network 66 Setting optional network DHCP address reservations 67 Configuring the op...

Page 8: ...tings 95 Outgoing settings 96 Configuring Custom Packet Filter Policies 96 Adding a custom policy using the wizard 97 Adding a custom packet filter policy manually 97 Filtering incoming traffic for a...

Page 9: ...Sites Temporarily 128 Blocking Ports 129 Avoiding problems with blocked ports 130 Adding a port to the blocked ports list 130 Preventing Denial of Service Attacks 131 Dropping Flood Attacks 131 Distr...

Page 10: ...uthentication 158 Configuring an individual user account 158 Authenticating to the Edge 159 Setting a WebBlocker profile for a user 161 Changing a user account name or password 161 Using LDAP Active D...

Page 11: ...settings 193 Intrusion Prevention Service settings 194 POP3 proxy deny messages and Gateway AV IPS 194 Updating Gateway AV IPS 194 16 Branch Office Virtual Private Networks About This Chapter 197 What...

Page 12: ...Enabling PPTP access for firewall users 228 Preparing the client computers 228 Using PPTP and Accessing the Internet 230 A Firebox X Edge e Series Hardware Package Contents 231 Specifications 232 Har...

Page 13: ...ed to fix problems created by attacks Valuable information can be taken from the network Many people think that their computer holds no important information They do not think that their computer is a...

Page 14: ...hen more users are on the network DSL connections supply constant bandwidth but they are usually slower than cable modem connec tions Also the bandwidth is only constant between your home or office an...

Page 15: ...y spe cial instructions Packets traveling on the Internet IP Addresses To send ordinary mail to a person you must first know his or her street address For one computer to send data to a different comp...

Page 16: ...a structure with DSL modem and cable modem products Default gateway A default gateway is a node on a computer network that serves as an access point to another network Usually the default gateway addr...

Page 17: ...the policies that are nec essary for your business Ports Usually a port is a connection point where you use a jack and cables to connect devices Computers also have ports that are not physical locatio...

Page 18: ...ilter different types of information They can also control which policies or ports the protected computers can use on the Internet outbound access Many fire walls have sample security policies and use...

Page 19: ...optional network for computers with mixed trust For example customers frequently use the optional network for their remote users or for public servers such as a web server or email server Your firewal...

Page 20: ...The Firebox X Edge and Your Network 8 Firebox X Edge e Series...

Page 21: ...terface card to configure the Edge A web browser You can use Internet Explorer 6 0 or later Netscape 7 0 or later or an equivalent browser Serial number of the Edge You can find the serial number on t...

Page 22: ...e Watchguard Live Security web site and retrieve your feature key You have only one user license seat license until you apply your feature key See About user licenses on page 17 for more information Y...

Page 23: ...tic IP address DHCP or PPPoE to configure the Edge external interface Your computer must have a web browser You use the web browser to configure and manage the Fire box X Edge Your computer must have...

Page 24: ...rk You must have the following information to install your Firebox X Edge IP address Subnet mask Default gateway Whether your computer has a static or dynamic IP address IP addresses of primary and se...

Page 25: ...twork adaptor PPPoE settings Many ISPs use Point to Point Protocol over Ethernet PPPoE because it is easy to use with a dial up infrastructure If your ISP uses PPPoE to assign IP addresses you must ge...

Page 26: ...rences The Safari preferences window appears 3 Click the Advanced icon 4 Click the Change Settings button The System Preference window appears 5 Clear the Web Proxy HTTP check box 6 Click Apply Now We...

Page 27: ...4 Select the Allow unrequested pop up windows check box 5 Click OK Disabling the pop up blocker in Safari 2 0 1 Open the browser software 2 Click Application Make sure that the Block Pop Up Windows m...

Page 28: ...connect more than four devices The number of devices that can connect to the exter nal network is limited by the number of session licenses available See the subsequent section About user licenses for...

Page 29: ...or close all sessions If you require users to authenticate you can assign a maximum timeout and an idle timeout for each user The Edge administrator can set a global session maximum timeout Reboot th...

Page 30: ...work Connections icon 3 Double click the Local Area Connection icon The Local Area Connection Status window appears 4 Click the Properties button The Local Area Connection Properties window appears 5...

Page 31: ...our ISP Configure the Trusted Interface of the Firebox Type the IP address of the trusted interface Set the User Name and Passphrase Enter a user name and passphrase for the administrator account for...

Page 32: ...Using the Quick Setup Wizard 20 Firebox X Edge e Series...

Page 33: ...ser and Group Management chapter Connecting to the Firebox X Edge The System Status page appears when you connect to the Firebox X Edge e Series In this User Guide most procedures start with this step...

Page 34: ...change the Firebox X Edge so that it uses HTTP connections for web management connections instead of HTTPS HTTP is less secure because any information you send to the Firebox is unencrypted We recomme...

Page 35: ...e text as WebBlocker Denied Sites System Status page The System Status page shows the primary configuration of the Firebox X Edge e Series The center panel of the page shows information about the curr...

Page 36: ...Users page shows statistics on active sessions and local user accounts It also has buttons to close current sessions and to add edit and delete user accounts This page also shows the MUVPN client con...

Page 37: ...es HTTP or HTTPS for its configuration pages if the Edge is configured as a managed Firebox client and which feature upgrades are enabled It has buttons to change configurations add upgrades and see t...

Page 38: ...ries Firewall page The Firewall page shows incoming and outgoing policies and proxies blocked web sites and other firewall settings This page also has buttons to change these settings For more informa...

Page 39: ...shows the current event log and the status of the Log Server and syslog logging For more information see Chapter 11 Configuring Logging WebBlocker page The WebBlocker page shows the WebBlocker setting...

Page 40: ...the spamBlocker chapter GAV IPS page The GAV IPS page shows the Gateway AntiVirus and Intrusion Prevention Service status and settings It tells you which proxies are enabled for the service and what...

Page 41: ...X Edge e Series to a Watchguard System Manager VPN network with the WSM Access page in Administration For more information see the Branch Office Virtual Private Networks chapter Wizards page The Wizar...

Page 42: ...us Refresh or you navigate to a new page You can see a small counter below the button that shows the number of times the page has been refreshed ARP Table This status page shows devices that have resp...

Page 43: ...Source Port IP address of the computer that sent the packet and the port used to send the packet Destination Port IP address the packet is being sent to and the port Action POP3 shows n a HTTP shows...

Page 44: ...pears to the DHCP server that the Edge is using the address the status is Active If it appears to the DHCP server that the Edge is not using the address the status is Abandoned IF Edge interface that...

Page 45: ...erfaces This status page shows information on each interface Link Encap Type of interface Usually it is Ethernet or PPPoE HWaddr MAC address of the interface inet addr IP address of the interface Bcas...

Page 46: ...NAME Name of the process STATE State of the process R running S sleeping D Z inactive RSS Total number of kilobytes of physical memory used by the process SHARE Total number of kilobytes of shared me...

Page 47: ...n see the amount of processed and blocked requests for each service over a time period you specify Syslog This status page shows the most recent entries in the Edge log file This is different from the...

Page 48: ...packets dropped Overlimits Number of packets over the limit for each priority VPN Statistics This status page shows VPN statistics such as SA Security Association Traffic control within VPN tunnels Pa...

Page 49: ...ge Update the firmware Activate upgrade options Factory Default Settings The term factory default settings refers to the configuration on the Firebox X Edge when you first receive it before you make a...

Page 50: ...on causes damage to the Firebox X Edge firmware you can restore the Edge to the factory default settings and built your configuration again To set the Firebox X Edge e Series to the factory default se...

Page 51: ...ure the Edge to receive incoming traffic see Enabling Common Packet Filter Policies on page 93 Remember that if you enable HTTPS connections to the Edge anyone who has the correct credentials can also...

Page 52: ...select the Set date and time manually option If you set the system time manually skip to step 6 5 If you set the system time automatically the Firebox X Edge gets the current time from the selected s...

Page 53: ...eived and sent and when each Edge interface was last modified The Firebox X Edge supports SNMPv2c and SNMPv3 1 To connect to the System Status page type https in the browser address bar and the IP add...

Page 54: ...om field so that only connections from the IP address of the SNMP server are allowed by the Firebox 10 Click Submit to save the changes to the Firebox X Edge Using MIBs A MIB Management Information Ba...

Page 55: ...HTTPS typically uses TCP port 443 and HTTP typically uses TCP port 80 By default you must connect to the Firebox X Edge e Series configuration pages on those ports You can change the default port on...

Page 56: ...ions to configure remote access from WatchGuard System Manager WSM v9 1 WSM v9 1 allows centralized management of Firebox X Edge e Series devices running v8 6 1 To connect to the System Status page ty...

Page 57: ...r and will forward any connection on these ports to the configured Management Server No special configuration is required for this to occur 9 Type the Client Name to give to your Firebox X Edge This i...

Page 58: ...erver 8 In the DVCP Server Address text box type the IP address of the DVCP server 9 Type the Client Name to give to your Firebox X Edge This is the name used to identify the Edge in VPN Manager 10 Ty...

Page 59: ...stalling software automatically The first method installs the Firebox X Edge e Series firmware update from a Windows computer Download the Software Update Installer to use this method To use the Softw...

Page 60: ...immediately get a feature key when you upgrade your Edge however When you purchase an upgrade you receive a license key You must enter this key on the LiveSecurity web site to get a new feature key Yo...

Page 61: ...se key number 2 Get the new feature key https www watchguard com archive getcredentials asp The Retrieve Feature Key window appears 3 Select the product you want to upgrade from the drop down list 4 C...

Page 62: ...You can upgrade a Firebox X Edge e Series 10e or a Firebox X Edge 20e to a higher model 1 Go to the upgrade site on the WatchGuard web site www watchguard com upgrade and log into your LiveSecurity s...

Page 63: ...User Guide 51 Viewing the Configuration File 2 From the navigation bar select Administration View Configuration The configuration file is shown...

Page 64: ...Viewing the Configuration File 52 Firebox X Edge e Series...

Page 65: ...p Wizard You can also set up the optional interface Many customers use the optional network for public servers An example of a public server is a web server Using the Network Setup Wizard The easiest...

Page 66: ...work administrators use DHCP to give IP addresses to computers on their network automatically With DHCP your Firebox receives an external IP address each time it connects to the ISP network It can be...

Page 67: ...ed IP address for the Edge from your DHCP server 6 Click Submit If your ISP uses static IP addresses If your ISP uses static IP addresses you must enter the address information into your Firebox X Edg...

Page 68: ...or more information in PPPoE see About PPPoE on page 4 To set your Firebox to use PPPoE on the external interface 1 Use your browser to connect to the System Status page From the navigation bar select...

Page 69: ...times the Firebox X Edge tries to send PAP authentication information to the PPPoE server The default value of None is sufficient for most installations You must enter a high value to make the Edge c...

Page 70: ...ddress must use 12 hexadecimal characters Hexadecimal characters have a value between 0 and 9 or between a and f The MAC address must operate with One or more addresses on the external network The MAC...

Page 71: ...nd DHCP requests to a DHCP server on a different network using a VPN tunnel You can also use static IP addresses for the computers on your trusted network Any changes to the trusted network configurat...

Page 72: ...2 Select the Enable DHCP Server on the Trusted Network check box 3 Type the first and last available IP addresses for the trusted network Do not include the IP address of the Firebox X Edge The IP ad...

Page 73: ...168 111 1 and the DHCP address pool is 192 168 111 2 192 168 111 200 you can enter any address from 192 168 111 201 to 192 168 111 254 4 Type the MAC address of the computer on the trusted network in...

Page 74: ...our trusted network If you disable the Firebox X Edge DHCP server and you do not have a DHCP server on your network you must manu ally configure the IP address and subnet mask of each computer For exa...

Page 75: ...ding to the rules you have configured for outgoing access on your Edge If you enable wireless access through the trusted interface we strongly recommend that you enable and use the MAC restric tion fe...

Page 76: ...can check box is selected This can make the scan procedure take more time The Scan Allowed Address Control dialog box appears 5 Select one or more devices that you want to add to your list of allowed...

Page 77: ...use the optional network for servers that other computers can connect to from the Internet such as a web email or FTP server We recommend you isolate your private network from these servers because t...

Page 78: ...a computer on the optional network it gives the computer an IP address By default the Edge has the DHCP Server option for the optional interface turned off To use DHCP on the optional network 1 Use yo...

Page 79: ...n The DHCP Address Reservations page appears 3 Type a static IP address in the IP Address field The IP address must be on the optional network For example if the optional network starts with 192 168 1...

Page 80: ...e Edge for the default gateway it usually can not get to the external network or the Internet To disable the Firebox X Edge DHCP server clear the Enable DHCP Server on the Optional Network check box o...

Page 81: ...nd its host name to your configuration click Add 7 Select the Log attempted access from MAC addresses not in the list check box if you want the Edge to generate a log message each time a computer whos...

Page 82: ...r Network This box tells whether the destination for the static route is one computer or a network of computers 5 Type the destination IP address and the gateway in the related fields The gateway is t...

Page 83: ...etwork Dynamic DNS The Dynamic DNS client page appears 3 Select the Enable Dynamic DNS client check box 4 Type the Domain Name and Password in the related fields 5 In the System drop down list select...

Page 84: ...sed modem with a dial up Internet connection The WAN Failover option is included in the X50 and X55 models You can purchase an upgrade for other models at the WatchGuard online store https www watchgu...

Page 85: ...tion This connection can be a cable modem or a hub 2 To connect to the System Status page type https in the browser address bar followed by the IP address of the Firebox X Edge trusted interface The d...

Page 86: ...below 4 Type the number of seconds between pings and the number of seconds to wait for a reply 5 Type the maximum number of pings before timeout in the No Reply Limit field 6 Type the number of succe...

Page 87: ...mask default gateway primary DNS secondary DNS and DNS domain suffix 3 Click Submit Configuring WAN Failover with PPPoE If you want to use PPPoE as your failover connection make sure you have the user...

Page 88: ...address Some ISPs use a MAC address to identify the computers on their network Each MAC address gets one static IP address If your ISP uses this method to identify your computer then you must change...

Page 89: ...it is reached WAN failover occurs 8 In the Ping replies needed for failback type the number of successful pings that must be made before the Edge uses the WAN1 interface again Configuring your Modem f...

Page 90: ...he Manually configure DNS server IP addresses check box 2 In the Primary DNS Server text box type the IP address of the primary DNS server If you have a secondary DNS server type its IP address in the...

Page 91: ...t work it is not necessary to use BIDS To configure your Firebox to connect to the BigPond network using BIDS 1 To connect to the System Status page type https in the browser address bar followed by t...

Page 92: ...Configuring BIDS 80 Firebox X Edge e Series...

Page 93: ...interface we strongly recommend that you enable and use the MAC restriction feature to allow access through the Edge only for devices that have been added to the Allowed MAC Address list See the Netwo...

Page 94: ...ireless users as part of your trusted or optional network use the instructions in this chapter If you want to configure a wireless guest network a Wireless Guest Setup Wizard is available to help you...

Page 95: ...LiveSecurity account to see this FAQ Setting the RTS threshold RTS CTS Request To Send Clear To Send is a function that helps prevent problems when wireless cli ents can receive signals from more than...

Page 96: ...when you use different authentication mechanisms The Edge automatically creates a random encryption key for you when a key is required You can use this key or change it to a key you prefer Each wirele...

Page 97: ...reless network card with DHCP the DHCP server on the Edge s trusted network must be active and configured 4 To configure the Edge wireless interface to send and answer SSID requests select the Broadca...

Page 98: ...e and configured 4 To configure the Edge wireless interface to send and answer SSID requests select the Broadcast SSID and respond to SSID queries check box 5 Select the Log Authentication Events chec...

Page 99: ...ss Guest 3 On the Settings tab select the Enable Wireless Guest Network check box to allow wireless connections through the Edge to the Internet according to the rules you have configured for outgoing...

Page 100: ...add to the Edge configuration can connect to the Edge wireless guest network For more information on restricting access by MAC address see the Network Settings chapter 10 Click Submit to save your co...

Page 101: ...e installation instructions for other operating systems go to your operating system documentation or help files To set up a wireless connection using Windows XP SP2 1 Select Start Settings Control Pan...

Page 102: ...Configuring the Wireless Card on Your Computer 90 Firebox X Edge e Series...

Page 103: ...Client Understanding Policies When the Edge receives a packet it looks for a policy in its configuration that matches the port and protocol in the packet header There are two categories of policies pa...

Page 104: ...r rules for the policy then the Edge denies the packet by default Use the Deny rule when you have a lower precedence rule set to Allow but you want to deny packets from a specific IP address or networ...

Page 105: ...y you can allow users on your trusted network to establish connections on the Internet such as web browsing and email and not have to create a policy for each type of connection By default all incomin...

Page 106: ...ine a service host redirect the port enable logging or restrict the IP addresses on the external network that can connect to a computer behind the Firebox X Edge e Series On the Outgoing tab you can e...

Page 107: ...ss of the computer that you want to receive the traffic in the Policy Host field 4 To use port address translation enter the new port number in the Port Redirect text box With port address translation...

Page 108: ...ct Alias you can choose from Trusted Network Optional Network or Wireless Guest Network Type network IP addresses in slash notation 4 To limit which computers on the external network can connect to co...

Page 109: ...is traffic filter Traffic Direction Identify if this is an incoming or outgoing policy Policy action Configure the Edge to allow or deny this type of policy traffic through the firewall Restrict to re...

Page 110: ...ol numbers at http www iana org assignments protocol numbers 8 Click Add 9 Repeat steps 6 8 until you have a list of all the ports and protocols that this policy uses You can add more than one port an...

Page 111: ...From box to select Host IP Address Network IP Address Host Range or Alias If you select Alias you can choose from Trusted Network Optional Network or Wireless Guest Network To only restrict which comp...

Page 112: ...the optional network is hacked or compromised the attacker cannot get access to your trusted network You can use the optional network to secure a wireless network Wireless networks are usually less s...

Page 113: ...allowed select Allow from the Filter drop down list If you want to deny the traffic and create a log entry for each time the traffic is denied select No Rule 6 Click Submit Disabling traffic filters...

Page 114: ...Configuring Policies for the Optional Network 102 Firebox X Edge e Series...

Page 115: ...nd sends it to its desti nation Proxies are an important tool for network security Attackers frequently use content such as executable programs or files written in scripting languages to send computer...

Page 116: ...messages If it finds a new message it downloads the email message to the local email client After the message is received by the email client the connection is closed The Firebox X Edge e Series suppl...

Page 117: ...n bar select Firewall Outgoing The Filter Outgoing Traffic page appears 3 Below Common Proxy Policies find HTTP Proxy and select Allow from the drop down list 4 Click Submit Configuring the HTTP Proxy...

Page 118: ...Add The From text box shows the IP addresses you added The From text box can have more than one entry 5 Use the To drop down list to add the IP address network address or range of IP addresses of com...

Page 119: ...luable network resources Idle connection timeout This setting controls how long the HTTP proxy waits for the client to make a request after it has established a connection to the server If the client...

Page 120: ...o download a web page that has an unknown content type and the proxy policy is configured to block unknown MIME types the user sees an error message in the web browser You can see the default deny mes...

Page 121: ...ded in your log file each time a web transaction occurs to a web site in the exceptions list select the Log each transaction that matches an HTTP proxy exception check box To remove an item from the H...

Page 122: ...th For example if you want to block all pages that have the host name www test com type the pattern www test com If you want to block all paths that contain the word sex for all domains type sex If yo...

Page 123: ...on bar select Firewall Outgoing The Filter Outgoing Traffic page appears 3 In Common Proxy Policies select Allow from the drop down list adjacent to FTP Proxy 4 Click Submit Configuring the FTP Proxy...

Page 124: ...wn as Classless Inter Domain Routing or CIDR notation 4 Click Add The From text box shows the IP addresses you added The From text box can have more than one entry 5 Use the To drop down list to add t...

Page 125: ...lines used on FTP sites Filtering content On the FTP Content tab you can control the type of files that the FTP proxy allows for downloads and uploads For example many hackers use executable files to...

Page 126: ...ension and then click Add 4 In the Uploads text box select the Deny these file types check box if you want to limit the types of files that a user can upload If you select this setting the files liste...

Page 127: ...op down list adjacent POP3 Proxy 4 Click Submit Configuring the POP3 Proxy To configure the POP3 proxy filter select Firewall Outgoing from the navigation menu Find the POP3 proxy and click Edit Make...

Page 128: ...d This box can have more than one entry 5 Use the To drop down list to add the IP address network address or range of IP addresses of computers on the external network for which this policy applies Ne...

Page 129: ...found action Puts the action taken by the proxy policy reason Puts the reason the proxy policy denied the content recovery Puts whether you can recover the attachment It is important to know how the P...

Page 130: ...ct this check box only the content types shown in the text box are allowed The format of a MIME type is type subtype For example if you want to allow JPEG images you add image jpg You can also use the...

Page 131: ...pe https in the browser address bar and the IP address of the Firebox X Edge trusted interface The default URL is https 192 168 111 1 2 From the navigation bar select Firewall Incoming The Filter Inco...

Page 132: ...e external network that can use this policy Type the IP address or range of IP addresses you want to allow and click Add You can enter more than one address Type network IP addresses in slash notation...

Page 133: ...ost email clients and systems send short line lengths but some web based email systems send very long lines Deny Message In the Deny Message field you can write a custom plain text message that will a...

Page 134: ...Select this check box if you want to allow email to only some of the users on your network This can be useful if you want to prevent people from using your email server for email relaying To do this m...

Page 135: ...list type the MIME type and click Add 2 To remove a content type select it from the list and click Remove You cannot remove message or multipart because the SMTP proxy cannot work without them If you...

Page 136: ...custom proxy policy 1 To connect to the System Status page type https in the browser address bar and the IP address of the Firebox X Edge trusted interface The default URL is https 192 168 111 1 2 Fro...

Page 137: ...ese signatures to find viruses and intrusion attacks when they are filtered through the proxy See Chapter 15 Gateway AntiVirus and Intrusion Prevention Service for more information WebBlocker WebBlock...

Page 138: ...Using Additional Services for Proxies 126 Firebox X Edge e Series...

Page 139: ...Blocked ports You can block the ports that you know can be used to attack your network This stops specified external network services When you block a port you override all the rules in your firewall...

Page 140: ...policy can be temporarily added to the Blocked Sites list You can also configure auto blocking for any incoming service rule you set to Deny When the Firebox automatically blocks a site all connectio...

Page 141: ...from an IP address on the Auto block exceptions list is ever blocked by the auto blocking feature Use the drop down list to select whether you want to enter a host IP address a network address or a r...

Page 142: ...use port 111 to find which ports a given RPC server uses The RPC services are easy to attack through the Internet port 8000 Many vendors use this port and there are many security problems related to i...

Page 143: ...attacks try to prevent an Internet site or service from efficient operation for some period of time by using large amounts of bandwidth or resources on the system that is being attacked This type of...

Page 144: ...A DoS attack where the attacker overwhelms a computer system with ICMP Echo Request ping packets SYN flood attack A DoS attack where the attacker overwhelms a computer system with a large number of S...

Page 145: ...the browser address bar and the IP address of the Firebox X Edge trusted interface The default URL is https 192 168 111 1 2 From the navigation bar click Firewall Firewall Options The Firewall Options...

Page 146: ...sages on page 147 Log denied broadcast traffic If you use the standard property settings the Firebox X Edge e Series records only unusual events When traffic is denied the Edge records the information...

Page 147: ...for a packet to go from a source to a destination Together latency and bandwidth define the speed and capacity of a network You can improve latency by configuring Traffic Control You must upgrade you...

Page 148: ...ffic is given 75 of the bandwidth not used by interactive traffic Use the high priority category for traffic that is very important to your company or uses a lot of bandwidth Some examples of high pri...

Page 149: ...sed in numeric form or by special keyword names that correspond to per hop behavior PHB Per hop behavior is the priority applied to a packet when traveling from one point to another in a network DSCP...

Page 150: ...his option allows you to configure filters for all traffic categories Traffic control is on and traffic marking is on The Edge marks all traffic that matches the criteria in your Traffic Control rule...

Page 151: ...ol check box The Interactive traffic list is enabled 4 In the Upstream bandwidth limit text box type the upstream bandwidth limit of your external network connection WAN1 Enter a value from 19 Kbps to...

Page 152: ...Mark drop down list at the top of each traffic category 8 Click Submit Traffic control is enabled Adding a traffic control filter Before you add a traffic control filter to allow or deny traffic for a...

Page 153: ...n page 69 5 From the Protocol drop down list select the IP protocol for traffic associated with this filter If you select Other you must enter a valid IP protocol number in the adjacent text box The r...

Page 154: ...our LAN When you use NAT the source IP address is changed on all of the packets you send NAT types The Firebox X Edge supports three different forms of NAT Many users use more than one type of NAT at...

Page 155: ...a router to connect more subnets to these networks For more information see Connecting the Edge to more than four devices on page 16 The Edge always uses Dynamic NAT for traffic that goes from the tr...

Page 156: ...y external IP address 6 Click Submit The entry is added to the Secondary IP Addresses list 7 To add a custom packet filter policy to the NAT entry click Add Packet Filter Policy To add a custom proxy...

Page 157: ...IP address of the Firebox X Edge trusted interface The default URL is https 192 168 111 1 2 From the navigation bar select Firewall NAT The NAT Network Address Translation page appears 3 Select the 1...

Page 158: ...Working with Firewall NAT 146 Firebox X Edge e Series...

Page 159: ...of the file When new information enters a full log file it erases the log message at the bot tom of the file The Firebox X Edge log file is cleared if the power supply is disconnected or the Edge is...

Page 160: ...t is a good idea to configure the Edge with a device name This name lets the Log Server know which log messages come from which device The device name appears in the Log Viewer If this field is clear...

Page 161: ...e primary Log Server it will send log messages to the backup Log Server until the primary Log Server becomes available again 8 Click Submit Logging to a Syslog Host Syslog is a log interface developed...

Page 162: ...put part of a cryptographic key pair in a certificate sign ing request CSR and send it to a certificate authority CA The CA issues a certificate after they receive the CSR and verify your identity We...

Page 163: ...rity CA and digitally sign your own request For the final certificate to be useful we recommend that you acquire other certificates that connect your private CA to a widely trusted third party certifi...

Page 164: ...rom the System Status page on the Firebox X Edge select Administration Certificates 2 Adjacent to the type of certificate you want to add click Import 3 If your certificate is in the PEM format copy a...

Page 165: ...rtificate you have already imported to see its properties including its expiration date issuing authority or other information 1 From the System Status page on the Firebox X Edge select Administration...

Page 166: ...Using Certificates on the Firebox X Edge 154 Firebox X Edge e Series...

Page 167: ...sessions is determined by the Edge model you have and any upgrade licenses you apply The number of licenses limits the number of sessions To control the number of users at any time close one or more s...

Page 168: ...and optional networks Traffic is passed from a computer on the trusted or optional network to a computer on the other end of a Branch Office VPN Incoming traffic of any kind is passed to the Edge prot...

Page 169: ...ternet Reset idle timer on Firebox X Edge embedded Web site access When you select this check box the Firebox X Edge does not disconnect a session when an idle timeout occurs if the Login Status dialo...

Page 170: ...is access level cannot change the configuration file Full Use this to see and to change Edge configuration properties You also can activate options disconnect active sessions restart the Edge and add...

Page 171: ...ave an effect 13 If you want this user to have access to computers on the other side of a Branch Office VPN tunnel select the Allow access to manual and managed VPN tunnels check box You must require...

Page 172: ...times out Change their password Using a read only administrative account You can create a local user account with access to see Firebox X Edge e Series configuration pages When you log in as a read on...

Page 173: ...unique set of restrictions you can apply to users on your network To apply a WebBlocker profile to a user s account 1 Click the WebBlocker tab 2 Select a profile from the drop down list You must do th...

Page 174: ...tication user privileges are controlled on a group basis You can add the names of your existing LDAP or Active Directory user groups to the Firebox X Edge configuration and assign priv ileges and a We...

Page 175: ...e default LDAP server port number is 389 Usually you do not have to change this number 8 Use the LDAP Timeout drop down list to select the number of seconds to use as a timeout for any LDAP operation...

Page 176: ...sets all privileges for that user except MUVPN MUVPN privileges must be set at the user level The name you give to a group on the Firebox X Edge must match the name of the group assigned to user entr...

Page 177: ...rs the Firebox X Edge will close the session 7 Use the Session idle time out text box to set the number of minutes a user session started by a member of this group can stay idle before it is automatic...

Page 178: ...d or optional network to a com puter on the external network For example when a user on your trusted network opens a browser to connect to a web site on the Internet a session starts on the Firebox X...

Page 179: ...and closes all open browser windows Local User Accounts Below Local User Accounts you can see information on the users you configured Name The name given to the user The Admin user is part of the defa...

Page 180: ...the Internet No WebBlocker rules apply to web traffic originating from devices on this list 1 From the navigation bar select Firebox Users Trusted Hosts The Firebox Users Trusted Hosts page appears 2...

Page 181: ...s to connect to a web site the Firebox X Edge e Series examines the WebBlocker database If the web site is not in the database or is not blocked the page opens If the web site is in the WebBlocker dat...

Page 182: ...ive if no web browsing is done If a user types the Full Access Password and no HTTP traffic is done from that user s computer for the length of time set in the Inactivity Timeout field WebBlocker rule...

Page 183: ...estrictions than for other employees It is not necessary to create Web Blocker profiles if you use one set of WebBlocker rules for all of your users After you create profiles you must apply them when...

Page 184: ...me For more information on categories see the next section If you select the check box adjacent to a category group it automatically selects all of the categories in that group If you clear the check...

Page 185: ...roducts including sex toys CD ROMs and videos Adult services including videoconferencing escort services and strip clubs Explicit cartoons and animation Child pornography pedophilia Online groups incl...

Page 186: ...ng or growing illicit substances including alcohol for purposes other than industrial usage Glamorizing encouraging or instructing in the use of or masking the use of alcohol tobacco illegal drugs and...

Page 187: ...ports picks and betting pools Virtual sports and fantasy leagues that offer large rewards or request significant wagers Note Casino hotel resort sites that do not feature online gambling or provide ga...

Page 188: ...r social agenda that is supremacist in nature or exclusionary of others based on their race religion nationality gender age disability or sexual orientation Holocaust revisionist denial sites Coercion...

Page 189: ...d card etc games and their enthusiasts Animal pet related sites including breed special sites training shows and humane societies Beauty and cosmetics Hosting Sites Web sites that host business and in...

Page 190: ...mvent filtering Peer to peer sharing Search Engines General search engines Yahoo AltaVista Google Sex Education Pictures or text advocating the proper use of contraceptives including condom use the co...

Page 191: ...ism Excessively violent sports or games including video and online games Offensive or violent language including through jokes comics or satire Excessive use of profanity or obscene gesticulation Note...

Page 192: ...nd go to http mtas surfcontrol com mtas WatchGuardTest a Site asp The WatchGuard Test a Site page appears 2 Type the URL or IP address of the site to check 3 Click Test Site The WatchGuard Test a Site...

Page 193: ...llowed Sites feature For example suppose employees in your company frequently use web sites that contain medical infor mation Some of these web sites are forbidden by WebBlocker because they fall into...

Page 194: ...resolves to a different IP address you must enter that subdomain to allow it For example if www site com and site com are on different servers you must add both entries 5 Click Add The site is added t...

Page 195: ...es to a different IP address you must enter that subdomain to deny it For example if www site com and site com are on different servers you must add both entries 5 Click Add The site is added to the D...

Page 196: ...pe the IP address of the computer on your trusted or optional network to allow users to browse the Internet without authentication restrictions 3 Click Add 4 Repeat step 2 for other trusted computers...

Page 197: ...the body of the email But all of these procedures scan each individual email message It is easy to bypass those fixed algorithms You can mask the sender address to bypass a blacklist You can change k...

Page 198: ...Tag action you can then create rules in your email reader to sort or delete the spam automatically See Configuring Rules For Your Email Reader on page 189 for more information Deny Stop the spam emai...

Page 199: ...TP select the Enable spamBlocker for SMTP proxies check box Configuring spamBlocker Settings You set actions for spamBlocker to take with POP3 email and SMTP email the same way To set actions for POP3...

Page 200: ...gging option Select the Log all the actions check box near the bottom of the page to send a log message for each action spamBlocker takes 6 You can set the number of bytes of an email message to be pa...

Page 201: ...set rules that automatically send email messages with tags to a subfolder Some email readers also let you create a rule to automat ically delete the message Because you can use a different tag for ea...

Page 202: ...m pane edit the rule description by clicking on the specific words In the Search Text dialog box type the spam tag as SPAM If you use a custom tag type it here instead Click Add Click OK 6 Click Next...

Page 203: ...known as the signature Gateway AV IPS uses these signatures to find viruses and intrusion attacks when they are scanned by the proxy You must purchase the Gateway AV IPS upgrade to use these services...

Page 204: ...ow remote access or execution of code such as buffer overflows remote command execution password disclosure key logging backdoors and security bypass Medium Vulnerabilities that allow access disclose...

Page 205: ...x to scan email sent to an email server protected by your Edge for viruses 5 There is a very large set of file formats used on the Internet Use the When an error is encountered drop down list to selec...

Page 206: ...nd a complete description of the actions taken by the POP3 proxy in an FAQ you can find at http www watchguard com support faqs edge Some of the actions include Sending a message that an email message...

Page 207: ...e if you want automatic updates or manual updates If you want manual updates clear the Enable automatic updates check box 3 If you want to update the signatures manually compare the current signature...

Page 208: ...Updating Gateway AV IPS 196 Firebox X Edge e Series...

Page 209: ...t You Need to Create a VPN on page 197 The subsequent section tells you how to configure the Firebox X Edge to be the endpoint of a VPN tun nel created and managed by a WatchGuard Firebox X Core or Pe...

Page 210: ...e and not a limit of the Firebox X Edge e Series If you want to use the DNS and WINS servers from the network on the other side of the VPN tunnel you must know the IP addresses of these servers The Fi...

Page 211: ...ation of VPN tunnels see Setting up WatchGuard System Manager Access on page 43 Manual VPN Setting Up Manual VPN Tunnels To create a VPN tunnel manually to another Firebox X Edge or to a Firebox III o...

Page 212: ...tps www watchguard com support advancedfaqs general_slash asp You Example Site A 192 168 111 0 24 Site B 192 168 222 0 24 Shared Key The shared key is a passphrase used by two IPSec compatible devices...

Page 213: ...ote VPN gateway certificate For more information on third party certificates see About Certificates on page 150 The shared key is a passphrase that the devices use to encrypt and decrypt the data on t...

Page 214: ...e or remote VPN device has a dynamic external IP address you must select Aggressive Mode and the device must use Dynamic DNS For more information see Registering with the Dynamic DNS Service on page 7...

Page 215: ...SP does NAT Network Address Translation or if the external interface of your Edge is connected to a device that does NAT We recommend that the Firebox X Edge external interface have a public IP addres...

Page 216: ...igher priority Some ISPs drop all packets that have TOS flags set If you select the Enable TOS for IPSec check box the Edge preserves existing TOS bits in VPN traffic packets If the check box is not s...

Page 217: ...e trusted interface The default URL is https 192 168 111 1 2 From the navigation bar select System Status VPN Traffic Control The VPN Traffic Control page appears VPN Traffic Control for the IPSec int...

Page 218: ...VPN Statistics The VPN Statistics page appears Frequently Asked Questions Why do I need a static external address To make a VPN connection each device must know the IP address of the other device If t...

Page 219: ...ters at site B do not have Internet access speak to your ISP or network administrator 2 If you can ping the external address of each Firebox X Edge try to ping a local address in the remote network Fr...

Page 220: ...Frequently Asked Questions 208 Firebox X Edge e Series...

Page 221: ...client is a software application that is installed on a remote computer The client makes a secure connection from the remote computer to your protected network through an unsecured net work The MUVPN...

Page 222: ...the remote user The remote user s computer must have the correct networking components for MUVPN to operate correctly See Preparing remote computers for IPSec MUVPN on page 214 to be sure that the use...

Page 223: ...ry network card settings See Preparing remote computers for IPSec MUVPN on page 214 for information on entering WINS and DNS addresses in the network card advanced settings Preferred If the virtual ad...

Page 224: ...f authentication The options are MD5 HMAC and SHA1 HMAC 7 From the Encryption Algorithm drop down list select the type of encryption The options are DES CBC 3DES CBC AES 128 bit AES 192 bit or AES 256...

Page 225: ...ent versions of IPSec Mobile User VPN software One version contains the ZoneAlarm personal firewall and the other one does not Get the user s wgx file The Firebox X Edge has encrypted IPSec MUVPN clie...

Page 226: ...stems and minimum RAM Microsoft Windows NT 4 0 Workstation 32 MB Microsoft Windows 2000 Professional 64 MB Microsoft Windows XP 64 MB No other IPSec VPN client software can be on the computer Remove a...

Page 227: ...djacent check box If a component is not installed use the instructions to install it Installing the Internet Protocol TCP IP network component on Windows 2000 From the connection window Networking tab...

Page 228: ...ain suffix and click Add 7 If you want to add more DNS suffixes repeat steps 5 and 6 8 Click the WINS tab From the section WINS addresses in order of use click Add The TCP IP WINS Server window appear...

Page 229: ...XP From the connection window Networking tab 1 Click Install The Select Network Component Type window appears 2 Double click the Client network component The Select Network Protocol window appears 3 S...

Page 230: ...user s computer before you install the WatchGuard MUVPN software 2 Copy the MUVPN installation program and the wgx file to the remote computer 3 Double click the MUVPN installation file to start the...

Page 231: ...security policy on the client see Disconnecting the MUVPN client on page 221 3 Restart the remote computer 4 From the Windows desktop select Start Settings Control Panel The Control Panel window appea...

Page 232: ...formation about the status of the connection Deactivated The MUVPN Security Policy is not active This icon can appear if the Windows operating system did not start a required MUVPN service If this occ...

Page 233: ...or this program each time you start a MUVPN connection The New Program alert window appears to request access for the IreIKE exe program Disconnecting the MUVPN client From the Windows desktop system...

Page 234: ...been made at this time when a phase 2 SA connection cannot be made A key tells you that the connection has a phase 2 SA This connection also can have a phase 1 SA An animated black line below a key te...

Page 235: ...ersonal firewall when you use their associated software applications Shutting down ZoneAlarm From the Windows desktop system tray 1 Right click the ZoneAlarm icon shown at right 2 Select Shutdown Zone...

Page 236: ...unless the wireless computer has connected using an IPSec MUVPN tunnel To make sure wireless computers authenticate as IPSec MUVPN clients 1 To connect to the System Status page type https in the brow...

Page 237: ...y when the software application is started The MUVPN client shows a key in the icon when the client is connected To test the connection ping a computer on your company network Select Start Run Type cm...

Page 238: ...close the tunnel Reconnect to the Internet and then restart the MUVPN client Configuring PPTP Mobile User VPN You can use Point to Point Tunneling Protocol PPTP to make secure VPN tunnels You can con...

Page 239: ...he first IP address in the address pool the Edge can use to assign PPTP user IP addresses in the Start of IP address pool field The Edge gives out this IP address to the first PPTP user that connects...

Page 240: ...h PPTP check box Preparing the client computers You must make sure each remote user s computer is prepared to use PPTP Each computer must have Internet access and must have the necessary version of Mi...

Page 241: ...r you must configure the PPTP connection From the Windows Desktop of the client computer 1 Select Start Settings Control Panel The Start button in Windows Vista is located in the lower left corner of...

Page 242: ...irectly through a LAN or WAN 10 Double click the shortcut to the new connection on your desktop Or select Control Panel Network Connections and look in the Virtual Private Network list for the connect...

Page 243: ...e includes Hardware firewall Firebox X Edge e Series User Guide on CD ROM Firebox X Edge e Series Quick Start Guide License key certificate Hardware warranty card AC adapter 12V 1 2A with internationa...

Page 244: ...erating temperature 0 40 C MTBF for Firebox X Edge e Series MTBF for Firebox X Edge e Series Wireless 60 555 hours 25 degrees C 53 901 hours 25 degrees C Environment Indoor use only Dimensions for Fir...

Page 245: ...low when traffic goes through the related interface LAN 0 1 2 Each LAN indicator shows the physical connection to the trusted Ethernet interfaces WAP The WAP indicator shows that the Firebox X Edge e...

Page 246: ...dicator shows that the Firebox X Edge e Series is on Rear view Ethernet interfaces LAN0 through LAN2 The Ethernet interfaces with the marks LAN0 through LAN2 are for the trusted network OPT interface...

Page 247: ...necting a plug to the AC power adapter To install a different plug in the AC power adapter 1 Put the top of the new plug in the AC power adapter at a 45 degree angle You must put in the top of the new...

Page 248: ...as much as 30dB To decrease the effect of multi path reflection the Firebox X Edge e Series Wireless uses two antennas spaced some distance apart This decreases signal cancellation and allows the sof...

Page 249: ...r trademark of RealNetworks Inc in the United States and or other countries Java and all Java based marks are trademarks or registered trademarks of Sun Microsystems Inc in the United States and other...

Page 250: ...too receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two steps 1 copyright the software and 2 offer you this license which gi...

Page 251: ...mally print such an announcement your work based on the Program is not required to print an announcement These requirements apply to the modified work as a whole If identifiable sections of that work...

Page 252: ...r modifying the Program or works based on it 6 Each time you redistribute the Program or any work based on the Program the recipient automatically receives a license from the original licensor to copy...

Page 253: ...of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM...

Page 254: ...can relink them with the library after making changes to the library and recompiling it And you must show them these terms so they know their rights Our method of protecting your rights has two steps...

Page 255: ...o form executables The Library below refers to any such software library or work which has been distributed under these terms A work based on the Library means either the Library or any derivative wor...

Page 256: ...tive or collective works based on the Library In addition mere aggregation of another work not based on the Library with the Library or with a work based on the Library on a volume of a storage or dis...

Page 257: ...notice for the Library among them as well as a reference directing the user to the copy of this License Also you must do one of these things Accompany the work with the complete corresponding machine...

Page 258: ...as a consequence of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherw...

Page 259: ...WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY A...

Page 260: ...hich gives you legal permission to copy distribute and or modify the library To protect each distributor we want to make it very clear that there is no warranty for the free library Also if the librar...

Page 261: ...ftware library or work which has been distributed under these terms A work based on the Library means either the Library or any derivative work under copyright law that is to say a work containing the...

Page 262: ...tive or collective works based on the Library In addition mere aggregation of another work not based on the Library with the Library or with a work based on the Library on a volume of a storage or dis...

Page 263: ...the copyright notice for the Library among them as well as a reference directing the user to the copy of this License Also you must do one of these things Accompany the work with the complete corresp...

Page 264: ...difying the Library or works based on it 11 Each time you redistribute the Library or any work based on the Library the recipient automatically receives a license from the original licensor to copy di...

Page 265: ...Y TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE LIBRARY AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED O...

Page 266: ...copy of this program acknowledges that it shall not be disclosed to third parties rather only to employees or consultants having a firm need to know and provided that they are bound by confidentiality...

Page 267: ...ombination with a host application license key code the Commtouch Center records both numbers assisting ctengin partners in supporting their own customers The ctengine license key code is 20 character...

Page 268: ...FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED...

Page 269: ...and Telegraph Company or of the Regents of the University of California Permission is granted to anyone to use this software for any purpose on any computer system and to alter it and redistribute it...

Page 270: ...else except as part of a product or program developed by the user SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE WARRANTIES OF DESIGN MERCHANTIBILITY AND FITNESS FOR A PARTICU...

Page 271: ...ditions and the following disclaimer in the documentation and or other materials provided with the distribution The name of Intel Corporation may not be used to endorse or promote products derived fro...

Page 272: ...evenue or profits or other special indirect and consequential damages even if Sun has been advised of the possibility of such damages Sun Microsystems Inc 2550 Garcia Avenue Mountain View California 9...

Page 273: ...or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PAR...

Page 274: ...community All software is furnished on an as is basis No further updates to this software should be expected Although updates may occur no commitment exists Software in the src drivers net e1000 direc...

Page 275: ...eral Public License as published by the Free Software Foundation either version 2 or at your option any later version or b the BSD style License included below This program is distributed in the hope...

Page 276: ...ONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE lua sqlite3 Copyright 2004 2005 2006 Michael Roth mroth nessie de Permissi...

Page 277: ...T HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF NONINFRINGEMENT MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE D...

Page 278: ...n standard executable that clearly documents how it differs from the Standard Version d make other distribution arrangements with the Copyright Holder e permit and encourge anyone who receives a copy...

Page 279: ...Technology Inc All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source...

Page 280: ...NG NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Copyright c 2003 2005 Sparta Inc All rights reserved Redistribution and...

Page 281: ...ITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFT...

Page 282: ...1995 Tatu Ylonen ylo cs hut fi Espoo Finland All rights reserved As far as I am concerned the code I have written for this software can be used freely for any purpose Any derived versions of this soft...

Page 283: ...the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following a...

Page 284: ...AMAGE ossp_mm Copyright 1999 2005 Ralf S Engelschall rse engelschall com Copyright 1999 2005 The OSSP Project http www ossp org Redistribution and use in source and binary forms with or without modifi...

Page 285: ...S SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE ppp pppd has many licenses This includes the GPL the LGPL SUN license RSA license public domain and several BSD licenses that require seper...

Page 286: ...ting documentation that copying and distribution is by permission of Livingston Enterprises Inc Livingston Enterprises Inc makes no representations about the suitability of this software for any purpo...

Page 287: ...HANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE Van Jacobson van helios ee lbl gov Dec 31 1989 Initial distribution zlib h interface of the zlib general purpose compression library version 0 95 Aug 1...

Page 288: ...tware developed by Computing Services at Carnegie Mellon University http www cmu edu computing CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WA...

Page 289: ...THE AUTHORS BE LIABLE FOR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTI...

Page 290: ...free non exclusive license subject to third party intellectual property claims a to use reproduce modify display perform sublicense and distribute the Original Code or portions thereof with or withou...

Page 291: ...ake it absolutely clear that any such warranty support indemnity or liability obligation is offered by You alone and You hereby agree to indemnify the Initial Developer and every Contributor for any l...

Page 292: ...not of themselves be deemed to be modifications of this License 7 DISCLAIMER OF WARRANTY COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN AS IS BASIS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR...

Page 293: ...ou received from utilizing such rights and other relevant factors You agree to work with affected parties to distribute responsibility on an equitable basis 13 ADDITIONAL TERMS APPLICABLE TO THE RED H...

Page 294: ...reely subject to the following restrictions 1 The origin of this software must not be misrepresented you must not claim that you wrote the original software If you use this software in a product an ac...

Page 295: ...ies 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distri...

Page 296: ...S directive that becomes valid on July 1 2006 It states that all new electrical and elec tronic equipment put on the market within the member states must not contain certain hazardous materials The Wa...

Page 297: ...ay make changes in its facilities equipment operations or procedures that could affect the operation of the equipment If this happens the telephone company will provide advance notice in order for you...

Page 298: ...nd having a maximum gain of 5 1 dB Antennas not included in this list or having a gain greater than 5 1 dB are strictly prohibited for use with this device The required antenna impedance is 50 ohms WG...

Page 299: ...User Guide 287 Certifications and Notices Class A Korean Notice VCCI Notice Class A ITE Taiwanese Class A Notice Taiwanese Wireless Notice...

Page 300: ...ese terms please return this package along with proof of purchase to the authorized dealer from which you purchased it for a full refund WatchGuard Technologies Inc WatchGuard and you agree as set for...

Page 301: ...REMEDY FOR LOSS OR DAMAGE TO OR CAUSED BY OR CONTRIBUTED TO BY THE PRODUCT 4 LIMITATION AND LIABILITY WATCHGUARD S LIABILITY WHETHER ARISING IN CONTRACT INCLUDING WARRANTY TORT INCLUDING ACTIVE PASSI...

Page 302: ...Limited Hardware Warranty 290 Firebox X Edge e Series...

Page 303: ...connections 2 C cables connecting computer and Edge 15 included in package 10 231 centralized management with WFS 7 3 45 with WSM 44 certificates creating CSR 150 creating third party 150 described 1...

Page 304: ...ry default settings described 37 resetting to 38 failover network See WAN failover feature keys described 48 features adding 49 File and Printer Sharing for Microsoft Networks 215 and Windows XP 217 F...

Page 305: ...Edge 17 TCP IP properties 12 using Quick Setup Wizard 19 installing the Firebox X Edge 9 19 interfaces viewing current information on 33 Internet connecting to 2 connection required for Firebox X Edg...

Page 306: ...Wizard 53 network traffic See traffic networks types of 1 New Profile page 171 New User page 158 NTP server synchronizing Firebox clock to 39 numbered ports 234 O OpenSSL using to generate CSR 150 op...

Page 307: ...s by Hardware Address check box 64 69 Routes page 70 routes configuring static 70 routing table viewing 34 S seat licenses See user licenses secondary IP addresses 143 services creating custom incomin...

Page 308: ...ring additional computers on 62 configuring with Quick Setup Wizard 19 default setting for 37 described 6 Trusted Network Configuration page 59 60 61 62 U UDP User Datagram Protocol 2 Uniform Resource...

Page 309: ...182 bypassing 183 categories for 173 180 creating profiles 171 172 database 169 defining profile 161 165 described 126 global settings for 169 timeout for 170 WebBlocker page 27 WebBlocker Settings p...

Page 310: ...298 Firebox X Edge e Series...

Reviews:

No comments

Brands by name

Popular brands

Load more brands