manualshive.com logo in svg

Watchguard SOHO, User Manual

Introducing the CB2 SOHO, a stylish and versatile product designed to elevate your space. With its modern features and sleek design, this must-have item includes a comprehensive user manual for easy assembly instructions. Download your free manual now from our website manualshive.com and unlock the full potential of your new CB2 SOHO.

Share
Download
background image

User Guide 5.0

67

Blocking External Sites

3

Beneath the Protocol Settings fields, select either 

TCP Port

UDP Port

 or 

Protocol

 from the drop list.

The Custom Service page refreshes.

4

Define a name for the service in the appropriate field.

5

Enter the protocol number to allow in the Protocol field.

Now that you have created a custom service, you will need to 
specify a filter rule as well as define the incoming and outgoing 
properties.

6

At the Incoming and Outgoing Filter drop lists, select either 

Allow

 or 

Deny

.

7

Select either Host IP Address, Network IP Address, or Host 
Range from the appropriate drop list.

The configuration page refreshes.

8

Enter either a single host IP address, a network IP address, or a 
the start and end of a range of host IP addresses for this custom 
service in the appropriate fields.

9

Click  the 

Add

 button.

Repeat the last three steps until all the appropriate address information 

for this custom service appears in the appropriate fields.

10 Click the 

Submit

 button.

Blocking External Sites

By default, the security stance of the SOHO is to deny all incoming 
packets from the Internet to computers on the trusted network 
protected by the SOHO firewall. However, if a user initiates 
contact with an external site, the return traffic will be allowed 
through the firewall.  You can selectively close your network to 
certain Internet sites entirely. 

Summary of Contents for SOHO

Page 1: ...WatchGuard SOHO and SOHO tc WatchGuard SOHO User Guide SOHO and SOHO tc version 5 0 ...

Page 2: ...2 ...

Page 3: ...ase refer to your system user manual The following conventions are used throughout this guide Convention Indication Bold type Denotes menu commands dialog box options Web page options Web page names For example On the System Information page select Disabled CAUTION Denotes a warning or precautionary information NOTE Denotes important information a helpful tip or additional instructions ...

Page 4: ...ved including interference that may cause undesired operation CE Notice The CE symbol on your WatchGuard Technologies equipment indicates that it is in compliance with the Electromagnetic Compatibility EMC directive and the Low Voltage Directive LVD of the European Union EU Industry Canada This Class A digital apparatus meets all requirements of the Canadian Interference Causing Equipment Regulati...

Page 5: ...User Guide 5 0 5 Taiwanese Notice VCCI Notice Class A ITE ...

Page 6: ...6 Declaration of Conformity ...

Page 7: ... applets incorporated into the SOFTWARE PRODUCT the accompanying printed materials and any copies of the SOFTWARE PRODUCT are owned by WATCHGUARD or its suppliers Your rights to use the SOFTWARE PRODUCT are as specified in this EULA and WATCHGUARD retains all rights not expressly granted to you in this EULA Nothing in this EULA constitutes a waiver of our rights under U S copyright law or any othe...

Page 8: ...NSORS EXPRESS OR IMPLIED ARISING BY LAW OR OTHERWISE WITH RESPECT TO ANY NONCONFORMANCE OR DEFECT IN THE SOFTWARE PRODUCT INCLUDING BUT NOT LIMITED TO ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE ANY IMPLIED WARRANTY ARISING FROM COURSE OF PERFORMANCE COURSE OF DEALING OR USAGE OF TRADE ANY WARRANTY OF NONINFRINGEMENT ANY WARRANTY THAT THIS SOFTWARE PRODUCT WILL MEET...

Page 9: ... provisions of this EULA destroy all copies of the SOFTWARE PRODUCT in your possession or voluntarily return the SOFTWARE PRODUCT to WATCHGUARD Upon termination you will destroy all copies of the SOFTWARE PRODUCT and documentation remaining in your control or possession 8 MISCELLANEOUS PROVISIONS This EULA will be governed by and construed in accordance with the substantive laws of Washington excl...

Page 10: ...r similar events or by any intentional reckless or negligent acts or omissions of any party You may have additional warranties with respect to the Hardware Product from the manufacturers of Hardware Product components However you agree not to look to WatchGuard Technologies for and hereby release WatchGuard Technologies from any liability for performance of enforcement of or damages or other relie...

Page 11: ...NCE AND STRICT LIABILITY AND FAULT OR OTHER THEORY FOR COST OF COVER OR FOR ANY INDIRECT SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES INCLUDING WITHOUT LIMITATION LOSS OF BUSINESS PROFITS BUSINESS INTERRUPTION OR LOSS OF BUSINESS INFORMATION OR DATA ARISING OUT OF OR IN CONNECTION WITH THIS WARRANTY OR THE USE OF OR INABILITY TO USE THE HARDWDARE PRODUCT EVEN IF WATCHGUARD TECHNOLOGIES HAS BEEN ADV...

Page 12: ...y are either registered trademarks or trademarks of WatchGuard Technologies Inc in the United States and other countries Firebox is a trademark of WatchGuard Technologies Inc CyberPatrol is a registered trademark of SurfControl Inc DocVer B 2 4 User 2 All other trademarks and trade names are the property of their respective owners ...

Page 13: ...does information travel on the internet 20 How does the SOHO process this information 21 The SOHO Home Page System Status 22 The Default Factory Settings 22 Rebooting a WatchGuard SOHO 24 CHAPTER 2 Getting Started 27 Before you begin 27 The Installation Process 28 CHAPTER 3 Setting Up Your SOHO Network 37 Configuring Your External Network 37 ...

Page 14: ...s 58 View the Configuration File 61 CHAPTER 5 Configuring Your Firewall Settings 63 Firewall settings 63 Configuring Incoming and Outgoing Services 63 Blocking External Sites 67 Firewall Options 69 Creating a virtual DMZ 74 CHAPTER 6 What is Logging 77 Viewing SOHO log messages 77 Setting a WatchGuard Security Event Processor log host 78 Setting a Syslog Host 80 Setting the System Time 81 CHAPTER ...

Page 15: ... Virtual Private Networking 97 What you will need 98 Step by step instructions for configuring a SOHO VPN tunnel 100 Frequently asked questions 101 MUVPN Clients 103 View the VPN Statistics 103 CHAPTER 9 Resources 105 Troubleshooting 105 Contacting Technical support 114 Online Documenting and In Depth FAQs 114 Special Notices 114 ...

Page 16: ...16 ...

Page 17: ...r DSL modem a leased line or ISDN This User Guide applies to both the SOHO and the SOHO tc the name SOHO is used to refer to both these devices throughout the guide The only difference between them is the ability to create and use a Virtual Private Network VPN This VPN option can be added to the SOHO while the SOHO tc comes with the VPN option already installed The most current installation and us...

Page 18: ...er is located on the bottom of the SOHO unit You create a LiveSecurity user ID and password when you register your WatchGuard SOHO or SOHO tc Please keep this information in a secure place How does a firewall work Fundamentally a firewall is a way of differentiating between as well as protecting us from them On the external side of your SOHO firewall is the entire Internet The Internet has many re...

Page 19: ...Chapter 3 Configuring Incoming and Outgoing Services on page 63 the WatchGuard SOHO evaluates all traffic between the external network the Internet and the trusted network your computers and blocks any suspicious activity In order for this to work as described you must configure both the external and trusted networks to work together and to talk to one another as well as the rest of the world ...

Page 20: ...e address including your SOHO device When defining a service behind your firewall you need to include the trusted network address for the machine hosting the application On the Internet IP addresses can be identified using either a string of numbers or a user friendly domain name For example the IP address of the WatchGuard site is 209 191 160 60 while the domain name is www watchguard com Protoco...

Page 21: ...trusted network by disguising private IP addresses During an Internet connection all traffic passed between computers includes their IP address information However due to the dynamic NAT feature applications and servers on the Internet only see the public external IP address of the SOHO itself and are never privy to the addresses in your trusted network address range when they exchange information...

Page 22: ...r Syslog DMZ Upgrade options and their status Configuration information for both the Trusted and External networks Configuration information on your firewall settings that is Incoming and Outgoing services A reboot button to restart the unit The Default Factory Settings Your SOHO has the following default network and configuration settings External Network External network settings use DHCP Truste...

Page 23: ...nfigured Upgrade Options No upgrade options are enabled until the certificates have been redeemed Resetting a SOHO to the Factory Defaults It is possible that due to a firmware corruption or other unforeseen misfortune such as a lost System Security passphrase you may need to reset the SOHO to the factory defaults To do this you will need to remove the SOHO from your network disconnect the power d...

Page 24: ...eb browser With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 Click the Reboot button Unplug the SOHO and plug it back in To reboot a SOHO located on a remote system the SOHO must be configured to allow either incoming Web or FTP traffic to the trusted address of the SOHO For informat...

Page 25: ...User Guide 5 0 25 Rebooting a WatchGuard SOHO Send an FTP command to the remote SOHO device Use an FTP application to connect to the SOHO device then enter the command quote rebt ...

Page 26: ...Rebooting a WatchGuard SOHO 26 ...

Page 27: ...with a 10BaseT port Two Ethernet network cables with RJ45 connectors These must not be crossover cables which are usually red or orange One cable is furnished with your unit A second cable may have been supplied with your modem If not you will need to purchase a second Ethernet RJ45 cable Make sure that both cables are long enough to comfortably connect the modem to the SOHO and the SOHO to the co...

Page 28: ...s information later in the installation process If you are using PPPoE to connect to your local Internet service provider the WatchGuard SOHO must be running firmware version 2 0 or later An installed Web browser either Netscape Navigator 4 77 or higher or Internet Explorer 5 0 or higher SOHO serial number The Installation Process Before you begin the installation process connect to the Internet Y...

Page 29: ...er ipconfig all Press Enter 3 Enter your current TCP IP settings in the chart provided below 4 Click Cancel Microsoft Windows 95 or 98 or ME 1 Click Start Run 2 Type winipcfg Click OK 3 Select the Ethernet Adapter Enter your current TCP IP settings in the chart provided below 4 Click Cancel Macintosh 1 Click Apple menu Control Panels TCP IP 2 Enter your current TCP IP settings in the chart provide...

Page 30: ...owser s HTTP proxy To configure a WatchGuard SOHO after it is installed you must be able to access the special configuration pages that reside on the SOHO If the HTTP proxy in your browser is enabled you can not access these pages and you can not complete the configuration process TCP IP Setting Value IP Address Subnet Mask Default Gateway DHCP Enabled Yes No Primary WINS Server Secondary WINS Ser...

Page 31: ...If your browser is not listed see your browser Help menus to learn how to disable the HTTP proxy Netscape 4 7 1 Open Netscape 2 Click Edit Preferences The Preferences window appears 3 From among the categories listed on the left hand side of the window click the symbol before the Advanced heading to expand the list 4 Click Proxies 5 Verify that the Direct Connection to the Internet option is enabl...

Page 32: ...e all checkboxes 6 Click OK to save the settings Physically connecting your SOHO Your WatchGuard SOHO can be used to protect a single computer or a multi computer network It can also function as a hub to connect a variety of other devices Cabling the SOHO for one to four devices The SOHO has four numbered 1 4 Ethernet ports Each can be used to connect a variety of devices These may include compute...

Page 33: ...he WAN port on the SOHO unit The SOHO unit is now connected directly to the modem 4 Plug the Ethernet cable supplied with your SOHO into any one of the four numbered 1 4 Ethernet ports on the SOHO Plug the other end into the Ethernet card installed in your computer The SOHO unit will then be connected between your modem and computer 5 Restore the power to your DSL or cable modem Wait until the ind...

Page 34: ...guring Your External Network on page 37 as well as Configuring Your Trusted Network on page 47 Cabling the SOHO for more than four computers While there are only four numbered 1 4 Ethernet ports on the back of the SOHO you can connect many more devices to your SOHO using network hubs The SOHO and SOHO tc ship with a 10 seat license In other words the SOHO allows up to ten computers on a network be...

Page 35: ...ect each hub to the SOHO 3 Turn off your computer and unplug the power from the cable or DSL modem 4 Unplug the Ethernet cable that is connected from your cable or DSL modem to your computer and instead connect it from your modem to the WAN port on the SOHO This creates a connection between the SOHO and the modem 5 Plug an Ethernet cable into any of the four numbered 1 4 Ethernet ports on the SOHO...

Page 36: ...The Installation Process 36 ...

Page 37: ...e equivalent options and commands Configuring Your External Network When you configure the external network you establish how the SOHO communicates with your Internet service provider ISP This configuration is very much dependent on how your ISP distributes network addresses using DHCP or PPPoE Network addressing Each networked computer in the entire world must have an IP address to identify itsel...

Page 38: ...er at all times whether or not you are currently using it No other computer anywhere on the network shares the same address A third way of assigning addresses is called PPPoE Point to Point Protocol over Ethernet PPPoE combines some of the advantages of Ethernet and PPP by simulating a standard Dial Up connection It is popular among many ISPs because it enables them to use existing Dial Up infrast...

Page 39: ...Your External Network 3 Scroll through the list of installed network components Double click the TCP IP network component which is bound to your Ethernet card Look for Ethernet in parentheses The TCP IP Properties dialog box appears ...

Page 40: ...SOHO External network for dynamic addressing Out of the box the SOHO is configured to obtain its external address information automatically using DHCP If your ISP supports this method the SOHO will obtain all the necessary address information when it powers on and attempts to connect to the Internet No further configuration of the SOHO is required To complete the SOHO External Network configuratio...

Page 41: ...server which provides a Web page interface for configuring the unit Therefore the SOHO configuration pages are reached via your Web browser On your computer 1 Click Start Settings Control Panel The Control Panel window appears 2 Double click the Network icon The Network dialog box appears 3 Double click the TCP IP network component which is bound to your Ethernet card Look for Ethernet in parenthe...

Page 42: ...ully configured and the computer cannot load your home page from the Internet However the computer can access special configuration Web pages installed on the SOHO itself 2 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 3 From the navigation bar on the left side select Network Ext...

Page 43: ...from the computer when you started the install process 6 Click the Submit button To complete the SOHO External Network configuration see Release and renew the IP configuration on page 46 Configuring the SOHO external network for PPPoE While less common PPPoE is another method for an ISP to assign addresses Check the information and manuals sent to you by your ...

Page 44: ...r cannot load your home page from the Internet However the computer can access special configuration Web pages installed on the SOHO itself 2 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 3 From the navigation bar on the left side select Network External The External Network Conf...

Page 45: ...server In the event of routine packet loss this option allows the SOHO to maintain the PPPoE connection The SOHO may reboot to recover this connection if the heartbeat fails This provides for a more consistent Internet connection but will be seen as continuous traffic by the ISP and regulated as such 8 Click the Submit button The configuration change is saved to the SOHO To complete the SOHO Exter...

Page 46: ...Programs Command Prompt 2 At the C prompt type winipcfg Press Enter The IP Configuration dialog box appears 3 Verify that the information is displayed for Ethernet Adapter not for PPP Adapter which applies to a dial up telephone modem 4 Click the Release button Then click the Renew button Your IP Configuration should look similar to the image below The values in the IP Configuration dialog box wer...

Page 47: ... through a hub it automatically attempts to obtain its addresses from the SOHO Configure the Trusted network with static addresses To disable the SOHO DHCP server and assign addresses statically follow these steps 1 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 2 From the navigat...

Page 48: ...5 Click the Submit button Configure additional computers to the trusted network Up to four computers can be plugged directly into the four numbered 1 4 Ethernet ports of the SOHO A larger number of computers can be networked together by using one or more 10BaseT Ethernet hubs with RJ 45 connectors The SOHO system will coexist with other systems over the same local area network ...

Page 49: ...er 4 Release and renew the IP configuration see Release and renew the IP configuration on page 46 The computer will then obtain its TCP IP settings dynamically from the SOHO unit Configuring Static Routes The SOHO allows you to configure static routes in order to pass traffic to networks on separate segments In other words you can have additional networks connected to a router or switch behind the...

Page 50: ...Network 5 Enter the IP address and the Gateway of the route in the appropriate field 6 Click the Submit button View the Network Statistics The SOHO has a configuration page which displays a variety of network statistics to assist you in monitoring data traffic as well as troubleshooting potential problems ...

Page 51: ... page 1 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 2 From the navigation bar on the left side select Network Network Statistics The Network Statistics page appears ...

Page 52: ...View the Network Statistics 52 ...

Page 53: ...ity Page The System Security configuration page allows you to create secure settings in order to protect the configuration of your SOHO Setting a System Administrator Name and System Passphrase allows you to protect the SOHO by using a simple authentication method Creating these settings is discussed in the section below This page also allows you to create a secure connection using Internet Protoc...

Page 54: ...e in your office will be able to change deliberately or accidentally your firewall settings without the System Administrator Name and System Passphrase CAUTION Take steps to ensure that you do not lose your System Administrator name and passphrase Once you have enabled System Security protection there is no other means of accessing your SOHO settings Should you forget your name or passphrase the o...

Page 55: ...O For example if using the default IP address go to http 192 168 111 1 2 From the navigation bar on the left side select Administration System Security The System Security page appears 3 Verify that the HTTP Server Port is set at 80 4 Enable the checkbox labeled Enable Password 5 Enter the System Administrator Name in the appropriate field 6 Enter the System Passphrase in the appropriate field ...

Page 56: ...tion The VPN Manager software is purchased separately For more information regarding the VPN Manager product use your Web browser to go to https www watchguard com products vpnmanager asp Follow these steps to setup VPN Manager access 1 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111...

Page 57: ... 5 Enter the Status Passphrase in the appropriate field again to confirm it 6 Enter the Configuration Passphrase in the appropriate field 7 Enter the Configuration Passphrase in the appropriate field again to confirm it CAUTION These two settings must exactly match the passphrases used in the VPN Manager or the connection will fail 8 Click the Submit button ...

Page 58: ... using the default IP address go to http 192 168 111 1 2 From the navigation bar on the left side select Administration Update The Update page appears 3 Read through the End User License Agreement document then enable the I accept the above license agreement checkbox at the bottom of the page 4 Enter the location of the firmware files located on your computer in the appropriate field 5 If you do n...

Page 59: ...e the software upgrade Follow these steps to redeem your upgrade certificate 1 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 2 From the navigation bar on the left side select Administration Upgrade The Upgrade page appears 3 Enter the Certificate number in the appropriate field 4...

Page 60: ...hased separately WebBlocker The SOHO can be upgraded to provide a web filtering option This certificate must be purchased separately MUVPN Clients The SOHO can be upgraded to allow single remote users to securely connect to it through an IPSec VPN and access network resources on the Trusted network These certificates must be purchased separately LiveSecurity Service Subscription Renewals Subscript...

Page 61: ...ppears in text form Follow these steps to view the file 1 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 2 From the navigation bar on the left side select Administration View Configuration File The View Configuration File page appears ...

Page 62: ...View the Configuration File 62 ...

Page 63: ...s permitted between computers on the Internet and computers on your trusted network To facilitate configuring your SOHO WatchGuard identifies several commonly used services A service is the combination of protocol and port numbers associated with a specific application or communication type Configuring Incoming and Outgoing Services By default the security stance of the SOHO is to deny unsolicited...

Page 64: ...our trusted network and marginally reduces your security This is the inherent trade off between access and security Pre configured Services Each service is defined by a combination of Internet protocols and port numbers to uniquely identify the connection type to applications and servers on the Internet The WatchGuard SOHO Configuration pages include several of the most common types Follow these s...

Page 65: ...rom the drop list In our example the HTTP service is set to Allow enabling Web traffic incoming 3 Enter the trusted network IP address of the computer to which this rule will apply In our example 192 168 111 2 4 Click the Submit button Creating a Custom Service In addition to the pre configured services provided by the WatchGuard SOHO Configuration interface you can create a ...

Page 66: ...ft side select Firewall Custom Service The Custom Service page appears 3 Beneath the Protocol Settings fields select either TCP Port or UDP Port from the drop list The Custom Service page refreshes 4 Define a name for the service in the appropriate field IP Protocols In addition to TCP and UDP ports there are several other types of Internet protocols To create a service for one of these protocols ...

Page 67: ... the appropriate drop list The configuration page refreshes 8 Enter either a single host IP address a network IP address or a the start and end of a range of host IP addresses for this custom service in the appropriate fields 9 Click the Add button Repeat the last three steps until all the appropriate address information for this custom service appears in the appropriate fields 10 Click the Submit...

Page 68: ... IP Address Network IP Address or Host Range from the drop list The configuration page refreshes 3 Enter either a single host IP address a network IP address or a the start and end of a range of host IP addresses in the appropriate fields In our example Host IP Address is selected and the IP address entered is 207 68 172 246 4 Click the Add button The addressing appears in the Blocked Sites field ...

Page 69: ...ly and can be used to provide further security for your private network These options are found on the Firewall Options page 1 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 2 From the navigation bar on the left side select Firewall Firewall Options The Firewall Options page appea...

Page 70: ...ed on the External Network You can configure the SOHO to deny all ping packets which it may receive on the external interface 1 Enable the checkbox labeled Do not respond to PING requests received on External Network 2 Click the Submit button ...

Page 71: ...CKS is a network proxy filter that works with SOCKS aware applications A typical SOCKS dependent application requires that several sockets be opened and made available to the Internet When a SOCKS aware application ICQ is SOCKS aware registers with the SOCKS server SOCKS is able to manage the need of the application to have many ports open To use an application with SOCKS the application must be c...

Page 72: ...OHO firewall that is available to anyone on your trusted network SOCKS applications therefore pose a significant security risk To disable the port and close the security risk see Disabling SOCKS on the SOHO on page 73 Configure your SOCKS application Other than ensuring that port 1080 is open to run a SOCKS dependent application the rest of the configuration tasks must be done with the SOCKS depen...

Page 73: ... a SOCKS proxy 2 Click the Submit button When you need to use SOCKS again follow this procedure 1 Disable the checkbox labeled Disable SOCKS proxy This enables the SOHO to act as a SOCKS proxy 2 Click the Submit button The SOHO is enabled again as a Proxy server and ready to pass SOCKS packets Logging all allowed outbound traffic By default the SOHO logs only particular events and not all traffic ...

Page 74: ... be passed through to a dedicated machine that has been separated from the rest of the Trusted Network Follow these steps to configure DMZ pass through 1 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 2 From the navigation bar on the left side select Firewall DMZ The DMZ page appe...

Page 75: ...User Guide 5 0 75 Creating a virtual DMZ 3 Enable the checkbox labeled Enable pass through address 4 Enter the IP address to the pass through machine in the appropriate field 5 Click the Submit button ...

Page 76: ...Creating a virtual DMZ 76 ...

Page 77: ...g traffic passing through the SOHO Logging is intended to record the kinds of activities that can indicate security concerns most importantly denied packets Certain patterns of denied packets can indicate the type of attack that is being attempted Viewing SOHO log messages The WatchGuard SOHO generates an ongoing activity log stored on the SOHO The Event Log This log stores a maximum of 150 messag...

Page 78: ...displayed in the lower portion of the page Setting a WatchGuard Security Event Processor log host Setting a remote log host causes log messages to be transmitted to a WatchGuard Security Event Processor server participating in a WatchGuard Firebox SystemTM solution preconfigured to accept logs from your SOHO It has the advantages of saving local resources for other less memory intensive tasks and ...

Page 79: ... 4 Enter the IP address of the WSEP server that will be your Log Host in the appropriate field In our example 206 253 208 100 5 In the Log Encryption Key field enter a passphrase that will serve as a password to gain access to the log server 6 Enter the Log Encryption Key passphrase in the appropriate field again to confirm it 7 Click the Submit button ...

Page 80: ...setup a Syslog Host 1 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 2 From the navigation bar on the left side select Logging Syslog Logging The Syslog Logging page appears 3 Enable the checkbox labeled Enable syslog output ...

Page 81: ...booted For example in the image above the top log entry indicates that the Administrator was allowed access to the unit 26899 seconds since the last power cycle The log entry time stamp can be configured to display the time of day by setting the System Time Follow these steps to set the System Time 1 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO F...

Page 82: ...ded to use a TCP Port 37 Time Server 4 Enable the option labeled Get Time From TCP Port 37 Time Server at 5 Enter the IP address of the time server in the appropriate field 6 Click the Submit button If you want to have your log messages adjusted for daylight savings time or set to Greenwich Mean Time GMT Enable the checkbox labeled Adjust for daylight savings time ...

Page 83: ...User Guide 5 0 83 Setting the System Time Enable the checkbox labeled Set to GMT If you want to have your log messages sync with your computer Click the Sync Time Now button ...

Page 84: ...Setting the System Time 84 ...

Page 85: ...rks WebBlocker relies on a URL database the CyberNOT list a service of CyberPatrol owned and maintained by SurfControl The WebBlocker database contains many thousands of IP addresses and directories These addresses are divided into categories based on content such as Drug Culture Intolerance or Sexual Acts WatchGuard updates the Webblocker server with a new database at regular intervals Once you h...

Page 86: ...e When the category is blocked the browser displays a page informing the user that the site is unavailable for viewing If the category is not blocked the Web browser opens the page for viewing WatchGuard WebBlocker database unavailable If for any reason the WatchGuard WebBlocker database is unavailable for example if there is briefly a problem between your ISP and the nearest WatchGuard server the...

Page 87: ...cker configuration page includes a Full Access Password field You can configure this password and give it to only those members of your trusted network who should be able bypass WebBlocker When a site is blocked or unavailable the user has the option of entering the full access password With the password entered the browser displays the otherwise blocked site After the password is entered the user...

Page 88: ...Blocker Groups and Users Enable WebBlocker Follow the instructions below to enable WebBlocker create a Full Access Password define the inactivity timeout value require that your Web users authenticate if your are using the Groups and Users feature option 1 With your Web browser go to the SOHO Configuration Settings page using the Trusted IP address of the SOHO For example if using the default IP a...

Page 89: ...ypasses otherwise blocked sites 5 Enter the Inactivity Timeout in minutes Setting the inactivity timeout at for example 15 minutes ensures that unattended Web browsers will be disconnected after sitting idle for 15 minutes 6 If you intend to use WebBlocker Groups and Users enable the Require Web users to authenticate checkbox 7 Click the Submit button to register your changes ...

Page 90: ...the instructions to enable WebBlocker without selecting a Group 1 With your Web browser go to the SOHO Configuration Settings page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 2 From the navigation bar on the left side select WebBlocker Groups The WebBlocker Groups page appears 3 Click the New button to create a group name and profil...

Page 91: ... WebBlocker 4 Click the Submit button A new Groups page appears indicating the configuration changes have been accepted and providing access to creating users 5 To the right of the Users field click the New button The New User page appears ...

Page 92: ...the Passphrase Use the Group drop down list to assign the new user to a given group In our example we have assigned the User rodolfo to the Group chicosmalos created previously 7 Click the Submit button NOTE You can delete Users or Groups at any time by selecting them and clicking the Delete button ...

Page 93: ...egory blocks sites describing how to grow and use marijuana but does not block sites discussing the historical use of marijuana Alcohol Tobacco Pictures or text advocating the sale consumption or production of alcoholic beverages and tobacco products Illegal Gambling Pictures or text advocating materials or activities of a dubious nature that may be illegal in any or all jurisdictions such as ille...

Page 94: ...lly prescribed for medicinal purposes such as drugs used to treat glaucoma or cancer Satanic Cult Pictures or text advocating devil worship an affinity for evil wickedness or the advocacy to join a cult A cult is defined as A closed society that is headed by a single individual where loyalty is demanded and leaving is punishable Intolerance Pictures or text advocating prejudice or discrimination a...

Page 95: ...res or text advocating the proper use of contraceptives Topic includes sites devoted to the explanation and description of condoms oral contraceptives intrauterine devices and other types of contraceptives It also includes discussion sites devoted to conversations with partners about sexually transmitted diseases pregnancy and sexual boundaries Not included in this category are commercial sites se...

Page 96: ... exposure of either male or female buttocks except when exposing genitalia which is handled under the Full Nudity category Topic does not include swimsuits including thongs Searching for blocked sites To verify whether WebBlocker is blocking a site as part of a category block visit the Search Submit form on the Cyber Patrol Web site 1 Using your Web browser go to http www cyberpatrol com cyberNOT ...

Page 97: ...c Why create a virtual private network Virtual Private Networking VPN tunnels enable you to and securely connect computers in two locations without requiring expensive dedicated point to point data connections With VPN you use low cost connections to the Internet to create a virtual connection between two branch offices Unlike a simple un encrypted Internet connection a VPN connection eliminates a...

Page 98: ...vailable a secondary DNS address Domain name Network addresses and subnet mask for networks By default the Trusted network address of the SOHO is 192 168 111 0 and the subnet mask is 255 255 255 0 NOTE The internal networks on either end of the VPN tunnel must use different network addresses To create an IPSec tunnel between devices you must add information to the configuration files of each that ...

Page 99: ...ess from one of the reserved ranges 10 0 0 0 255 0 0 0 172 16 0 0 255 240 0 0 192 168 0 0 16 255 255 0 0 You Site A 255 255 255 0 Site B 255 255 255 0 Shared Secret A phrase stored at both ends of the tunnel to authenticate the transmission as being from the claimed origin The secret can be any phrase but mixing numerical special alphabetical and uppercase characters improves security For example ...

Page 100: ...rivate networking Enabling the VPN upgrade requires An installed SOHO Internet connectivity A VPN upgrade certificate license Step by step instructions for configuring a SOHO VPN tunnel WatchGuard has developed a series of step by step instructions to facilitate configuration for a SOHO VPN tunnel to any of several other IPSec compliant devices To download these instructions using your Web browser...

Page 101: ... Windows NT networks the two networks must be in the same Microsoft Windows domain or be trusted domains This is a Microsoft Networking design implementation and is not a limitation of the SOHO device Frequently asked questions Why do I need a static external address To create a VPN connection one SOHO must be able to find its partner device If the addresses were allowed to change the SOHO could n...

Page 102: ...classify the problem 1 Ping the external address of the remote SOHO For example at Site A ping 68 130 44 15 Site B You should get a reply If not verify the External Network Settings of Site B If they are correct verify that computers at Site B can access the internet If you are still having trouble contact your ISP 2 Once you can ping the external address of each SOHO try pinging the local address...

Page 103: ...ote users to securely connect to the SOHO through an IPSec VPN tunnel and access network resources on the Trusted network Complete documentation on configuring your SOHO once this upgrade option has been purchased and redeemed can be found online at https www watchguard com support sohoresources asp View the VPN Statistics The SOHO has a configuration page which displays a variety of VPN statistic...

Page 104: ...View the VPN Statistics 104 ...

Page 105: ...ling and setting up your SOHO General How do I reboot my SOHO 1 With your Web browser go to the SOHO System Status page using the Trusted IP address of the SOHO For example if using the default IP address go to http 192 168 111 1 2 Click the Reboot button 3 Wait for the SOHO to finish rebooting The MODE light on the front of the SOHO will turn off then back on ...

Page 106: ...f the MODE light is illuminated then the unit is running from it s backup flash memory You should be able to connect to the unit from a computer on one of the four numbered 1 4 Ethernet ports and reload the configuration If the MODE light is blinking it is indicative of a couple of concerns The unit required a DHCP assigned IP address for the External interface WAN port but did not receive it The ...

Page 107: ...assword you must reset the SOHO to its factory default Please see the section titled Resetting a SOHO to the Factory Defaults on page 23 How does the seat limitation on the SOHO work The default user license on the SOHO is 10 The first 10 computers on the network behind the SOHO to access the Internet are allowed through the SOHO To clear the list of these first 10 computers you will need to reboo...

Page 108: ...that both sides of the cable are connected and that your Internet connection is not down The Link lights numbered 1 through 4 correspond to the four number Ethernet ports for the Trusted network They tell you if the SOHO is connected to a computer or hub If the lights are not illuminated the SOHO is not connected to the computer or hub Check to make sure that both sides of the cable are connected ...

Page 109: ...r on the right side The MAC address is listed there Configuration Where are the SOHO settings stored The configuration parameters for the SOHO are stored in memory on the SOHO How do I change to a DHCP trusted IP address 1 Make sure your computer is set up to use DHCP dynamic addressing please see Release and renew the IP configuration on page 46 1 With your Web browser go to the SOHO System Statu...

Page 110: ...dress of the SOHO For example if using the default IP address go to http 192 168 111 1 2 From the navigation bar on the left side select Network Trusted 3 Disable the checkbox labeled Enable DHCP Server and then click the Submit button 4 Enter the information in the appropriate fields Click the Submit button How do I set up and disable Webblocker 1 With your Web browser go to the SOHO System Statu...

Page 111: ...ffic page appears 3 Locate the pre configured service you wish to allow in and select Allow from the drop list 4 Enter the Trusted network IP address of the computer hosting the service 5 Click the Submit button How do I allow incoming IP or uncommon TCP and UDP protocols You will need the IP address of the computer that will be receiving the incoming data and the IP protocol number that correspon...

Page 112: ...created and select Allow from the drop list 9 Under the header Service Host enter the IP address of the computer to which this traffic will be allowed 10 Click the Submit button VPN Management Before setting up a VPN you must have the following Two properly configured and working SOHOs or one SOHO and one Firebox with the latest version of firmware Each SOHO must have the VPN option enabled The st...

Page 113: ... see the VPN Manager Guide How do I set up VPN between two SOHOs For detailed information on how to configure a VPN tunnel between two SOHO devices download the SOHO to SOHO IPSec VPN Tunnel configuration instructions 1 Using your Web browser go to http www watchguard com support 2 Login to the LiveSecurity site 3 Click Knowledge Base on the left of the page 4 Click the In Depth FAQ link 5 Under t...

Page 114: ... is available at https support watchguard com faqs Special Notices At the time of publication of this document the online Help System has not been posted on the WatchGuard Web site Therefore clicking on the Help link at the top of the System Status page will redirect you to the WatchGuard Product Documentation page where you can find links to our knowledge base 877 232 3531 U S End user support 20...

Page 115: ...locker 93 certification FCC 4 Checklist pre installation 27 Configure PPPoE client 43 Copyright Information 12 Custom incoming services creating 65 Cyber Patrol copyright information 12 D Database WebBlocker 85 Default gateway 98 DNS service primary IP address 98 secondary IP address 98 Domain name 98 E Encryption SOHO 101 F FCC certification 4 Frequently asked questions 99 ...

Page 116: ...g the SOHO 32 manual 28 pre installation checklist 27 Introduction 3 information Internet 63 IP address 20 port number 20 protocol 20 services 21 IP address 20 reason for static 101 static obtaining 98 IP configuration releasing and renewing 46 L LED troubleshooting 105 Link LED troubleshooting 105 Linux setting TCP IP 29 LiveSecurity User ID 18 Log host setting remote 78 ...

Page 117: ...2 Password saving 18 Patent Information 12 Ping 102 Port number introduction 20 PPPoE configuring client 43 Pre configured service adding 64 Pre installation checklist 27 Private network setting default factory settings 22 Protocol introduction 20 Proxy disabling HTTP 30 R Releasing IP configuration 46 Remote Log Host setting 78 Renewing IP configuration 46 S Serial number saving 18 Services ...

Page 118: ...ation 46 setting in Macintosh 29 setting in Unix Linux etc 29 setting in Windows 95 98 29 Troubleshooting 99 checking link LED 105 connecting more than two offices 102 pinging 102 static IP address 101 U Unix setting TCP IP 29 URL database 85 Using the manual 3 V Virtual Private Networking introduction 97 W WebBlocker categories 93 searching for blocked sites 96 The Learning Company 93 Windows 95 ...

Reviews:

No comments

Related manuals for SOHO

HotBrick VPN 800 User Manual preview
VPN 800
Brand: HotBrick Pages: 89
Watchguard XTM 1050 Quick Start Manual preview
XTM 1050
Brand: Watchguard Pages: 11
Watchguard CL48AE24 Quick Start Manual preview
CL48AE24
Brand: Watchguard Pages: 2
Watchguard Firebox M4600 Technical Brief preview
Firebox M4600
Brand: Watchguard Pages: 6
Juniper SRX5600 Hardware Manual preview
SRX5600
Brand: Juniper Pages: 483
Skybox Securoty Appliance 5500 Quick Start Manual preview
Appliance 5500
Brand: Skybox Securoty Pages: 44
Fortinet FortiGate 5050 Chassis Manual preview
FortiGate 5050
Brand: Fortinet Pages: 26
Lancom R&S Unified AGPO150 Migration Manual preview
R&S Unified AGPO150
Brand: Lancom Pages: 17
Barracuda CloudGen F800 C Rack Installation preview
CloudGen F800 C
Brand: Barracuda Pages: 11
Barracuda CloudGen F900 Revision B CCC Manual preview
CloudGen F900 Revision B CCC
Brand: Barracuda Pages: 7
Draytek VIGOR2950 User Manual preview
VIGOR2950
Brand: Draytek Pages: 217

Brands by name

Popular brands

Load more brands