background image

CHAPTER 1: Internet Protocol Reference

6

WatchGuard Firebox System

Internet Protocol Options

Internet Protocol options are variable-length additions to the standard IP 
header. Unfortunately, enabling IP options can be risky; hackers can use 
them to specify a route that helps them gain access to your network. 
Because most applications make it very obscure or difficult to use IP 
options, they are rarely used.

There are several kinds of IP options: 

Security

Control routing of IP packets that carry sensitive data. Security 
options are rarely supported.

Stream ID (SID)

The stream ID option is rarely supported.

Source Routing 

Both the loose source route option and the strict source route 
option enable the source of an Internet packet to provide routing 
information. Source routing options can be very dangerous, 
because a clever attacker might use them to masquerade as 
another site. However, loose source routing and the traceroute 
facility can also help debug some obscure routing problems.

Record Route

The record route option was originally intended for use in testing 
the Internet. Unfortunately, record route can record only ten IP 

SCC-SP

96

Semaphore Communications Security 

Protocol 

ETHERIP 

97

Ethernet-within-IP Encapsulation 

ENCAP 

98

Encapsulation Header 

99

Any private encryption scheme 

GMTP

100 

GMTP 

101-254  Unassigned 
255 

Reserved

Keyword

Number

Protocol 

Содержание Firebox X1000

Страница 1: ...WatchGuard Firebox System Reference Guide WatchGuard Firebox System...

Страница 2: ...emarks of Sun Microsystems Inc in the United States and other countries All right reserved 1995 1998 Eric Young eay cryptsoft All rights reserved 1998 2000 The OpenSSL Project All rights reserved Redi...

Страница 3: ...ERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY...

Страница 4: ...r written permission please contact apache apache org 5 Products derived from this software may not be called Apache nor may Apache appear in their name without prior written permission of the Apache...

Страница 5: ...ptions 6 Transfer Protocols 7 UDP 7 TCP 8 ICMP 8 Other protocols 8 Standard Ports and Random Ports 9 CHAPTER 2 MIME Content Types 11 CHAPTER 3 Services and Ports 27 Ports Used by WatchGuard Products 2...

Страница 6: ...Client 44 DNS 45 Filtered HTTP 45 Filtered SMTP 46 finger 46 Gopher 47 HTTPS 47 IMAP 47 LDAP 48 Lotus Notes 48 NNTP 49 NTP 50 Outgoing Services 50 pcAnywhere 50 ping 51 POP2 and POP3 51 PPTP 52 RADIU...

Страница 7: ...5 HTTP 65 Proxied HTTP 66 RTSP 67 SMTP 67 CHAPTER 5 Common Log Messages 69 CHAPTER 6 Resources 81 Publishers 81 Books 82 Non Fiction 82 Fiction 83 White Papers Requests for Comments 83 Mailing Lists 8...

Страница 8: ...nfiguration 105 CHAPTER 9 Glossary 107 CHAPTER 10 Field Definitions 153 System Manager 153 Connect to Firebox dialog box 153 Enter Read Write Passphrase dialog box 154 Polling dialog box 154 Syslog Co...

Страница 9: ...dialog box 172 Blocked Ports dialog box 172 Blocked Sites dialog box 173 Blocked Sites Exceptions dialog box 174 Certificate Authority Configuration 174 Configure Gateways dialog box 175 Configure IPS...

Страница 10: ...Setup dialog box 207 Manual Security dialog box 208 Mobile User Client Select New Passphrase dialog box 208 Mobile User VPN Wizard 209 Mobile User VPN dialog box 212 NAT Setup dialog box 212 Network C...

Страница 11: ...33 Add Displayed Service dialog box 233 Remove Site dialog box 233 View Properties dialog box 233 Historical Reports 234 Add Report Filter dialog box 234 Historical Reports dialog box 236 Report Prope...

Страница 12: ...xii WatchGuard Firebox System...

Страница 13: ...ckage Most networks combine IP with higher level protocols like Transmission Control Protocol TCP Unlike simple IP TCP IP establishes a connection between two host servers so that they can send messag...

Страница 14: ...It is used in reassembling fragments ID 16 bits Packet ID used for reassembling fragments Flags 3 bits Miscellaneous flags Frag_Off 13 bits Identifies fragment part for this packet TTL 8 bits Time to...

Страница 15: ...MUX 18 Multiplexing DCN MEAS 19 DCN Measurement Subsystems HMP 20 Host Monitoring PRM 21 Packet Radio Measurement XNS IDP 22 XEROX NS IDP TRUNK 1 23 Trunk 1 TRUNK 2 24 Trunk 2 LEAF 1 25 Leaf 1 LEAF 2...

Страница 16: ...ter Domain Routing Protocol RSVP 46 Reservation Protocol GRE 47 General Routing Encapsulation MHRP 48 Mobile Host Routing Protocol BNA 49 BNA ESP 50 Encapsulated Security Payload AH 51 Authentication...

Страница 17: ...OTOCOL Temporary WB MON 78 WIDEBAND Monitoring WB EXPAK 79 WIDEBAND EXPAK ISO IP 80 ISO Internet Protocol VMTP 81 VMTP SECURE VMTP 82 SECURE VMTP VINES 83 VINES TTP 84 TTP NSFNET IGP 85 NSFNET IGP DGP...

Страница 18: ...ion is rarely supported Source Routing Both the loose source route option and the strict source route option enable the source of an Internet packet to provide routing information Source routing optio...

Страница 19: ...overhead To ensure accurate transmission it requires that the application layer verify that packets arrive at their destination Characteristics of UDP include Often used for services involving the tra...

Страница 20: ...lar fashion TCP uses a rather complicated state machine to manage connections There are several attribute bits that control the state of a connection Three very important attribute bits of TCP packets...

Страница 21: ...unique connection on the Internet For example it is reasonable to have two telnet sessions from one host to another However since telnet uses a well known service number of 23 something must distingu...

Страница 22: ...CHAPTER 1 Internet Protocol Reference 10 WatchGuard Firebox System...

Страница 23: ...se Policy Manager to configure the Proxied HTTP service to allow or deny content types Content types are also used in SMTP and are configurable in the SMTP proxy This chapter contains a list of the mo...

Страница 24: ...enriched RFC1896 tab separated values Paul Lindner html RFC2854 sgml RFC1874 vnd latex z Lubos vnd fmi flexstor Hurtta uri list RFC2483 vnd abc Allen rfc822 headers RFC1892 vnd in3d 3dml Powers prs l...

Страница 25: ...lel RFC2045 RFC2046 appledouble MacMime Patrick Faltstrom header set Dave Crocker form data RFC2388 related RFC2387 report RFC1892 voice message RFC2421 RFC2423 signed RFC1847 encrypted RFC1847 bytera...

Страница 26: ...Campbell dca rft IBM Doc Content Arch Larry Campbell activemessage Ehud Shapiro rtf Paul Lindner applefile MacMime Patrick Faltstrom mac binhex40 MacMime Patrik Faltstrom news message id RFC1036 Henr...

Страница 27: ...vnd ms works Gill vnd ms tnef Gill vnd svd Becker vnd music niff Butler vnd ms artgalry Slawson vnd truedoc Chase vnd koan Cole vnd street stream Levitt vnd fdf Zilles set payment initiation Korver s...

Страница 28: ...rectory Solomon prs nprend Doggett vnd webturbo Rehem hyperstudio Domino vnd shana informed formtemplat e Selzler vnd shana informed formdata Selzler vnd shana informed package Selzler vnd shana infor...

Страница 29: ...attenberger vnd lotus freelance Wattenberger vnd fujitsu oasys Togashi vnd fujitsu oasys2 Togashi vnd swiftview ics Widener vnd dna Searcy prs cww Rungchavalnont vnd wt stf Wohler vnd dxr Duffy vnd mi...

Страница 30: ...nd ecowin series Olsson vnd ecowin filerequest Olsson vnd ecowin fileupdate Olsson vnd ecowin seriesrequest Olsson vnd ecowin seriesupdate Olsson EDIFACT RFC1767 EDI X12 RFC1767 EDI Consent RFC1767 vn...

Страница 31: ...uplanet alert wbxml Martin vnd uplanet cacheop wbxml Martin vnd uplanet list wbxml Martin vnd uplanet listcmd wbxml Martin vnd uplanet channel wbxml Martin vnd uplanet bearer choice wbxml Martin vnd e...

Страница 32: ...ng vnd accpac simply imp Leow vnd accpac simply aso Leow vnd vcx T Sugimoto ipp RFC2910 ocsp request RFC2560 ocsp response RFC2560 vnd previewsystems box Smolgovsky vnd mediastation cdkey Flurry vnd p...

Страница 33: ...moto vnd vectorworks Pharr vnd grafeq Tupper vnd bmi Gotoh vnd ericsson quickcall Tidwell vnd hzn 3d crossword Minnis vnd wap slc WAP Forum vnd wap sic WAP Forum vnd groove injector Joseph vnd fujixer...

Страница 34: ...xul xml McDaniel parityfec RFC3009 vnd palm Peacock vnd fsc weblaunch D Smith vnd tve trigger Welsh dvcs RFC3029 sieve RFC3028 vnd vividence scriptfile Risher vnd hhe lesson player Jones beep xml RFC...

Страница 35: ...302 cgm Francis naplps Ferber vnd dwg Moline vnd svf Moline vnd dxf Moline png Randers Pehrson vnd fpx Spencer vnd net fpx Spencer vnd xiff SMartin prs btif Simon vnd fastbidsheet Becker vnd wap wbmp...

Страница 36: ...lin L16 RFC2586 vnd everad plj Cicelsky telephone event RFC2833 tone RFC2833 prs sid Walleij vnd nuera ecelp4800 Fox vnd nuera ecelp7470 Fox mpeg RFC3003 parityfec RFC3009 MP4A LATM RFC3016 vnd nuera...

Страница 37: ...pi model RFC2077 iges Parks vrml RFC2077 model mesh RFC2077 vnd dwf Pratt vnd gtw Ozaki vnd flatland 3dml Powers vnd vtu Rabinovitch vnd mts Rabinovitch vnd gdl Babits vnd gs gdl Babits vnd parasolid...

Страница 38: ...CHAPTER 2 MIME Content Types 26 WatchGuard Firebox System...

Страница 39: ...Services and Ports Well known services are a combination of port number and transport protocol for specific standard applications This chapter contains several tables that list service names port num...

Страница 40: ...Guard Security Event Processor use several ports during normal functioning Port Protocol Purpose 4100 TCP Authentication applet 4101 TCP WSEP and Management Station 4105 TCP WatchGuard service 4106 TC...

Страница 41: ...tion 139 TCP Event Viewer 139 TCP File Sharing 137 138 139 UDP TCP Logon Sequence 138 UDP NetLogon 137 138 139 UDP TCP Pass Through Validation 139 TCP Performance Monitor 1723 47 TCP IP PPTP 137 138 1...

Страница 42: ...el Assigned Numbers RFC1700 available at these Web sites http www cis ohio state edu htbin rfc rfc1700 html http www iana org assignments port numbers If you would like to recommend additions to this...

Страница 43: ...ata 20 TCP UDP File Transfer Default Data ftp 21 TCP UDP File Transfer Control ssh 22 TCP UDP SSH Remote Login Protocol telnet 23 TCP UDP Telnet smtp 25 TCP UDP Simple Mail Transfer nsw fe 27 TCP UDP...

Страница 44: ...Services whois 63 TCP UDP whois covia 64 TCP UDP Communications Integrator CI tacacs ds 65 TCP UDP TACACS Database Service sql net 66 TCP UDP Oracle SQL NET bootps 67 TCP UDP Bootstrap Protocol Server...

Страница 45: ...7 TCP UDP Swift Remote Virtual File Protocol tacnews 98 TCP UDP TAC News metagram 99 TCP UDP Metagram Relay newacct 100 TCP unauthorized use hostname 101 TCP UDP NIC Host Name Server iso tsap 102 TCP...

Страница 46: ...erface Net Map unitary 126 TCP UDP Unisys Unitary Login locus con 127 TCP UDP Locus PC Interface Conn Server gss xlicen 128 TCP UDP GSS X License Verification pwdgen 129 TCP UDP Password Generator Pro...

Страница 47: ...ex mux 173 TCP UDP Xyplex MUX xdmcp 177 TCP UDP X Display Manager Control Protocol NextStep 178 TCP UDP NextStep Window Server bgp 179 TCP UDP Border Gateway Protocol unify 181 TCP UDP Unify irc 194 T...

Страница 48: ...wing who s who cmd 514 TCP Like exec but automatic syslog 514 UDP logging facilities printer 515 TCP UDP Spooler talk 517 TCP UDP Talk protocol ntalk 518 TCP UDP another Talk utime 519 TCP UDP Unixtim...

Страница 49: ...ll NetWare Comm Service Platform novell lu6 2 1416 TCP UDP Novell LU6 2 netopia 1419 8000 UDP TCP Netopia Virtual Office ms sql s 1433 TCP UDP Microsoft SQL Server ms sql m 1434 TCP UDP Microsoft SQL...

Страница 50: ...e x11 6000 TCP UDP X Window System through 6063 font service 7100 TCP UDP X Font Service nas 8000 TCP UDP NCD Network Audio Server iphone 6670 TCP for connecting to the phone server iphone 22555 UDP f...

Страница 51: ...broad categories packet filters and proxies Packet Filter Services Packet filter services examine the source and destination headers of each packet Packets are then either allowed or denied passage ba...

Страница 52: ...ristics Protocol Any Client Port Ignore Port Number None AOL The America Online proprietary protocol allows access to the AOL service through a TCP IP network instead of the usual dial up connection T...

Страница 53: ...servers that return incorrect information Incoming auth service responds with fake information to hide internal user information When using SMTP with incoming static NAT you must add auth to the Servi...

Страница 54: ...ed with WinFrame Characteristics Protocol TCP Server Port s 1494 1604 Client Port s client For more information on adding the Citrix ICA service refer to the Advanced FAQs in the Knowledge Base Go to...

Страница 55: ...er IP for doing voice calls between Clarent gateways across the Internet This service supports the Clarent v3 0 product and later The Clarent products use two sets of ports one for gateway to gateway...

Страница 56: ...ion of ports to enable use of CU SeeMe versions 2 X and 3 X CU SeeMe Version 2 X runs on UDP port 7648 Version 3 X in addition to UDP port 7648 runs on UDP port 24032 for H 323 conferences and TCP por...

Страница 57: ...ulti service rule Filtered HTTP combines configuration options for incoming HTTP on port 80 with a rule allowing all outgoing TCP connections by default Using Filtered HTTP will not result in applying...

Страница 58: ...cs Protocol TCP Server Port s 25 Client Port s client finger finger is a protocol used to list information about users on a given host Although this information is often useful it can also reveal too...

Страница 59: ...ol The client and the web server set up an encrypted session over TCP port 443 Because this session is encrypted on both ends the proxy cannot examine packet contents therefore this icon enables a pac...

Страница 60: ...sed to access stand alone directory servers or X 500 directories Characteristics Protocol TCP Server Port s 389 Client Port s client Lotus Notes Lotus Notes is an integrated client server platform for...

Страница 61: ...ets were actually sent from the correct location Configure WatchGuard to add the source IP address to the Blocked Sites List whenever an incoming NNTP connection is denied All of the usual logging opt...

Страница 62: ...oxied HTTP Filtered HTTP Outgoing or Proxy icons are present in the Services Arena This icon will not enable outgoing FTP which will function only with an FTP service pcAnywhere pcAnywhere is an appli...

Страница 63: ...ng into a network however outgoing ping is useful for troubleshooting Characteristics Protocol ICMP Server Port s Not Applicable Client Port s Not Applicable POP2 and POP3 POP2 and POP3 Post Office Pr...

Страница 64: ...onfigure the PPTP service to allow incoming access from Internet hosts to an internal network PPTP server PPTP cannot access hosts static NAT because incoming NAT cannot forward IP protocols Because t...

Страница 65: ...able RIP only if your Internet service provider requires that you run a routing daemon Incorrect or deceptive routing information can wreak havoc with local networks could cause service denial problem...

Страница 66: ...d interface need to talk to a Windows NT server on the optional network Although not required WINS servers should be installed on both trusted and optional networks configure the clients on the option...

Страница 67: ...er than 1023 Because SNMP could cause quite unpredictable changes in a network if enabled carefully consider alternatives and log everything SNMP Trap Simple Network Management Protocol SNMP traps are...

Страница 68: ...to 10000 The Sybase SQL Server service is set to server port 10000 Verify that your Sybase SQL Server is configured for port 10000 If it is not either reconfigure the SQL Server to port 10000 or crea...

Страница 69: ...tp cs hut fi see ftp ftp cs hut fi pub ssh and information on versions for Windows can be found at DataFellows http www datafellows com Characteristics Protocol TCP Server Port s 22 Client Port s less...

Страница 70: ...user authentication is a server that uses existing user accounts to authenticate users into a dial up modem pool eliminating the need to maintain duplicate accounts on a UNIX system TACACS does not su...

Страница 71: ...Allow Outgoing but Deny Incoming connections the default WatchGuard stance For a different stance for example to allow selected Incoming or to restrict Outgoing add the telnet services and configure...

Страница 72: ...romise network security It allows traffic inside the firewall without authentication In addition the Timbuktu server may be subject to denial of service attacks WatchGuard recommends using VPN options...

Страница 73: ...able Client Port s generally greater than 32768 WAIS Wide Area Information Services WAIS is a protocol used to search for documents over the Internet originally developed at Thinking Machines Incorpor...

Страница 74: ...ou would like to use strong encryption 128 bit TripleDES or IPSec please contact WatchGuard Technical Support WatchGuard Logging The WatchGuard Logging service is necessary only if a second Firebox ne...

Страница 75: ...HTTP SMTP and FTP The proxied service opens packets of its particular type strips out any embedded forbidden data types and reassembles the packets with the proxy s own origin and destination headers...

Страница 76: ...sfer Protocol one of the most common ways to move files over the Internet Characteristics Protocol TCP Server Port s 20 command channel 21 data channel Client Port s greater than 1023 RFC 414 Common S...

Страница 77: ...te to the internal host directly Use the ping utility if necessary to ensure that the connection is valid Dynamic NAT must be turned off for the incoming H323 connection to work properly There are no...

Страница 78: ...network Icons in the Services Arena An HTTP icon with Incoming From Any to the HTTP server Scenario 2 Description Public HTTP server on the trusted network Icons in the Services Arena Even with dynam...

Страница 79: ...r Port 554 Client Port any RFC 2326 NOTE In addition to these TCP ports there are some UDP ports that both the client and the server use The ports are determined dynamically but the mostly commonly us...

Страница 80: ...cs Protocol TCP Server Port s 25 Client Port s greater than 1023 RFC 821 Common Scenarios Scenario 1 Description There is an SMTP server on the optional interface Icons in the Services Arena A SMTP se...

Страница 81: ...hat the ARP table was changed or updated to reflect the MAC address of a particular IP address This occurs most frequently in the case of High Availability where the active Firebox has failed over and...

Страница 82: ...ged by the two computers involved in the connection Old stale TCP connections are reset with an RST packet RST packets have a sequence number that must be valid according to certain TCP rules For exam...

Страница 83: ...in eth0 68 54 24 29 www xxx yyy zzz www xxx yyy zzz unknown ip options IP options are obsolete IP parameters now used primarily for OS fingerprinting and other types of IP stack based probes Most rout...

Страница 84: ...med out Indicates that the proxy was unable to connect to a FTP server The Proxy Connect Timeout defines the amount of time in seconds that the proxies will wait before giving up trying to forward a c...

Страница 85: ...iform Resource Locators URL and Names URN As far as HTTP is concerned Uniform Resource Identifiers are simply formatted strings which identify via name location or any other characteristic a resource...

Страница 86: ...established the standard proxy timeout values apply You may try raising this value by adding or editing the following property in the configuration file default proxies http timeout 600 http proxy x...

Страница 87: ...ocess that finished whatever it was doing is now exiting normally The xx indicates the Process ID number ipseccfg Error cfg entry networking ipsec remote_gw 195 sharedkey must contain a shared key Ind...

Страница 88: ...ss This usually occurs for Mobile User VPN IP addresses kernel eth2 Setting full duplex based on MII 31 link partner capability of 45e1 Indicates that the Firebox determined it can set the Ethernet in...

Страница 89: ...ated RBCAST only rebroadcasts directed broadcasts originating on a primary interface IP address In other words secondary networks will not be the source of an RBCAST In addition it will not rebroadcas...

Страница 90: ...roxy server WebBlocker interprets this as an attempt to bypass its protections and denies the attempt smtp proxy x x x x 35105 x x x x 25 Bad command XXXXXX The client attempted a non standard SMTP co...

Страница 91: ...start iked 3 times within 5 seconds of each other something s wrong Iked is the Firebox process responsible for negotiating IPSec tunnels This message usually occurs when IPSec mobile users are in the...

Страница 92: ...CHAPTER 5 Common Log Messages 80 WatchGuard Firebox System...

Страница 93: ...pport teams to learn more about network security in general and the WatchGuard product line in particular These include Publishers Books White Papers and Requests for Comments Mailing Lists Web Sites...

Страница 94: ...em Administrators Reading MA Addison Wesley Longman Inc 1992 Denning Dorothy E Information Warfare and Security Addison Wesley 1999 ISBN 0201433036 Farley Stearns and Mark Farley Hsu Tom Stearns and J...

Страница 95: ...Richard TCP IP Illustrated Reading MA Addison Wesley Longman Inc 1994 ISBN 0201633469 Note This is a 3 volume set Stoll Cliff Cuckoo s Egg Pocket Books 1995 ISBN 0671726889 Vacca John Intranet Securit...

Страница 96: ...Attrition http www attrition org Bugtraq http www securityfocus com Center for Education and Research in Information Assurance and Security http www cerias purdue edu Complete Intranet Firewalls Resou...

Страница 97: ...stcorp com javasecurity National Institute of Standards and Technology Computer Security Resource Center http www 08 nist gov Note Yes the dash after www is correct Microsoft Security http www microso...

Страница 98: ...ity firewalls Use your newsreader or electronic messaging application to subscribe to the comp security firewalls Usenet newsgroup Deja com Deja com provides a Web based alternative to news reader ser...

Страница 99: ...This map describes which control characters cannot be successfully received over the serial line Pppd will ask the peer to send these characters as a 2 byte escape sequence The argument is a 32 bit h...

Страница 100: ...peer to send packets of no more than n bytes The minimum MRU value is 128 The default MRU value is 1 500 A value of 296 is recommended for slow links 40 bytes for TCP IP header 256 bytes of data mtu...

Страница 101: ...peer compress packets that it sends using the Deflate scheme with a maximum window size of 2 nr bytes and agree to compress packets sent to the peer with a maximum window size of 2 nt bytes If nt is n...

Страница 102: ...te n Sets the maximum number of IPCP terminate request transmissions to n default 3 ipcp restart n Sets the IPCP restart interval retransmission timeout to n seconds default 3 lcp echo failure n When...

Страница 103: ...n seconds that is n seconds after the first network control protocol comes up modem Use the modem control lines This option is the default With this option pppd will wait for the CD Carrier Detect si...

Страница 104: ...o determine if possible the local IP address from the hostname With this option the peer will have to supply the local IP address during IPCP negotiation unless it was specified explicitly on the comm...

Страница 105: ...he modem Explanation of fields 1 Specifies that the Firebox should expect nothing back from the modem at this point in the chat 2 Specifies that three plus characters should be sent with short pauses...

Страница 106: ...e The initial timeout value is 45 seconds Once changed the timeout setting remains in effect until it is changed again EOT The special reply string of EOT indicates that the chat program should send a...

Страница 107: ...ters h e l l o not valid in expect d Delay for 1 second not valid in expect K Insert a BREAK not valid in expect n Send a newline or linefeed character N Send a null character The same sequence can be...

Страница 108: ...ckslash character ddd Collapse the octal digits ddd into a single ASCII character and send that character Some characters are not valid in Ctrl C for these characters substitute the sequence with the...

Страница 109: ...ou do not know or have forgotten them Fireboxes shipped before Firebox System LiveSecurity System 4 1 shipped with the original standard functionality called the read only system area Fireboxes shippe...

Страница 110: ...l cable Hands Free Installation via a local area network IP connection using remote provisioning Initializing an older Firebox with the Firebox System 4 1 or later automatically upgrades the Firebox a...

Страница 111: ...is not flickering the Firebox is running release prior to System 4 1 and you must use either the serial or modem initialization methods 4 Use the QuickSetup Wizard to configure and initialize the Fire...

Страница 112: ...Operation Complete dialog box appears 6 Click OK Working with a Firebox booted from the read only system area After you successfully boot the Firebox from the read only system area you can copy a new...

Страница 113: ...file saved successfully to the Firebox use Policy Manager to open it For instructions see the User Guide chapter on Firebox Basics Opening a Configuration File from the Firebox Troubleshooting The COM...

Страница 114: ...ith the Firebox to connect the Firebox Console port and external serial port in a loopback configuration Connect the Firebox Console port and external serial Turn the power on the Firebox off then on...

Страница 115: ...ffic Volume Indicator for each successful IP address the Firebox claims The Firebox can claim up to eight addresses The Processor Load Indicator marks the total number of different MAC addresses the F...

Страница 116: ...peration and the enhanced read only system area Sys A Continued The remainder of the Firebox software image PermFiles Area The Flash Disk Management Tool performs three different tasks for manipulatin...

Страница 117: ...ly overwrite the primary configuration file The primary configuration file is incorrectly configured or is otherwise unusable NOTE This procedure is possible only when a backup configuration file is o...

Страница 118: ...CHAPTER 8 Firebox Read Only System Area 106 WatchGuard Firebox System...

Страница 119: ...tion is made In active mode the FTP server establishes the data connection In passive mode the client establishes the connection In general FTP user agents use active mode and Web user agents use pass...

Страница 120: ...led programs hackers use to access machines AH authentication header A protocol used in IPSec available for use with IPSec Branch Office VPN AH provides authentication for as much of the IP header as...

Страница 121: ...is one way meaning that a key used to encrypt information cannot be used to decrypt the same data attack An attempt to hack into a system Because not all security issues represent true attacks most se...

Страница 122: ...rmerly known as the Mazameter bastion host A computer placed outside a firewall to provide public services such as WWW and FTP to other Internet sites The term is sometimes generalized to refer to any...

Страница 123: ...ected by the WatchGuard Firebox System or between a WatchGuard Firebox and an IPSec compliant device It allows a user to connect two or more locations over the Internet while protecting the resources...

Страница 124: ...ly Memory A disk on which data is stored certificate An electronic document attached to a public key by a trusted third party which provides proof that the public key belongs to a legitimate owner and...

Страница 125: ...ing either characters or bits by way of substitution transposition or both Class A Class B Class C See Internet address class clear signed message A message that is digitally signed but not encrypted...

Страница 126: ...nput and returns a shorter fixed sized output connected enterprise A company or organization with a computer network exchanging data with the Internet or some other public network Control Center See S...

Страница 127: ...cks or network security Can also be used as a synonym for hacker CRL See certificate revocation list cross certification Two or more organizations or certificate authorities that share some level of t...

Страница 128: ...gram A packet of data that stands alone Generally used in reference to UDP and ICMP packets when talking about IP protocols data transmission speed The number of bits that are transmitted per second o...

Страница 129: ...s blocks of 64 bits The encryption is controlled by a key of 56 bits See also Triple DES descending A method of ordering a group of items from highest to lowest such as from Z to A device Networking e...

Страница 130: ...One common use for this network is as a public Web server DNS Domain Name System A network system of servers that converts numeric IP addresses into readable hierarchical Internet addresses DoS See de...

Страница 131: ...dynamic NAT Also known as IP masquerading or port address translation A method of hiding network addresses from hosts on the external network Hosts elsewhere on the Internet see only outgoing packets...

Страница 132: ...atically when an Ethernet adapter is added to the computer This address identifies the node as a unique communication item and enables direct communications to and from that particular computer event...

Страница 133: ...or view specific information about an individual task or resource file extension A period and up to three characters at the end of a file name The extension can help identify the kind of information a...

Страница 134: ...a computer network against unwanted use and abuse by way of net connections firewalling The creation or running of a firewall flash disk An 8 megabyte on board flash ROM disk that acts like a hard di...

Страница 135: ...se units before adding a new position for the next number Hexadecimal uses the numbers 0 9 and the letters A F hierarchical trust A graded series of entities that distribute trust in an organized fash...

Страница 136: ...ured to inform the Firebox of this additional host behind the additional router HostWatch A WatchGuard Firebox System application that provides a real time display of the hosts that are connected from...

Страница 137: ...ed statement that binds a key to the name of an individual and therefore delegates authority from that individual to the public key IDS See Intrusion Detection System IETF See Internet Engineering Tas...

Страница 138: ...8 it is a Class A address A network with a Class A address can have up to about 16 million hosts Class B If the first octet of an IP address is from 128 to 191 it is a Class B address A network with a...

Страница 139: ...t limits IP packets to about 1 500 bytes but the maximum IP packet size is 65 536 bytes To send packets larger than 1 500 bytes over an Ethernet IP fragments must be used IP masquerading See dynamic N...

Страница 140: ...ganization or an educational institution may be the ISP for some organizations ITU T International Telecommunication Union Telecommunication Formerly the CCITT Consultative Committee for International...

Страница 141: ...raphic key to authorized recipients in a secure manner key pair A public key and its complementary private key keyring A set of keys Each user has two types of keyrings a private keyring and a public...

Страница 142: ...dresses assigned to this interface The Class A address group 127 0 0 0 has been reserved for these interfaces mail server Refers to both the application and the physical machine tasked with routing in...

Страница 143: ...utside world in lieu of the IP addresses of the hosts protected by the firewall Mazameter See Bandwidth Meter MD2 Message Digest 2 A 128 bit one way hash function that is dependent on a random permuta...

Страница 144: ...ddress For a class A network the network address is the first byte of the IP address For a class B network the network address is the first two bytes of the IP address For a class C network the networ...

Страница 145: ...corresponding netmask NFS Network File System A popular TCP IP service for providing shared file systems over a network NIST See National Institute for Standards and Technology node A computer or CPU...

Страница 146: ...rvers provided for public access OSI Open Systems Interconnection A standard description or reference model for how messages should be transmitted between any two points in a telecommunication network...

Страница 147: ...tion Protocol PAP An authentication protocol that allows PPP peers to authenticate one another It does not prevent unauthorized access but identifies the remote end PCI peripheral component interconne...

Страница 148: ...tion for protecting the data Phase 2 negotiates data management security association which uses the data management policy to set up IPSec tunnels in the kernel for encapsulating and decapsulating dat...

Страница 149: ...Firebox System an option in which the Firebox redirects IP packets to a specific masqueraded host behind the firewall based on the original destination port number Also called static NAT port space pr...

Страница 150: ...thers when creating a combination of security policies Privacy Enhanced Mail PEM A protocol to provide secure Internet mail RFC 1421 1424 including services for encryption authentication message integ...

Страница 151: ...intended for another machine By faking its identity the router accepts responsibility for routing packets to the real destination proxy server A server that stands in place of another server In firew...

Страница 152: ...of two pieces authentication server code and client protocols random number A necessary element in generating unique keys that are unpredictable to an adversary True random numbers are typically deri...

Страница 153: ...hosts through which information travels to reach its destination host routed configuration or network A configuration with separate network addresses assigned to at least two of the three Firebox inte...

Страница 154: ...ncluding hard disks floppy disks CD ROM printers and scanners secondary network A network on the same physical wire as a Firebox interface that has an address belonging to an entirely different networ...

Страница 155: ...self extracting file A compressed file that automatically decompresses when double clicked server A computer that provides shared resources to network users server based network A network in which al...

Страница 156: ...S it produces a 160 bit hash similar to MD4 shared secret A passphrase or password that is the same on the host and the client computer It is used for authentication SHTTP See HTTPS sign To apply a si...

Страница 157: ...b browsers and FTP clients It provides a simple firewall because it checks incoming and outgoing packets and hides the IP addresses of client applications SOHO Small Office Home Office Also the name o...

Страница 158: ...by hubs or repeaters For example one could take a class C network with 256 available addresses and create two additional netmasks under it that separate the first 128 and last 128 addresses into separ...

Страница 159: ...Internet uses TCP TCP IP Transmission Control Protocol Internet Protocol A common networking protocol with the ability to connect different elements TCP session hijacking An intrusion in which an ind...

Страница 160: ...controls tooltip A name or phrase that appears when the mouse pointer pauses over a button or icon topology A wiring configuration used for a network Transport Layer Security TLS Based on the Secure S...

Страница 161: ...he TCP IP packets carried by the Internet twisted pair cable A cable used for both network and telephone communications Also known as UTP unshielded twisted pair and 10BASE T 100BASE T cable UDP User...

Страница 162: ...f the WatchGuard Firebox System offering separate from the software and the Firebox which keeps network defenses current It includes the broadcast network that transmits alerts editorials threat respo...

Страница 163: ...a Web browser World Wide Web Consortium W3C An international industry consortium founded in 1994 to develop common protocols for the evolution of the World Wide Web worm A program that seeks access i...

Страница 164: ...CHAPTER 9 Glossary 152 WatchGuard Firebox System...

Страница 165: ...stem Manager use the status read only passphrase When opening the Firebox using VPN Manager or for configuration changes using Policy Manager enter the configuration read write passphrase There can be...

Страница 166: ...e Firebox although they make the display more accurate You can type or use the arrows to input the seconds Arrows Use the arrows to select your preferred value Max Log Entries Enter the maximum of log...

Страница 167: ...tion key is the publicly available component of a key pair Confirm Reenter the encryption key to verify OK Closes this dialog box and saves any changes Flash Disk Management Tool dialog box Restore Ba...

Страница 168: ...g file Enter the name of the new log file The extension is automatically wgl Merge all files text box Enter the name of the new log file The extension is automatically wgl Files to copy Type or use th...

Страница 169: ...ain window In a separate filter window Select to show results in a separate filter window This is an interim window that pops up in which you can perform search functions By marking them in the main w...

Страница 170: ...es when Log Viewer is launched GMT Time Click to have time zone set to Greenwich Standard Time Local Time Click to have time zone set to your local time To set the local time use Policy Manager Setup...

Страница 171: ...o access the results control Less Click to hide the results control Match all Select to match all values in the search Match any Select to match any value in the search Delete Click to delete the sear...

Страница 172: ...IP address range OK Closes this dialog box and saves any changes Add Address dialog box Members Lists existing groups configured aliases networks and users Add Select an alias network group or address...

Страница 173: ...Use the drop list or enter the IP address to specify the destination of outgoing packets Click to enter the IP address The Add Memeber dialog box opens OK Closes this dialog box and saves any changes...

Страница 174: ...ialog box Add Firebox Group Enter the group name to add to Firebox users list You use groups to define users accounts to such factors as authentication method or system used OK Closes this dialog box...

Страница 175: ...s this dialog box and saves any changes Add Port dialog box Protocol Use the drop list to select the protocol used for the service TCP TCP based services UDP UDP based services HTTP Services examined...

Страница 176: ...address that is on the same network as the Firebox OK Closes this dialog box and saves any changes Add Service dialog box Name Enter the name of the new service Comments Enter comments or a descripti...

Страница 177: ...oses this dialog box and saves any changes Advanced DVCP Policy Configuration dialog box Allow access to Select or enter the host or network and port protocol client port you want to allow access via...

Страница 178: ...ollowing in the drop list Disabled The mobile user cannot use a Virtual Adapter to connect to the Secure VPN Client Preferred It is preferred but not required for the mobile user to use a Virtual Adap...

Страница 179: ...1 NAT Check to enable 1 to 1 NAT This type of NAT redirects packets sent to one range of addresses to a different range of addresses 1 to 1 NAT Setup list Lists the IP addresses to be redirected Add S...

Страница 180: ...as from the list and click to edit it The Host Alias dialog box opens Remove Click to remove the selected alias from the list OK Closes this dialog box and saves any changes Authentication Servers dia...

Страница 181: ...time Two Firebox user groups used for remote user virtual private networking are automatically added to the basic configuration file ipsec_users and ruvpn_users Add Click to open the Add Firebox Group...

Страница 182: ...by the Firebox Port primary Enter the port number configured on the primary RADIUS server to receive authentication requests Secret Enter the value of the secret between the Firebox and the RADIUS se...

Страница 183: ...tivity time before an authenticated session times out Secret Enter the CRYPTOCard server shared secret This secret must be identical on both the CRYPTOCard server and the Firebox SecurID Server tab IP...

Страница 184: ...o the list The DVCP Client Wizard launches Edit Click to edit the selected client from the list The DVCP Client Wizard launches Remove Click to remove the selected client from the list OK Closes this...

Страница 185: ...the Firebox to log all attempts to use blocked ports or to notify a network administrator when someone attempts to access a blocked port Blocked Sites dialog box Blocked Sites A list of currently blo...

Страница 186: ...ion type and enter the host or network IP address Remove Select the exception and click to remove it from the list above Certificate Authority Configuration IP Address Enter the IP address of your Cer...

Страница 187: ...way from the list Click Edit to access the Remote Gateways dialog box and modify gateway settings Remove Click to remove the selected gateway from the configured gateway list OK Closes this dialog box...

Страница 188: ...e selected tunnel Remove Click to delete the selected tunnel OK Configure Tunnel dialog box Identity tab Name Enter the name of a tunnel This name is used to identify the tunnel in monitoring and admi...

Страница 189: ...the Management Station waits for a response from the Firebox for returning a message indicating that the device is unreachable Use the arrows to select your preferred value Arrows Use the arrows to s...

Страница 190: ...another computer on the Internet Block SYN Flood Attacks Enable this checkbox to block SYN Flood attacks SYN Flood attacks are a type of Denial of Service DoS attack that seek to prevent your public...

Страница 191: ...Some operating systems do not handle error messages correctly and may inadvertently terminate other connections when they receive them Log incoming packets sent to broadcast addresses Enable this che...

Страница 192: ...he starting and ending IP addresses Add Click to access the DHCP Subnet Properties dialog box and add a new address range Edit Select an address range in the list and click to open the DHCP Subnet Pro...

Страница 193: ...Enable debug log messages for the DVCP Client Enable this checkbox to enable detailed log messages from the Firebox client to facilitate with troubleshooting and debugging the IPSec tunnel between the...

Страница 194: ...tion enter the address of the primary network to which the client has access behind the Firebox Telecommuter IP Address Select only for WatchGuard SOHO Telecommuter devices Enter the virtual IP addres...

Страница 195: ...access Add Click to add a network Remove Click to remove a network Telecommuter IP Address Select to specific an IP address as a Telecommuter Enter the IP address in the box Private Network Select for...

Страница 196: ...this certificate External Interface IP Address Enable this checkbox to use the External Interface IP address for the CRL distribution poin Custom IP Address Enable this checkbox to use a custom IP ad...

Страница 197: ...t your preferred value UDP Finish Timeout Enter the UDP finish timeout in seconds For more informationa on UDP see chapter 1 of the Reference Guide Arrows Use the arrows to select your preferred value...

Страница 198: ...op list Block IPSec will not allow traffic that matches the rule in associated tunnel policies You cannot bypass a policy that has a network at the other end point Bypass IPSec will not allow traffic...

Страница 199: ...se which is used for establishing read only connections to your Firebox Read only access allows you to view logs and status of the Firebox but not change configurations Confirm Re enter the Status pas...

Страница 200: ...on via a Firebox NT Server Enable this checkbox to allow authentication via Windows NT Server Radius Server Enable this checkbox to allow authentication via a Radius server CRYPTOCard Server Enable th...

Страница 201: ...Check to make a backup copy of the current flash image before saving to the Firebox Specify where to save the backup copy in the Backup Image section below Encryption Key Enter the encryption key for...

Страница 202: ...vent users from using the SITE command which would if not denied allow them to execute arbitrary programs on the FTP server This is set to Deny by default since allowing its use can be very dangerous...

Страница 203: ...d this optional product IP Address External interface Enter the External interface IP address for the standby Firebox Default Heartbeat External interface Enable this checkbbox if you want to use the...

Страница 204: ...add a new member to the Alias Members list Remove Click to remove the selected item from the list above OK Closes this dialog box and saves any changes HTTP Proxy dialog box Settings tab Remove client...

Страница 205: ...this checkbox to remove unknown headers including any current or future unofficial header additions Log accounting auditing information Enable this checkbox to log accounting auditing information Req...

Страница 206: ...ceptable security risks For a list of content types see Chapter 2 in the Reference Guide Allowed Content Types list With the Allow only safe content types checkbox enabled only those content types lis...

Страница 207: ...ebBlocker Controls tab in the HTTP Proxy dialog box click Add 2 In the dialog box that appears type the IP address of the server in the Value field Click OK You can use the UP and Down buttons to chan...

Страница 208: ...e during operational and non operational hours Alcohol Tobacco Pictures or text advocating the sale consumption or production of alcoholic beverages and tobacco products Illegal Gambling Pictures or t...

Страница 209: ...ndividual where loyalty is demanded and leaving is punishable Intolerance Pictures or text advocating prejudice or discrimination against any race color national origin religion disability or handicap...

Страница 210: ...and lascivious behavior Topic includes masturbation copulation pedophilia as well as intimacy involving nude or partially nude people in heterosexual bisexual lesbian or homosexual encounters It also...

Страница 211: ...Add Click to add an entry to the list above Remove Click to remove a selection from the list above Define Exceptions dialog box Select type of exception You can choose from the following three excepti...

Страница 212: ...Key Enter the encryption key Key Click to create an encryption key Authentication Select the authentication from the drop list Authenciation Key Enter an authentication key Key Click to create an enc...

Страница 213: ...ws Use the arrows to select your preferred value Maximum Size The maximum size of a single email message This restriction can help prevent the mail spool from filling up Arrows Use the arrows to selec...

Страница 214: ...Starting Enable this checkbox to allow remote message queue starting Allow AUTH Enable this checkbox to allow authentication AUTH list A list of AUTH types Add Type an AUTH type in the text box to the...

Страница 215: ...he content type to the message Use the variable f to add the file name pattern to the message Address Patterns tab Category Use the drop list to select a pattern type allowed or denied and direction i...

Страница 216: ...uting Policies A list of current IPSec virtual private networking routing policies The list displays Local Address The IP address of the local Firebox Remote Address The IP address of the remote IPSec...

Страница 217: ...nnections are routed along the higher security tunnels Add Click this button to open the Add Routing Policy dialog box and add a new IPSec routing policy Edit Select a policy from the list above and c...

Страница 218: ...ements This option often generates a high volume of log entries slowing passage of VPN traffic It is generally only used by WatchGuard Technical Support to assist with debugging an IPSec VPN tunnel pr...

Страница 219: ...stom program Browse Click to browse for the program path Launch Interval Enter the number of minutes between events Arrows Use the arrows to select your preferred value Repeat Count Enter the number o...

Страница 220: ...og logging is not encrypted The Firebox sends the syslogs to the defined syslog server This can be the same machine as the WatchGuard Security Event Processor Syslog Server Enter the interface to set...

Страница 221: ...User VPN group Enter Shared Key Enter a shared key for this user s mobile VPN account Define Access screen Allow user access to Enter the network resource you want to allow for this mobile user Virtua...

Страница 222: ...mobile users External Authentication Groups screen Group Name Enter the group name for the Externally Authenticated Group Passphrase Enter the passphrase that will be used to encrypt the MUVPN Client...

Страница 223: ...to connect to the Secure VPN Client Network Resources screen Network Resources list Lists the network resources allow for this mobile user Add Click to add network resources for the mobile user Remove...

Страница 224: ...to select your preferred value Mobile User VPN dialog box Type Choose type from the drop list Value Enter the value of the type OK Closes this dialog box and saves any changes NAT Setup dialog box En...

Страница 225: ...g box and saves any changes Cancel Closes this dialog box without saving any changes Help Click to access the online Help system Advanced Click to access the Advanced NAT Settings dialog box You use t...

Страница 226: ...nd enter the PPP User Name and Password Re enter the password for verification This creates a dynamic PPPoE configuration If you want a static PPPoE configuration enable the Use the following IP addre...

Страница 227: ...want to use proxy ARP Related Hosts A list of related hosts that use proxy ARP Add Enter the host IP address select the interface and click Add to add a related host to the Related Host list Remove S...

Страница 228: ...the LCP Echo timeout in mileseconds LCP Echo Failure Enter the LCP Echo failure rate in number of tries Service Name Enter the Service name of the PPPoe server Access Concentrator Name Enter the Acces...

Страница 229: ...name of the domain name server DNS The server values entered in this dialog box are used by the DHCP server RUVPN and other features of the firewall Domain Name Enter the DNS domain name The server v...

Страница 230: ...flow control for the PCMCIA expansion configuration Local Host IP Enter the IP address for the local host Firebox IP Enter the IP address for the Firebox PPP Initialization Enter the PPP initializati...

Страница 231: ...ernet Mail Extensions a specification about how to pass audio video and graphic content via email or HTML Description Enter a description of the new MIME type OK Closes this dialog box and saves any c...

Страница 232: ...e Add button Add Click to add a new header pattern enter in the text box Remove Click to remove the selected item from the list above Idle Enter the interval in seconds before timing out Masquerading...

Страница 233: ...d in the Domain Name field above Masquerade MIME boundary strings When this feature is enabled the firewall converts MIME boundary strings in messages and attachments to a string that does not reveal...

Страница 234: ...n type Dynamic is the most frequently used type Remote ID Type Enter the Remote ID type of the remote gateway Shared Key Enable this checkbox and enter the shared key The shared key field is only avai...

Страница 235: ...a single Diffie Hellman exchange and that this key is not used to derive additional keys Enable Aggressive Mode Enable this checkbox to enable Aggressive Mode Mode refers to an exchange of messages i...

Страница 236: ...to add to the list and click Add Remove Select a key from the list and click to remove it PPTP tab Activate Remote User Enable this checkbox to allow an active remote user Enable Drop from 128 bit to...

Страница 237: ...OK to open the Configure Tunnel dialog box OK Closes this dialog box and opens the Configure Tunnel dialog box Select MIME Type dialog box Select MIME Type Select a MIME type from the list MIME types...

Страница 238: ...o the Services list Service Properties dialog box Incoming tab Incoming Connections Are Incoming connections are those that originate from beyond the firewall and whose destination is somewhere behind...

Страница 239: ...ve the selected item from the list above Logging Click to access the Logging and Notification dialog box Auto block sites that attempt to connect via Check to automatically block sites that attempt to...

Страница 240: ...operties tab Name Specifies the name of the service Properties Lists the service s properties Comments Lists any comments for the service s properties Set Policy Ordering dialog box Set Policy Orderin...

Страница 241: ...er Name Enter the new user s name to create a new account Passphrase Enter the pass phrase for the new user s account Setup Routes dialog box Routes A list of all current routes A route is a sequence...

Страница 242: ...ndling Enter the tag information in the text box Deny Select to deny the spam mail handling Advanced Spam Mail Filtering Enable this checkbox to use advanced spam mail filtering RBL list List the RBLs...

Страница 243: ...d Find Click to find the information to specified WatchGuard VPN dialog box WatchGuard VPN tab Remote Fireboxes A list of remote Fireboxes configured for VPN tunnels using the WatchGuard VPN protocol...

Страница 244: ...e a Key Click to hash the key Key Displays the hashed encryption key Options tab Activate WatchGuard VPN Enable this checkbox to enable WatchGuard VPN protocol Without this checkbox enabled any config...

Страница 245: ...mber used by this service Note that you can assign only a single port number Line Color Select a unique line color to identify this service Remove Site dialog box Remove Site This action requires chan...

Страница 246: ...mum Amplitude Control the amplitude of the ServiceWatch display Use smaller numbers for lighter volumes of traffic and larger numbers for higher volumes of traffic Add Click Add to configure a new ser...

Страница 247: ...name of a new host IP to be added to the hosts list Add Click to add an item to the list on the left Remove Click to remove the selected item from the list to the left Port Filter tab Ports Restrict r...

Страница 248: ...he list above Run Enable the checkboxes next to the reports you would like to generate Click Run to generate the selected reports Filters Click to open the Filters dialog box Filters restrict report o...

Страница 249: ...se frames WebTrends Export Select to generate report in format acceptable for WebTrends for Firewalls and VPNs Additional information on the format can be found at http www webtrends com developers de...

Страница 250: ...ributed enterprise You must identify Fireboxes by their IP address and SOHO devices by their unique name The unique SOHO name is configured using DVCP Client Wizard Add Click to add a new Firebox IP o...

Страница 251: ...tion types Authentication Resolution on IP addresses Select to run authentication resolution on IP addresses DNS Resolution on IP addresses Select to run DNS resolution on IP addresses Consolidated Se...

Страница 252: ...Detail Sections The number of records that appear on each HTML page The default is 1 000 HostWatch Filter Properties dialog box Inside Hosts tab Display all hosts Enable this checkbox to display all h...

Страница 253: ...rs New User Enter a new user to add to the list Add Click to add a new user to the list Remove Select an item in the list and click to delete it Displayed authentication users A list of all authentica...

Страница 254: ...lor tab Denied Displays the line color used for denied entires in the log Dynamic NAT Displays the line color used for dynamic entires in the log Proxy Displays the line color used for proxy entires i...

Страница 255: ...nterval Enable this checkbox to specific the log rollover time interval When this interval is reached the WSEP saves the log file with a time stamp It continues to write new log records to the base Fi...

Страница 256: ...es By Number of Entries Specify the maximum number of log entries in thousands When this number is exceeded the WSEP saves the log file with a time stamp It continues to write new log records to the b...

Страница 257: ...ows networking must be installed and configured Email notification is performed via SMTP NOTE The email address entered in this field is not verified Validate the address before entering it into the e...

Страница 258: ...n Key Enter the key used to encrypt communication between the Firebox and the WSEP The key must be identical on both the Firebox and the WSEP Use a key that you can easily remember but would be diffic...

Страница 259: ...ites dialog box 173 Blocked Sites Exceptions dialog box 174 booting from system area 100 C checksum 76 Citrix ICA 42 Clarent command service 43 Clarent gateway service 42 COM Port Setup dialog box 100...

Страница 260: ...uthentication Setup 208 Mobile User Client Select New Passphrase 208 NAT Setup 212 Network Configuration 214 New MIME Type 219 New Service 219 Operation Complete 100 Outgoing SMTP Proxy 220 Polling 15...

Страница 261: ...et 76 H H323 service 65 hands free installation 98 High Availability dialog box 191 Historical Reports dialog box 236 Historical Reports dialog boxes 234 Host Alias dialog box 192 HostWatch dialog box...

Страница 262: ...87 P pcAnywhere service 50 Pid 71 ping service 51 Policy Manager dialog boxes 160 Polling dialog box 154 POP2 service 51 POP3 service 51 ports random 9 standard 9 used by Microsoft products 29 used by...

Страница 263: ...t 59 TFTP 59 Timbuktu 60 Time 60 traceroute 60 types 39 WAIS 61 WatchGuard Logging 62 well known 27 30 39 whois 63 Services dialog box 225 Set Log Encryption Key dialog box 246 Set Policy Ordering dia...

Страница 264: ...DP 7 Uniform Resource Identifiers 73 URIs 73 User Datagram Protocol 7 V View Properties dialog box 233 VPNs and Any service 39 W WAIS service 61 WatchGuard encrypted connections 62 WatchGuard Find dia...

Отзывы: