Watchguard Firebox X1000 Скачать руководство пользователя страница 222 | Manualshive

Страница: 222 / 314

background image

Chapter 12: Setting Up Logging and Notification

200

WatchGuard Firebox System

Logging and notification are crucial to an effective network
security policy. Together, they make it possible to monitor
your network security, identify both attacks and attackers,
and take action to address security threats and challenges.
WatchGuard logging and notification features are both
flexible and powerful. You can configure your firewall to
log and notify a wide variety of events, including specific
events that occur at the level of individual services. For
more information on logging, see the following collection
of FAQs:

https://support.watchguard.com/advancedfaqs/log_main.asp

Developing Logging and Notification Policies

When creating a logging policy, you spell out what gets
logged and when an event or series of events warrants
sending out a notification to the on-duty administrator.
Developing these policies simplifies the setup of individual
services in the WatchGuard Firebox System. If you have
fully mapped out a policy, you can more easily delegate
configuration duties and ensure that individual efforts do
not contradict the overall security stance or logging and
notification policies.

Logging policy

Specifically, the logging policy delineates:
•

Which events to log

•

Which service events to log

•

Which servers are allocated as log hosts

•

How large a log file is allowed to become and how
often a new log file is created

In general, you want to log only the events that might indi-
cate a potential security threat, and ignore events that
would waste bandwidth and server storage space. This
generally translates into logging spoofs, IP options, probes,

«
...
220
221
222
223
224
...
»

Содержание Firebox X1000

Страница 1: ...WatchGuard Firebox System User Guide WatchGuard Firebox System...

Страница 2: ...d States and or other courtries Hi fn Inc 1993 including one or more U S Patents 4701745 5016009 5126739 and 5146221 and other patents pending Microsoft Internet Explorer Windows 95 Windows 98 Windows...

Страница 3: ...D ANY EXPRESSED OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE OpenSSL PROJECT O...

Страница 4: ...nowledgement This product includes software written by Tim Hudson tjh cryptsoft com THIS SOFTWARE IS PROVIDED BY ERIC YOUNG AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE...

Страница 5: ...ARE DISCLAIMED IN NO EVENT SHALL RALF S ENGELSCHALL OR HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT...

Страница 6: ...n behalf of the Apache Software Foundation For more information on the Apache Software Foundation please see http www apache org Portions of this software are based upon public domain software origina...

Страница 7: ...chGuard Firebox Software End User License Agreement IMPORTANT READ CAREFULLY BEFORE ACCESSING WATCHGUARD SOFTWARE This Firebox Software End User License Agreement AGREEMENT is a legal agreement betwee...

Страница 8: ...uct at any single location and may install and use the SOFTWARE PRODUCT on multiple workstation computers B To use the SOFTWARE PRODUCT on more than one WATCHGUARD hardware product at once you must pu...

Страница 9: ...anies it If the SOFTWARE PRODUCT fails to operate in accordance with this warranty you may as your sole and exclusive remedy return all of the SOFTWARE PRODUCT and the documentation to the authorized...

Страница 10: ...ITY OF SUCH DAMAGES THIS SHALL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF AN AGREED REMEDY 5 United States Government Restricted Rights The SOFTWARE PRODUCT is provided with Restricted Rights Use dup...

Страница 11: ...THESE TERMS IF THE SOFTWARE PRODUCT IS BEING USED BY AN ENTITY THE INDIVIDUAL INDICATING AGREEMENT TO THESE TERMS REPRESENTS AND WARRANTS THAT A SUCH INDIVIDUAL IS DULY AUTHORIZED TO ACCEPT THIS AGREE...

Страница 12: ...xii WatchGuard Firebox System...

Страница 13: ...ox System Manager 2 WatchGuard security applications 3 WatchGuard LiveSecurity Service 3 Minimum Requirements 3 Software requirements 3 Web browser requirements 4 Hardware requirements 4 WatchGuard Op...

Страница 14: ...uct Documentation 18 Assisted Support 18 LiveSecurity Program 18 LiveSecurity Gold Program 19 Firebox Installation Services 20 VPN Installation Services 20 Training and Certification 20 CHAPTER 3 Gett...

Страница 15: ...ation s local drive 53 Resetting Firebox Passphrases 53 Setting the Firebox Model 54 Setting the Time Zone 55 Setting a Firebox Friendly Name 55 CHAPTER 5 Using Policy Manager to Configure Your Networ...

Страница 16: ...oring Firebox Traffic 80 Setting the maximum number of log entries 81 Displaying entries in color 81 Copying messages to another application 82 Copying or analyzing deny messages 82 Performing Basic T...

Страница 17: ...ing Static NAT 108 Adding external IP addresses 108 Setting static NAT for a service 108 Using 1 to 1 NAT 110 Proxies and NAT 112 CHAPTER 8 Configuring Filtered Services 113 Selecting Services for you...

Страница 18: ...he DNS Proxy Service 156 Enabling protocol anomaly detection for DNS 157 DNS file descriptor limit 158 CHAPTER 10 Creating Aliases and Implementing Authentication 161 Using Aliases 162 Adding an alias...

Страница 19: ...block sites 193 Viewing the Blocked Sites list 193 Integrating Intrusion Detection 193 Using the fbidsmate command line utility 195 CHAPTER 12 Setting Up Logging and Notification 199 Developing Loggi...

Страница 20: ...and notification for blocked sites and ports 219 CHAPTER 13 Reviewing and Working with Log Files 221 Log File Names and Locations 222 Viewing Files with LogViewer 222 Starting LogViewer and opening a...

Страница 21: ...filter 245 Scheduling and Running Reports 245 Scheduling a report 245 Manually running a report 246 Report Sections and Consolidated Sections 246 Report sections 246 Consolidated sections 250 CHAPTER...

Страница 22: ...Station 266 Preparing a Windows NT management station for OOB 266 Preparing a Windows 2000 management station for OOB 266 Preparing a Windows XP management station for OOB 268 Configuring the Firebox...

Страница 23: ...complete network security solution to meet these modern security challenges Keeping network defenses current Protecting every office connected to the Internet Encrypting communications to remote offic...

Страница 24: ...ll efficient and reli able The Firebox is a low profile component with an indi cator display panel in front and physical interfaces in back Firebox System Manager Firebox System Manager is a toolkit o...

Страница 25: ...te networking Branch office virtual private networking Selective Web site blocking WatchGuard LiveSecurity Service The innovative LiveSecurity Service makes it easy to main tain the security of an org...

Страница 26: ...t Windows XP Web browser requirements You must have Microsoft Internet Explorer 4 0 or later to run the installation from the CD The following HTML based browsers are recommended to view WatchGuard On...

Страница 27: ...step process VPN Man ager sets a new standard for Internet security by automating the setup management and monitoring of multi site IPSec VPN tunnels between an organization s Hardware feature Minimu...

Страница 28: ...but it is available for use only if you enable the High Availability checkbox when installing WFS and enter your license key Mobile User VPN Mobile User VPN is the WatchGuard IPSec implementa tion of...

Страница 29: ...WatchGuard Options WatchGuard options are available from your local reseller For more information about purchasing WatchGuard prod ucts go to http www watchguard com sales About this Guide The purpos...

Страница 30: ...eparated by arrows are selected in sequence from subsequent menus For example File Open Configuration File means to select Open from the File menu and then Configuration File from the Open menu URLs a...

Страница 31: ...eSecurity Service keeps your security system up to date by providing solutions directly to you In addition the WatchGuard Technical Support team and Training department offer a wide variety of meth od...

Страница 32: ...bscription saves you time by providing the latest software to keep your WatchGuard Firebox System up to date You receive instal lation wizards and release notes with each software update for easy inst...

Страница 33: ...ted Software Update You receive functional software enhancements on an ongoing basis that cover your entire WatchGuard Firebox System Editorial Leading security experts join the WatchGuard Rapid Respo...

Страница 34: ...rt Guide and in the Getting Started chapter of this book To activate the LiveSecurity Service through the Web 1 Be sure that you have the LiveSecurity license key and the Firebox serial number handy Y...

Страница 35: ...elp Tools Online support services help you get the most out of your WatchGuard products NOTE You must register for LiveSecurity Service before you can access the online support services Advanced FAQs...

Страница 36: ...ess to the resources you need and updated information to help you install and use the SOHO 6 To access the online support services 1 From your Web browser go to http www watchguard com and select Supp...

Страница 37: ...ard Users Group The WatchGuard users group is an online group in which the users of WatchGuard products can communicate infor mation Because this group is not monitored by Watch Guard it should not be...

Страница 38: ...window or dialog box press F1 On any platform browse to the directory containing WatchGuard Online Help Open LSSHelp html The default help directory is C Program Files WatchGuard Help Searching for to...

Страница 39: ...ly as they appear in the original installation Online Help system requirements Web browser Internet Explorer 4 0 or higher Netscape Navigator 4 7 or higher Operating system Windows NT 4 0 Windows 2000...

Страница 40: ...ttp help watchguard com documentation default asp Assisted Support WatchGuard offers a variety of technical support services for your WatchGuard products Several support programs described throughout...

Страница 41: ...istance for specific issues concerning the installation and ongoing maintenance of Firebox SOHO and ServerLock enterprise systems Single Incident Priority Response Upgrade SIPRU and Single Incident Af...

Страница 42: ...security policy install the LiveSecurity software and Firebox hardware and build a configuration in accordance with your com pany security policy VPN setup is not included as part of this service VPN...

Страница 43: ...ch products you own we have a training solution for you WatchGuard classroom training is available worldwide through an extensive network of WatchGuard Certified Training Partners WCTPs WCTPs strength...

Страница 44: ...Chapter 2 Service and Support 22 WatchGuard Firebox System...

Страница 45: ...n process Gathering network information Selecting a firewall configuration model Setting up the management station Cabling the Firebox Running the QuickSetup Wizard Deploying the Firebox into your net...

Страница 46: ...rvice license key Gathering Network Information We encourage you to fill in the following tables in prepara tion for completing the rest of the installation process License Keys Collect your license k...

Страница 47: ...One good way to set up your network is to create two worksheets the first worksheet represents your network now before deploying the Firebox and the second rep resents your network after the Firebox...

Страница 48: ...lowing figure In this example the Inter net router performs network address translation NAT for the internal network The router has a public IP address of 208 15 15 1 and the private network has an ad...

Страница 49: ...op in configuration simplifies the setup of these devices For more information on this type of configuration see Drop in configuration on page 30 By configuring the optional interface on the example n...

Страница 50: ...a Firewall Configuration Mode Before installing the WatchGuard Firebox System you must decide how to incorporate the Firebox into your net work This decision determines how you will set up the three...

Страница 51: ...uration mode that most closely reflects your existing network You must select one of two possible modes routed or drop in configuration Routed configuration In a routed configuration the Firebox is pu...

Страница 52: ...and all machines behind the trusted and optional interfaces must be configured with an IP address from that network The benefit of a routed configuration is that the networks are well defined and easi...

Страница 53: ...drop in configuration A single network that is not subdivided into smaller networks or subnetted The Firebox performs proxy ARP a technique in which one host answers Address Resolution Protocol reque...

Страница 54: ...er ally harder to manage and is more prone to network prob lems Choosing a Firebox configuration The decision between routed and drop in mode is based on your current network Many networks are best se...

Страница 55: ...inimum configured are external and trusted All interfaces of the Firebox are on the same network and have the same IP address Proxy ARP Criterion 2 Trusted and optional interfaces must be on separate...

Страница 56: ...ondary network also tells the Firebox that another network resides on the Firebox interface wire You add secondary networks in the following two ways The QuickSetup Wizard which is part of the install...

Страница 57: ...and DNS Server Addresses on page 65 You can also change the WINS and DNS values provided by your ISP if necessary Point to Point Protocol over Ethernet PPPoE is also sup ported As with DHCP the Fireb...

Страница 58: ...ent Processor WSEP receives and stores log messages and issues notifications based on information it receives from the management station You can designate any computer on your network as the manageme...

Страница 59: ...components or upgrades see the WatchGuard Web site 6 At the end of the installation wizard a checkbox appears asking if you want to launch the QuickSetup Wizard You must first cable the Firebox before...

Страница 60: ...irebox to the management station using a serial cable or over a network using TCP IP The recommended way is using a serial cable Using a serial cable Refer to the Firebox Rear Panel and Cabling for Pr...

Страница 61: ...Cabling the Firebox User Guide 39...

Страница 62: ...also writes a basic configuration file called wizard cfg to the hard disk of the management station If you later want to expand or change the basic Firebox configuration using Policy Manager use wiz...

Страница 63: ...cify static DHCP or PPPoE as explained in Dynamic IP support on the external interface on page 35 Enter the Firebox interface IP address or addresses Based on whether you specified routed or drop in m...

Страница 64: ...rase is used to establish a read write connection to the Firebox Select Connection Method Select the cabling method used and enter a temporary IP address for the Firebox so that the management station...

Страница 65: ...ht after 16 and then type 1 10 If your address has a network mask use slash notation to enter it In slash notation a single number indicates how many bits of the IP address identify the network that t...

Страница 66: ...ect the Firebox to your network If using a routed configuration change the default gateway setting on all desktops to the Firebox trusted IP address What s Next You have successfully installed configu...

Страница 67: ...nly filtered services until all your system are functional and then move to proxies as you become familiar with them as needed For more information on services see Chapter 8 Config uring Filtered Serv...

Страница 68: ...Chapter 3 Getting Started 46 WatchGuard Firebox System...

Страница 69: ...tting the Firebox time zone Setting a Firebox friendly name What is a Firebox A WatchGuard Firebox is a specially designed and optimized security appliance Three independent net work interfaces allow...

Страница 70: ...for a Firebox is directly behind the Internet router as pictured below Other parts of the network are as follows Management station The computer on which you install and run the WatchGuard Firebox Sy...

Страница 71: ...contains all the settings options addresses and other information that constitute your Firebox security policy When you view the settings in Policy Manager you are seeing a user friendly version of yo...

Страница 72: ...the Firebox drop down list to select a Firebox You can also type in the IP address or host name 3 In the Passphrase text box type the Firebox status read only passphrase Click OK Do not use the config...

Страница 73: ...the Firebox does need to be rebooted the new policy is not active until the rebooting process completes Saving a configuration to the Firebox From Policy Manager 1 Select File Save To Firebox You can...

Страница 74: ...ore saving NOTE It is not necessary to back up the flash image every time you make a change to the configuration file However if you do choose this option you must provide an encryption key It is espe...

Страница 75: ...Choosing the option marked Save Configuration File Only is normally sufficient Saving a configuration to the management station s local drive From Policy Manager 1 Select File SaveAs File You can also...

Страница 76: ...new passphrases is saved to the Firebox and the Firebox automatically restarts Tips for creating secure passphrases Although a persistent attacker can crack any passphrase eventually you can toughen...

Страница 77: ...locker The default time zone is Greenwich Mean Time Coordinated Universal Time From Policy Manager 1 Select Setup Time Zone 2 Use the drop down list to select a time zone Click OK Setting a Firebox Fr...

Страница 78: ...Chapter 4 Firebox Basics 56 WatchGuard Firebox System...

Страница 79: ...Each of the procedures in this section can also be used to override any settings you made using the Quick Setup Wizard It is recommended that you follow these steps in the following order to make sure...

Страница 80: ...are connected to The new configuration file contains defaults for the model of Firebox specified Setting the Firebox Configuration Mode For information on routed and drop in configurations see Selecti...

Страница 81: ...x located at the bottom of the dialog box 3 Enter the IP address and default gateway for the Firebox interfaces When typing IP addresses type the digits and periods in sequence Do not use the TAB or a...

Страница 82: ...ash notation When typing IP addresses type the digits and periods in sequence Do not use the TAB or arrow key to jump past the periods For more information on entering IP addresses see Entering IP add...

Страница 83: ...ring DHCP or PPPoE support If you enable DHCP or PPPoE on the external interface you can set several optional properties 1 From the Network Configuration dialog box click Properties The Advanced dialo...

Страница 84: ...hat are not recommended are Firebox2 or SOHO6Alpha NOTE PPPoE debugging generates large amounts of data Do not enable PPPoE debugging unless you are having connection problems and need help from Techn...

Страница 85: ...alog box For a description of each control right click it and then select What s This Defining External IP Aliases You use the Aliases button on the Network Configuration dialog box when you are using...

Страница 86: ...g box appears 2 Click the Secondary Networks tab The Secondary Networks tab appears as shown in the following figure 3 Use the drop down list in the lower right portion of the dialog box to select the...

Страница 87: ...features of the Firebox such as DHCP and Remote User VPN rely on shared Windows Internet Name Server WINS and Domain Name System DNS server addresses These servers must be accessible from the Firebox...

Страница 88: ...large network A device defined as a DHCP server auto matically assigns IP addresses to network computers from a defined pool of numbers You can define the Firebox as a DHCP server for the customer net...

Страница 89: ...lient requests a longer time the request is denied and the maximum lease time is provided Adding a new subnet To make available private IP addresses accessible to DHCP clients add a subnet To add a ne...

Страница 90: ...turn an IP address that does not work with certain devices or services From Policy Manager 1 Select Network DHCP Server 2 Click the subnet to review or modify Click Edit 3 The DHCP Subnet Properties d...

Страница 91: ...of the Packet Filters and Proxies folders to expand them A list of pre configured filters or proxies appears 3 Under Packet Filters click WatchGuard 4 Click the Add button at the bottom of the dialog...

Страница 92: ...to pass traffic from any of its three interfaces to a router The router can then pass traffic to the appropriate destina tion according to its specific routing policies For more information on routin...

Страница 93: ...ion file Defining a host route Define a host route if there is only one host behind the router Enter the IP address of that single specific host without slash notation From Policy Manager 1 Select Net...

Страница 94: ...Chapter 5 Using Policy Manager to Configure Your Network 72 WatchGuard Firebox System 7 Click OK The route data is written to the configuration file...

Страница 95: ...monitor of traffic through the firewall as well as a number of monitoring tools This chapter also describes HostWatch an application that provides a real time display of active connections on a Firebo...

Страница 96: ...box at this time use the Firebox drop down list to select a Firebox You can also type the IP address or DNS name of the Firebox When typing IP addresses type the digits and periods in sequence Do not...

Страница 97: ...ted to Firebox Connect to Firebox appears only when not con nected to Firebox Launch Policy Manager Launch LogViewer Launch HostWatch Create Historical Reports For more information on launching these...

Страница 98: ...of Firebox capacity being used For more information on the front panel see the following FAQ https support watchguard com advancedfaqs fbhw_lights asp Firebox and VPN tunnel status The section in Sys...

Страница 99: ...client certificate If you expand the entries under Firebox Status as shown in the following figure you can view IP address of the default gateway and netmask MAC Media Access Control address of each...

Страница 100: ...figure below shows an expanded entry for a BOVPN tunnel The information displayed from top to bottom is The name assigned to the tunnel during its creation along with the IP address of the destinatio...

Страница 101: ...le User VPN the branch displays the same statistics as for the DVCP or IPSec Branch Office VPN described previously the tunnel name followed by the destination IP address followed by the tunnel type B...

Страница 102: ...on point next to a tunnel listing indicates a tunnel is down When you expand an entry that has a red exclamation point another exclamation point appears next to the spe cific device or tunnel with the...

Страница 103: ...ries in color You can specify that the log entries appear in different col ors according to the type of information they show 1 Click the Main Menu button Click Settings Click the Syslog Color tab 2 T...

Страница 104: ...us section To copy the source or destination IP address of a deny message so you can paste it into another application right click the message select Source IP Copy or Destination IP Copy To issue the...

Страница 105: ...QuickSetup Wizard The QuickSetup Wizard begins For more information on running the QuickSetup Wizard see the QuickStart Guide included with your Firebox Flushing the ARP cache The ARP Address Resolut...

Страница 106: ...on on entering IP addresses see Entering IP addresses on page 43 3 Enter the Firebox status passphrase 4 Click OK System Manager connects to the Firebox and displays its real time status Changing the...

Страница 107: ...urity Service Select to activate LiveSecurity Service For more information on this service see Chapter 2 Service and Support Launching Firebox Applications You launch the following applications from t...

Страница 108: ...o the current log file For more information see HostWatch on page 167 Launching Historical Reports Historical Reports is a report building tool that cre ates HTML reports displaying session types most...

Страница 109: ...Windows desktop tray click the Main Menu button Select Tools Logging Event Processor Interface Viewing Bandwidth Usage Click the Bandwidth Meter tab to view real time band width usage for all Firebox...

Страница 110: ...number of connections and the x axis shows time The display differentiates by color each service being graphed To configure the services that appear and how they are dis played 1 Click the Main Menu...

Страница 111: ...mber 103100033 Product Type FBIII 1000 300Mhz 64MB Product Options hifn Packet counts The number of packets allowed denied and rejected between status queries Rejected packets are denied packets for w...

Страница 112: ...tions configured with either the QuickSetup Wizard or by adding and configuring services from Policy Manager Logging options Outgoing traceroute Incoming traceroute logged warning notifies traceroute...

Страница 113: ...l amount of RAM the process is using SHARE Amount of memory that can be shared by more than one process TIME Total CPU time used CPU Percentage of CPU time used PRI Priority of process SCHED The way t...

Страница 114: ...376 0 00 10 0 0 nice 91 netdbg S 828 372 0 00 05 0 0 nice 96 opt bin dns proxy S 800 400 0 00 72 0 0 nice Interfaces Each network interface is displayed in this section along with detailed information...

Страница 115: ...erruns 0 carrier 0 Collisions 193 eth1 Link encap Ethernet HWaddr 00 90 7F 1E 79 85 inet addr 192 168 253 1 Bcast 192 168 253 255 Mask 255 255 255 0 UP BROADCAST RUNNING MULTICAST MTU 1500 Metric 2 RX...

Страница 116: ...ress when the Firebox is set up for PPPoE support Because all traffic passing over this interface is PPPoE specific the IP address that appears is a placeholder value only and can be ignored Routes Th...

Страница 117: ...00 80 AD 19 1F 80 C eth0 201 148 32 54 ether 00 A0 24 4B 95 67 C eth1 0 201 148 32 26 ether 00 A0 24 4B 98 7F C eth1 0 207 23 8 30 ether 00 A0 24 79 96 42 C eth0 For more information on the status rep...

Страница 118: ...time on the tem porary auto block You can adjust the auto blocking value from the Blocked Sites dialog box available through Policy Manager To remove a site from this list right click it and select R...

Страница 119: ...Fire box to log incoming denied Telnet attempts The line connecting the source host and destination host is color coded to display the type of connection being made These colors can be changed The de...

Страница 120: ...tailed information about current connections for the item such as IP addresses port num ber connection type and direction The lower pane displays the same information in tabular form in addition to po...

Страница 121: ...ntinue shown at right 4 To step through the display one entry at a time click the Pause icon Click the right arrow to step forward through the log Click the left arrow to step backward through the log...

Страница 122: ...resses From HostWatch 1 Select View Properties 2 Use the Host Display tab to modify host display and text options For a description of each control right click it and then select What s This 3 Use the...

Страница 123: ...erformed refers to the method of translation Dynamic NAT Also called IP masquerading or port address translation The Firebox either globally or on a service by service basis applies its public IP addr...

Страница 124: ...e most commonly used form of NAT It works by translating the source IP address of outbound sessions those originating on the internal side of the Fire box to the one public IP address of the Firebox H...

Страница 125: ...ackets Simple dynamic NAT provides a quick method to set a NAT policy for your entire network For more information on this type of NAT see the following FAQ https support watchguard com advancedfaqs n...

Страница 126: ...ay require addi tional entries in the From or To lists of hosts or host aliases The Firebox applies dynamic NAT rules in the order in which they appear in the Dynamic NAT Entries list Watch Guard reco...

Страница 127: ...There is no method to modify a dynamic NAT entry Instead use the Remove button to remove existing entries and the Add button to add new entries Specifying simple dynamic NAT exceptions You can set up...

Страница 128: ...NAT policy on a service by service basis Service based NAT is most frequently used to make exceptions to a globally applied simple dynamic NAT entry For example use service based NAT on a network with...

Страница 129: ...alog box You have three options Use Default Simple NAT Service based NAT is not enabled for the service The service uses the simple dynamic NAT rules configured in the Dynamic NAT Entries list as expl...

Страница 130: ...a new public IP address using the Add External IP dialog box From Policy Man ager 1 Select Network Configuration Click the Aliases button The Add External IP dialog box appears 2 At the bottom of the...

Страница 131: ...to select the public address to be used for this service If the public address does not appear in the drop down list click Edit to open the Add External IP dialog box and add the public address 6 Ente...

Страница 132: ...ranslating the local network to a range that is not in conflict with the other end both sides can communicate For more information on 1 to 1 NAT see the following FAQ https support watchguard com adva...

Страница 133: ...face external trusted optional or IPSec 7 Enter the number of hosts to be translated 8 In the NAT base field enter the base address for the exposed NAT range This will generally be the public IP addre...

Страница 134: ...p_local_nets refers to networks behind the DVCP server 13 Click the button next to the From box and enter the value of the real IP address range as entered in step 9 Click OK 14 Click OK to close the...

Страница 135: ...tomize rule sets destina tions protocols ports used and other parameters With both packet filters and proxies you can deter mine which hosts within your LAN and on the Inter net can communicate with e...

Страница 136: ...be configured to do so You must actively select the services and protocols allowable configure each one as to which hosts can send and receive them and set other properties individual to the service E...

Страница 137: ...owing it to the trusted network Allowing incoming services from a virtual private network VPN where the organization at the other end is known and authenticated is generally safer than allowing incomi...

Страница 138: ...the following figure You can choose from many filtered and proxied services These services are configurable for outgoing or incoming traffic and they can also be made active or inactive When config u...

Страница 139: ...igured Sources and Destinations You use separate controls for configuring incoming and outgoing traffic The outgoing controls sources define entries in the From lists while incoming controls destinati...

Страница 140: ...log box to add modify and remove the filtered and proxed services you want 2 Expand either the Packet Filters or Proxies folder by clicking the plus sign to the left of the folder A list of pre config...

Страница 141: ...Policy Manager Services Arena Adding multiple services of the same type In developing a security policy for your network you might want to add the same service more than once For example you might nee...

Страница 142: ...ties on page 125 Using the previous example you might add an alias called executives NOTE Be careful to avoid creating conflicting services for example one HTTP service that allows incoming traffic wh...

Страница 143: ...ices dialog box when you select the service 5 To begin setting the port used for this service click Add The Add Port dialog box appears 6 From the Protocol drop down list select the protocol used for...

Страница 144: ...ce s Properties dialog box Properties tab shown below Client Source port can range from 1025 65565 8 In the Port field enter the port number If you are entering a range enter the lowest number of the...

Страница 145: ...o close the Properties dialog box Click Close to close the Services dialog box The icon of the new service appears in the Services Arena Deleting a service From Policy Manager 1 In the Services Arena...

Страница 146: ...ind the Firebox that use this service to initiate sessions with an outside destination The destinations on the external network to which outgoing traffic for this service can be bound In a given direc...

Страница 147: ...ght Adding service properties The method used to add incoming and outgoing service properties is identical Select the tab click the Add button for either the From or the To member list and then define...

Страница 148: ...ervice Connections Are drop down list to select Enabled and Allowed 2 Click either the Incoming tab or Outgoing tab Click the Add button underneath the From or the To list The Add Address dialog box a...

Страница 149: ...following wg_ services are available wg_authentication Added when you enable authentication wg_dhcp_server Added when you enable the DHCP server wg_pptp Added when you enable PPTP wg_dvcp Added when t...

Страница 150: ...iority events You use the Logging and Notification dialog box to config ure the services blocking categories and packet handling options you want Consequently once you master the con trols for one typ...

Страница 151: ...re denied You set notification criteria using the WatchGuard Security Event Processor WSEP For more information see Customizing Logging and Notification by Service or Option on page 215 The remaining...

Страница 152: ...vice This group has the highest precedence IP and ICMP services and all TCP UDP services that have a port number specified This group has the second highest precedence and is the largest of the three...

Страница 153: ...precedence group all incidences of the Any ser vice will take precedence over the highest precedence Tel net service The precedences of services that are in the same prece dence group are ordered fro...

Страница 154: ...cket is denied For example if there are two Telnet icons telnet_1 allowing from A to B and telnet_2 allowing from C to D a Telnet attempt from C to E will first check telnet_1 and then telnet_2 Becaus...

Страница 155: ...recedence User Guide 133 ther down the precedence chain including outgoing ser vices For more information on outgoing services see the follow ing FAQ https support watchguard com advancedfaqs svc_outg...

Страница 156: ...Chapter 8 Configuring Filtered Services 134 WatchGuard Firebox System...

Страница 157: ...s are common methods of transmitting computer viruses The SMTP proxy knows these content types are not allowed while a packet filter would not detect the unauthorized content in the packet s data payl...

Страница 158: ...or protecting your network from attacks An anomaly in the context of network security is data action or behavior that deviates from what is expected for a given user network or system Because network...

Страница 159: ...otification dialog box appears as shown in the following figure 3 Customize logging and notification using the settings in this dialog box as described in Customizing logging and notification on page...

Страница 160: ...orted For more information on the SMTP proxy see the follow ing FAQ https support watchguard com advancedfaqs proxy_smtp asp Configuring the Incoming SMTP Proxy Use the Incoming SMTP Proxy dialog box...

Страница 161: ...email that supports graph ics audio and video files and text in various foreign lan guages You use the ESMTP tab on the Incoming SMTP Proxy dialog box to specify support for ESMTP extensions keywords...

Страница 162: ...tent The header describes the type of multimedia content contained within an email or on a Web site For instance a MIME type of application zip in an email message indicates that the email contains a...

Страница 163: ...oxy Service User Guide 141 2 If you want to specify content types to allow click the upper Add button in the dialog box The Select MIME Type dialog box appears as shown in the following figure 3 Selec...

Страница 164: ...name patterns The Content Types tab includes a list of file name patterns denied by the Firebox if they appear in email attachments To add a file name pattern to the list enter a new pattern in the te...

Страница 165: ...to send mail from your servers To prevent this disable open relay on your mail servers by restricting the destina tion to only your own domain To further increase protection from mail relaying modify...

Страница 166: ...der name in the text box to the left of the Add button Click Add The new header appears at the bottom of the header list 3 To remove a header select the header name in the header list Click Remove The...

Страница 167: ...e 136 1 From the SMTP Properties dialog box click the Properties tab The SMTP Properties dialog box appears as shown in the following figure 2 Select the Enable auto blocking of sites using protocol a...

Страница 168: ...t types select the corresponding checkbox To be able to select or clear several consecutive content types as a group select the first type press Shift and select the last type and then select one of t...

Страница 169: ...ck Outgoing The Outgoing SMTP Proxy dialog box appears displaying the General tab as shown in the following figure 3 To add a new header pattern type the pattern name in the text box to the left of th...

Страница 170: ...ss patterns that are behind your firewall that you want replaced by the official domain name Click Add All patterns entered here appear as the official domain name outside the Firebox 4 In the Don t S...

Страница 171: ...also potentially dangerous outbound because it enables users on your network to copy virtually anything from outside the network to a location behind their fire wall Therefore it is important to make...

Страница 172: ...t s This You can also refer to the Field Definitions chapter in the Reference Guide Note that the Make Incoming FTP Connections Read only checkbox is selected by default If you have an FTP server that...

Страница 173: ...P traffic from traveling from the optional interface to the trusted interface Outgoing traffic is generally less restrictive For example many companies open outgoing HTTP traffic from Any to Any Watch...

Страница 174: ...ot provide protection that is as thorough or as effective In addition none of the custom options including WebBlocker are available for Filtered HTTP Adding a proxy service for HTTP Most network admin...

Страница 175: ...6 Controlling Web Site Access For a description of each control right click it and then select What s This Or refer to the Field Definitions chapter in the Reference Guide For detailed information abo...

Страница 176: ...d here can be added to the unsafe path patterns box not testsite If you want to disable content type filtering click the Set tings tab Clear the checkbox marked Require Content Type NOTE Zip files are...

Страница 177: ...n to the Firebox Configuring the DNS Proxy Service Internet domain names such as WatchGuard com are located and translated into IP addresses by the domain name system DNS DNS lets users navigate the I...

Страница 178: ...sed Attackers can set the value of a key variable such that the server crashes and the attacker gains unauthorized access The DNS proxy protects your DNS servers from both the TSIG and NXT attacks alo...

Страница 179: ...NS Proxy connections are drop down list to select Enabled and Allowed 7 Click OK to close the DNS Proxy Properties dialog box 8 Click Close The Services dialog box closes The DNS Proxy icon appears in...

Страница 180: ...secutive rules as a group press Ctrl and select each rule you want DNS file descriptor limit The DNS proxy has only 256 file descriptors available for its use which limits the number of DNS connection...

Страница 181: ...9 You can work around this problem in two ways the first method is the most secure Avoid using dynamic NAT between your clients and your DNS server Disable the outgoing portion of the DNS proxied serv...

Страница 182: ...Chapter 9 Configuring Proxied Services 160 WatchGuard Firebox System...

Страница 183: ...on it does not matter which IP address is used or from which machine a person chooses to work To gain access to Internet services such as outgoing HTTP or outgoing FTP the user provides authenti catin...

Страница 184: ...re a user workstation may have several different IP addresses over the course of a week Authentication by user is also useful in education environments such as classrooms and college computer centers...

Страница 185: ...entication 4 Click Add The Add Address dialog box appears as shown in the following figure Group Function firebox Addresses assigned to the three Firebox interfaces and any related networks or device...

Страница 186: ...down list to select a category In the Value text box enter the address range or host name Click OK 8 When you finish adding members click OK The Host Alias dialog box appears listing the new alias Cli...

Страница 187: ...enticating disable the account on the authentication server Using external authentication Although the authentication applet is primarily used for outbound traffic it can be used for inbound traffic a...

Страница 188: ...the user the user performs many or all of the same tasks to authenticate against any of the five types of authentication The difference for the Firebox administrator is that for built in authenticati...

Страница 189: ...s down the connection This is a set time limit regardless of end user traffic Defining Firebox Users and Groups for Authentication In the absence of a third party authentication server you can divide...

Страница 190: ...ox users If you have more than approximately 100 users to authenticate WatchGuard recommends that you use a third party authentication server WatchGuard automatically adds two groups intended for remo...

Страница 191: ...appears 3 Type the name of the group Click OK 4 To add a new user click the Add button beneath the Users list The Setup Firebox User dialog box appears as shown in the following figure 5 Enter the us...

Страница 192: ...oups click OK The users and groups can now be used to configure services and authentication Configuring Windows NT Server Authentication Windows NT Server authentication is based on Windows NT Server...

Страница 193: ...5 Click OK Configuring RADIUS Server Authentication The Remote Authentication Dial In User Service RADIUS provides remote users with secure access to corporate net works RADIUS is a client server syst...

Страница 194: ...used for RADIUS authentication The default is 1645 RFC 2138 states the port number as 1812 but many RADIUS servers still use port number 1645 5 Enter the value of the secret shared between the Firebo...

Страница 195: ...or example to add the groups Sales Marketing and Engineering enter Filter Id Sales Filter Id Marketing Filter Id Engineering NOTE The filter rules for RADIUS user filter IDs are case sensitive Configu...

Страница 196: ...on The standard is 624 5 Enter the administrator password This is the administrator password in the passwd file on the CRYPTOCard server 6 Enter or accept the time out in seconds The time out period i...

Страница 197: ...YPTOCard server documentation Configuring SecurID Authentication For SecurID authentication to work the RADIUS and ACE Server servers must first be correctly configured In addition users must have a v...

Страница 198: ...s 1645 5 Enter the value of the secret shared between the Firebox and the SecurID server The shared secret is case sensitive and must be identical on the Firebox and the SecurID server 6 If you are us...

Страница 199: ...Default packet handling Options for how the firewall handles incoming communications that appear to be attacks on a network Blocked sites An IP address outside the Firebox that is prevented from conne...

Страница 200: ...rewall examines the source of the packet and its intended destination by IP address and port number It also watches for patterns in successive packets that indicate unautho rized attempts to access th...

Страница 201: ...e Firebox prevents packets with a false identity from passing through to your network When such a packet attempts to establish a con nection the Firebox generates two log records One log record shows...

Страница 202: ...ult Packet Handling icon You can also from Policy Manager select Setup Intrusion Prevention Default Packet Handling The Default Packet Handling dialog box appears 2 Select the checkbox marked Block Po...

Страница 203: ...e browser by sending what is called a SYN ACK segment When the browser sees the SYN ACK it sends an ACK segment The server is ready to accept the URL request from the browser when it sees the ACK stat...

Страница 204: ...eted If you find that too many legitimate connection attempts fail when your SYN flood defense is active you can change SYN flood settings to minimize this problem You can set the maximum number of in...

Страница 205: ...ttempt is challenged From Policy Manager 1 On the toolbar click the Default Packet Handling icon You can also from Policy Manager select Setup Intrusion Prevention Default Packet Handling The Default...

Страница 206: ...Sites The Blocked Sites feature of the Firebox helps you prevent unwanted contact from known or suspected hostile sys tems After you identify an intruder you can block all attempted connections from t...

Страница 207: ...add the offending site s IP address to the list of perma nently blocked sites Note that site blocking can be imposed only to traffic on the Firebox s external interface Connections between the truste...

Страница 208: ...ed Sites dialog box appears as shown in the following figure 2 Click Add 3 Use the Choose Type drop list to select a member type The options are Host IP Address Network IP Address or Host Range 4 Ente...

Страница 209: ...at would otherwise add it to the list The site can still be blocked according to the Firebox configura tion but it will not be automatically blocked for any rea son From Policy Manager 1 Select Setup...

Страница 210: ...e the Blocked Sites feature the Blocked Ports feature blocks only packets that enter your network through the external interface Connections between the optional and Trusted interfaces are not subject...

Страница 211: ...ossible to detect by all but the most knowledgeable users The first X Window server is always on port 6000 If you have an X server with multiple displays each new display uses an additional port numbe...

Страница 212: ...tually used by a given RPC server Because RPC services themselves are very vulnerable to attack over the Internet the first step in attacking RPC services is to contact the portmapper to find out whic...

Страница 213: ...larly likely to be used as client ports NOTE Solaris uses ports greater than 32768 for clients Blocking a port permanently From Policy Manager 1 On the toolbar click the Blocked Ports icon shown at r...

Страница 214: ...ent logs and notification to accommodate attempts to access blocked ports You can configure the Firebox to log all attempts to use blocked ports or notify a network administrator when someone attempts...

Страница 215: ...e dialog box Viewing the Blocked Sites list The Blocked Sites list is a compilation of all sites currently blocked by the Firebox Use Firebox Monitors to view sites that are automatically blocked acco...

Страница 216: ...ox for information Because versions are available for Win32 Windows NT Windows 2000 and Windows XP SunOS and Linux oper ating systems you can select whatever IDS application best suits your security p...

Страница 217: ...cked Sites dialog box It effectively extends your control of the Auto Block mechanism inside the Firebox add_log_message This command causes a message to be added to the log stream emitted by the Fire...

Страница 218: ...209 54 94 99 The 209 54 94 99 site appears on the auto blocked sites list and remains there for the duration set in Policy Manager In addition the following message appears in the log file Temporarily...

Страница 219: ...crypted file on the IDS host fbidsmate import_passphrase secure1 etc fbidsmate passphrase Then you could rewrite the previous examples as fbidsmate 10 0 0 1 f etc fbidsmate passphrase add_hostile 209...

Страница 220: ...Chapter 11 Intrusion Detection and Prevention 198 WatchGuard Firebox System...

Страница 221: ...call to a pager or the execution of a custom program For example WatchGuard recommends that you con figure default packet handling to issue a notification when the Firebox detects a port space probe...

Страница 222: ...ng a logging policy you spell out what gets logged and when an event or series of events warrants sending out a notification to the on duty administrator Developing these policies simplifies the setup...

Страница 223: ...ng traffic from any source outside to any destination inside there is little point in log ging incoming denied packets All traffic for that service in that direction is blocked Notification policy The...

Страница 224: ...ber you might want to activate notification on this service whenever it denies or passes a packet Failover Logging WatchGuard uses failover logging to minimize the possi bility of missing log events W...

Страница 225: ...references for services and packet handling options Save the configuration file with logging properties to the Firebox WatchGuard Security Event Processor WSEP Install the WSEP software on each log ho...

Страница 226: ...support watchguard com advancedfaqs log_troubleshootinghost asp Adding a log host From Policy Manager 1 Select Setup Logging The Logging Setup dialog box appears 2 Click Add The Add IP Address dialog...

Страница 227: ...ck the Syslog tab The Syslog tab information appears as shown in the following figure 3 Select the checkbox marked Enable Syslog Logging 4 Enter the IP address of the Syslog server 5 Select a Syslog f...

Страница 228: ...nfiguration file Reordering log hosts Log host priority is determined by the order in which the hosts appear in the WatchGuard Security Event Processor list The host that is listed first receives log...

Страница 229: ...troller Another method to set the log host and domain controller clocks is to use an independent source such as the atomic clock based servers available on the Internet One place to access this servic...

Страница 230: ...ecurity Event Processor Click Start Or right click on the WSEP icon in the system tray and select Start You can also restart your computer The service starts automatically every time the host reboots...

Страница 231: ...directory is C Program Files WatchGuard 3 At the command line type controld nt install You can perform other commands for the WSEP applica tion from the Command Prompt To start the WSEP application at...

Страница 232: ...con is not in the tray in Firebox System Manager select Tools Log ging Event Processor Interface To start the Event Pro cessor interface when you log in to the system add a shortcut to the Startup fol...

Страница 233: ...tion From the WatchGuard Security Event Processor user inter face 1 Select File Set Log Encryption Key 2 Enter the log encryption key in both text boxes Click OK Setting Global Logging and Notificatio...

Страница 234: ...how long a log file is practical to keep open and view How quickly a file hits its maximum size and is overwritten is also deter mined by how many event types are logged and how much traffic the Fire...

Страница 235: ...e of day 3 For a record size select the Roll Log Files By Number of Entries checkbox Use the scroll control or enter a number of log record entries The Approximate Size field changes to display the ap...

Страница 236: ...Modify the settings according to your security policy preferences For more information on individual settings right click the setting and then select What s This You can also refer to the Field Defin...

Страница 237: ...and notification configuration easier ser vices blocking categories and packet handling options share an identical dialog box as shown in the following figure Therefore once you learn the controls for...

Страница 238: ...r interface Pager Triggers an electronic page when the event occurs Set the pager number in the Notification tab of the WSEP user interface If the pager is accessible by email select the Email option...

Страница 239: ...ion is repeating Notification repeats only after this number of events occurs As an example of how these two values interact suppose you have set up notification with these values Launch interval 5 mi...

Страница 240: ...Manager 1 Double click a service in the Services Arena The Properties dialog box appears 2 Click Logging The Logging and Notification dialog box appears The options for each service are identical the...

Страница 241: ...licy preferences Click OK Setting logging and notification for blocked sites and ports You can control logging and notification properties for both blocked sites and blocked ports The process is ident...

Страница 242: ...Chapter 12 Setting Up Logging and Notification 220 WatchGuard Firebox System...

Страница 243: ...g files searching for entries in them and consolidating and copying logs The WatchGuard Security Event Processor WSEP controls logging report schedules and notification It also provides timekeeping se...

Страница 244: ...files are named Fire boxIP timestamp wgl In addition the WSEP creates an index file using the same name as the log file but with the extension idx1 This file is located in the same directory as the l...

Страница 245: ...on on the Filter Data tab see Displaying and Hiding Fields on page 225 Searching for specific entries LogViewer has a search tool to enable you to find specific transactions quickly by keyphrase or fi...

Страница 246: ...hoose to transfer is converted to a text file txt If you want to transfer specific log entries to another appli cation use the copy function Use the export function if you want to transfer entire log...

Страница 247: ...ndow 1 Select File Export The Save Main Window dialog box appears 2 Select a location Enter a file name Click Save LogViewer saves the contents of the selected window to a text file Displaying and Hid...

Страница 248: ...Time The time the record entered the log file Default Show The Firebox receives the time from the log host If the time noted in the log seems later or earlier than it should be it is usually because t...

Страница 249: ...packet event fields are described here in order from left to right Disposition Default Show The disposition can be as follows Allow Packet was permitted by the current set of filter rules Deny Packet...

Страница 250: ...t Show Source port The source port of the logged packet UDP or TCP only Default Show Destination port The destination port of the logged packet UDP or TCP only Default Show Details Additional informat...

Страница 251: ...ultiple locations You can merge two or more log files into a single file This merged file can then be used with Historical Reports Log Viewer HostWatch or some other utility to examine log data coveri...

Страница 252: ...Current Log File The old log file is saved as Firebox IP Time Stamp wgl or Firebox Name Time Stamp wgl The Event Processor continues writing new records to Firebox IP wgl or Firebox Name wgl Saving lo...

Страница 253: ...ncryption Key The Set Log Encryption Key dialog box appears 2 Enter the log encryption key in the first box Enter the same key in the box beneath it to confirm Sending logs to a log host at another lo...

Страница 254: ...Logging Properties dialog box 9 Save the new configuration to the main office Firebox On the remote office Firebox 1 Open Policy Manager with the current configuration file 2 Select Setup Logging Cli...

Страница 255: ...Working with Log Files User Guide 233 appear until the remote office Firebox has been properly configured...

Страница 256: ...Chapter 13 Reviewing and Working with Log Files 234 WatchGuard Firebox System...

Страница 257: ...r bandwidth connection to the Internet and why What usage patterns are users developing and how do those patterns relate to the security of the network and the goals of the corporation How do current...

Страница 258: ...a group of Fireboxes and set properties to display the report data according to your preferences Creating and Editing Reports To start Historical Reports from Firebox System Manager click the Historic...

Страница 259: ...port For more information on output types see Exporting Reports on page 241 6 Select the filter For more information on filters see Using Report Filters on page 243 7 If you selected the HTML output t...

Страница 260: ...mmand removes the rep file from the reports directory Viewing the reports list To view all reports generated click Reports Page This launches your default browser with the HTML file contain ing the ma...

Страница 261: ...escription of each section see Report Sections and Consolidated Sections on page 246 3 To run authentication resolution on IP addresses select the checkbox marked Authentication Resolution on IP addre...

Страница 262: ...nted in different ways to better focus on the specific information you want to view Detail sections are reported only as text files with a user desig nated number of records per page Summary sections...

Страница 263: ...ext All reports are stored in the path drive WatchGuard Install Directory Reports Under the Reports directory are subdi rectories that include the name and time of the report Each report is filed in o...

Страница 264: ...al Reports counts the number of transactions that occur on Port 80 WebTrends for Firewalls and VPNs calcu lates the number of URL requests These numbers vary because multiple URL requests may go over...

Страница 265: ...t a report displays information on the entire con tent of a log file At times however you may want to view information only about specific hosts services or users Use report filters to narrow the rang...

Страница 266: ...l records except those meeting the criteria set on the Host Service and User tabs 4 Complete the Filter tabs according to your report preferences For a description of each control right click it and t...

Страница 267: ...Filters dialog box appear in the Filter drop down list For more information see Creating a new report filter on page 244 3 Click OK The new report properties are saved to the ReportName rep file in th...

Страница 268: ...rate 2 Click Run Report Sections and Consolidated Sections You can use Historical Reports to build a report that includes one or more sections Each section represents a discrete type of information or...

Страница 269: ...Otherwise the time interval is based on your selection Host Summary Packet Filtered A table and optionally a graph of internal and external hosts passing packet filtered traffic through the Firebox s...

Страница 270: ...th or connections Session Summary Proxied Traffic A table and optionally a graph of the top incoming and outgoing sessions sorted either by byte count or number of connections The format of the sessio...

Страница 271: ...ime Type Client Client Port Server Server Port Protocol and Duration Denied Incoming Packet Detail A list of denied incoming packets sorted by time The fields are Date Time Type Client Client Port Ser...

Страница 272: ...al is based on your selection Host Summary Packet Filtered A table and optionally a graph of internal and external hosts passing packet filtered traffic sorted either by bytes transferred or number of...

Страница 273: ...hosts passing proxied traffic sorted either by bytes transferred or number of connections Proxy Summary Proxies ranked by bandwidth or connections Session Summary Proxied Traffic A table and optionall...

Страница 274: ...Chapter 14 Generating Reports of Network Activity 252 WatchGuard Firebox System...

Страница 275: ...l over the Web surfing in your organization You can designate which hours in the day users are free to access the Web and which categories of Web sites they are restricted from visit ing For more info...

Страница 276: ...ed server run ning Windows NT 4 0 or Windows 2000 To install the WebBlocker server on a dedicated platform rerun the setup program on the dedicated server and on the Select Components screen unselect...

Страница 277: ...icon Because WebBlocker relies on copying updated versions of the WebBlocker database to the event processor you must configure the WatchGuard service setting Allow Outgoing to Any It is possible to n...

Страница 278: ...ture of several services includ ing HTTP Proxied HTTP and Proxy When WebBlocker is installed five tabs appear in the service s Properties dialog box WebBlocker Controls WB Schedule WB Operational Priv...

Страница 279: ...server bypass By default if the WebBlocker server does not respond HTTP traffic Outbound is denied To change this such that all outbound HTTP traffic is allowed if a WebBlocker server is not recognize...

Страница 280: ...egory Request for URL u denied by WebBlocker s blocked for r With this entry in the Message for blocked user field the following string might appear in a user s browser Request for URL www badsite com...

Страница 281: ...u have set a Firebox time zone For information on setting the Firebox time zone see Setting the Time Zone on page 55 Setting privileges WebBlocker differentiates URLs based on their content Select the...

Страница 282: ...edspace com dave because Dave s site con tains nude pictures you would enter dave to block that directory of sharedspace com This would still allow users to have access to www sharedspace com julia wh...

Страница 283: ...cific port or directory pattern enter the port or string to be allowed When typing IP addresses type the digits and periods in sequence Do not use the TAB or arrow key to jump past the periods For mor...

Страница 284: ...WebBlocker Servers box as shown in Activating WebBlocker on page 256 To add additional WebBlocker servers 1 On the WebBlocker Controls tab in the HTTP Proxy dialog box click Add 2 In the dialog box th...

Страница 285: ...you can do it less often if you have bandwidth concerns Click Next 7 Enter a start time for the process Because these downloads are close to 60 megabytes choose a time outside normal work hours 8 Sel...

Страница 286: ...select Task Scheduler If you re using Internet Explorer 5 0 or later select Offline Browsing Pack If the message cannot find Windows Update Files on this computer appears open Internet Explorer go to...

Страница 287: ...y configuring a Firebox when access through the Ethernet interfaces is unavailable Connecting a Firebox with OOB Management To connect to the Firebox using OOB management you must Connect the manageme...

Страница 288: ...nt station for OOB Install the Microsoft Remote Access Server RAS on the management station 1 Attach a modem to your computer according to the manufacturer s instructions 2 From the Windows NT Desktop...

Страница 289: ...n 1 From the Desktop click My Network Places Network and Dial up Connections Make New Connection The Network Connection wizard appears 2 Click Next Select Dial up to Private Network Click Next 3 Enter...

Страница 290: ...and model of the Firebox modem and the modem speed 5 Click Finish to complete the modem installation Configure the dial up connection 1 Click Start Control Panel Click Network Connections Click New C...

Страница 291: ...to your security policy preferences Click OK For a description of each control right click it and then select What s This You can also refer to the Field Definitions chapter in the Reference Guide Est...

Страница 292: ...ify a username or password leave these fields blank OOB time out disconnects The Firebox starts the PPP session and waits for a valid connection from Policy Manager on your management sta tion If none...

Страница 293: ...hat file If you have not yet created a configuration file use the QuickSetup Wizard to create one as described in Chapter 3 Getting Started Loss of connection to the Firebox can occur because you lost...

Страница 294: ...off the Firebox 4 Make sure the management station has a static IP address If it doesn t change the TCP IP settings to a static IP address The computer designated as the management station should be...

Страница 295: ...ed for the IP address of the Firebox and the Firebox configuration passphrase Use the address you used to ping the Firebox and wg for the passphrase 10 When the Firebox Flash Disk dialog box appears a...

Страница 296: ...as the configuration file preferably the Trusted network so you do not need to reassign an IP address to your computer after the configuration file has been uploaded The following is an example of a t...

Страница 297: ...Open a DOS prompt and ping the IP address that you used for the temporary IP Replies should follow which means the Firebox is now ready for uploading a configuration 10 In Policy Manager select File O...

Страница 298: ...fault The subnet is 255 255 255 0 It is recommended that you give your computer s default gateway an IP address of 192 168 253 1 1 Disconnect the Firebox from the network 2 Start with the Firebox turn...

Страница 299: ...Firebox After the configuration has been uploaded and the Firebox has been rebooted the Firebox light sequence should now look like this Armed light steady Sys A light steady Method 4 Serial Dongle Fi...

Страница 300: ...File Open Configuration File Select the configuration file you want to load onto the Firebox and load it into Policy Manager 6 In Policy Manager select File Save To Firebox When you are prompted for a...

Страница 301: ...al 163 trusted 163 Aliases dialog box 163 anonymous FTP 115 Any service precedence 130 ARP cache flushing 83 ARP table viewing 95 attacks spoofing See spoofing attacks attacks types of 177 AUTH types...

Страница 302: ...and time of 77 viewing status of 77 CHAP authentication 172 configuration file and Policy Manager 49 basic 40 customizing 44 opening 49 opening from Firebox 50 opening from local drive 50 rebooting Fi...

Страница 303: ...onfiguration 59 64 New Firebox Configuration 51 54 New Service 120 Outgoing SMTP Proxy 147 PAD Rules for DNS Proxy 157 PAD Rules for FTP Proxy 150 PAD Rules for SMTP Proxy 145 Report Properties 238 24...

Страница 304: ...phrases See passphrases Firebox System components of 2 described 1 hardware requirements 4 introduction 2 requirements 3 software requirements 3 Web browser requirements 4 Firebox System applications...

Страница 305: ...starting new reports 236 time spans for 238 time zone 55 Historical Reports See also reports Host Alias dialog box 164 host aliases 162 163 host routes configuring 71 hosts viewing blocked 90 viewing...

Страница 306: ...etting 211 231 log files consolidating 229 copying 229 copying entries 224 copying log entries 225 default location of 222 described 221 displaying and hiding fields 225 exporting records 225 forcing...

Страница 307: ...setting preferences 223 starting 222 time zone 55 viewing files with 222 working with log files 228 M MAC address of interfaces viewing 77 mail servers protecting against relaying 143 main menu butto...

Страница 308: ...secondary See secondary networks New Firebox Configuration dialog box 51 54 New Service dialog box 120 notation slash 43 notification blocked port activity 192 bringing up popup window as 129 describ...

Страница 309: ...85 opening 85 opening a configuration file 49 Services Arena 85 services displayed in 116 using to create configuration file 57 polling rate changing 84 POP and security policy 115 popup window as not...

Страница 310: ...host summary 247 248 HTTP detail 248 HTTP summary 248 251 key issues 235 location of 241 network statistics 250 proxy summary 248 reasons for generating 235 running manually 246 scheduling 245 section...

Страница 311: ...7 HTTP 151 icons for 116 Novel IPX over IP 190 OpenWindows 190 overriding NAT setting 107 precedence 130 proxied HTTP 255 Proxy 255 rcp 190 rlogin 190 RPC portmapper 190 rsh 190 setting logging and no...

Страница 312: ...ation 89 viewing bandwidth usage 87 system requirements 3 T TCP IP cabling for 40 TCPmux service 190 Technical Support assisted support 18 described 9 Firebox Installation Services 20 frequently asked...

Страница 313: ...6 configuring message for 257 creating exceptions for 260 described 253 manually downloading database 264 prerequisites 253 required services 255 scheduling hours 258 setting privileges 259 time zone...

Страница 314: ...292 WatchGuard Firebox System wizard cfg 40 WSEP See WatchGuard Security Event Processor X X Font server 189 X Window 189 Z Zip files 154...

Отзывы:

Нет отзывов

Похожие инструкции для Firebox X1000

Бренд: Gardena Страницы: 21

Бренд: Eaton Страницы: 2

Бренд: RTA Страницы: 81

Flight Stream 110/210

Бренд: Garmin Страницы: 46

Бренд: intwine connect Страницы: 8

Бренд: AT&T Страницы: 25

Бренд: AT&T Страницы: 3

U-verse 3800HGV-B

Бренд: AT&T Страницы: 3

AT&T Wireless Home Phone Base

Бренд: AT&T Страницы: 39

Бренд: DALCNET Страницы: 22

Бренд: T-Mobile Страницы: 25

Бренд: RTA Страницы: 71

Бренд: HKBN Страницы: 4

Бренд: IDTECK Страницы: 65

Бренд: Sentera Controls Страницы: 4

Бренд: Deep Sea Electronics Plc Страницы: 2

Бренд: Planex Страницы: 41

Бренд: Paxton Страницы: 8

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды