Watchguard Firebox X20E Скачать руководство пользователя | Manualshive

Страница: 139 / 310

background image

User Guide

127

9

Intrusion Prevention

The Firebox X Edge e-Series includes a set of default threat protection features designed to keep out
network traffic from systems you know or think are a security risk. This set of features includes:

Permanently blocked site

The Blocked Sites list is a list of IP addresses you add manually to your configuration file. The IP
addresses on this list cannot connect to or through the Edge on any port.

Auto-blocked sites

IP addresses that the Firebox adds or removes on a temporary blocked site list. The Firebox uses
the packet handling rules that are specified for each service. For example, you can configure the
Firebox to automatically block the source IP address of a computer that tries to connect through
the Edge with the telnet service on port 23. If a computer tries to connect and gets denied, that
computer cannot make any connections through the Edge, on any port, for a time period you
control. This is known as the Temporary Blocked Sites list.

Blocked ports

You can block the ports that you know can be used to attack your network. This stops specified
external network services. When you block a port, you override all the rules in your firewall
configuration.

Denial of Service protection

A full set of denial of service protection rules allows you to set your own thresholds to prevent
common denial of service attacks such as SYN flood attacks or ICMP flood attacks. You can also
set connection limits to protect your network from distributed denial of service attacks.

Firewall options

A set of global firewall rules to control features such as default logging rules and FTP access to
the Edge.

Adding a Site to the Permanent Blocked Sites List

You can permanently block a host that you know is a security risk. For example, a university computer
that hackers use frequently is a good host to block. To permanently block a site, add its IP address man-
ually to the Blocked Sites list. You cannot add internal IP or network addresses to the Blocked Sites list.

1

To connect to the System Status page, type

https://

in the browser address bar, and the IP

address of the Firebox X Edge trusted interface.

The default URL is https://192.168.111.1

«
...
137
138
139
140
141
...
»

Содержание Firebox X20E

Страница 1: ...WatchGuard Firebox X Edge e Series User Guide Firebox X Edge e Series Firmware Version 8 6 All Firebox X Edge e Series Standard and Wireless Models...

Страница 2: ...and international copyright treaties as well as other intellectual property laws and treaties This is a license agreement and NOT an agreement for sale All title and copyrights in and to the SOFTWARE...

Страница 3: ...SOFTWARE PRODUCT Limitation of Liability WATCHGUARD S LIABILITY WHETHER IN CONTRACT TORT OR OTHERWISE AND NOTWITHSTANDING ANY FAULT NEGLIGENCE STRICT LIABILITY OR PRODUCT LIABILITY WITH REGARD TO THE...

Страница 4: ...BOVPN Branch Office Virtual Private Network DES Data Encryption Standard DNS Domain Name Service DHCP Dynamic Host Configuration Protocol DSL Digital Subscriber Line IP Internet Protocol IPSec Interne...

Страница 5: ...n Installation Requirements 9 Package Contents 9 Registering Your Firebox Activating LiveSecurity Service 10 Identifying Your Network Settings 11 About network addressing 11 Static addresses DHCP and...

Страница 6: ...yslog 35 Traffic Control 35 VPN Statistics 36 Wireless Statistics 36 4 Configuration and Management Basics Factory Default Settings 37 Restoring the Firebox to the factory default settings 38 Restarti...

Страница 7: ...ce by MAC address 63 Configuring the Optional Network 65 Enabling the optional network 65 Using DHCP on the optional network 66 Setting optional network DHCP address reservations 67 Configuring the op...

Страница 8: ...tings 95 Outgoing settings 96 Configuring Custom Packet Filter Policies 96 Adding a custom policy using the wizard 97 Adding a custom packet filter policy manually 97 Filtering incoming traffic for a...

Страница 9: ...Sites Temporarily 128 Blocking Ports 129 Avoiding problems with blocked ports 130 Adding a port to the blocked ports list 130 Preventing Denial of Service Attacks 131 Dropping Flood Attacks 131 Distr...

Страница 10: ...uthentication 158 Configuring an individual user account 158 Authenticating to the Edge 159 Setting a WebBlocker profile for a user 161 Changing a user account name or password 161 Using LDAP Active D...

Страница 11: ...settings 193 Intrusion Prevention Service settings 194 POP3 proxy deny messages and Gateway AV IPS 194 Updating Gateway AV IPS 194 16 Branch Office Virtual Private Networks About This Chapter 197 What...

Страница 12: ...Enabling PPTP access for firewall users 228 Preparing the client computers 228 Using PPTP and Accessing the Internet 230 A Firebox X Edge e Series Hardware Package Contents 231 Specifications 232 Har...

Страница 13: ...ed to fix problems created by attacks Valuable information can be taken from the network Many people think that their computer holds no important information They do not think that their computer is a...

Страница 14: ...hen more users are on the network DSL connections supply constant bandwidth but they are usually slower than cable modem connec tions Also the bandwidth is only constant between your home or office an...

Страница 15: ...y spe cial instructions Packets traveling on the Internet IP Addresses To send ordinary mail to a person you must first know his or her street address For one computer to send data to a different comp...

Страница 16: ...a structure with DSL modem and cable modem products Default gateway A default gateway is a node on a computer network that serves as an access point to another network Usually the default gateway addr...

Страница 17: ...the policies that are nec essary for your business Ports Usually a port is a connection point where you use a jack and cables to connect devices Computers also have ports that are not physical locatio...

Страница 18: ...ilter different types of information They can also control which policies or ports the protected computers can use on the Internet outbound access Many fire walls have sample security policies and use...

Страница 19: ...optional network for computers with mixed trust For example customers frequently use the optional network for their remote users or for public servers such as a web server or email server Your firewal...

Страница 20: ...The Firebox X Edge and Your Network 8 Firebox X Edge e Series...

Страница 21: ...terface card to configure the Edge A web browser You can use Internet Explorer 6 0 or later Netscape 7 0 or later or an equivalent browser Serial number of the Edge You can find the serial number on t...

Страница 22: ...e Watchguard Live Security web site and retrieve your feature key You have only one user license seat license until you apply your feature key See About user licenses on page 17 for more information Y...

Страница 23: ...tic IP address DHCP or PPPoE to configure the Edge external interface Your computer must have a web browser You use the web browser to configure and manage the Fire box X Edge Your computer must have...

Страница 24: ...rk You must have the following information to install your Firebox X Edge IP address Subnet mask Default gateway Whether your computer has a static or dynamic IP address IP addresses of primary and se...

Страница 25: ...twork adaptor PPPoE settings Many ISPs use Point to Point Protocol over Ethernet PPPoE because it is easy to use with a dial up infrastructure If your ISP uses PPPoE to assign IP addresses you must ge...

Страница 26: ...rences The Safari preferences window appears 3 Click the Advanced icon 4 Click the Change Settings button The System Preference window appears 5 Clear the Web Proxy HTTP check box 6 Click Apply Now We...

Страница 27: ...4 Select the Allow unrequested pop up windows check box 5 Click OK Disabling the pop up blocker in Safari 2 0 1 Open the browser software 2 Click Application Make sure that the Block Pop Up Windows m...

Страница 28: ...connect more than four devices The number of devices that can connect to the exter nal network is limited by the number of session licenses available See the subsequent section About user licenses for...

Страница 29: ...or close all sessions If you require users to authenticate you can assign a maximum timeout and an idle timeout for each user The Edge administrator can set a global session maximum timeout Reboot th...

Страница 30: ...work Connections icon 3 Double click the Local Area Connection icon The Local Area Connection Status window appears 4 Click the Properties button The Local Area Connection Properties window appears 5...

Страница 31: ...our ISP Configure the Trusted Interface of the Firebox Type the IP address of the trusted interface Set the User Name and Passphrase Enter a user name and passphrase for the administrator account for...

Страница 32: ...Using the Quick Setup Wizard 20 Firebox X Edge e Series...

Страница 33: ...ser and Group Management chapter Connecting to the Firebox X Edge The System Status page appears when you connect to the Firebox X Edge e Series In this User Guide most procedures start with this step...

Страница 34: ...change the Firebox X Edge so that it uses HTTP connections for web management connections instead of HTTPS HTTP is less secure because any information you send to the Firebox is unencrypted We recomme...

Страница 35: ...e text as WebBlocker Denied Sites System Status page The System Status page shows the primary configuration of the Firebox X Edge e Series The center panel of the page shows information about the curr...

Страница 36: ...Users page shows statistics on active sessions and local user accounts It also has buttons to close current sessions and to add edit and delete user accounts This page also shows the MUVPN client con...

Страница 37: ...es HTTP or HTTPS for its configuration pages if the Edge is configured as a managed Firebox client and which feature upgrades are enabled It has buttons to change configurations add upgrades and see t...

Страница 38: ...ries Firewall page The Firewall page shows incoming and outgoing policies and proxies blocked web sites and other firewall settings This page also has buttons to change these settings For more informa...

Страница 39: ...shows the current event log and the status of the Log Server and syslog logging For more information see Chapter 11 Configuring Logging WebBlocker page The WebBlocker page shows the WebBlocker setting...

Страница 40: ...the spamBlocker chapter GAV IPS page The GAV IPS page shows the Gateway AntiVirus and Intrusion Prevention Service status and settings It tells you which proxies are enabled for the service and what...

Страница 41: ...X Edge e Series to a Watchguard System Manager VPN network with the WSM Access page in Administration For more information see the Branch Office Virtual Private Networks chapter Wizards page The Wizar...

Страница 42: ...us Refresh or you navigate to a new page You can see a small counter below the button that shows the number of times the page has been refreshed ARP Table This status page shows devices that have resp...

Страница 43: ...Source Port IP address of the computer that sent the packet and the port used to send the packet Destination Port IP address the packet is being sent to and the port Action POP3 shows n a HTTP shows...

Страница 44: ...pears to the DHCP server that the Edge is using the address the status is Active If it appears to the DHCP server that the Edge is not using the address the status is Abandoned IF Edge interface that...

Страница 45: ...erfaces This status page shows information on each interface Link Encap Type of interface Usually it is Ethernet or PPPoE HWaddr MAC address of the interface inet addr IP address of the interface Bcas...

Страница 46: ...NAME Name of the process STATE State of the process R running S sleeping D Z inactive RSS Total number of kilobytes of physical memory used by the process SHARE Total number of kilobytes of shared me...

Страница 47: ...n see the amount of processed and blocked requests for each service over a time period you specify Syslog This status page shows the most recent entries in the Edge log file This is different from the...

Страница 48: ...packets dropped Overlimits Number of packets over the limit for each priority VPN Statistics This status page shows VPN statistics such as SA Security Association Traffic control within VPN tunnels Pa...

Страница 49: ...ge Update the firmware Activate upgrade options Factory Default Settings The term factory default settings refers to the configuration on the Firebox X Edge when you first receive it before you make a...

Страница 50: ...on causes damage to the Firebox X Edge firmware you can restore the Edge to the factory default settings and built your configuration again To set the Firebox X Edge e Series to the factory default se...

Страница 51: ...ure the Edge to receive incoming traffic see Enabling Common Packet Filter Policies on page 93 Remember that if you enable HTTPS connections to the Edge anyone who has the correct credentials can also...

Страница 52: ...select the Set date and time manually option If you set the system time manually skip to step 6 5 If you set the system time automatically the Firebox X Edge gets the current time from the selected s...

Страница 53: ...eived and sent and when each Edge interface was last modified The Firebox X Edge supports SNMPv2c and SNMPv3 1 To connect to the System Status page type https in the browser address bar and the IP add...

Страница 54: ...om field so that only connections from the IP address of the SNMP server are allowed by the Firebox 10 Click Submit to save the changes to the Firebox X Edge Using MIBs A MIB Management Information Ba...

Страница 55: ...HTTPS typically uses TCP port 443 and HTTP typically uses TCP port 80 By default you must connect to the Firebox X Edge e Series configuration pages on those ports You can change the default port on...

Страница 56: ...ions to configure remote access from WatchGuard System Manager WSM v9 1 WSM v9 1 allows centralized management of Firebox X Edge e Series devices running v8 6 1 To connect to the System Status page ty...

Страница 57: ...r and will forward any connection on these ports to the configured Management Server No special configuration is required for this to occur 9 Type the Client Name to give to your Firebox X Edge This i...

Страница 58: ...erver 8 In the DVCP Server Address text box type the IP address of the DVCP server 9 Type the Client Name to give to your Firebox X Edge This is the name used to identify the Edge in VPN Manager 10 Ty...

Страница 59: ...stalling software automatically The first method installs the Firebox X Edge e Series firmware update from a Windows computer Download the Software Update Installer to use this method To use the Softw...

Страница 60: ...immediately get a feature key when you upgrade your Edge however When you purchase an upgrade you receive a license key You must enter this key on the LiveSecurity web site to get a new feature key Yo...

Страница 61: ...se key number 2 Get the new feature key https www watchguard com archive getcredentials asp The Retrieve Feature Key window appears 3 Select the product you want to upgrade from the drop down list 4 C...

Страница 62: ...You can upgrade a Firebox X Edge e Series 10e or a Firebox X Edge 20e to a higher model 1 Go to the upgrade site on the WatchGuard web site www watchguard com upgrade and log into your LiveSecurity s...

Страница 63: ...User Guide 51 Viewing the Configuration File 2 From the navigation bar select Administration View Configuration The configuration file is shown...

Страница 64: ...Viewing the Configuration File 52 Firebox X Edge e Series...

Страница 65: ...p Wizard You can also set up the optional interface Many customers use the optional network for public servers An example of a public server is a web server Using the Network Setup Wizard The easiest...

Страница 66: ...work administrators use DHCP to give IP addresses to computers on their network automatically With DHCP your Firebox receives an external IP address each time it connects to the ISP network It can be...

Страница 67: ...ed IP address for the Edge from your DHCP server 6 Click Submit If your ISP uses static IP addresses If your ISP uses static IP addresses you must enter the address information into your Firebox X Edg...

Страница 68: ...or more information in PPPoE see About PPPoE on page 4 To set your Firebox to use PPPoE on the external interface 1 Use your browser to connect to the System Status page From the navigation bar select...

Страница 69: ...times the Firebox X Edge tries to send PAP authentication information to the PPPoE server The default value of None is sufficient for most installations You must enter a high value to make the Edge c...

Страница 70: ...ddress must use 12 hexadecimal characters Hexadecimal characters have a value between 0 and 9 or between a and f The MAC address must operate with One or more addresses on the external network The MAC...

Страница 71: ...nd DHCP requests to a DHCP server on a different network using a VPN tunnel You can also use static IP addresses for the computers on your trusted network Any changes to the trusted network configurat...

Страница 72: ...2 Select the Enable DHCP Server on the Trusted Network check box 3 Type the first and last available IP addresses for the trusted network Do not include the IP address of the Firebox X Edge The IP ad...

Страница 73: ...168 111 1 and the DHCP address pool is 192 168 111 2 192 168 111 200 you can enter any address from 192 168 111 201 to 192 168 111 254 4 Type the MAC address of the computer on the trusted network in...

Страница 74: ...our trusted network If you disable the Firebox X Edge DHCP server and you do not have a DHCP server on your network you must manu ally configure the IP address and subnet mask of each computer For exa...

Страница 75: ...ding to the rules you have configured for outgoing access on your Edge If you enable wireless access through the trusted interface we strongly recommend that you enable and use the MAC restric tion fe...

Страница 76: ...can check box is selected This can make the scan procedure take more time The Scan Allowed Address Control dialog box appears 5 Select one or more devices that you want to add to your list of allowed...

Страница 77: ...use the optional network for servers that other computers can connect to from the Internet such as a web email or FTP server We recommend you isolate your private network from these servers because t...

Страница 78: ...a computer on the optional network it gives the computer an IP address By default the Edge has the DHCP Server option for the optional interface turned off To use DHCP on the optional network 1 Use yo...

Страница 79: ...n The DHCP Address Reservations page appears 3 Type a static IP address in the IP Address field The IP address must be on the optional network For example if the optional network starts with 192 168 1...

Страница 80: ...e Edge for the default gateway it usually can not get to the external network or the Internet To disable the Firebox X Edge DHCP server clear the Enable DHCP Server on the Optional Network check box o...

Страница 81: ...nd its host name to your configuration click Add 7 Select the Log attempted access from MAC addresses not in the list check box if you want the Edge to generate a log message each time a computer whos...

Страница 82: ...r Network This box tells whether the destination for the static route is one computer or a network of computers 5 Type the destination IP address and the gateway in the related fields The gateway is t...

Страница 83: ...etwork Dynamic DNS The Dynamic DNS client page appears 3 Select the Enable Dynamic DNS client check box 4 Type the Domain Name and Password in the related fields 5 In the System drop down list select...

Страница 84: ...sed modem with a dial up Internet connection The WAN Failover option is included in the X50 and X55 models You can purchase an upgrade for other models at the WatchGuard online store https www watchgu...

Страница 85: ...tion This connection can be a cable modem or a hub 2 To connect to the System Status page type https in the browser address bar followed by the IP address of the Firebox X Edge trusted interface The d...

Страница 86: ...below 4 Type the number of seconds between pings and the number of seconds to wait for a reply 5 Type the maximum number of pings before timeout in the No Reply Limit field 6 Type the number of succe...

Страница 87: ...mask default gateway primary DNS secondary DNS and DNS domain suffix 3 Click Submit Configuring WAN Failover with PPPoE If you want to use PPPoE as your failover connection make sure you have the user...

Страница 88: ...address Some ISPs use a MAC address to identify the computers on their network Each MAC address gets one static IP address If your ISP uses this method to identify your computer then you must change...

Страница 89: ...it is reached WAN failover occurs 8 In the Ping replies needed for failback type the number of successful pings that must be made before the Edge uses the WAN1 interface again Configuring your Modem f...

Страница 90: ...he Manually configure DNS server IP addresses check box 2 In the Primary DNS Server text box type the IP address of the primary DNS server If you have a secondary DNS server type its IP address in the...

Страница 91: ...t work it is not necessary to use BIDS To configure your Firebox to connect to the BigPond network using BIDS 1 To connect to the System Status page type https in the browser address bar followed by t...

Страница 92: ...Configuring BIDS 80 Firebox X Edge e Series...

Страница 93: ...interface we strongly recommend that you enable and use the MAC restriction feature to allow access through the Edge only for devices that have been added to the Allowed MAC Address list See the Netwo...

Страница 94: ...ireless users as part of your trusted or optional network use the instructions in this chapter If you want to configure a wireless guest network a Wireless Guest Setup Wizard is available to help you...

Страница 95: ...LiveSecurity account to see this FAQ Setting the RTS threshold RTS CTS Request To Send Clear To Send is a function that helps prevent problems when wireless cli ents can receive signals from more than...

Страница 96: ...when you use different authentication mechanisms The Edge automatically creates a random encryption key for you when a key is required You can use this key or change it to a key you prefer Each wirele...

Страница 97: ...reless network card with DHCP the DHCP server on the Edge s trusted network must be active and configured 4 To configure the Edge wireless interface to send and answer SSID requests select the Broadca...

Страница 98: ...e and configured 4 To configure the Edge wireless interface to send and answer SSID requests select the Broadcast SSID and respond to SSID queries check box 5 Select the Log Authentication Events chec...

Страница 99: ...ss Guest 3 On the Settings tab select the Enable Wireless Guest Network check box to allow wireless connections through the Edge to the Internet according to the rules you have configured for outgoing...

Страница 100: ...add to the Edge configuration can connect to the Edge wireless guest network For more information on restricting access by MAC address see the Network Settings chapter 10 Click Submit to save your co...

Страница 101: ...e installation instructions for other operating systems go to your operating system documentation or help files To set up a wireless connection using Windows XP SP2 1 Select Start Settings Control Pan...

Страница 102: ...Configuring the Wireless Card on Your Computer 90 Firebox X Edge e Series...

Страница 103: ...Client Understanding Policies When the Edge receives a packet it looks for a policy in its configuration that matches the port and protocol in the packet header There are two categories of policies pa...

Страница 104: ...r rules for the policy then the Edge denies the packet by default Use the Deny rule when you have a lower precedence rule set to Allow but you want to deny packets from a specific IP address or networ...

Страница 105: ...y you can allow users on your trusted network to establish connections on the Internet such as web browsing and email and not have to create a policy for each type of connection By default all incomin...

Страница 106: ...ine a service host redirect the port enable logging or restrict the IP addresses on the external network that can connect to a computer behind the Firebox X Edge e Series On the Outgoing tab you can e...

Страница 107: ...ss of the computer that you want to receive the traffic in the Policy Host field 4 To use port address translation enter the new port number in the Port Redirect text box With port address translation...

Страница 108: ...ct Alias you can choose from Trusted Network Optional Network or Wireless Guest Network Type network IP addresses in slash notation 4 To limit which computers on the external network can connect to co...

Страница 109: ...is traffic filter Traffic Direction Identify if this is an incoming or outgoing policy Policy action Configure the Edge to allow or deny this type of policy traffic through the firewall Restrict to re...

Страница 110: ...ol numbers at http www iana org assignments protocol numbers 8 Click Add 9 Repeat steps 6 8 until you have a list of all the ports and protocols that this policy uses You can add more than one port an...

Страница 111: ...From box to select Host IP Address Network IP Address Host Range or Alias If you select Alias you can choose from Trusted Network Optional Network or Wireless Guest Network To only restrict which comp...

Страница 112: ...the optional network is hacked or compromised the attacker cannot get access to your trusted network You can use the optional network to secure a wireless network Wireless networks are usually less s...

Страница 113: ...allowed select Allow from the Filter drop down list If you want to deny the traffic and create a log entry for each time the traffic is denied select No Rule 6 Click Submit Disabling traffic filters...

Страница 114: ...Configuring Policies for the Optional Network 102 Firebox X Edge e Series...

Страница 115: ...nd sends it to its desti nation Proxies are an important tool for network security Attackers frequently use content such as executable programs or files written in scripting languages to send computer...

Страница 116: ...messages If it finds a new message it downloads the email message to the local email client After the message is received by the email client the connection is closed The Firebox X Edge e Series suppl...

Страница 117: ...n bar select Firewall Outgoing The Filter Outgoing Traffic page appears 3 Below Common Proxy Policies find HTTP Proxy and select Allow from the drop down list 4 Click Submit Configuring the HTTP Proxy...

Страница 118: ...Add The From text box shows the IP addresses you added The From text box can have more than one entry 5 Use the To drop down list to add the IP address network address or range of IP addresses of com...

Страница 119: ...luable network resources Idle connection timeout This setting controls how long the HTTP proxy waits for the client to make a request after it has established a connection to the server If the client...

Страница 120: ...o download a web page that has an unknown content type and the proxy policy is configured to block unknown MIME types the user sees an error message in the web browser You can see the default deny mes...

Страница 121: ...ded in your log file each time a web transaction occurs to a web site in the exceptions list select the Log each transaction that matches an HTTP proxy exception check box To remove an item from the H...

Страница 122: ...th For example if you want to block all pages that have the host name www test com type the pattern www test com If you want to block all paths that contain the word sex for all domains type sex If yo...

Страница 123: ...on bar select Firewall Outgoing The Filter Outgoing Traffic page appears 3 In Common Proxy Policies select Allow from the drop down list adjacent to FTP Proxy 4 Click Submit Configuring the FTP Proxy...

Страница 124: ...wn as Classless Inter Domain Routing or CIDR notation 4 Click Add The From text box shows the IP addresses you added The From text box can have more than one entry 5 Use the To drop down list to add t...

Страница 125: ...lines used on FTP sites Filtering content On the FTP Content tab you can control the type of files that the FTP proxy allows for downloads and uploads For example many hackers use executable files to...

Страница 126: ...ension and then click Add 4 In the Uploads text box select the Deny these file types check box if you want to limit the types of files that a user can upload If you select this setting the files liste...

Страница 127: ...op down list adjacent POP3 Proxy 4 Click Submit Configuring the POP3 Proxy To configure the POP3 proxy filter select Firewall Outgoing from the navigation menu Find the POP3 proxy and click Edit Make...

Страница 128: ...d This box can have more than one entry 5 Use the To drop down list to add the IP address network address or range of IP addresses of computers on the external network for which this policy applies Ne...

Страница 129: ...found action Puts the action taken by the proxy policy reason Puts the reason the proxy policy denied the content recovery Puts whether you can recover the attachment It is important to know how the P...

Страница 130: ...ct this check box only the content types shown in the text box are allowed The format of a MIME type is type subtype For example if you want to allow JPEG images you add image jpg You can also use the...

Страница 131: ...pe https in the browser address bar and the IP address of the Firebox X Edge trusted interface The default URL is https 192 168 111 1 2 From the navigation bar select Firewall Incoming The Filter Inco...

Страница 132: ...e external network that can use this policy Type the IP address or range of IP addresses you want to allow and click Add You can enter more than one address Type network IP addresses in slash notation...

Страница 133: ...ost email clients and systems send short line lengths but some web based email systems send very long lines Deny Message In the Deny Message field you can write a custom plain text message that will a...

Страница 134: ...Select this check box if you want to allow email to only some of the users on your network This can be useful if you want to prevent people from using your email server for email relaying To do this m...

Страница 135: ...list type the MIME type and click Add 2 To remove a content type select it from the list and click Remove You cannot remove message or multipart because the SMTP proxy cannot work without them If you...

Страница 136: ...custom proxy policy 1 To connect to the System Status page type https in the browser address bar and the IP address of the Firebox X Edge trusted interface The default URL is https 192 168 111 1 2 Fro...

Страница 137: ...ese signatures to find viruses and intrusion attacks when they are filtered through the proxy See Chapter 15 Gateway AntiVirus and Intrusion Prevention Service for more information WebBlocker WebBlock...

Страница 138: ...Using Additional Services for Proxies 126 Firebox X Edge e Series...

Страница 139: ...Blocked ports You can block the ports that you know can be used to attack your network This stops specified external network services When you block a port you override all the rules in your firewall...

Страница 140: ...policy can be temporarily added to the Blocked Sites list You can also configure auto blocking for any incoming service rule you set to Deny When the Firebox automatically blocks a site all connectio...

Страница 141: ...from an IP address on the Auto block exceptions list is ever blocked by the auto blocking feature Use the drop down list to select whether you want to enter a host IP address a network address or a r...

Страница 142: ...use port 111 to find which ports a given RPC server uses The RPC services are easy to attack through the Internet port 8000 Many vendors use this port and there are many security problems related to i...

Страница 143: ...attacks try to prevent an Internet site or service from efficient operation for some period of time by using large amounts of bandwidth or resources on the system that is being attacked This type of...

Страница 144: ...A DoS attack where the attacker overwhelms a computer system with ICMP Echo Request ping packets SYN flood attack A DoS attack where the attacker overwhelms a computer system with a large number of S...

Страница 145: ...the browser address bar and the IP address of the Firebox X Edge trusted interface The default URL is https 192 168 111 1 2 From the navigation bar click Firewall Firewall Options The Firewall Options...

Страница 146: ...sages on page 147 Log denied broadcast traffic If you use the standard property settings the Firebox X Edge e Series records only unusual events When traffic is denied the Edge records the information...

Страница 147: ...for a packet to go from a source to a destination Together latency and bandwidth define the speed and capacity of a network You can improve latency by configuring Traffic Control You must upgrade you...

Страница 148: ...ffic is given 75 of the bandwidth not used by interactive traffic Use the high priority category for traffic that is very important to your company or uses a lot of bandwidth Some examples of high pri...

Страница 149: ...sed in numeric form or by special keyword names that correspond to per hop behavior PHB Per hop behavior is the priority applied to a packet when traveling from one point to another in a network DSCP...

Страница 150: ...his option allows you to configure filters for all traffic categories Traffic control is on and traffic marking is on The Edge marks all traffic that matches the criteria in your Traffic Control rule...

Страница 151: ...ol check box The Interactive traffic list is enabled 4 In the Upstream bandwidth limit text box type the upstream bandwidth limit of your external network connection WAN1 Enter a value from 19 Kbps to...

Страница 152: ...Mark drop down list at the top of each traffic category 8 Click Submit Traffic control is enabled Adding a traffic control filter Before you add a traffic control filter to allow or deny traffic for a...

Страница 153: ...n page 69 5 From the Protocol drop down list select the IP protocol for traffic associated with this filter If you select Other you must enter a valid IP protocol number in the adjacent text box The r...

Страница 154: ...our LAN When you use NAT the source IP address is changed on all of the packets you send NAT types The Firebox X Edge supports three different forms of NAT Many users use more than one type of NAT at...

Страница 155: ...a router to connect more subnets to these networks For more information see Connecting the Edge to more than four devices on page 16 The Edge always uses Dynamic NAT for traffic that goes from the tr...

Страница 156: ...y external IP address 6 Click Submit The entry is added to the Secondary IP Addresses list 7 To add a custom packet filter policy to the NAT entry click Add Packet Filter Policy To add a custom proxy...

Страница 157: ...IP address of the Firebox X Edge trusted interface The default URL is https 192 168 111 1 2 From the navigation bar select Firewall NAT The NAT Network Address Translation page appears 3 Select the 1...

Страница 158: ...Working with Firewall NAT 146 Firebox X Edge e Series...

Страница 159: ...of the file When new information enters a full log file it erases the log message at the bot tom of the file The Firebox X Edge log file is cleared if the power supply is disconnected or the Edge is...

Страница 160: ...t is a good idea to configure the Edge with a device name This name lets the Log Server know which log messages come from which device The device name appears in the Log Viewer If this field is clear...

Страница 161: ...e primary Log Server it will send log messages to the backup Log Server until the primary Log Server becomes available again 8 Click Submit Logging to a Syslog Host Syslog is a log interface developed...

Страница 162: ...put part of a cryptographic key pair in a certificate sign ing request CSR and send it to a certificate authority CA The CA issues a certificate after they receive the CSR and verify your identity We...

Страница 163: ...rity CA and digitally sign your own request For the final certificate to be useful we recommend that you acquire other certificates that connect your private CA to a widely trusted third party certifi...

Страница 164: ...rom the System Status page on the Firebox X Edge select Administration Certificates 2 Adjacent to the type of certificate you want to add click Import 3 If your certificate is in the PEM format copy a...

Страница 165: ...rtificate you have already imported to see its properties including its expiration date issuing authority or other information 1 From the System Status page on the Firebox X Edge select Administration...

Страница 166: ...Using Certificates on the Firebox X Edge 154 Firebox X Edge e Series...

Страница 167: ...sessions is determined by the Edge model you have and any upgrade licenses you apply The number of licenses limits the number of sessions To control the number of users at any time close one or more s...

Страница 168: ...and optional networks Traffic is passed from a computer on the trusted or optional network to a computer on the other end of a Branch Office VPN Incoming traffic of any kind is passed to the Edge prot...

Страница 169: ...ternet Reset idle timer on Firebox X Edge embedded Web site access When you select this check box the Firebox X Edge does not disconnect a session when an idle timeout occurs if the Login Status dialo...

Страница 170: ...is access level cannot change the configuration file Full Use this to see and to change Edge configuration properties You also can activate options disconnect active sessions restart the Edge and add...

Страница 171: ...ave an effect 13 If you want this user to have access to computers on the other side of a Branch Office VPN tunnel select the Allow access to manual and managed VPN tunnels check box You must require...

Страница 172: ...times out Change their password Using a read only administrative account You can create a local user account with access to see Firebox X Edge e Series configuration pages When you log in as a read on...

Страница 173: ...unique set of restrictions you can apply to users on your network To apply a WebBlocker profile to a user s account 1 Click the WebBlocker tab 2 Select a profile from the drop down list You must do th...

Страница 174: ...tication user privileges are controlled on a group basis You can add the names of your existing LDAP or Active Directory user groups to the Firebox X Edge configuration and assign priv ileges and a We...

Страница 175: ...e default LDAP server port number is 389 Usually you do not have to change this number 8 Use the LDAP Timeout drop down list to select the number of seconds to use as a timeout for any LDAP operation...

Страница 176: ...sets all privileges for that user except MUVPN MUVPN privileges must be set at the user level The name you give to a group on the Firebox X Edge must match the name of the group assigned to user entr...

Страница 177: ...rs the Firebox X Edge will close the session 7 Use the Session idle time out text box to set the number of minutes a user session started by a member of this group can stay idle before it is automatic...

Страница 178: ...d or optional network to a com puter on the external network For example when a user on your trusted network opens a browser to connect to a web site on the Internet a session starts on the Firebox X...

Страница 179: ...and closes all open browser windows Local User Accounts Below Local User Accounts you can see information on the users you configured Name The name given to the user The Admin user is part of the defa...

Страница 180: ...the Internet No WebBlocker rules apply to web traffic originating from devices on this list 1 From the navigation bar select Firebox Users Trusted Hosts The Firebox Users Trusted Hosts page appears 2...

Страница 181: ...s to connect to a web site the Firebox X Edge e Series examines the WebBlocker database If the web site is not in the database or is not blocked the page opens If the web site is in the WebBlocker dat...

Страница 182: ...ive if no web browsing is done If a user types the Full Access Password and no HTTP traffic is done from that user s computer for the length of time set in the Inactivity Timeout field WebBlocker rule...

Страница 183: ...estrictions than for other employees It is not necessary to create Web Blocker profiles if you use one set of WebBlocker rules for all of your users After you create profiles you must apply them when...

Страница 184: ...me For more information on categories see the next section If you select the check box adjacent to a category group it automatically selects all of the categories in that group If you clear the check...

Страница 185: ...roducts including sex toys CD ROMs and videos Adult services including videoconferencing escort services and strip clubs Explicit cartoons and animation Child pornography pedophilia Online groups incl...

Страница 186: ...ng or growing illicit substances including alcohol for purposes other than industrial usage Glamorizing encouraging or instructing in the use of or masking the use of alcohol tobacco illegal drugs and...

Страница 187: ...ports picks and betting pools Virtual sports and fantasy leagues that offer large rewards or request significant wagers Note Casino hotel resort sites that do not feature online gambling or provide ga...

Страница 188: ...r social agenda that is supremacist in nature or exclusionary of others based on their race religion nationality gender age disability or sexual orientation Holocaust revisionist denial sites Coercion...

Страница 189: ...d card etc games and their enthusiasts Animal pet related sites including breed special sites training shows and humane societies Beauty and cosmetics Hosting Sites Web sites that host business and in...

Страница 190: ...mvent filtering Peer to peer sharing Search Engines General search engines Yahoo AltaVista Google Sex Education Pictures or text advocating the proper use of contraceptives including condom use the co...

Страница 191: ...ism Excessively violent sports or games including video and online games Offensive or violent language including through jokes comics or satire Excessive use of profanity or obscene gesticulation Note...

Страница 192: ...nd go to http mtas surfcontrol com mtas WatchGuardTest a Site asp The WatchGuard Test a Site page appears 2 Type the URL or IP address of the site to check 3 Click Test Site The WatchGuard Test a Site...

Страница 193: ...llowed Sites feature For example suppose employees in your company frequently use web sites that contain medical infor mation Some of these web sites are forbidden by WebBlocker because they fall into...

Страница 194: ...resolves to a different IP address you must enter that subdomain to allow it For example if www site com and site com are on different servers you must add both entries 5 Click Add The site is added t...

Страница 195: ...es to a different IP address you must enter that subdomain to deny it For example if www site com and site com are on different servers you must add both entries 5 Click Add The site is added to the D...

Страница 196: ...pe the IP address of the computer on your trusted or optional network to allow users to browse the Internet without authentication restrictions 3 Click Add 4 Repeat step 2 for other trusted computers...

Страница 197: ...the body of the email But all of these procedures scan each individual email message It is easy to bypass those fixed algorithms You can mask the sender address to bypass a blacklist You can change k...

Страница 198: ...Tag action you can then create rules in your email reader to sort or delete the spam automatically See Configuring Rules For Your Email Reader on page 189 for more information Deny Stop the spam emai...

Страница 199: ...TP select the Enable spamBlocker for SMTP proxies check box Configuring spamBlocker Settings You set actions for spamBlocker to take with POP3 email and SMTP email the same way To set actions for POP3...

Страница 200: ...gging option Select the Log all the actions check box near the bottom of the page to send a log message for each action spamBlocker takes 6 You can set the number of bytes of an email message to be pa...

Страница 201: ...set rules that automatically send email messages with tags to a subfolder Some email readers also let you create a rule to automat ically delete the message Because you can use a different tag for ea...

Страница 202: ...m pane edit the rule description by clicking on the specific words In the Search Text dialog box type the spam tag as SPAM If you use a custom tag type it here instead Click Add Click OK 6 Click Next...

Страница 203: ...known as the signature Gateway AV IPS uses these signatures to find viruses and intrusion attacks when they are scanned by the proxy You must purchase the Gateway AV IPS upgrade to use these services...

Страница 204: ...ow remote access or execution of code such as buffer overflows remote command execution password disclosure key logging backdoors and security bypass Medium Vulnerabilities that allow access disclose...

Страница 205: ...x to scan email sent to an email server protected by your Edge for viruses 5 There is a very large set of file formats used on the Internet Use the When an error is encountered drop down list to selec...

Страница 206: ...nd a complete description of the actions taken by the POP3 proxy in an FAQ you can find at http www watchguard com support faqs edge Some of the actions include Sending a message that an email message...

Страница 207: ...e if you want automatic updates or manual updates If you want manual updates clear the Enable automatic updates check box 3 If you want to update the signatures manually compare the current signature...

Страница 208: ...Updating Gateway AV IPS 196 Firebox X Edge e Series...

Страница 209: ...t You Need to Create a VPN on page 197 The subsequent section tells you how to configure the Firebox X Edge to be the endpoint of a VPN tun nel created and managed by a WatchGuard Firebox X Core or Pe...

Страница 210: ...e and not a limit of the Firebox X Edge e Series If you want to use the DNS and WINS servers from the network on the other side of the VPN tunnel you must know the IP addresses of these servers The Fi...

Страница 211: ...ation of VPN tunnels see Setting up WatchGuard System Manager Access on page 43 Manual VPN Setting Up Manual VPN Tunnels To create a VPN tunnel manually to another Firebox X Edge or to a Firebox III o...

Страница 212: ...tps www watchguard com support advancedfaqs general_slash asp You Example Site A 192 168 111 0 24 Site B 192 168 222 0 24 Shared Key The shared key is a passphrase used by two IPSec compatible devices...

Страница 213: ...ote VPN gateway certificate For more information on third party certificates see About Certificates on page 150 The shared key is a passphrase that the devices use to encrypt and decrypt the data on t...

Страница 214: ...e or remote VPN device has a dynamic external IP address you must select Aggressive Mode and the device must use Dynamic DNS For more information see Registering with the Dynamic DNS Service on page 7...

Страница 215: ...SP does NAT Network Address Translation or if the external interface of your Edge is connected to a device that does NAT We recommend that the Firebox X Edge external interface have a public IP addres...

Страница 216: ...igher priority Some ISPs drop all packets that have TOS flags set If you select the Enable TOS for IPSec check box the Edge preserves existing TOS bits in VPN traffic packets If the check box is not s...

Страница 217: ...e trusted interface The default URL is https 192 168 111 1 2 From the navigation bar select System Status VPN Traffic Control The VPN Traffic Control page appears VPN Traffic Control for the IPSec int...

Страница 218: ...VPN Statistics The VPN Statistics page appears Frequently Asked Questions Why do I need a static external address To make a VPN connection each device must know the IP address of the other device If t...

Страница 219: ...ters at site B do not have Internet access speak to your ISP or network administrator 2 If you can ping the external address of each Firebox X Edge try to ping a local address in the remote network Fr...

Страница 220: ...Frequently Asked Questions 208 Firebox X Edge e Series...

Страница 221: ...client is a software application that is installed on a remote computer The client makes a secure connection from the remote computer to your protected network through an unsecured net work The MUVPN...

Страница 222: ...the remote user The remote user s computer must have the correct networking components for MUVPN to operate correctly See Preparing remote computers for IPSec MUVPN on page 214 to be sure that the use...

Страница 223: ...ry network card settings See Preparing remote computers for IPSec MUVPN on page 214 for information on entering WINS and DNS addresses in the network card advanced settings Preferred If the virtual ad...

Страница 224: ...f authentication The options are MD5 HMAC and SHA1 HMAC 7 From the Encryption Algorithm drop down list select the type of encryption The options are DES CBC 3DES CBC AES 128 bit AES 192 bit or AES 256...

Страница 225: ...ent versions of IPSec Mobile User VPN software One version contains the ZoneAlarm personal firewall and the other one does not Get the user s wgx file The Firebox X Edge has encrypted IPSec MUVPN clie...

Страница 226: ...stems and minimum RAM Microsoft Windows NT 4 0 Workstation 32 MB Microsoft Windows 2000 Professional 64 MB Microsoft Windows XP 64 MB No other IPSec VPN client software can be on the computer Remove a...

Страница 227: ...djacent check box If a component is not installed use the instructions to install it Installing the Internet Protocol TCP IP network component on Windows 2000 From the connection window Networking tab...

Страница 228: ...ain suffix and click Add 7 If you want to add more DNS suffixes repeat steps 5 and 6 8 Click the WINS tab From the section WINS addresses in order of use click Add The TCP IP WINS Server window appear...

Страница 229: ...XP From the connection window Networking tab 1 Click Install The Select Network Component Type window appears 2 Double click the Client network component The Select Network Protocol window appears 3 S...

Страница 230: ...user s computer before you install the WatchGuard MUVPN software 2 Copy the MUVPN installation program and the wgx file to the remote computer 3 Double click the MUVPN installation file to start the...

Страница 231: ...security policy on the client see Disconnecting the MUVPN client on page 221 3 Restart the remote computer 4 From the Windows desktop select Start Settings Control Panel The Control Panel window appea...

Страница 232: ...formation about the status of the connection Deactivated The MUVPN Security Policy is not active This icon can appear if the Windows operating system did not start a required MUVPN service If this occ...

Страница 233: ...or this program each time you start a MUVPN connection The New Program alert window appears to request access for the IreIKE exe program Disconnecting the MUVPN client From the Windows desktop system...

Страница 234: ...been made at this time when a phase 2 SA connection cannot be made A key tells you that the connection has a phase 2 SA This connection also can have a phase 1 SA An animated black line below a key te...

Страница 235: ...ersonal firewall when you use their associated software applications Shutting down ZoneAlarm From the Windows desktop system tray 1 Right click the ZoneAlarm icon shown at right 2 Select Shutdown Zone...

Страница 236: ...unless the wireless computer has connected using an IPSec MUVPN tunnel To make sure wireless computers authenticate as IPSec MUVPN clients 1 To connect to the System Status page type https in the brow...

Страница 237: ...y when the software application is started The MUVPN client shows a key in the icon when the client is connected To test the connection ping a computer on your company network Select Start Run Type cm...

Страница 238: ...close the tunnel Reconnect to the Internet and then restart the MUVPN client Configuring PPTP Mobile User VPN You can use Point to Point Tunneling Protocol PPTP to make secure VPN tunnels You can con...

Страница 239: ...he first IP address in the address pool the Edge can use to assign PPTP user IP addresses in the Start of IP address pool field The Edge gives out this IP address to the first PPTP user that connects...

Страница 240: ...h PPTP check box Preparing the client computers You must make sure each remote user s computer is prepared to use PPTP Each computer must have Internet access and must have the necessary version of Mi...

Страница 241: ...r you must configure the PPTP connection From the Windows Desktop of the client computer 1 Select Start Settings Control Panel The Start button in Windows Vista is located in the lower left corner of...

Страница 242: ...irectly through a LAN or WAN 10 Double click the shortcut to the new connection on your desktop Or select Control Panel Network Connections and look in the Virtual Private Network list for the connect...

Страница 243: ...e includes Hardware firewall Firebox X Edge e Series User Guide on CD ROM Firebox X Edge e Series Quick Start Guide License key certificate Hardware warranty card AC adapter 12V 1 2A with internationa...

Страница 244: ...erating temperature 0 40 C MTBF for Firebox X Edge e Series MTBF for Firebox X Edge e Series Wireless 60 555 hours 25 degrees C 53 901 hours 25 degrees C Environment Indoor use only Dimensions for Fir...

Страница 245: ...low when traffic goes through the related interface LAN 0 1 2 Each LAN indicator shows the physical connection to the trusted Ethernet interfaces WAP The WAP indicator shows that the Firebox X Edge e...

Страница 246: ...dicator shows that the Firebox X Edge e Series is on Rear view Ethernet interfaces LAN0 through LAN2 The Ethernet interfaces with the marks LAN0 through LAN2 are for the trusted network OPT interface...

Страница 247: ...necting a plug to the AC power adapter To install a different plug in the AC power adapter 1 Put the top of the new plug in the AC power adapter at a 45 degree angle You must put in the top of the new...

Страница 248: ...as much as 30dB To decrease the effect of multi path reflection the Firebox X Edge e Series Wireless uses two antennas spaced some distance apart This decreases signal cancellation and allows the sof...

Страница 249: ...r trademark of RealNetworks Inc in the United States and or other countries Java and all Java based marks are trademarks or registered trademarks of Sun Microsystems Inc in the United States and other...

Страница 250: ...too receive or can get the source code And you must show them these terms so they know their rights We protect your rights with two steps 1 copyright the software and 2 offer you this license which gi...

Страница 251: ...mally print such an announcement your work based on the Program is not required to print an announcement These requirements apply to the modified work as a whole If identifiable sections of that work...

Страница 252: ...r modifying the Program or works based on it 6 Each time you redistribute the Program or any work based on the Program the recipient automatically receives a license from the original licensor to copy...

Страница 253: ...of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 11 BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE PROGRAM...

Страница 254: ...can relink them with the library after making changes to the library and recompiling it And you must show them these terms so they know their rights Our method of protecting your rights has two steps...

Страница 255: ...o form executables The Library below refers to any such software library or work which has been distributed under these terms A work based on the Library means either the Library or any derivative wor...

Страница 256: ...tive or collective works based on the Library In addition mere aggregation of another work not based on the Library with the Library or with a work based on the Library on a volume of a storage or dis...

Страница 257: ...notice for the Library among them as well as a reference directing the user to the copy of this License Also you must do one of these things Accompany the work with the complete corresponding machine...

Страница 258: ...as a consequence of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherw...

Страница 259: ...WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY A...

Страница 260: ...hich gives you legal permission to copy distribute and or modify the library To protect each distributor we want to make it very clear that there is no warranty for the free library Also if the librar...

Страница 261: ...ftware library or work which has been distributed under these terms A work based on the Library means either the Library or any derivative work under copyright law that is to say a work containing the...

Страница 262: ...tive or collective works based on the Library In addition mere aggregation of another work not based on the Library with the Library or with a work based on the Library on a volume of a storage or dis...

Страница 263: ...the copyright notice for the Library among them as well as a reference directing the user to the copy of this License Also you must do one of these things Accompany the work with the complete corresp...

Страница 264: ...difying the Library or works based on it 11 Each time you redistribute the Library or any work based on the Library the recipient automatically receives a license from the original licensor to copy di...

Страница 265: ...Y TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE LIBRARY AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED O...

Страница 266: ...copy of this program acknowledges that it shall not be disclosed to third parties rather only to employees or consultants having a firm need to know and provided that they are bound by confidentiality...

Страница 267: ...ombination with a host application license key code the Commtouch Center records both numbers assisting ctengin partners in supporting their own customers The ctengine license key code is 20 character...

Страница 268: ...FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPECIAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED...

Страница 269: ...and Telegraph Company or of the Regents of the University of California Permission is granted to anyone to use this software for any purpose on any computer system and to alter it and redistribute it...

Страница 270: ...else except as part of a product or program developed by the user SUN RPC IS PROVIDED AS IS WITH NO WARRANTIES OF ANY KIND INCLUDING THE WARRANTIES OF DESIGN MERCHANTIBILITY AND FITNESS FOR A PARTICU...

Страница 271: ...ditions and the following disclaimer in the documentation and or other materials provided with the distribution The name of Intel Corporation may not be used to endorse or promote products derived fro...

Страница 272: ...evenue or profits or other special indirect and consequential damages even if Sun has been advised of the possibility of such damages Sun Microsystems Inc 2550 Garcia Avenue Mountain View California 9...

Страница 273: ...or substantial portions of the Software THE SOFTWARE IS PROVIDED AS IS WITHOUT WARRANTY OF ANY KIND EXPRESS OR IMPLIED INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY FITNESS FOR A PAR...

Страница 274: ...community All software is furnished on an as is basis No further updates to this software should be expected Although updates may occur no commitment exists Software in the src drivers net e1000 direc...

Страница 275: ...eral Public License as published by the Free Software Foundation either version 2 or at your option any later version or b the BSD style License included below This program is distributed in the hope...

Страница 276: ...ONTRACT TORT OR OTHERWISE ARISING FROM OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE lua sqlite3 Copyright 2004 2005 2006 Michael Roth mroth nessie de Permissi...

Страница 277: ...T HOLDERS AND CONTRIBUTORS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF NONINFRINGEMENT MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE D...

Страница 278: ...n standard executable that clearly documents how it differs from the Standard Version d make other distribution arrangements with the Copyright Holder e permit and encourge anyone who receives a copy...

Страница 279: ...Technology Inc All rights reserved Redistribution and use in source and binary forms with or without modification are permitted provided that the following conditions are met Redistributions of source...

Страница 280: ...NG NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE Copyright c 2003 2005 Sparta Inc All rights reserved Redistribution and...

Страница 281: ...ITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFT...

Страница 282: ...1995 Tatu Ylonen ylo cs hut fi Espoo Finland All rights reserved As far as I am concerned the code I have written for this software can be used freely for any purpose Any derived versions of this soft...

Страница 283: ...the following disclaimer in the documentation and or other materials provided with the distribution 3 All advertising materials mentioning features or use of this software must display the following a...

Страница 284: ...AMAGE ossp_mm Copyright 1999 2005 Ralf S Engelschall rse engelschall com Copyright 1999 2005 The OSSP Project http www ossp org Redistribution and use in source and binary forms with or without modifi...

Страница 285: ...S SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE ppp pppd has many licenses This includes the GPL the LGPL SUN license RSA license public domain and several BSD licenses that require seper...

Страница 286: ...ting documentation that copying and distribution is by permission of Livingston Enterprises Inc Livingston Enterprises Inc makes no representations about the suitability of this software for any purpo...

Страница 287: ...HANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE Van Jacobson van helios ee lbl gov Dec 31 1989 Initial distribution zlib h interface of the zlib general purpose compression library version 0 95 Aug 1...

Страница 288: ...tware developed by Computing Services at Carnegie Mellon University http www cmu edu computing CARNEGIE MELLON UNIVERSITY DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WA...

Страница 289: ...THE AUTHORS BE LIABLE FOR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE DATA OR PROFITS WHETHER IN AN ACTION OF CONTRACT NEGLIGENCE OR OTHER TORTI...

Страница 290: ...free non exclusive license subject to third party intellectual property claims a to use reproduce modify display perform sublicense and distribute the Original Code or portions thereof with or withou...

Страница 291: ...ake it absolutely clear that any such warranty support indemnity or liability obligation is offered by You alone and You hereby agree to indemnify the Initial Developer and every Contributor for any l...

Страница 292: ...not of themselves be deemed to be modifications of this License 7 DISCLAIMER OF WARRANTY COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN AS IS BASIS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR...

Страница 293: ...ou received from utilizing such rights and other relevant factors You agree to work with affected parties to distribute responsibility on an equitable basis 13 ADDITIONAL TERMS APPLICABLE TO THE RED H...

Страница 294: ...reely subject to the following restrictions 1 The origin of this software must not be misrepresented you must not claim that you wrote the original software If you use this software in a product an ac...

Страница 295: ...ies 2 Redistributions in binary form must reproduce the above copyright notice this list of conditions and the following disclaimer in the documentation and or other materials provided with the distri...

Страница 296: ...S directive that becomes valid on July 1 2006 It states that all new electrical and elec tronic equipment put on the market within the member states must not contain certain hazardous materials The Wa...

Страница 297: ...ay make changes in its facilities equipment operations or procedures that could affect the operation of the equipment If this happens the telephone company will provide advance notice in order for you...

Страница 298: ...nd having a maximum gain of 5 1 dB Antennas not included in this list or having a gain greater than 5 1 dB are strictly prohibited for use with this device The required antenna impedance is 50 ohms WG...

Страница 299: ...User Guide 287 Certifications and Notices Class A Korean Notice VCCI Notice Class A ITE Taiwanese Class A Notice Taiwanese Wireless Notice...

Страница 300: ...ese terms please return this package along with proof of purchase to the authorized dealer from which you purchased it for a full refund WatchGuard Technologies Inc WatchGuard and you agree as set for...

Страница 301: ...REMEDY FOR LOSS OR DAMAGE TO OR CAUSED BY OR CONTRIBUTED TO BY THE PRODUCT 4 LIMITATION AND LIABILITY WATCHGUARD S LIABILITY WHETHER ARISING IN CONTRACT INCLUDING WARRANTY TORT INCLUDING ACTIVE PASSI...

Страница 302: ...Limited Hardware Warranty 290 Firebox X Edge e Series...

Страница 303: ...connections 2 C cables connecting computer and Edge 15 included in package 10 231 centralized management with WFS 7 3 45 with WSM 44 certificates creating CSR 150 creating third party 150 described 1...

Страница 304: ...ry default settings described 37 resetting to 38 failover network See WAN failover feature keys described 48 features adding 49 File and Printer Sharing for Microsoft Networks 215 and Windows XP 217 F...

Страница 305: ...Edge 17 TCP IP properties 12 using Quick Setup Wizard 19 installing the Firebox X Edge 9 19 interfaces viewing current information on 33 Internet connecting to 2 connection required for Firebox X Edg...

Страница 306: ...Wizard 53 network traffic See traffic networks types of 1 New Profile page 171 New User page 158 NTP server synchronizing Firebox clock to 39 numbered ports 234 O OpenSSL using to generate CSR 150 op...

Страница 307: ...s by Hardware Address check box 64 69 Routes page 70 routes configuring static 70 routing table viewing 34 S seat licenses See user licenses secondary IP addresses 143 services creating custom incomin...

Страница 308: ...ring additional computers on 62 configuring with Quick Setup Wizard 19 default setting for 37 described 6 Trusted Network Configuration page 59 60 61 62 U UDP User Datagram Protocol 2 Uniform Resource...

Страница 309: ...182 bypassing 183 categories for 173 180 creating profiles 171 172 database 169 defining profile 161 165 described 126 global settings for 169 timeout for 170 WebBlocker page 27 WebBlocker Settings p...

Страница 310: ...298 Firebox X Edge e Series...

Отзывы:

Нет отзывов

Похожие инструкции для Firebox X20E

Бренд: D-Link Страницы: 10

Бренд: D-Link Страницы: 17

Бренд: Quark-Elec Страницы: 2

Бренд: S&C Страницы: 9

Бренд: ZyXEL Communications Страницы: 2

Бренд: THOMSON Страницы: 90

Бренд: Spectrum Brands Страницы: 2

DRY CONTACT GATEWAY SDG-01

Бренд: Sinclair Страницы: 20

Бренд: Alcatel-Lucent Страницы: 2

Бренд: David Clark Страницы: 11

Бренд: Fife Страницы: 48

Бренд: Gree Страницы: 44

AS Series ASM200

Бренд: Quintum Страницы: 3

DX Series DX2008

Бренд: Quintum Страницы: 15

Бренд: Vaisala Страницы: 32

Бренд: Vaillant Страницы: 40

Бренд: Entone Страницы: 3

Entone 95-810500-00

Бренд: Entone Страницы: 14

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды