Watchguard Firebox X20E User Manual page 146

Configuring Firewall Options
Do not respond to ping requests
You can configure the Firebox X Edge e-Series to deny ping requests received on the trusted,
external, or optional network. This option overrides all other Edge settings.
Do not allow FTP access to the Edge
You can configure the Firebox X Edge e-Series to not allow any FTP connections from the trusted
or optional network. This option overrides all other Edge settings.
You must clear the Do not allow FTP access to the Edge from the Trusted Network check box when you
apply an update to the Firebox X Edge firmware with the automatic installer. If you do not clear this check
box, the Software Update Installer cannot move firmware files to the Edge.
Log all allowed outbound access
If you use the standard property settings, the Firebox X Edge e-Series records only unusual
events. When traffic is denied, the Edge records the information in the log file. You can configure
the Edge to record information about all the outgoing traffic in the log file.
When you record all outgoing traffic, it creates a large number of log records. We recommend
that you record all the outgoing traffic only as a problem-solving tool, unless you send log
messages to a remote Log Server. For more information, see "Viewing Log Messages" on
page 147.
Log denied broadcast traffic
If you use the standard property settings, the Firebox X Edge e-Series records only unusual
events. When traffic is denied, the Edge records the information in the log file. You can configure
the Edge to record information about denied network traffic that was sent to many destinations
at the same time.
Log denied spoofed traffic
If you use the standard property settings, the Firebox X Edge e-Series records only unusual
events. When traffic is denied, the Edge records the information in the log file. You can configure
the Edge to record information when the source IP address of network traffic does not match the
IP address of the host that sent the traffic.
Log traffic denied because of IP options
IP options are extensions of the Internet Protocol. The Edge uses the extensions for special
software applications or for advanced troubleshooting. An attacker can use the IP options in the
packet header to find a path into your network. Select this check box to create a log message
when traffic is denied because of IP options.
Log inbound traffic that is denied by default
Select this check box to have the Edge send a log message to the log file each time an incoming
connection is denied by the default rules configured in your Edge.
Log outbound traffic that is denied by default
Select this check box to have the Edge send a log message to the log file each time an outgoing
connection is denied by the default rules configured in your Edge.
134 Firebox X Edge e-Series