Watchguard Firebox SOHO 6 Wireless User Manual
  1. Manuals
  2. Brands
  3. Watchguard Manuals
  4. Firewall
  5. Firebox SOHO 6 Wireless
  6. User manual

Watchguard Firebox SOHO 6 Wireless User Manual

Watchguard firebox soho 6 wireless firewall: user guide
Hide thumbs Also See for Firebox SOHO 6 Wireless:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Instruction Manual, User Manual
WatchGuard
®
Firebox
SOHO 6
®
Wireless

User Guide

SOHO 6 Wireless - firmware version 6.3

Advertisement

Table of Contents
loading

Related Manuals for Watchguard Firebox SOHO 6 Wireless

Summary of Contents for Watchguard Firebox SOHO 6 Wireless

  • Page 1: User Guide

    WatchGuard ® Firebox SOHO 6 ® Wireless User Guide SOHO 6 Wireless - firmware version 6.3...

  • Page 2: Fcc Certification

    Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. WatchGuard Firebox SOHO 6 Wireless...

  • Page 3: Industry Canada

    CE Notice The CE symbol on your WatchGuard Technologies equipment indicates that it is in compliance with the Electromagnetic Compatibility (EMC) directive and the Low Voltage Directive (LVD) of the European Union (EU). Industry Canada This Class A digital apparatus meets all requirements of the Canadian Interference-Causing Equipment Regulations.
  • Page 4 NOTE! In France, this product may only be installed and operated indoors, and only on channels 10, 11, 12, 13 as defined by IEEE 802.11b. Use of the product outdoors, or on any other channel, is illegal in France. WatchGuard Firebox SOHO 6 Wireless...
  • Page 5 Declaration of Conformity User Guide...
  • Page 6 WatchGuard Technologies, Inc. ("WATCHGUARD") for the WATCHGUARD SOHO software product, which includes computer software (whether installed separately on a computer workstation or on the WatchGuard hardware product) and may include associated media, printed materials, and on-line or electronic documentation, and any updates or modifications thereto, including those received through the WatchGuard LiveSecurity service (or its equivalent) (the "SOFTWARE PRODUCT").
  • Page 7 4. Limited Warranty. WATCHGUARD makes the following limited warranties for a period of ninety (90) days from the date you obtained the SOFTWARE PRODUCT from WATCHGUARD or an authorized dealer; (A) Media. The disks and documentation will be free from defects in materials and workmanship under normal use.
  • Page 8 NO EVENT EXCEED THE PURCHASE PRICE PAID BY YOU FOR SUCH PRODUCT. THIS WILL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF AN AGREED REMEDY. IN NO EVENT WILL WATCHGUARD BE LIABLE TO YOU OR ANY THIRD PARTY, WHETHER ARISING IN CONTRACT (INCLUDING WARRANTY), TORT...
  • Page 9 EULA, destroy all copies of the SOFTWARE PRODUCT in your possession, or voluntarily return the SOFTWARE PRODUCT to WATCHGUARD. Upon termination you will destroy all copies of the SOFTWARE PRODUCT and documentation remaining in your control or possession.
  • Page 10 WatchGuard Technologies, Inc. Copyright, Trademark, and Patent Information Copyright© 1998 - 2003 WatchGuard Technologies, Inc. All rights reserved. AppLock®, AppLock®/Web, Designing peace of mind®, Firebox®, Firebox® 1000, Firebox® 2500, Firebox® 4500, Firebox® II, Firebox® II Plus, Firebox® II FastVPN, Firebox® III, Firebox®...
  • Page 11 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • Page 12 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http://www.modssl.org/)." WatchGuard Firebox SOHO 6 Wireless...
  • Page 13 4. The names "mod_ssl" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact rse@engelschall.com. 5. Products derived from this software may not be called "mod_ssl" nor may "mod_ssl" appear in their names without prior written permission of Ralf S.
  • Page 14 WatchGuard Technologies, Inc. (”WatchGuard”) and you agree as follows: 1. Limited Warranty. WatchGuard warrants that upon delivery and for one (1) year thereafter (the “Warranty Period”): (a) the Product will be free from material defects in materials and...
  • Page 15 2. Remedies. If any Product does not comply with the WatchGuard warranties set forth in Section 1 above, WatchGuard will, at its option, either (a) repair the Product, or (b) replace the Product; provided, that you will be responsible for returning the Product to the place of purchase and for all costs of shipping and handling.
  • Page 16 Product AND BY USING THE PRODUCT YOU AGREE TO THESE TERMS. No change or modification of this Agreement will be valid unless it is in writing, and is signed by WatchGuard. Software Version Number: 6.3...
  • Page 17 Point-to-Point Protocol over Ethernet Remote Access Services Security Association Transfer Control Protocol User Datagram Protocol Universal Resource Locator Virtual Private Network Wide Area Network Wired Equivalent Privacy WLAN Wireless Local Area Network WSEP WatchGuard Security Event Processor User Guide xvii...
  • Page 18 WatchGuard Firebox SOHO 6 Wireless...

  • Page 19: Table Of Contents

    Package Contents How a Firewall Works How Information Travels on the Internet IP addresses Protocols Port numbers How the SOHO 6 Wireless Processes Information ...6 Services Network Address Translation (NAT) How Does Wireless Networking Work SOHO 6 Wireless Hardware Description User Guide ...
  • Page 20 Disabling the HTTP proxy setting of your Web browser Enabling your computer for DHCP Physically Connecting to the SOHO 6 Wireless ... 23 Cabling the SOHO 6 Wireless for one to four appliances Cabling the SOHO 6 Wireless for more than four...
  • Page 21 Configure the Network Interfaces CHAPTER 4 External Network Configuration Network addressing Configuring the SOHO 6 Wireless external network for dynamic addressing Configuring the SOHO 6 Wireless external network for static addressing Configuring the SOHO 6 Wireless external network for PPPoE...
  • Page 22 SOHO 6 Wireless Remote Management Setting up VPN Manager Access Updating the Firmware Activating the SOHO 6 Wireless Upgrade Options Viewing the Configuration File Configure the Firewall Settings CHAPTER 6 Firewall Settings Configuring Incoming and Outgoing Services Common services Creating a custom service Blocking External Sites ...
  • Page 23 What You Need Enabling the VPN upgrade Setting Up Multiple SOHO 6 Wireless to SOHO 6 Wireless VPN Tunnels Creating a VPN Tunnel to a SOHO 6 Wireless with an IPSec-Compliant Appliance Special considerations Configuring Split Tunneling Using MUVPN Clients...
  • Page 24 MUVPN Clients CHAPTER 10 Configuring the SOHO 6 Wireless for MUVPN Clients ... 122 Preparing the Remote Computers to Use the MUVPN Client ... 124 System requirements Windows 98/ME operating system setup Windows NT operating system setup Windows 2000 operating system setup...
  • Page 25 Uninstalling ZoneAlarm Troubleshooting Tips My computer hangs immediately after installing the MUVPN client... I have to enter my network login information even when I’m not connected to the network... I am not prompted for my user name and password when I turn my computer on... Is the MUVPN tunnel working? My mapped drives have a red X through them...
  • Page 26 WatchGuard Firebox SOHO 6 Wireless...

  • Page 27: Chapter 1 Introduction

    Introduction CHAPTER 1 ® The purpose of this guide is to help users of the WatchGuard ® ® Firebox SOHO 6 Wireless and Firebox SOHO 6tc Wireless set up and configure these appliances for secure access to the Internet. User Guide...
  • Page 28 Chapter 1: Introduction In this guide, the name SOHO 6 Wireless refers to both the SOHO 6 Wireless as well as the SOHO 6tc Wireless. VPN is available as an upgrade option for the SOHO 6 Wireless. The SOHO 6tc Wireless includes the VPN upgrade option.

  • Page 29: Package Contents

    A firewall divides your internal network from the Internet to reduce this danger. The appliances on the trusted side of your SOHO 6 Wireless firewall are protected. The illustration below shows how the SOHO 6 Wireless physically divides your trusted network from the Internet.

  • Page 30: How Information Travels On The Internet

    Chapter 1: Introduction The SOHO 6 Wireless controls all traffic between the external network (the Internet) and the trusted network (your computers). All suspicious traffic is stopped. The rules and policies that identify the suspicious traffic are shown in “Configuring Incoming and Outgoing Services”...

  • Page 31: Ip Addresses

    An IP address identifies a computer on the Internet that sends and receives packets. Each computer on the Internet has an address. The SOHO 6 Wireless is also a computer and has an IP address. When you configure a service behind a firewall, you must include the trusted network IP address for the computer that supplies the service.

  • Page 32: How The Soho 6 Wireless Processes Information

    Internet contains IP address information. Packets sent through the SOHO 6 Wireless with dynamic NAT include only the public IP address of the SOHO 6 Wireless and not the private IP address of the computer in the trusted network. Because only the...

  • Page 33: Soho 6 Wireless Hardware Description

    “MUVPN Clients” on page 121 for more information about this configuration. SOHO 6 Wireless Hardware Description The hardware of the SOHO 6 Wireless uses newer technology than earlier SOHO models. Faster Processor The SOHO 6 Wireless has a new network processor that runs at a speed of 150 MHz.

  • Page 34: Understanding Ieee 802.11B Wireless Communication

    Chapter 1: Introduction Wireless The approximate operating range of the SOHO 6 Wireless when operated indoors: 30.48 meters (100 feet) at 11 Mbps 50.292 meters (165 feet) at 5.5 Mbps 70.104 (230 feet) at 2 Mbps 91.44 (300 feet) at 1 Mbps Understanding IEEE 802.11b Wireless...
  • Page 35 Noise level (Watts) An increase of the noise level within the frequency range of the system reduces the channel capacity. The noise level is determined by three factors: • Background noise caused by the ambient temperature of the atmosphere at the frequency range of the system •...
  • Page 36 • Signal attenuation (path-loss) between the transmitter and receiver Transmitted power The SOHO 6 Wireless transmits at 15 dBm (0.032 Watts), which meets the requirements for operation in the United States and Europe. The maximum transmission power of devices that are certified as 802.11b-compliant is 1 Watt in the United States and 0.1 Watt in Europe.
  • Page 37 Laptop computers typically have one antenna, which is more susceptible to signal fading caused by position. For this reason, the SOHO 6 Wireless may receive signals from the laptop while the laptop does not receive signals from the SOHO 6 Wireless.

  • Page 38: Soho 6 Wireless Front And Rear Views

    SOHO 6 Wireless front and rear views There are 14 indicator lights on the front panel of the SOHO 6 Wireless. The illustration below shows the front view. PWR is lit while the SOHO 6 Wireless is connected to a power supply. Status Status is lit while a management connection is in use.
  • Page 39 Mode is lit while there is a connection to the Internet. There are five Ethernet ports, a reset button, and a power input on the rear of the SOHO 6 Wireless. The illustration below shows the rear view. RESET button Push the reset button to reset the SOHO 6 Wireless to the factory default configuration.

  • Page 40: Hardware Operating Specifications

    Before installing your SOHO 6, you should also be aware of its operating parameters: Operating temperature Storage termperature Operating humidity Storage humidity 0 to 40 degrees C -10 to 70 degrees C 10% to 85% 5% to 90% WatchGuard Firebox SOHO 6 Wireless...

  • Page 41: Chapter 2 Installation

    Installation CHAPTER 2 The SOHO 6 Wireless protects all of the computers that connect to your network through the Ethernet ports and wireless connections of the SOHO 6 Wireless. Follow the procedures in this chapter to install the SOHO 6 Wireless and to set up the wireless network.

  • Page 42: Before You Begin

    • Configure the wireless network • Configure the Wireless Access Point • Configure the wireless card on your computer See the SOHO 6 Wireless QuickStart Guide included with the SOHO 6 Wireless for a summary of this information. Before you Begin Before you install the SOHO 6, you must have the following: •...

  • Page 43: Examining And Recording Your Current Tcp/Ip Settings

    • The SOHO 6 Wireless must be installed in a location that is at least 20 centimeters from all persons. The SOHO 6 Wireless must not be located near any other antennae or transmitters. • The method of network address assignment used by your ISP.
  • Page 44 Record the TCP/IP settings in the table provided. Close the window. Other operating systems (Unix, Linux) Consult your operating system guide to locate the TCP/IP screen. Record the TCP/IP settings in the table provided. Exit the TCP/IP configuration screen. WatchGuard Firebox SOHO 6 Wireless...

  • Page 45: Disabling The Http Proxy Setting Of Your Web Browser

    Internet, and not pages in other locations. If the HTTP proxy setting is disabled, you can open the configuration pages in the SOHO 6 Wireless and Web pages on the Internet. The following instructions show how to disable the HTTP proxy setting in three browser applications.
  • Page 46 Advanced heading to expand the list. Click Proxies. Make sure the Direct Connection to the Internet option is selected. Click OK. Internet Explorer 5.0, 5.5, and 6.0 Open Internet Explorer. WatchGuard Firebox SOHO 6 Wireless...

  • Page 47: Enabling Your Computer For Dhcp

    Clear all of the checkboxes. Click OK. Enabling your computer for DHCP To open the configuration pages for the SOHO 6 Wireless, configure your computer to receive its IP address through DHCP. See “Network addressing” on page 41 for more information about network addressing and DHCP.
  • Page 48 Chapter 2: Installation Double-click the Internet Protocol (TCP/IP) component. The Internet Protocol (TCP/IP) Properties dialog box appears. WatchGuard Firebox SOHO 6 Wireless...

  • Page 49: Physically Connecting To The Soho 6 Wireless

    Close the Control Panel window. Physically Connecting to the SOHO 6 Wireless The SOHO 6 Wireless protects all of the computers that connect to your network through the Ethernet ports and wireless connections of the SOHO 6 Wireless. This section shows how to connect computers to the SOHO 6 Wireless through Ethernet cables.
  • Page 50 Internet connection to your computer. Connect this cable to the WAN port on the SOHO 6 Wireless. The SOHO 6 Wireless is connected directly to the modem or other Internet connection. Connect one end of the straight-through Ethernet cable...
  • Page 51 The indicator lights flash and then stop. The modem is ready for use. Attach the AC adapter to the SOHO 6 Wireless. Connect the AC adapter to a power source. Restart the computer.

  • Page 52: Cabling The Soho 6 Wireless For More Than Four Appliances

    (labeled 0-3), you can connect more than four appliances. Use one or more network hubs to make more connections. The base model SOHO 6 Wireless includes a ten-seat license. This license allows a maximum of ten appliances on the trusted network to connect to the Internet at the same time.
  • Page 53 Connect the Ethernet cable to the WAN port on the SOHO 6 Wireless. The SOHO 6 Wireless is connected directly to the modem or other Internet connection. Connect one end of the straight-through Ethernet cable supplied with your SOHO 6 Wireless to one of the four numbered Ethernet ports (labeled 0-3) on the SOHO 6 Wireless.

  • Page 54: Configuring The Wireless Network

    Chapter 2: Installation Attach the AC adapter to the SOHO 6 Wireless. Connect the AC adapter to a power supply. Restart your computer. See “Factory Default Settings” on page 35 for the factory default configuration options. See “External Network Configuration” on page 41 and “Configuring the Trusted Network”...

  • Page 55: Setting Up The Wireless Access Point

    The SSID is the identification number of the wireless device. The SSID is used to create the wireless connection. The default SSID is the 5-digit serial number for your SOHO 6 Wireless. Click Submit. For additional information about configuring the wireless network, see “Configuring the Wireless Network”...

  • Page 56: Configuring The Wireless Card On Your Computer

    Select the computer that you want to configure to access the SOHO 6 Wireless device. WatchGuard Firebox SOHO 6 Wireless...
  • Page 57 Configuring the Wireless Card on Your Computer The SOHO 6 Wireless is now configured to protect the wired and wireless computers that are attached to it from security hazards. For additional information about the security settings for the wireless connections, see “Configuring the Wireless Network” on page 51.
  • Page 58 Chapter 2: Installation WatchGuard Firebox SOHO 6 Wireless...

  • Page 59: Chapter 3 Soho 6 Wireless Basics

    CHAPTER 3 Basics The configuration of the SOHO 6 Wireless is made through Web pages contained in the software of the SOHO 6 Wireless. You can connect to these configuration page with your Web browser. SOHO 6 Wireless System Status page...
  • Page 60 Chapter 3: SOHO 6 Wireless Basics The System Status page is the main configuration page of the SOHO 6 Wireless. A display of information about the SOHO 6 Wireless configuration is shown. This information includes the following: • The firmware version •...

  • Page 61: Factory Default Settings

    • Configuration information for firewall settings (incoming services and outgoing services) • A reboot button to restart the SOHO 6 Wireless If the external network is configured to use the PPPoE protocol, the System Status page displays a connect button or a disconnect button. Use these buttons to start or terminate the PPPoE connection.

  • Page 62: Resetting The Soho 6 Wireless To The Factory Default Settings

    Resetting the SOHO 6 Wireless to the factory default settings Reset the SOHO 6 Wireless to the factory default settings if it is not possible to correct a configuration problem. A reset to the factory default settings is required if the system security passphrase is unknown or the firmware of the SOHO 6 Wireless is damaged by a power interruption.

  • Page 63: The Base Model Soho 6 Wireless

    SOHO 6 Wireless will only allow ten Internet connections. See “Cabling the SOHO 6 Wireless for more than four appliances” on page 26 for additional information. Registering your SOHO 6 Wireless and...

  • Page 64: Rebooting The Soho 6 Wireless

    Record your LiveSecurity Service user profile information in the table below: User name: Password: Keep this information confidential. Rebooting the SOHO 6 Wireless To reboot a SOHO 6 Wireless located on the local network, use one of these methods: WatchGuard Firebox SOHO 6 Wireless...
  • Page 65 The SOHO 6 Wireless requires 30 seconds to reboot. The Mode indicator on the front of the SOHO 6 Wireless will go off and then come on. Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1...
  • Page 66 Chapter 3: SOHO 6 Wireless Basics WatchGuard Firebox SOHO 6 Wireless...

  • Page 67: Chapter 4 Configure The Network Interfaces

    External Network Configuration When you configure the external network, you select the method of communication between the SOHO 6 Wireless and the ISP. Make this selection based on the method of network address distribution in use by your ISP. The possible methods are static addressing, DHCP, or PPPoE.

  • Page 68: Configuring The Soho 6 Wireless External Network For Dynamic Addressing

    DHCP. If your ISP supports this method, the SOHO 6 Wireless gets IP address information from the ISP when the SOHO 6 Wireless reboots and connects to the Internet. The SOHO 6 Wireless does not require any additional configuration.

  • Page 69: Manual Configuration

    Type the TCP/IP settings you recorded from your computer during the installation process. Refer to the table, “Examining and recording your current TCP/IP settings” on page 17. Click Submit. The configuration change is saved to the SOHO 6 Wireless. User Guide External Network Configuration...

  • Page 70: Configuring The Soho 6 Wireless External Network For Pppoe

    If your ISP assigns IP addresses through PPPoE, your PPPoE login name and password are required to configure the SOHO 6 Wireless. To configure the SOHO 6 Wireless for PPPoE: Open your Web browser and click Stop. Because the Internet connection is not configured, the browser cannot load your home page from the Internet.

  • Page 71: Configuring The Trusted Network

    Click Automatically restore lost connections. This option keeps a constant flow of traffic between the SOHO 6 Wireless and the PPPoE server. This option allows the SOHO 6 Wireless to keep the PPPoE connection open during a period of frequent packet loss. If the flow of traffic stops, the SOHO 6 Wireless reboots.

  • Page 72: Configuring Dhcp Server And Dhcp Relay

    Type the IP address and the subnet mask in the applicable fields. Select the Enable DHCP Server on the Trusted Network checkbox. Type the first IP address that is available for the computers that connect to the trusted network. WatchGuard Firebox SOHO 6 Wireless...

  • Page 73: Setting Up Additional Computers On The Trusted Network

    Wireless to the remote DHCP server. The SOHO 6 Wireless receives the IP address sent from the DHCP server. The IP address is sent from the SOHO 6 Wireless to the computer that made the request. If the SOHO 6 Wireless cannot contact the remote DHCP...

  • Page 74: Configuring The Trusted Network With Static Addresses

    Shut down and restart the computer. Configuring the trusted network with static addresses To disable the SOHO 6 Wireless DHCP server and make static address assignments, follow these steps: Type the IP address of the trusted network in your browser...
  • Page 75 Configuring the Optional Network for Wireless Networking Follow these instructions to complete the configuration: Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Network = >...
  • Page 76 If you select this checkbox, all of the wireless devices that are connected to the optional network can access the computers on your trusted network. 10 To require encrypted MUVPN connections through the wireless interface, select the Requires Encrypted MUVPN connections on this interface checkbox. WatchGuard Firebox SOHO 6 Wireless...

  • Page 77: Configuring The Wireless Network

    MUVPN can be used to protect your network from unauthorized users accessing the SOHO 6 Wireless as well as to enforce your corporate policy by requiring telecommuters to authenticate to the SOHO 6 Wireless. When this feature is enabled, only a computer using the MUVPN software can access the SOHO 6 Wireless.

  • Page 78: Wireless Configuration

    System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Network = > Wireless Configuration. The Wireless Network Configuration page appears. WatchGuard Firebox SOHO 6 Wireless...
  • Page 79 From the Encryption drop-down list, select the level of encryption to apply to your wireless connections. The options are Disabled, 40/64 bit WEP , and 128 bit WEP . User Guide Configuring the Wireless Network...
  • Page 80 40/64 bit WEP or 128 bit WEP After you complete the initial connection between your wireless computer and SOHO 6 Wireless, you can change the Encryption setting to add WEP. Select either 40/64 bit encryption or 128 bit encryption. Select the highest level of encryption supported by the wireless card in the wireless computer.

  • Page 81: Changing The Basic Settings

    The default SSID is the 5-digit identification code from the serial number of the SOHO 6 Wireless. The first four digits of the serial number are the product code and are not used in the SSID. The next five digits of the serial number are the identification code.

  • Page 82: Logging Authentication Events

    SOHO 6 Wireless. The beacon rate is measured in milliseconds. The valid values are 100 through 10000. • If you want the SOHO 6 Wireless to broadcast the SSID in the beacon frames, select Enabled from the Broadcast SSID in AP Beacon Frames drop-down list.
  • Page 83 192.168.111.1/24 Wireless Client This mode allows the SOHO 6 Wireless to become a wireless client and communicate with other wireless access points. There are four options to choose from in order to set the proper operating region: North America, Europe, France, and Japan.

  • Page 84: Configuring Static Routes

    System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Network = > Routes. The Routes page opens. Click Add. The Add Route page opens. WatchGuard Firebox SOHO 6 Wireless...

  • Page 85: Viewing The Network Statistics

    From the Type drop-down list, select either Host or Network. Type the IP address and the gateway of the route in the applicable fields. The gateway of the route is the local interface of the router. Click Submit. To remove a route, select the route and click Remove. Viewing the Network Statistics The Network Statistics page gives information about network performance.

  • Page 86: Configuring The Dynamic Dns Service

    Configuring the Dynamic DNS Service This feature allows you to register the external IP address of the SOHO 6 Wireless with the dynamic DNS (Domain Name Server) service DynDNS.org. A dynamic DNS service makes sure that the IP address attached to your domain name is changed when your ISP assigns you a new IP address.
  • Page 87 From the navigation bar on the left side, select Network = > DynamicDNS. The Dynamic DNS client page opens. Select the Enable Dynamic DNS client checkbox. Type the domain, name, and password in the applicable fields. Click Submit. User Guide Configuring the Dynamic DNS Service...
  • Page 88 Chapter 4: Configure the Network Interfaces WatchGuard Firebox SOHO 6 Wireless...

  • Page 89: Chapter 5 Administrative Options

    CHAPTER 5 Options Use the SOHO 6 Wireless Administration page to configure access to the SOHO 6 Wireless. The System Security, SOHO 6 Wireless Remote Management feature, and VPN Manager Access are configured from the Administration page. The firmware updates,...

  • Page 90: System Security

    If the system administrator name and passphrase are unknown, you must reset the SOHO 6 Wireless to the factory default settings. See “Factory Default Settings” on page 35 for additional information. Change the System Administrator passphrase every month. Select a combination of eight letters, numbers, and symbols.

  • Page 91: Soho 6 Wireless Remote Management

    Click Submit. SOHO 6 Wireless Remote Management Both the SOHO 6 Wireless and SOHO 6tc Wireless include the SOHO 6 Wireless Remote Management feature. This feature allows a remote computer on an unsecured network to manage the SOHO 6 Wireless with a secure connection.
  • Page 92 Select the Enable SOHO 6 Wireless Remote Management checkbox. Type the Virtual IP address in the applicable field. This is the address that is used to connect to the SOHO 6 Wireless for remote management. Select an authentication algorithm from the Authentication Algorithm drop-down list.

  • Page 93: Setting Up Vpn Manager Access

    11 Right-click the icon and select Connect. The WatchGuard Mobile User Connect window appears. 12 Click Yes. 13 Type the IP address of the SOHO 6 Wireless external network in your browser window to connect to the System Status page. Setting up VPN Manager Access...
  • Page 94 Type the configuration passphrase and then type it again to confirm in the applicable fields. must These passphrases software or the connection will fail. Click Submit. match the passphrases used in the VPN Manager WatchGuard Firebox SOHO 6 Wireless...

  • Page 95: Updating The Firmware

    Administration = > Update. The Update page opens. If you configure your SOHO 6 Wireless from a computer that does not use the Windows operating system, such as Macintosh or Linux, you must update your firmware with this procedure. The WatchGuard installation programs supplied on CD-ROM are compatible only with Windows platforms.

  • Page 96: Activating The Soho 6 Wireless Upgrade Options

    Every SOHO 6 Wireless includes the software for all upgrade options. To activate an upgrade option, you must enter a license key in the configuration of the SOHO 6 Wireless. To receive a license key, purchase and activate an upgrade option at the LiveSecurity Service Web site.
  • Page 97 IPSec Virtual Private Networking (VPN) The VPN upgrade is necessary to configure virtual private networking. The SOHO 6tc Wireless includes a VPN upgrade license key. The SOHO 6 Wireless does not include a VPN upgrade license key. User Guide Activating the SOHO 6 Wireless Upgrade Options...
  • Page 98 The WebBlocker upgrade enables the Web filtering option. MUVPN Client The MUVPN Client upgrade allows remote users to connect to the SOHO 6 Wireless through a secure (IPSec) VPN tunnel. The MUVPN client creates an encrypted tunnel to your trusted or optional network depending on whether it is a wired or wireless connection.

  • Page 99: Viewing The Configuration File

    Viewing the Configuration File The contents of the SOHO 6 Wireless configuration file is available in text format from the View Configuration File page. Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless.
  • Page 100 Chapter 5: Administrative Options WatchGuard Firebox SOHO 6 Wireless...

  • Page 101: Chapter 6 Configure The Firewall Settings

    CHAPTER 6 Firewall Settings Firewall Settings The configuration settings of the SOHO 6 Wireless control the flow of traffic between the trusted network and the external network. The configuration you select depends on the types of risks that are acceptable for the trusted network.

  • Page 102: Common Services

    Chapter 6: Configure the Firewall Settings are permitted. For example, to operate a Web server behind the SOHO 6 Wireless, add an incoming Web service. Select carefully the number and the types of services that you add. The added services decrease the security of your network.

  • Page 103: Creating A Custom Service

    Locate a pre-configured service, such as FTP, Web, or Telnet. Then select either Allow or Deny from the drop-down list. The previous illustration shows the HTTP service configured to allow incoming traffic. Type the trusted network IP address of the computer to which this rule applies.
  • Page 104 Select TCP Port, UDP Port, or Protocol from the drop-down list below the Protocol Settings. The Custom Service page refreshes. In the fields separated by the word To, enter the port number or the range of port numbers, or enter the protocol number. WatchGuard Firebox SOHO 6 Wireless...

  • Page 105: Blocking External Sites

    11 Click Submit. Blocking External Sites The default configuration of the SOHO 6 Wireless: • Allows the transmission of all packets from the trusted network to the external network. • Prevents the transmission of all packets from the external network to the trusted network.
  • Page 106 Type a single host IP address, a network IP address, or the start and end of a range of host IP addresses in the applicable address field. Click Add. The address information appears in the Blocked Sites field. Click Submit. WatchGuard Firebox SOHO 6 Wireless...

  • Page 107: Firewall Options

    The Firewall Options page opens. Responding to ping requests from the external network You can configure the SOHO 6 Wireless to deny all ping packets received on the external interface. Select the Do not respond to PING requests received on External Network checkbox.

  • Page 108: Denying Ftp Access To The Trusted Network Interface

    Chapter 6: Configure the Firewall Settings Denying FTP access to the trusted network interface You can configure the SOHO 6 Wireless to prevent FTP access to the computers on the trusted network by the computers on the external network. Select the Do not allow FTP access to Trusted Network checkbox.
  • Page 109 When a computer in the trusted network uses a SOCKS-compatible application, other users on the trusted network have free access to the SOCKS proxy on that computer. Disable SOCKS on the SOHO 6 Wireless to prevent this security risk. See “Disabling SOCKS on the SOHO 6 Wireless”...

  • Page 110: Logging All Allowed Outbound Traffic

    Select Log All Allowed Outbound Access. Click Submit. Enabling the MAC address Override for the External Network If your ISP requires a MAC address, enable this option. The SOHO 6 Wireless will use its own MAC address for the trusted WatchGuard Firebox SOHO 6 Wireless...

  • Page 111: Creating An Unrestricted Pass Through

    Click Submit. If the MAC address for the external network field is cleared and the SOHO 6 Wireless is rebooted, the SOHO 6 Wireless is reset to the factory-default MAC address for the external network. To prevent MAC address collisions, the SOHO 6 Wireless searches the external network periodically for the override MAC address.

  • Page 112: From The Navigation Bar On The Left Side, Select

    Ethernet segment as the trusted network. Do not use a pass through connection unless the effect of the pass through connection on the security of the trusted network is known. WatchGuard Firebox SOHO 6 Wireless...

  • Page 113: Chapter 7 Configure Logging

    A denied packet is the most important type of event to log. A sequence of denied packets can show that an unauthorized person tried to access your network. The records in the SOHO 6 Wireless log are erased if the power supply is disconnected. User Guide...

  • Page 114: Viewing Soho 6 Wireless Log Messages

    Chapter 7: Configure Logging Viewing SOHO 6 Wireless Log Messages The SOHO 6 Wireless event log records a maximum of 150 log messages. If a new entry is added when the event log is full, the oldest log message is removed.
  • Page 115 Viewing SOHO 6 Wireless Log Messages The newest entry is shown at the top of the event log. This option synchronizes the clock of the SOHO 6 Wireless to your computer: • Click Sync Time with Browser now. The SOHO 6 Wireless synchronizes the time at startup.

  • Page 116: Setting Up Logging To A Watchguard Security Event Processor Log Host

    Firebox II/III. If you have a Firebox II/III, configure the WSEP to accept the log messages from your SOHO 6 Wireless. Then follow these instructions to send your event logs to the WSEP. Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless.

  • Page 117: Setting Up Logging To A Syslog Host

    Use the same encryption key recorded in the WSEP application. Setting up Logging to a Syslog Host This option sends the SOHO 6 Wireless log entries to a Syslog host. Follow these steps to configure a Syslog host: Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless.

  • Page 118: Setting The System Time

    VPN tunnel, the data is encrypted with IPSec technology. Setting the System Time The SOHO 6 Wireless records the time of each log entry. The time recorded in the log entries is from the SOHO 6 Wireless system clock. WatchGuard Firebox SOHO 6 Wireless...
  • Page 119 Follow these steps to set the system time: Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless. The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Logging = >...
  • Page 120 Chapter 7: Configure Logging WatchGuard Firebox SOHO 6 Wireless...

  • Page 121: Chapter 8 Soho 6 Wireless Webblocker

    WebBlocker checks each Web site request by users in the trusted network. The SOHO 6 Wireless sends to the database a request for the type of content found on the Web site. The SOHO 6 Wireless uses the rules shown below to control the access to Web sites:...

  • Page 122: Bypassing The Soho 6 Wireless Webblocker

    Web site in the WebBlocker database If the site is in the WatchGuard WebBlocker database, the SOHO 6 Wireless examines the configuration to see if that type of site is permitted. When the type of site is not permitted, the user is told that the site is not available. If the type of site is permitted, the Web browser opens the page.

  • Page 123: Purchasing And Activating Soho 6 Wireless Webblocker

    Purchasing and Activating SOHO 6 Wireless WebBlocker Purchasing and Activating SOHO 6 Wireless WebBlocker To use the WatchGuard SOHO 6 Wireless WebBlocker, you must purchase and enable the WebBlocker upgrade license key. See “Activating the SOHO 6 Wireless Upgrade Options” on page 70 for information about upgrade license keys.

  • Page 124: From The Navigation Bar On The Left Side, Select

    Chapter 8: SOHO 6 Wireless WebBlocker From the navigation bar on the left side, select WebBlocker = > Settings. The WebBlocker Settings page opens. Select the Enable WebBlocker checkbox. Type the full access password. The full access password allows a user to access all Web sites until the password expires or the browser is closed.
  • Page 125 From the navigation bar on the left side, select WebBlocker = > Groups. The WebBlocker Groups page opens. Click New to create a group name and profile. User Guide Configuring the SOHO 6 Wireless WebBlocker...
  • Page 126 Chapter 8: SOHO 6 Wireless WebBlocker Define a Group Name and select the types of content to filter for this group. Click Submit. A New Groups page opens that shows the configuration changes. WatchGuard Firebox SOHO 6 Wireless...

  • Page 127: Webblocker Categories

    To the right of the Users field, click New. The New User page opens. Type a new user name and passphrase and then type the passphrase again to confirm in the applicable fields. Use the Group drop-down list to assign the new user to a given group.
  • Page 128 Chapter 8: SOHO 6 Wireless WebBlocker sites describing how to grow and use marijuana but does not block sites discussing the historical use of marijuana. Alcohol/tobacco Pictures or text advocating the sale, consumption, or production of alcoholic beverages and tobacco products.
  • Page 129 prescribed for medicinal purposes (such as drugs used to treat glaucoma or cancer). Satanic/cult Pictures or text advocating devil worship, an affinity for evil, wickedness, or the advocacy to join a cult. A cult is defined as: a closed society that is headed by a single individual where loyalty is demanded and leaving is punishable.
  • Page 130 Chapter 8: SOHO 6 Wireless WebBlocker Sports and Leisure Pictures or text describing sporting events, sports figures, or other entertainment activities. Sex Education Pictures or text advocating the proper use of contraceptives. Topic includes sites devoted to the explanation and description of condoms, oral contraceptives, intrauterine appliances, and other types of contraceptives.
  • Page 131 WebBlocker Categories Partial/artistic Nudity Pictures exposing the female breast or full exposure of either male or female buttocks except when exposing genitalia which is handled under the Full Nudity category. Topic does not include swimsuits, including thongs. User Guide...
  • Page 132 Chapter 8: SOHO 6 Wireless WebBlocker WatchGuard Firebox SOHO 6 Wireless...

  • Page 133: Chapter 9 Vpn-Virtual Private Networking

    VPN connection. A VPN tunnel gives the security necessary to use the public Internet for a virtual private connection. What You Need • A SOHO 6 Wireless with the VPN upgrade option installed and another IPSec-compatible appliance. User Guide...
  • Page 134 Chapter 9: VPN—Virtual Private Networking IPSec-compatible appliances include the WatchGuard SOHO 6 Wireless, the Firebox II/III, and the Firebox Vclass. • The data from your ISP about the Internet connections for each of the two IPSec-compatible appliances: - Static IP address...
  • Page 135 255.255.255.0 Local Network An address used to identify a local network. A Address local network address cannot be used as an external IP address. WatchGuard recommends that you use an address from one of the reserved ranges: 10.0.0.0/8 172.16.0.0/12—255.240.0.0 192.168.0.0/16—255.255.0.0 Site A: 192.168.111.0/24...

  • Page 136: Enabling The Vpn Upgrade

    Enabling the VPN upgrade To activate an upgrade option, you must enter a license key in the configuration of the SOHO 6 Wireless. To receive a license key, purchase and activate an upgrade option at the LiveSecurity Service Web site.

  • Page 137: Setting Up Multiple Soho 6 Wireless To Soho 6 Wireless Vpn Tunnels

    Setting Up Multiple SOHO 6 Wireless to SOHO 6 Wireless VPN Tunnels Setting Up Multiple SOHO 6 Wireless to SOHO 6 Wireless VPN Tunnels An administrator of a SOHO 6 Wireless can configure a maximum of six VPN tunnels to other SOHO 6 Wireless appliances. The VPN Manager software can configure a larger number of SOHO 6 Wireless to SOHO 6 Wireless tunnels.
  • Page 138 Use the default Phase 1 settings or change the settings as necessary. To modify Phase 1 settings, complete the following steps: The Phase 1 settings must be the same on both appliances. WatchGuard Firebox SOHO 6 Wireless...
  • Page 139 Setting Up Multiple SOHO 6 Wireless to SOHO 6 Wireless VPN Tunnels Select the negotiation Mode for Phase 1 from the drop-down list. The mode selections are Main and Aggressive. If the external IP address is dynamic, select Aggressive Mode. If the external IP address is static, use either mode.
  • Page 140 Chapter 9: VPN—Virtual Private Networking closes, the SOHO 6 Wireless does a rekey to open the tunnel again. The Generate IKE Keep Alive Messages checkbox is selected in the default configuration. Use the default Phase 2 settings, or change the Phase 2 settings as shown below: Make sure that the Phase 2 settings are the same on both appliances.

  • Page 141: Creating A Vpn Tunnel To A Soho 6 Wireless With An Ipsec-Compliant Appliance

    Creating a VPN Tunnel to a SOHO 6 Wireless with an IPSec-Compliant Appli- Creating a VPN Tunnel to a SOHO 6 Wireless with an IPSec-Compliant Appliance Instructions that tell how to configure a VPN tunnel between a SOHO 6 Wireless and another IPSec-compatible appliance are available from the WatchGuard Web site: https://www.watchguard.com/support/AdvancedFaqs/sointerop_main.asp...

  • Page 142: Configuring Split Tunneling

    The Add Gateway page opens. Configure the gateway. See “Setting Up Multiple SOHO 6 Wireless to SOHO 6 Wireless VPN Tunnels” on page 111 for information about the Add Gateway page. Type the network IP address of the local network and remote networks in the applicable fields.

  • Page 143: Viewing The Vpn Statistics

    IPSec VPN tunnel. The remote user gains access to the local trusted network and the networks connected by VPN tunnels to the local SOHO 6 Wireless. The SOHO 6 Wireless also allows users on the trusted network to access the networks connected by VPN tunnels to the local SOHO 6 Wireless.

  • Page 144: How Do I Get A Static External Ip Address

    From Site A, ping 192.168.111.1. If the VPN tunnel functions correctly, the remote SOHO 6 Wireless sends the ping back. If the ping does not come back, make sure the local settings are correct. Make sure that the local DHCP address ranges for the two networks connected by the VPN tunnel do not use any of the same IP addresses.

  • Page 145: How Do I Obtain A Vpn Upgrade License Key

    You can purchase a license key for an upgrade from the WatchGuard Web site: http://www.watchguard.com/sales/buyonline.asp How do I enable a VPN tunnel? The instructions to help you enable a VPN tunnel are available from the WatchGuard Web site: https://support.watchguard.com/AdvancedFaqs/sointerop_main.asp User Guide...
  • Page 146 Chapter 9: VPN—Virtual Private Networking WatchGuard Firebox SOHO 6 Wireless...

  • Page 147: Chapter 10 Muvpn Clients

    Internet connection and activates the MUVPN client. The MUVPN client then creates an encrypted tunnel, protected behind a SOHO 6 Wireless, to your trusted or optional network depending on if it is a wired or wireless connection. A wired connection goes to the trusted and the wireless connection goes to the optional.

  • Page 148: Configuring The Soho 6 Wireless For Muvpn Clients

    If you have a wireless network, you can configure the network to require wireless computers to have an encrypted MUVPN connection to access the SOHO 6 Wireless. For information on how to require an MUVPN connection, see “Configure the Optional Network for Wireless Networking”...
  • Page 149 Click Add. The Add MUVPN Client page appears. User Guide Configuring the SOHO 6 Wireless for MUVPN Clients...

  • Page 150: Preparing The Remote Computers To Use The Muvpn Client

    The virual IP address is the same as the IP address on the Trusted Network Configuration page. This address is used by the remote computer to connect to the SOHO 6 Wireless. From the Authentication Algorithm drop-down list, select the type of encryption.

  • Page 151: Windows 98/Me Operating System Setup

    WINS servers and the DNS servers. These servers are located on the trusted network that is protected by the SOHO 6 Wireless. To communicate with these servers, the remote computer must have the proper Windows components installed and configured.
  • Page 152 From the Network window: Click the Configuration tab and then click Add. The Select Network Component Type window appears. Select Client and then click Add. The Select Network Client window appears. WatchGuard Firebox SOHO 6 Wireless...
  • Page 153 Preparing the Remote Computers to Use the MUVPN Client Select Microsoft from the list at left. Select Client for Microsoft Networks from the list at right and then click OK. Select Client for Microsoft Networks and then click Properties. Select the Log on to Windows NT domain checkbox. Type the domain name in the Windows NT Domain text box.
  • Page 154 Search Order text field. Click Add. If you have multiple remote DNS servers, repeat steps 5 and 6. The DNS server on the private network behind the SOHO 6 Wireless must be the first server in the list. Click the WINS Configuration tab and then select the Enable WINS Resolution checkbox.

  • Page 155: Windows Nt Operating System Setup

    Preparing the Remote Computers to Use the MUVPN Client 10 Click Yes to restart the computer. The computer reboots. Windows NT operating system setup This section describes how to install and configure the network components that are required for the Windows NT operating system.
  • Page 156 The remote computer must be able to communicate with the WINS servers and the DNS servers. These servers are located on the trusted network that is protected by the SOHO 6 Wireless. From the Windows desktop: Select Start => Settings = > Control Panel.

  • Page 157: Windows 2000 Operating System Setup

    Preparing the Remote Computers to Use the MUVPN Client The DNS server on the private network behind the SOHO 6 Wireless must be the first server in the list. Click the WINS Address tab, type the IP address of your WINS server in the applicable field, and then click OK.
  • Page 158 From the connection window, Networking tab: Click Install. The Select Network Component Type window appears. Double-click the Client network component. The Select Network Protocol window appears. Select the Client for Microsoft Networks network client and then click OK. WatchGuard Firebox SOHO 6 Wireless...
  • Page 159 Add. To add additional DNS servers, repeat steps 3 and 4. The DNS server on the private network behind the SOHO 6 Wireless must be the first server in the list. Select the Append these DNS suffixes (in order) checkbox and then click Add.

  • Page 160: Windows Xp Operating System Setup

    - Client for Microsoft Networks Installing the Internet Protocol (TCP/IP) Network Component From the connection window, Networking tab: Click Install. The Select Network Component Type window appears. Double-click the Protocol network component. The Select Network Protocol window appears. WatchGuard Firebox SOHO 6 Wireless...
  • Page 161 The remote computer must be able to communicate with the WINS servers and the DNS servers. These servers are located on the trusted network that is protected by the SOHO 6 Wireless. From the connection window, Networking tab: Select the Internet Protocol (TCP/IP) component.
  • Page 162 Add. To add additional DNS servers, repeat steps 4 and 5. The DNS server on the private network behind the SOHO 6 Wireless must be the first server in the list. Select the Append these DNS suffixes (in order) checkbox and then click Add.

  • Page 163: Installing And Configuring The Muvpn Client

    Installing and Configuring the MUVPN Client The MUVPN installation files are available at the WatchGuard Web site: http://www.watchguard.com/support To install and configure the MUVPN client, you must have local administrator rights on the remote computer. Installing the MUVPN client Follow these steps to install the MUVPN client: Copy the MUVPN installation file to the remote computer.

  • Page 164: Configuring The Muvpn Client

    ZoneAlarm, see “The ZoneAlarm Personal Firewall” on page 156. Configuring the MUVPN client When the computer restarts, the WatchGuard Policy Import window opens. Click Cancel. From the Windows desktop system tray: Right-click the MUVPN client icon and then select Activate Security Policy.
  • Page 165 Double-click the MUVPN client icon. The Security Policy Editor window appears. The ZoneAlarm personal firewall may display alert messages. For more information regarding ZoneAlarm see “The ZoneAlarm Personal Firewall” on page 156. Select Edit = > Add => Connection. A New Connection appears in the Network Security Policy field at left. The Connection Security, Remote Party Identity, and Addressing settings appear at right.
  • Page 166 The addresses you type in the Subnet and Mask fields must be identical to the Virtual IP Address you typed on the Add MUVPN Client page. See “Configuring the SOHO 6 Wireless for MUVPN Clients” on page 122. Select All from the Protocol drop-down list.
  • Page 167 Defining the My Identity settings To define the My Identity settings, follow these steps. Expand the Network Security Policy to display the new entry. The My Identity and Security Policy entries appear. Select Security Policy. The Security Policy dialog box appears. Select Aggressive Mode.
  • Page 168 The Global Policy Settings window appears. Select the Allow to Specify Internal Network Address checkbox and then click OK. The Internal Network IP Address field appears in the My Identity section. Select None from the Select Certificate drop-down list. WatchGuard Firebox SOHO 6 Wireless...
  • Page 169 Select E-mail Address from the ID Type drop-down list and then enter the user name defined on the SOHO 6 Wireless in the applicable field. 10 Select Disabled from the Virtual Adapter drop-down list. 11 Type 0.0.0.0 in the Internal Network IP Address field if this value does not appear by default.

  • Page 170: Defining Phase 1 And Phase 2 Settings

    Both the pre-shared key and the e-mail address must exactly match the system passphrase and system administrator name settings of the SOHO 6 Wireless. If they do not match, the connection will fail. Defining Phase 1 and Phase 2 settings Follow these steps to define the Phase 1 and Phase 2 settings.
  • Page 171 Select Pre-Shared Key from the Authentication Method drop- down list. These values must match the settings of the Firebox SOHO 6 Wireless. Select DES from the Encrypt Alg drop-down list and then select SHA-1 from the Hash Alg drop-down list.
  • Page 172 11 Type in the Seconds field and 12 Select None from the Compression drop-down list. This is the default setting. The SOHO 6 Wireless does not support compression. 13 Select the Encapsulation Protocol (ESP) checkbox. 14 Select a value for the Encrypt Alg and Hash Alg drop-down lists.

  • Page 173: Uninstalling The Muvpn Client

    Uninstalling the MUVPN client Follow these directions to uninstall the MUVPN client. WatchGuard recommends that you use the Windows Add/ Remove Programs tool. Disconnect all existing tunnels and dial-up connections. Reboot the remote computer. Perform these steps from the Windows desktop: Select Start =>...

  • Page 174: Configuring The Soho 6 For Muvpn Clients Using Pocket Pc

    The Add MUVPN Client page appears. Type a user name and a shared key in the applicable fields. The user name is used as the e-mail address and the passphrase is used as the pre-shared key for the MUVPN client. WatchGuard Firebox SOHO 6 Wireless...

  • Page 175: Connecting And Disconnecting The Muvpn Client

    The options are DES-CBC and 3DES-CBC. Select Pocket PC from the VPN Client Type drop-down list. Click Submit. For additional information about configuring your Pocket PC to serve as an MUVPN client, go to the WatchGuard Web site: https://www.watchguard.com/support/sohoresources/soinstallhelp.asp Connecting and Disconnecting the MUVPN Client The MUVPN client software makes a secure connection from a remote computer to your protected network through the Internet.

  • Page 176: The Muvpn Client Icon

    “The MUVPN client icon” on page 150. From the Windows desktop, select Start = > Programs => Mobile User VPN = > Connect. The WatchGuard Mobile User Connect window appears. Click Yes. The MUVPN client icon The MUVPN icon appears in the Windows desktop system tray.
  • Page 177 Connecting and Disconnecting the MUVPN Client The MUVPN client is ready to establish a secure, MUVPN tunnel connection. The red bar on the right of the icon indicates that the client is transmitting unsecured data. User Guide...
  • Page 178 Unsecured Data The MUVPN client has established at least one secure, MUVPN tunnel connection. The red and green bars on the right of the icon indicate that the client is transmitting both secured and unsecured data. WatchGuard Firebox SOHO 6 Wireless...

  • Page 179: Allowing The Muvpn Client Through The Personal Firewall

    Connecting and Disconnecting the MUVPN Client Allowing the MUVPN client through the personal firewall The following programs are associated with the MUVPN client. To establish the MUVPN tunnel, you must allow these programs through the personal firewall: • MuvpnConnect.exe • IreIKE.exe The personal firewall will detect when these programs attempt to access the Internet.

  • Page 180: Disconnecting The Muvpn Client

    If the ZoneAlarm personal firewall is active, deactivate it now. From the Windows desktop system tray: Right-click the ZoneAlarm icon shown at right. Select Shutdown ZoneAlarm. The ZoneAlarm window appears. Click Yes. WatchGuard Firebox SOHO 6 Wireless...

  • Page 181: Monitoring The Muvpn Client Connection

    Monitoring the MUVPN Client Connection The Log Viewer and the Connection Monitor are installed with the MUVPN client. These tools can be used to monitor the MUVPN connection and to diagnose problems that may occur. Using the Log Viewer The Log Viewer displays the communications log. This log shows the events that occurred during the connection of the MUVPN tunnel.

  • Page 182: The Zonealarm Personal Firewall

    ZoneAlarm protects these ports by following a simple rule: Block all incoming and outgoing traffic unless you explicitly allow that traffic for trusted programs. When you use ZoneAlarm, you often see New Program alert windows similar to the following image. WatchGuard Firebox SOHO 6 Wireless...

  • Page 183: Allowing Traffic Through Zonealarm

    The ZoneAlarm Personal Firewall This alert appears whenever one of your programs attempts to access the Internet or your local network. This alert ensures that no information leaves your computer without your authorization. IThe ZoneAlarm personal firewall provides a brief tutorial after the MUVPN client is installed.
  • Page 184 Remember the answer each time I use this program checkbox. Here is a list of some programs that need to pass through the ZoneAlarm personal firewall when you use their associated applications. WatchGuard Firebox SOHO 6 Wireless...

  • Page 185: Shutting Down Zonealarm

    Must Programs That MUVPN client MUVPN Connection Monitor MUVPN Log Viewer Programs That MS Outlook MS Internet Explorer Netscape 6.1 Opera Web browser Standard Windows network applications Shutting down ZoneAlarm From the Windows desktop system tray: Right-click the ZoneAlarm icon shown at right. Select Shutdown ZoneAlarm.

  • Page 186: Troubleshooting Tips

    Click OK to reboot your system. Troubleshooting Tips Additional information about how to configure the MUVPN client is available from the WatchGuard Web site: www.watchguard.com/support The answers to several frequently asked questions about the MUVPN client are answered below.

  • Page 187: I Have To Enter My Network Login Information Even When I'm Not Connected To The Network

    When the MUVPN client is not in use, both ZoneAlarm and the MUVPN client should be deactivated. From the Windows desktop system tray: Reboot your computer. Right-click the MUVPN client icon and then select Deactivate Security Policy. The MUVPN client icon with a red bar is displayed to indicate that the Security Policy has been deactivated.

  • Page 188: Is The Muvpn Tunnel Working

    The Map Network Drive window appears. Use the drop-down list to select a drive letter. Select a drive from the drop-down list or type a network drive path. Click OK. ping followed by the IP WatchGuard Firebox SOHO 6 Wireless...

  • Page 189: I Am Sometimes Prompted For A Password When I Am Browsing The Company Network

    Troubleshooting Tips The mapped drive appears in the My Computer window. Even if you select the Reconnect at Logon checkbox, the mapped drive will appear the next time you start your computer only if the computer is directly connected to the network. I am sometimes prompted for a password when I am browsing the company network...
  • Page 190 Chapter 10: MUVPN Clients WatchGuard Firebox SOHO 6 Wireless...

  • Page 191: Chapter 11 Support Resources

    What do the PWR, Status, and Mode lights signify on the SOHO 6 Wireless? When the PWR light is lit, the SOHO 6 Wireless is connected to a power source. When the Status light is lit, there is a management connection to the SOHO 6 Wireless.
  • Page 192 The SOHO 6 Wireless cannot connect to the external network. Possible causes of this problem include: • The SOHO 6 Wireless did not receive an IP address for the external interface from the DHCP server. • The WAN port is not connected to another appliance.
  • Page 193 These indicators show whether the SOHO 6 Wireless is wired to a computer or hub. If the indicators are not lit, the SOHO 6 Wireless is not wired to the computer or hub. Make User Guide Troubleshooting tips...
  • Page 194 I browse the Internet? If you can connect to the configuration page, but not the Internet, there is a problem with the connection from the SOHO 6 Wireless to the Internet. • Make sure the cable modem or DSL modem is connected to the SOHO 6 Wireless and the power supply.

  • Page 195: Configuration

    Configuration Where are the SOHO 6 Wireless settings stored? The configuration parameters are stored in memory on the SOHO 6 Wireless. How do I set up DHCP on the trusted network of the SOHO 6 Wireless? Make sure your computer is configured to use DHCP. See “Enabling your computer for DHCP”...
  • Page 196 Select the Enable WebBlocker checkbox. Type a passphrase in the Full Access Password field. Type the number of minutes for the inactivity timeout in the applicable field. To disable WebBlocker, clear the Enable WebBlocker checkbox. 255.240.0.0 255.255.0.0 WatchGuard Firebox SOHO 6 Wireless...
  • Page 197 How do I allow incoming services such as POP3, Telnet, and Web (HTTP)? Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless. The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Firewall =>...

  • Page 198: Vpn Management

    See “What You Need” on page 107. Make sure that the two appliances use the same encryption and authentication method. How do I set up my SOHO 6 Wireless for VPN Manager Access? This requires the add-on product, WatchGuard VPN Manager, which is purchased separately and used with the WatchGuard Firebox System software.

  • Page 199: Contacting Technical Support

    WatchGuard Web Site: https://support.watchguard.com/AdvancedFaqs/ Special notices The online help system is not yet available on the WatchGuard Web site. Click on the Help link at the top of the System Status page to connect to the WatchGuard Product Documentation page, which has links to more information sources.
  • Page 200 Chapter 11: Support Resources WatchGuard Firebox SOHO 6 Wireless...

  • Page 201: Index

    Index Numerics 100 indicator Add Gateway page Add Route page Allowed Hardware Addresses page Blocked Sites page blocked sites, configuring blocking external sites cables correct setup included in package required cabling for 1 - 4 appliances for 5+ appliances channel bandwidth configuration file, viewing custom incoming services, creating...
  • Page 202 MAC address override, enabling Macintosh operating system Manual VPN page maximum data rate Mode indicator MODE light multipath, described MUVPN client allowing through personal firewall configuring configuring SOHO 6 Wireless connecting described WatchGuard Firebox SOHO 6 Wireless 36, 37 12, 165, 166 87–93...
  • Page 203 Firewall Incoming Traffic Firewall Options Logging Manual VPN MUVPN Clients Network Statistics New Groups New User Optional Network Routes SOHO 6 Wireless Syslog Logging 41– System Security System Status System Time Trusted Network Unrestricted Pass Through IP Update Upgrade View Configuration File...
  • Page 204 VPNs between upgrade options viewing log messages for SOHO 6 Wireless Administration page split tunneling static IP addresses and VPNs obtaining WatchGuard Firebox SOHO 6 Wireless 7, 13...
  • Page 205 WAN indicator WAN port WatchGuard Security Event Processor WatchGuard Security Event Processor page WebBlocker activating bypassing categories configuring creating users and groups for 67–68...
  • Page 206 Wireless Encryption Privacy (WEP) Wireless Network Configuration page 29, 52 wireless networks configuring optional network described 6–7 security WSEP ZoneAlarm allowing traffic through described 122, 156 shutting down uninstalling WatchGuard Firebox SOHO 6 Wireless...

Table of Contents