Watchguard Firebox X20E Reference Manual
  1. Manuals
  2. Brands
  3. Watchguard Manuals
  4. Gateway
  5. Firebox X20E
  6. Reference manual

Watchguard Firebox X20E Reference Manual

Vpn gateway
Hide thumbs Also See for Firebox X20E:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual, Installation Manual
WatchGuard
®
Firebox
System
Reference Guide
Firebox System 4.6

Advertisement

Table of Contents
loading

Related Manuals for Watchguard Firebox X20E

Summary of Contents for Watchguard Firebox X20E

  • Page 1 WatchGuard ® Firebox System ™ Reference Guide Firebox System 4.6...
  • Page 2 Copyright© 1998 - 2001 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, Firebox, LiveSecurity, and SpamScreen are either registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and other countries. This product is covered by one or more pending patent applications.

  • Page 3: Table Of Contents

    CHAPTER 2 Mime content types list ..............9 Services and Ports ............19 CHAPTER 3 Ports used by WatchGuard products ..........19 Ports used by Microsoft products ..........20 Well-known services list ..............21 WebBlocker Content ............29 CHAPTER 4 WebBlocker categories ..............
  • Page 4 Firebox Read-Only System Area ........39 CHAPTER 6 Initializing a Firebox using Hands-Free Installation ......40 Initializing a Firebox using a serial cable ........40 Initializing a Firebox using a modem ..........43 Initializing using remote provisioning ...........43 Managing flash disk memory ............44 Out-of-Band Initialization Strings ........47 CHAPTER 7 PPP initialization strings...

  • Page 5: Internet Protocol Reference

    Internet Protocol Reference CHAPTER 1 Internet Protocol (IP) specifies the format of packets and the addressing scheme for sending data over the Internet. By itself, it functions like a postal system allowing you to address a package and drop it into the system. There is, however, no direct link between you and the recipient.

  • Page 6: Ip Header Number List

    Internet Protocol header Attribute Size Description Protocol 8 bits IP protocol number. Indicates which of TCP , UDP , ICMP , IGMP , or other Transport protocol is inside. Check 16 bits Checksum for the IP header Sour_Addr 32 bits Source IP address Dest_Addr 32 bits...
  • Page 7 Internet Protocol header Keyword Number Protocol Reliable Data Protocol IRTP Internet Reliable Transaction ISO-TP4 ISO Transport Protocol Class 4 NETBLT Bulk Data Transfer Protocol MFE-NSP MFE Network Services Protocol MERIT-INP MERIT Internodal Protocol Sequential Exchange Protocol Third Party Connect Protocol IDPR Inter-Domain Policy Routing Protocol Datagram Delivery Protocol...
  • Page 8 Internet Protocol header Keyword Number Protocol VISA VISA Protocol IPCV Internet Packet Core Utility CPNX Computer Protocol Network Executive CPHB Computer Protocol Heart Beat Wang Span Network Packet Video Protocol BR-SAT-MON Backroom SATNET Monitoring SUN-ND SUN NDPROTOCOL-Temporary WB-MON WIDEBAND Monitoring WB-EXPAK WIDEBAND EXPAK ISO-IP...

  • Page 9: Internet Protocol Options

    Internet Protocol options Internet Protocol options Internet Protocol options are variable-length additions to the standard IP header. IP options can either be of limited usefulness or very dangerous. There are several kinds of IP options: Security Control routing of IP packets that carry sensitive data. Security options are rarely supported.

  • Page 10: Other Protocols

    Transfer protocols • Often used for services involving the transfer of small amounts of data where retransmitting a request is not a problem. • Used for services such as time synchronization in which an occasionally lost packet will not affect continued operation. Many systems using UDP resend packets at a constant rate to inform their peers about interesting events.

  • Page 11: Standard Ports And Random Ports

    Standard ports and random ports IPIP (IP-within-IP) An encapsulation protocol used to build virtual networks over the Internet. GGP (Gateway-Gateway Protocol) A routing protocol used between autonomous systems. A protocol used for PPTP. An encryption protocol used for IPSec. Standard ports and random ports UDP and TCP encapsulate information contained within the application layer.
  • Page 12 Standard ports and random ports...

  • Page 13: Chapter 2 Content Types

    One source of current MIME types is ftp://ftp.isi.edu/in-notes/iana/assignments/media- types In addition, WatchGuard encourages you to e-mail requests for inclusion of new content types in our master list to manual@watchguard.com Mime content types list application/*...
  • Page 14 Mime content types list application/applefile Generic Macintosh files application/astound Astound Web Player application/atomicmail Atomic Mail application/cals-1840 CALS (RFC 1895) application/commonground application/cybercash application/dca-rft application/dec-dx application/eshop application/hyperstudio application/iges application/mac-binhex40 application/macwriteii application/marc application/mathematica application/ms-excel Excel spreadsheet application/msword Word document application/news-message-id application/news-transmission application/octet-stream application/oda application/pdf application/pgp-encrypted PGP encrypted (RFC 2015)
  • Page 15 Mime content types list application/sgml SGML application (RFC 1874) application/sgml-open-catalog application/slate application/vis5d Vis5D 5-dimensional data application/vnd.3M.Post-it-Notes application/vnd.FloGraphIt application/vnd.acucobol application/vnd.acucobol~ application/vnd.anser-web-certificate-issue- initiation application/vnd.anser-web-funds-transfer- initiation application/vnd.audiograph application/vnd.businessobjects application/vnd.claymore application/vnd.commerce-battelle application/vnd.commonspace application/vnd.cosmocaller application/vnd.cybank application/vnd.dna application/vnd.dxr application/vnd.ecdis-update application/vnd.ecowin.chart application/vnd.ecowin.filerequest application/vnd.ecowin.fileupdate application/vnd.ecowin.series application/vnd.ecowin.seriesrequest application/vnd.ecowin.seriesupdate application/vnd.ecowin.seriesupdate application/vnd.enliven application/vnd.epson.quickanime application/vnd.epson.salt...
  • Page 16 Mime content types list application/vnd.fujixerox.docuworks application/vnd.fut-misnet application/vnd.hp-HPGL application/vnd.hp-PCL application/vnd.hp-PCLXL application/vnd.hp-hps application/vnd.ibm.MiniPay application/vnd.ibm.modcap application/vnd.intercon.formnet application/vnd.intertrust.digibo+ application/vnd.intertrust.nncp application/vnd.intu.qbo application/vnd.is-xpr application/vnd.japannet-directory-service application/vnd.japannet-jpnstore-wakeup application/vnd.japannet-payment-wakeup application/vnd.japannet-registration application/vnd.japannet-registration-wakeup application/vnd.japannet-setstore-wakeup application/vnd.japannet-verification application/vnd.japannet-verification-wakeup application/vnd.koan application/vnd.lotus-1-2-3 application/vnd.lotus-approach application/vnd.lotus-freelance application/vnd.lotus-organizer application/vnd.lotus-screencam application/vnd.lotus-wordpro application/vnd.meridian-slingshot application/vnd.mif application/vnd.minisoft-hp3000-save application/vnd.mitsubishi.misty-guard.trustweb application/vnd.ms-artgalry application/vnd.ms-asf application/vnd.ms-powerpoint application/vnd.ms-project application/vnd.ms-tnef application/vnd.ms-works application/vnd.music-niff...
  • Page 17 Mime content types list application/vnd.musician application/vnd.netfpx application/vnd.noblenet-directory application/vnd.noblenet-sealer application/vnd.noblenet-web application/vnd.novadigm.EDM application/vnd.novadigm.EDX application/vnd.novadigm.EXT application/vnd.osa.netdeploy application/vnd.powerbuilder6 application/vnd.powerbuilder6-s application/vnd.powerbuilder6~ application/vnd.publishare-delta-tree application/vnd.rapid application/vnd.seemail application/vnd.shana.informed.formdata application/vnd.shana.informed.formtemp application/vnd.shana.informed.interchange application/vnd.shana.informed.package application/vnd.street-stream application/vnd.svd application/vnd.swiftview-ics application/vnd.truedoc application/vnd.uplanet.alert application/vnd.uplanet.alert-wbxml application/vnd.uplanet.bearer-choi-wbxml application/vnd.uplanet.bearer-choice application/vnd.uplanet.cacheop application/vnd.uplanet.cacheop-wbxml application/vnd.uplanet.channel application/vnd.uplanet.channel-wbxml application/vnd.uplanet.list application/vnd.uplanet.list-wbxml application/vnd.uplanet.listcmd application/vnd.uplanet.listcmd-wbxml application/vnd.uplanet.signal application/vnd.visio application/vnd.webturbo application/vnd.wrq-hp3000-labelled...
  • Page 18 Mime content types list application/vnd.wt.stf application/vnd.xara application/vnd.yellowriver-custom-menu application/wita Wang Info. Transfer Format (Wang) application/wordperfect5.1 WordPerfect 5.1 document application/x-alpha-form Specialized data entry forms application/x-asap ASAP WordPower application/x-bcpio Old CPIO format application/x-chat Interactive chat (Ichat) application/x-cpio POSIX CPIO format application/x-csh UNIX c-shell program application/x-director Macromedia Shockwave application/x-dvi...
  • Page 19 Mime content types list application/x-troff-me Troff document with ME macros application/x-troff-ms Troff document with MS macros application/x-ustar POSIX tar format application/x-wais-source WAIS sources application/x-webbasic Visual Basic objects application/x400-bp X.400 mail message body part (RFC 1494) application/xml application/zip DOS/PC - Pkzipped archive audio/* audio/32kadpcm audio/basic...
  • Page 20 Mime content types list image/vnd.net-fpx image/vnd.svf image/vnd.xiff image/wavelet Wavelet-compressed image/x-cals CALS Type 1 or 2 image/x-cmu-raster CMU raster image/x-cmx CMX vector image image/x-dwg AutoCad Drawing image/x-dxf AutoCad DXF file image/x-mgx-dsf QuickSilver active image image/x-ms-bmp Microsoft Windows bitmap image/x-photo-cd Kodak Photo-CD image/x-pict Macintosh PICT format image/x-png...
  • Page 21 Mime content types list multipart/byteranges multipart/digest multipart/encrypted multipart/form-data multipart/header-set multipart/mixed multipart/parallel multipart/related multipart/report multipart/signed multipart/voice-message qfn/updatedir Quicken Financial News qfn/stockqt Quicken Financial News qfn/datadld Quicken Finanical News text/* text/css Cascading Stylesheets text/enriched Enriched text markup (RFC 1896) text/html HTML text data (RFC 1866) text/javascript Javascript program text/plain...
  • Page 22 Mime content types list video/vivo Vivo streaming video (Vivo software) video/vnd.motorola.video video/vnd.motorola.videop video/vnd.vivo video/x-ms-asf Microsoft NetShow (streaming audio and video) video/x-msvideo Microsoft video video/x-sgi-movie SGI Movie format workbook/* workbook/formulaone Spreadsheets (Visual Components) x-conference/x-cooltalk Netscape Cooltalk chat data (Netscape) x-form/x-openscape OpenScape OLE/OCX object x-model/x-mesh Computational meshes for numerical simulations...

  • Page 23: Services And Ports

    This chapter contains several tables that list service names, port number, protocol and description. Ports used by WatchGuard products The WatchGuard Firebox, Management Station, and LiveSecurity Event Processor (LSEP) use several ports during normal functioning. Port #...

  • Page 24: Ports Used By Microsoft Products

    Ports used by Microsoft products Ports used by Microsoft products Port # Protocol Purpose 137, 138 Browsing 67, 68 DHCP Lease DHCP Manager Directory Replication DNS Administration DNS Resolution Event Viewer File Sharing 137, 138 Logon Sequence NetLogon 137, 138 Pass Through Validation Performance Monitor 1723...

  • Page 25: Well-Known Services List

    NNTP (SSL) Well-known services list In addition to the ports used by services described above, WatchGuard maintains a list of well-known services. Because software developers regularly add new services, this does not represent a comprehensive list of all possible services. For more information, see J.
  • Page 26 Well-known services list Service Name Port # Protocol Description msg-auth TCP/UDP MSG Authentication TCP/UDP Display Support Protocol time TCP/UDP Time TCP/UDP Route Access Protocol TCP/UDP Resource Location Protocol graphics TCP/UDP Graphics nameserver TCP/UDP Host Name Server nicname TCP/UDP whois mpm-flags TCP/UDP MPM Flags TCP/UDP...
  • Page 27 Well-known services list Service Name Port # Protocol Description finger TCP/UDP Finger www-http TCP/UDP World Wide Web HTTP hosts2-ns TCP/UDP HOSTS2 Name Server xfer TCP/UDP XFER utility mit-ml-dev TCP/UDP MIT ML device TCP/UDP Common Trace Facility mit-ml-dev TCP/UDP MIT ML device mfcobol TCP/UDP Micro Focus Cobol...
  • Page 28 Well-known services list Service Name Port # Protocol Description uucp-path TCP/UDP UUCP Path Service sqlserv TCP/UDP SQL Services nntp TCP/UDP Network News Transfer Protocol cfdptkt TCP/UDP CFDPTKT erpc TCP/UDP Encore Expedited RPC smakynet TCP/UDP SMAKYNET TCP/UDP Network Time Protocol ansatrader TCP/UDP ANSA REX Trader locus-map...
  • Page 29 Well-known services list Service Name Port # Protocol Description rsvd TCP/UDP RSVD send TCP/UDP SEND xyplex-mux TCP/UDP Xyplex MUX xdmcp TCP/UDP X Display Manager Control Protocol NextStep TCP/UDP NextStep Window Server TCP/UDP Border Gateway Protocol unify TCP/UDP Unify TCP/UDP Internet Relay Chat Protocol at-rtmp TCP/UDP AppleTalk Routing Maintenance...
  • Page 30 Well-known services list Service Name Port # Protocol Description courier TCP/UDP conference TCP/UDP Chat netnews TCP/UDP Readnews netwall TCP/UDP For emergency broadcasts uucp TCP/UDP Uucpd uucp-rlogin TCP/UDP Uucp-rlogin Stuart Lynne klogin TCP/UDP kshell TCP/UDP Krcmd dhcpv6-client TCP/UDP DHCPv6 Client dhcpv6-server TCP/UDP DHCPv6 Server cybercash...
  • Page 31 Well-known services list Service Name Port # Protocol Description 5002 TCP/UDP Radio free ethernet 5190 America OnLine 6000 TCP/UDP X Window System (through 6063) font-service 7100 TCP/UDP X Font Service 8000 TCP/UDP NCD Network Audio Server iphone 6670 for connecting to the phone server iphone 22555 for audio...
  • Page 32 Well-known services list...

  • Page 33: Chapter 4 Webblocker Content

    WebBlocker relies on a URL database built and maintained by SurfControl. The Firebox automatically and regularly downloads a current version of the WebBlocker database from the WatchGuard Web site to your log host. The Firebox then copies the new version into memory. This process ensures the most up-to-date Web filtering and blocking capabilities.
  • Page 34 WebBlocker categories Militant/Extremist Pictures or text advocating extremely aggressive or combative behavior or advocacy of unlawful political measures. Topic includes groups that advocate violence as a means to achieve their goals. It also includes pages devoted to “how to” information on the making of weapons (for both lawful and unlawful reasons), ammunition, and pyrotechnics.

  • Page 35: Searching For Blocked Sites

    Searching for Blocked Sites included in this category are commercial sites selling sexual paraphernalia (topics included under Sexual Acts). Sexual Acts Pictures or text exposing anyone or anything involved in explicit sexual acts and/or lewd and lascivious behavior. Topic includes masturbation, copulation, pedophilia, as well as intimacy involving nude or partially nude people in heterosexual, bisexual, lesbian, or homosexual encounters.
  • Page 36 Searching for Blocked Sites...

  • Page 37: Chapter 5 Resources

    There are many resources you can draw upon to support your efforts to improve network security. This chapter lists several sources of information commonly used by WatchGuard engineers, developers, and Technical Support teams to learn more about network security in general and the WatchGuard product line in particular. These include: • Publishers •...

  • Page 38: Books

    Books Books Non-Fiction Amoroso, Edward and Bellovin, Steven. Intranet and Internet Firewall Strategies. Indianapolis: Que Corporation, 1996. ISBN 1562764225 Chapman, Brent, and Zwicky, Elizabeth D. Building Internet Firewalls. Sebastopol: O'Reilly & Associates, 1994. ISBN 1-56592-124-0. Cheswick and Bellovin. Firewalls and Internet Security: Repelling the Wily Hacker. Reading, MA: Addison Wesley Longman, Inc., 1994.

  • Page 39: White Papers & Requests For Comments

    Request for Comments Editor http://www.rfc-editor.org Internet Request for Comments (RFC) http://www.cis.ohio-state.edu/hypertext/information/rfc.html Mailing Lists wg-users@watchguard.com WatchGuard sponsors a listserv for our customers. For more information, see the Technical Support chapter in the User Guide. firewall-wizards@nfr.net firewalls@list.gnac.net Web Sites WatchGuard Frequently Asked Questions http://support.watchguard.com/FAQS.asp...
  • Page 40 Web Sites Firewall.com http://www.firewall.com Firewall and Proxy Server How To http://metalab.unc.edu/mdw/HOWTO/Firewall-HOWTO.html FishNet Security Information http://www.kcfishnet.com/secinfo/types.html Information Security Magazine http://www.truesecure.com/html/tspub/index.shtml Internet Firewalls - Frequently Asked Questions http://www.interhack.net/pubs/fwfaq/ Internet Firewalls — Resources http://www.cerias.purdue.edu/coast/firewalls/ Introduction to Firewalls http://www.soscorp.com/products/BS_FireIntro.html The Java Security Web Site http://www.rstcorp.com/javasecurity/ Archive of Vandalized Web Pages http://www.attrition.org/...

  • Page 41: Newsgroups

    Newsgroups Center for Education and Research in Information Assurance and Security http://www.cerias.purdue.edu/ Reality Check http://www.dilbert.com/ The RealPlayer Website http://service.real.com/firewall Vicomsoft Network Definitions Webpage http://www.vicomsoft.com/knowledge/reference UNIX Insider Guide to Firewall Design http://www.sun.com/sunworldonline/swol-01-1996/swol-01-firewall.html Zeuros Firewall Resource Page http://www.zeuros.co.uk/firewall Dictionaries of Computer Terminology http://www.webopedia.com/ http://www.whatis.com/ http://info.astrian.net/jargon/...
  • Page 42 Newsgroups...

  • Page 43: Firebox Read-Only System Area

    Firebox Read-Only System Area CHAPTER 6 WatchGuard ships all Fireboxes with a fixed, baseline set of functionality stored on the read-only system area of the Firebox flash disk memory. It is possible to start the Firebox using this read-only system area when the primary user area is misconfigured or corrupted.

  • Page 44: Initializing A Firebox Using Hands-Free Installation

    Initializing a Firebox using Hands-Free Installation • Out-of-band via a modem • Direct via a serial cable • Hands-Free Installation via a local area network • IP connection using Remote Provisioning Initializing an older Firebox with the LiveSecurity System 4.1 or later automatically upgrades the Firebox and enables the Firebox to run in the Enhanced System Mode from that point forward.

  • Page 45: Booting From The System Area

    Initializing a Firebox using a serial cable • Troubleshoot problems where all access to the Firebox is lost Before starting this procedure, establish a connection between the Firebox console port and an available serial port on the Management Station. Use a null modem cable (not a standard serial cable).

  • Page 46: Troubleshooting

    Try a different cable or another device (like a modem) to test that the COM port is responding. If these solutions do not work, contact WatchGuard Technical Support. Why is the Flash Disk Management Tool unable to open the COM port on my computer? Enable the serial port (COM).

  • Page 47: Initializing A Firebox Using A Modem

    Initializing a Firebox using a modem Initializing a Firebox using a modem The WatchGuard Firebox can accept both external and PCMCIA modems. Use a modem for out-of-band initialization and configuration in cases where the Firebox is located remotely from the Management Station •...

  • Page 48: Managing Flash Disk Memory

    Managing flash disk memory • Older Firebox– For Fireboxes shipped before LiveSecurity System 4.1, initialize the Firebox with LiveSecurity System 4.1 software. Then use the red cross-over cable supplied with the Firebox to connect the Trusted and Optional Ethernet interfaces in a loopback configuration. During remote provisioning, one light appears on the front panel Traffic Volume Indicator for each successful IP address the Firebox claims.
  • Page 49 Managing flash disk memory Making a backup of the current configuration file To ensure that you always have a backup version of a current, working configuration file, copy the configuration file stored in the primary area to the Firebox flash disk backup area.
  • Page 50 Managing flash disk memory...

  • Page 51: Out-Of-Band Initialization Strings

    Out-of-Band Initialization Strings CHAPTER 7 This chapter provides a reference list of PPP and modem initialization strings used to configure out-of-band (OOB) management. PPP initialization strings These are the strings and syntaxes available for use when configuring a Firebox for out-of-band management in Policy Manager: asyncmap <map>...
  • Page 52 PPP initialization strings mpfto <period> Specifies how long the PPP session should wait for a valid management session to begin. If no valid session starts, then PPP will disconnect after this time-out period. The default is 90 seconds. mru n Set the MRU (Maximum Receive Unit) value to n.
  • Page 53 PPP initialization strings for nr or nt disables compression in the corresponding direction. Use nodeflate or deflate 0 to disable Deflate compression entirely. Pppd requests Deflate compression in preference to BSD- Compress if the peer can do either. idle n Specifies that pppd should disconnect if the link is idle for n seconds.
  • Page 54 PPP initialization strings lcp-max-configure n Set the maximum number of LCP configure-request transmissions to n (default 10). lcp-max-failure n Set the maximum number of LCP configure-NAKs. lcp-max-terminate n Set the maximum number of LCP terminate-request transmissions to n (default 3). lcp-restart n Set the LCP restart interval (retransmission time-out) to n seconds (default 3).

  • Page 55: Modem Initialization Strings

    Modem initialization strings nocrtscts Disable hardware flow control (that is, RTS/CTS) on the serial port. If neither the crtscts nor the nocrtscts option is given, the hardware flow control setting for the serial port is left unchanged. noipdefault Disables the default behavior when no local IP address is specified, which is to determine (if possible) the local IP address from the hostname.
  • Page 56 Modem initialization strings "" +\p+\p+\d\r\pATH "" \dAT&F OK ATE0 OK ATS0=1 OK ^^ ________________ ^^ ______ ^^ ____ ^^ ______ ^^ Explanation of fields Specifies that the Firebox should expect nothing back from the modem at this point in the chat. Specifies that three plus characters (+) should be sent with short pauses in between, then a 1-second delay, then a return character, a short pause, then the characters “ATH”...

  • Page 57: Escape Sequences

    Modem initialization strings BREAK The special reply string of BREAK will cause a break condition to be sent. The break is a special signal on the transmitter. The break sequence can be embedded into the send string using the \K sequence. Escape sequences The expect and reply strings may contain escape sequences.
  • Page 58 Modem initialization strings Send or expect a tab character Send or expect a backslash character \ddd Collapse the octal digits (ddd) into a single ASCII character and send that character. Some characters are not valid in Ctrl+C; for these characters, substitute the sequence with the control character represented by C.

  • Page 59: Chapter 8 Glossary

    Glossary CHAPTER 8 This glossary contains a list of terms, abbreviations, and acronyms frequently used when discussing networks, firewalls, and WatchGuard products. active mode FTP One of two ways an FTP data connection is made. In active mode, the FTP server establishes the data connection.
  • Page 60 A computer placed outside a firewall to provide public services (such as WWW and FTP) to other Internet sites. The term is sometimes generalized to refer to any host critical to the defense of a local network. In WatchGuard documentation, also called the Optional network.
  • Page 61 A company or organization with a computer network exchanging data with the Internet or some other public network. Control Center The WatchGuard Control Center is a toolkit of applications run from a single location, enabling configuration, management, and monitoring of a network security policy.
  • Page 62 A protocol for exchanging IP packets over a serial line, which compresses the headers of many TCP/IP packets. custom filter rules Filter rules created in WatchGuard Policy Manager to allow specific content types through the Firebox. data Distinct pieces of information, usually formatted in a special way.
  • Page 63 default packet handling Default packet handling automatically and temporarily blocks hosts that originate probes and attacks against a network. denial of service (DoS) A way of monopolizing system resources so that other users are ignored. For example, someone could Finger an unsecured host continuously so that the system is incapable of running or executing other services.
  • Page 64 This configuration allows for distribution of logical address space across the Firebox interface. DVCP (Dynamic VPN Configuration Protocol) A WatchGuard proprietary protocol that simplifies configuration of VPNs. dynamic NAT Dynamic NAT is also known as IP masquerading or port address translation.
  • Page 65 Firebox The WatchGuard firewall appliance, consisting of a red box with a purpose- built computer and input/output architecture optimized as the resident computer for network firewall software.
  • Page 66 home page The first page of a Web site used as an entrance into the site. host route A setup in which an additional router is behind the Firebox and one host is behind that router. You configure a host route to inform the Firebox of this additional host behind the additional router.
  • Page 67 Internet address class To efficiently administer the 32-bit IP address class space, IP addresses are separated into three classes that describe networks of varying sizes: Class AIIf the first octet of an IP address is less than 128, it is a Class A address.
  • Page 68 Refers to both the application and the physical machine tasked with routing incoming and outgoing electronic mail. Management Station The computer on which you run the WatchGuard LiveSecurity System Control Center and Policy Manager; sometimes referred to as the administration host.
  • Page 69 masquerading In the LiveSecurity System, masquerading sets up addressing so that a Firebox presents its IP address to the outside world in lieu of the IP addresses of the hosts protected by the Firebox. Mazameter See Bandwidth Meter. MIME (Multipurpose Internet Mail Extensions) Extensions to the SMTP format that allow binary data, such as that found in graphic files or documents, to be published and read on the Internet.
  • Page 70 PLIP (Parallel Line Internet Protocol) A protocol for exchanging IP packets over a parallel cable. Policy Manager One component in the WatchGuard LiveSecurity System, consisting of the user interface used to modify and upload a Firebox configuration file. pop-up window A window that suddenly appears (pops up) when an option is selected with a mouse or a function key is pressed.
  • Page 71 With respect to the Firebox, the minimum Policy Manager configuration is set with the most basic services on the box, Ping and WatchGuard. It also sets the IP addresses on the Firebox. proxy server A server that stands in place of another server. In firewalling, a proxy server poses as a specific service but has more rigid access and routing rules.
  • Page 72 report A formatted collection of information that is organized to provide project data on a specific subject. RFC (Request for Comments) RFC documents describe standards used or proposed for the Internet. Each RFC is identified by a number, such as RFC 1700. RFCs can be retrieved either by e-mail or FTP.
  • Page 73 An attack in which an individual is persuaded or tricked into divulging privileged information to an attacker. SOHO Small Office—Home Office. Also the name of the WatchGuard firewall devices designed for this segment of the market. Reference Guide...
  • Page 74 The policy of a firewall regarding the default handling of IP packets. Stance dictates what the firewall will do with any given packet in the absence of explicit instructions. WatchGuard’s default stance is to discard all packets that are not explicitly allowed, often stated as “That which is not explicitly allowed is denied.”...
  • Page 75 Typically, a WAN consists of two or more local area networks (LANs). WatchGuard LiveSecurity Service Part of the WatchGuard Firebox System offering, separate from the software and the Firebox, which keeps your defenses current. It includes the broadcast network that transmits alerts, editorials, threat responses, and software updates directly to your desktop;...
  • Page 76 WINS (Windows Internet Name Service) WINS provides name resolution for clients running Windows NT and earlier versions of Microsoft operating systems. With name resolution, users access servers by name rather than needing to use an IP address. wizard A tool that guides you through a complex task by asking questions and then performing the task based on responses.

  • Page 77: Index

    Index Internet Protocol Options Header Number List backup protocol reference making restoring backup area Blocked sites searching for Modem Booting from the system area initialization strings setting NVRAM defaults Categories, WebBlocker configuration file Out-of-Band making backup initialization strings restoring backup Content Types HTML primary area...
  • Page 78 working with Firebox from system area TCP/IP Transfer Protocols general ICMP IGMP IPIP Troubleshooting WebBlocker categories searching for blocked sites The Learning Company...

This manual is also suitable for:

Firebox system 4.6Firebox x55eFirebox x10e

Table of Contents