Watchguard Firebox SOHO 6 Wireless User Manual
  1. Manuals
  2. Brands
  3. Watchguard Manuals
  4. Firewall
  5. Firebox SOHO 6 Wireless
  6. User manual

Watchguard Firebox SOHO 6 Wireless User Manual

Hide thumbs Also See for Firebox SOHO 6 Wireless:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Instruction Manual
WatchGuard
®
Firebox
SOHO 6
®
Wireless

User Guide

SOHO 6 firmware version 6.2

Advertisement

Table of Contents
loading

Related Manuals for Watchguard Firebox SOHO 6 Wireless

Summary of Contents for Watchguard Firebox SOHO 6 Wireless

  • Page 1: User Guide

    WatchGuard ® Firebox SOHO 6 ® Wireless User Guide SOHO 6 firmware version 6.2...
  • Page 2 The following conventions are used in this guide. Convention Indication Bold type Menu commands, dialog box options, Web page options, Web page names. For example: “On the System Information page, select Disabled.” NOTE Important information, a helpful tip or additional instructions. WatchGuard Firebox SOHO 6 Wireless...
  • Page 3 Media Access Control MUVPN Mobile User Virtual Private Network Network Address Translation Point-to-Point Protocol PPPoE Point-to-Point Protocol over Ethernet Transfer Control Protocol User Datagram Protocol Universal Resource Locator Virtual Private Network Wide Area Network WSEP WatchGuard Security Event Processor User Guide...
  • Page 4 Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense. WatchGuard Firebox SOHO 6 Wireless...
  • Page 5 CE Notice The CE symbol on your WatchGuard Technologies equipment indicates that it is in compliance with the Electromagnetic Compatibility (EMC) directive and the Low Voltage Directive (LVD) of the European Union (EU). Industry Canada This Class A digital apparatus meets all requirements of the Canadian Interference-Causing Equipment Regulations.
  • Page 6 VCCI Notice Class A ITE WatchGuard Firebox SOHO 6 Wireless...
  • Page 7 Declaration of Conformity User Guide...
  • Page 8 WatchGuard Technologies, Inc. ("WATCHGUARD") for the WATCHGUARD SOHO software product, which includes computer software (whether installed separately on a computer workstation or on the WatchGuard hardware product) and may include associated media, printed materials, and on-line or electronic documentation, and any updates or modifications thereto, including those received through the WatchGuard LiveSecurity service (or its equivalent) (the "SOFTWARE PRODUCT").
  • Page 9 4. Limited Warranty. WATCHGUARD makes the following limited warranties for a period of ninety (90) days from the date you obtained the SOFTWARE PRODUCT from WATCHGUARD or an authorized dealer; (A) Media. The disks and documentation will be free from defects in materials and workmanship under normal use.
  • Page 10 NO EVENT EXCEED THE PURCHASE PRICE PAID BY YOU FOR SUCH PRODUCT. THIS WILL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF AN AGREED REMEDY. IN NO EVENT WILL WATCHGUARD BE LIABLE TO YOU OR ANY THIRD PARTY, WHETHER ARISING IN CONTRACT (INCLUDING WARRANTY), TORT...
  • Page 11 EULA, destroy all copies of the SOFTWARE PRODUCT in your possession, or voluntarily return the SOFTWARE PRODUCT to WATCHGUARD. Upon termination you will destroy all copies of the SOFTWARE PRODUCT and documentation remaining in your control or possession.
  • Page 12 WatchGuard Technologies, Inc. Copyright, Trademark, and Patent Information Copyright© 1998 - 2002 WatchGuard Technologies, Inc. All rights reserved. AppLock®, AppLock®/Web, Designing peace of mind®, Firebox®, Firebox® 1000, Firebox® 2500, Firebox® 4500, Firebox® II, Firebox® II Plus, Firebox® II FastVPN, Firebox® III, Firebox®...
  • Page 13 1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
  • Page 14 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http://www.modssl.org/)." WatchGuard Firebox SOHO 6 Wireless...
  • Page 15 4. The names "mod_ssl" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact rse@engelschall.com. 5. Products derived from this software may not be called "mod_ssl" nor may "mod_ssl" appear in their names without prior written permission of Ralf S.
  • Page 16 WatchGuard Technologies, Inc. (”WatchGuard”) and you agree as follows: 1. Limited Warranty. WatchGuard warrants that upon delivery and for one (1) year thereafter (the “Warranty Period”): (a) the Product will be free from material defects in materials and...
  • Page 17 2. Remedies. If any Product does not comply with the WatchGuard warranties set forth in Section 1 above, WatchGuard will, at its option, either (a) repair the Product, or (b) replace the Product; provided, that you will be responsible for returning the Product to the place of purchase and for all costs of shipping and handling.
  • Page 18 Product AND BY USING THE PRODUCT YOU AGREE TO THESE TERMS. No change or modification of this Agreement will be valid unless it is in writing, and is signed by WatchGuard. Software Version Number: 6.2...

  • Page 19: Table Of Contents

    Contents Introduction ..........1 CHAPTER 1 Package contents ............2 How does a firewall work? ........2 How does information travel on the Internet? ..4 How does the SOHO 6 Wireless process information? ............5 How Does Wireless Networking Work? ....
  • Page 20 View the configuration file ........69 Configure the Firewall Settings ....71 CHAPTER 6 Firewall settings ............71 Configure incoming and outgoing services .... 71 Block external sites ..........75 Firewall options ............77 xviii WatchGuard Firebox SOHO 6 Wireless...
  • Page 21 Configure logging ........85 CHAPTER 7 View SOHO 6 Wireless log messages ....86 Set up logging to a WatchGuard Security Event Processor log host ..........87 Set up logging to a Syslog host ......88 Set the system time ..........90 SOHO 6 Wireless WebBlocker ....
  • Page 22 Use the MUVPN Client to Enforce your Corporate Policy ..............157 Troubleshooting Tips ..........167 Support resources ........171 CHAPTER 11 Troubleshooting tips ..........171 Contact technical support ........180 Online documentation and FAQs ......180 Special notices ............180 Index ..............181 WatchGuard Firebox SOHO 6 Wireless...

  • Page 23: Chapter 1 Introduction

    Introduction CHAPTER 1 This manual shows how to use your WatchGuard ® Firebox ® SOHO 6 Wireless or SOHO 6tc Wireless security appliance for secure access to the Internet. User Guide...

  • Page 24: Package Contents

    • SOHO 6 Wireless security appliance • Two 5dBi detachable antennae How does a firewall work? The Internet connects your network to resources. Some examples of resources are the World Wide Web, email and video/audio WatchGuard Firebox SOHO 6 Wireless...
  • Page 25 How does a firewall work? conferencing. A connection to the Internet is dangerous to the privacy and the security of your network. A firewall divides your internal network from the Internet to reduce this danger. The appliances on the trusted side of your SOHO 6 Wireless firewall are protected.

  • Page 26: How Does Information Travel On The Internet

    The most frequently used protocols are TCP and UDP (User Datagram Protocol). There are other IP protocols that are less frequently used. Port numbers During the communication between computers, port numbers identify which programs or applications are connected. WatchGuard Firebox SOHO 6 Wireless...

  • Page 27: How Does The Soho 6 Wireless Process Information

    How does the SOHO 6 Wireless process information? How does the SOHO 6 Wireless process information? Services A service is the group of protocols and port numbers for a specified program or type of application. The standard configuration of the SOHO 6 Wireless contains the correct settings for many standard services.

  • Page 28: Soho 6 Wireless Hardware Description

    150 MHz. Ethernet and encryption technology are included. Ethernet ports The SOHO 6 Wireless has five 10/100 Base TX ports. The Ethernet ports have the labels 0 through 3 and WAN. WatchGuard Firebox SOHO 6 Wireless...
  • Page 29 SOHO 6 Wireless hardware description Wireless Wireless operating range--indoors (these values are approximations): 100 feet at 11 Mbps 165 feet at 5.5 Mbps 230 feet at 2 Mbps 300 feet at 1 Mbps Understanding IEEE 802.11b Wireless Communication In general, transmitted RF power and signal bandwidth place an upper limit on the rate that data can be transmitted over a wireless link.
  • Page 30 802.11b receiver to interfere with it. - Industrial, Scientific, and Medical equipment can also use these bands. Signal Strength (watts) The signal strength depends primarily on: - How much RF signal power is transmitted WatchGuard Firebox SOHO 6 Wireless...
  • Page 31 SOHO 6 Wireless hardware description - How much directional antenna gain there is at the transmitter and receiver - The signal attenuation (path-loss) between the transmitter and receiver. Path Loss: The path-loss is directly proportional to line-of-site distance between transmitter and receiver, and inversely proportional to the wavelength of the transmitted signal.
  • Page 32 Channel Bandwidth: This varies with the type of modulation scheme. 802.11b devices use CCK (11 Mbps, 5.5 Mbps), DQPSK (2 Mbps), and DBPSK WatchGuard Firebox SOHO 6 Wireless...
  • Page 33 SOHO 6 Wireless hardware description (1Mbps). The factor that determines which modulation scheme is used is the Packet Error Rate (PER). The modulation scheme switches automatically to maintain the PER at or below 8% by using slower data rates (different modulation schemes) as necessary.
  • Page 34 Four numbered ports (0-3) These Ethernet ports are for the trusted network connections. Power input Connect the power input to a power supply using the 12 volt 1.2a AC adapter supplied with the SOHO 6 Wireless. WatchGuard Firebox SOHO 6 Wireless...

  • Page 35: Chapter 2 Installation

    SOHO 6 Wireless and set up the wireless network. Because WatchGuard is concerned about the security of your network, the wireless feature is turned off on the SOHO 6 Wireless we ship you. This allows you to enable the wireless network after you set up the desired security.

  • Page 36: Before You Begin The Installation

    Before you Begin the Installation Before you install the SOHO 6, Wireless, make sure you have: • DSL/cable modem • Firebox SOHO 6 Wireless with Ethernet cables and power supply • Computer connected by Ethernet cable to the Firebox SOHO 6 Wireless •...
  • Page 37 Before you Begin the Installation router to the SOHO 6 Wireless and the SOHO 6 Wireless to your computer. Attach the two antennae supplied with the SOHO 6 Wireless. must The SOHO 6 Wireless be installed to provide a separation distance of at least 20 centimeters from all persons and must not be collocated or operating in conjunction with any other antenna or transmitter.
  • Page 38 Record the TCP/IP settings in the table provided. Close the window. Other operating systems (Unix, Linux) Consult your operating system guide to locate the TCP/IP screen. Record the TCP/IP settings in the chart provided. Exit the TCP/IP configuration screen. WatchGuard Firebox SOHO 6 Wireless...
  • Page 39 Before you Begin the Installation TCP/IP Setting Value IP Address Subnet Mask Default Gateway DHCP Enabled DNS Server(s) Primary Secondary If you must connect more than one computer to the trusted network behind the SOHO 6 Wireless, determine the TCP/IP settings for each computer.
  • Page 40 Double-click the Network & Dial-up Connections icon. Double-click the connection you use to connect to the Internet. The network connection dialog box opens. Click Properties. The network connection properties dialog box opens. WatchGuard Firebox SOHO 6 Wireless...
  • Page 41 Before you Begin the Installation Double-click the Internet Protocol (TCP/IP) component. The Internet Protocol (TCP/IP) Properties dialog box opens. Click to select the obtain an IP address automatically checkbox. Click to select the Obtain DNS server address automatically checkbox. Click OK to close the Internet Protocol (TCP/IP) Properties dialog box.
  • Page 42 Click Edit => Preferences. The Preferences window opens. A list of options is shown at the left side of the window. Click the arrow symbol to the left of the Advanced heading to expand the list. WatchGuard Firebox SOHO 6 Wireless...

  • Page 43: Physically Connect To The Soho 6 Wireless

    Physically Connect to the SOHO 6 Wireless Click Proxies. Make sure the Direct Connection to the Internet option is selected. Click OK to save the settings. Internet Explorer 5.0, 5.5, and 6.0 Open Internet Explorer. Click Tools => Internet Options. The Internet Options window opens.
  • Page 44 SOHO 6 Wireless as a network hub. Shut down your computer. If you connect to the Internet through a DSL modem or cable modem, disconnect the power supply to this device. WatchGuard Firebox SOHO 6 Wireless...
  • Page 45 Physically Connect to the SOHO 6 Wireless Disconnect the Ethernet cable that connects your DSL modem, cable modem or other Internet connection to your computer. Connect this cable to the WAN port on the SOHO 6 Wireless. The SOHO 6 Wireless is connected directly to the modem or other Internet connection.
  • Page 46 License upgrades are available from the WatchGuard Web site: http://www.watchguard.com/sales/buyonline.asp To connect more than four appliances to the SOHO 6 Wireless, these items are necessary: • an Ethernet hub; • a straight-through Ethernet cable, with RJ-45 connectors, for each computer; WatchGuard Firebox SOHO 6 Wireless...
  • Page 47 Physically Connect to the SOHO 6 Wireless • a straight-through Ethernet cable to connect each hub to the SOHO 6 Wireless. Shut down your computer. If you connect to the Internet through a DSL modem or cable modem, disconnect the power supply from this device.

  • Page 48: Setting Up The Wireless Network

    Setting up the Wireless Network The SOHO 6 Wireless protects computers that are connected to it by Ethernet cable or wireless connection. Because WatchGuard is concerned about the security of your network, the wireless feature is turned off on the SOHO 6 Wireless we ship you. This allows you to enable the wireless network after you set up the desired security.

  • Page 49: Setting Up The Wireless Access Point

    Configuring the Wireless Card on your computer The following instructions are for the Windows XP operating system. Refer to the WatchGuard SOHO 6 Wireless User Guide for instruction on other operating systems. Click Start => Control Panel => Network Connections.
  • Page 50 SOHO 6 Wireless device. Your SOHO 6 Wireless is now protecting wired and wireless computers from security hazards. To learn how to enhance your security setting, see “Configure the Wireless Network” on page 49. WatchGuard Firebox SOHO 6 Wireless...

  • Page 51: Soho 6 Wireless Basics

    SOHO 6 Wireless CHAPTER 3 basics The configuration of the SOHO 6 Wireless is made through Web pages contained in the software of the SOHO 6 Wireless. You can connect to these configuration page with your Web browser. SOHO 6 Wireless System Status page Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless:...
  • Page 52 • The serial number of the appliance • The status of the following SOHO 6 Wireless features: - WSEP Logging - VPN Manager Access - Syslog - Pass Through • The status of the upgrade options; WatchGuard Firebox SOHO 6 Wireless...

  • Page 53: Factory Default Settings

    Factory default settings • Configuration information for the trusted network and the external network • Configuration information for firewall settings (incoming services and outgoing services) • A reboot button to restart the SOHO 6 Wireless If the external network is configured to use the PPPoE protocol, the System Status page displays a connect button or a disconnect button.
  • Page 54 Press and hold the reset button. Connect the power supply. Continue holding the button until the red LED on the front of the SOHO 6 Wireless goes on and then off. Disconnect the power supply. WatchGuard Firebox SOHO 6 Wireless...

  • Page 55: Register Your Soho 6 Wireless And Activate The Livesecurity Service

    Web or telephone, and access to online help resources and the WatchGuard user forum. A subscription to the LiveSecurity Service is required to get the license keys for the upgrades that you purchase.

  • Page 56: Reboot The Soho 6 Wireless

    To activate the LiveSecurity Service, your browser must have JavaScript enabled. If you have a user profile on the WatchGuard Web site, enter your user name and password. If you do not have a user profile on the WatchGuard Web site, create a new account. Select your product and follow the instructions for product activation.
  • Page 57 Reboot the SOHO 6 Wireless The SOHO 6 Wireless requires 30 seconds to reboot. The Mode indicator on the front of the SOHO 6 Wireless will go off and then come on. Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1...
  • Page 58 WatchGuard Firebox SOHO 6 Wireless...

  • Page 59: Configure The Network Interfaces

    Configure the CHAPTER 4 Network Interfaces External Network Configuration When you configure the external network, you select the method of communication between the SOHO 6 Wireless and the ISP. Make this selection based on the method of network address distribution in use by your ISP. The possible methods are static addressing, DHCP, or PPPoE.
  • Page 60 Internet. The SOHO 6 Wireless does not require any additional configuration. Configure the SOHO 6 Wireless external network for static addressing If your ISP assigns static IP address, you must move the IP address data from your computer to the SOHO 6 Wireless. This WatchGuard Firebox SOHO 6 Wireless...
  • Page 61 External Network Configuration configuration causes the ISP to communicate with the SOHO 6 Wireless and not your computer. Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select...
  • Page 62 The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Network => External. The External Network configuration page opens. From the Configuration Mode drop-down list, select PPPoE Client. The page refreshes. WatchGuard Firebox SOHO 6 Wireless...
  • Page 63 The ISP sees this constant flow of traffic as a continuous connection. The regulations and billing policy of the ISP determine if you can use this option. Watchguard Technical Support uses this feature as a solution to some problems.

  • Page 64: Configure The Trusted Network

    System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Network => Trusted. The Trusted Network configuration page opens. WatchGuard Firebox SOHO 6 Wireless...
  • Page 65 Configure the Trusted Network Type the IP address and the subnet mask in the applicable fields. Click to select the Enable DHCP Server on the Trusted Network check box. Type the first IP address that is available for the computers that connect to the trusted network.
  • Page 66 “Cabling the SOHO 6 Wireless for more than four appliances” on page 23. Restart the computer. Set the computer to get its address through DHCP as shown in section “Enable your computer for DHCP” on page 17. WatchGuard Firebox SOHO 6 Wireless...
  • Page 67 Configure the Trusted Network Shut down and restart the computer. Configure the trusted network with static addresses To disable the SOHO 6 Wireless DHCP server and make static address assignments, follow these steps: Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1...

  • Page 68: Configure The Optional Network For Wireless Networking

    Follow these instructions to complete the configuration: Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 WatchGuard Firebox SOHO 6 Wireless...
  • Page 69 Configure the Optional Network for Wireless Networking From the navigation bar on the left side, select Network => Optional (802.11b). The Optional Network Configuration page opens. Click the Enable Optional Network checkbox. To turn on the wireless network, you need to enable the optional network. Type the IP address and subnet mask of the optional network.
  • Page 70 SOHO 6 Wireless network. You need to configure the MUVPN software on the SOHO 6 Wireless device and wireless computer. For more information on configuring MUVPN, see Chapter 11 “MUVPN Clients” on page 119. 11 Click Submit. WatchGuard Firebox SOHO 6 Wireless...

  • Page 71: Configure The Wireless Network

    Configure the Wireless Network Configure the Wireless Network Once you turned on the wireless network by enabling the optional network, you can set up the security setting for your wireless connection. Configure Security The SOHO 6 Wireless uses the industry standard security protocol, Wired Equivalent Privacy (WEP), specified by the IEEE standard 802.11b.
  • Page 72 The Wireless Network Configuration page appears. From the Encryption drop-down list, select the level of encryption you want applied to your wireless connections. The options are Disabled, 40/64 bit WEP , and 128 bit WEP . WatchGuard Firebox SOHO 6 Wireless...
  • Page 73 Configure the Wireless Network Disabled The default is Disabled, and you should use this option for the initial connection. Your wireless connection is not using WEP when Disabled is selected. 40/64 bit WEP or128 bit WEP Once you complete the initial connection between your wireless computer and SOHO 6 Wireless, you can change this option to add WEP.
  • Page 74 Type the MAC Address of the computer you want to connect to the SOHO 6 Wireless. Click Submit. If you do not want to restrict access to the SOHO 6 Wireless by the computer hardware address, select Disabled. WatchGuard Firebox SOHO 6 Wireless...
  • Page 75 Configure the Wireless Network Configure the Beacon Rate In the AP Beacon Rate text box, type the beacon rate in milliseconds (100 through 10,000) that you want the SOHO 6 Wireless to use. The beacon rate is the rate the SOHO 6 Wireless sends out broadcasts so that the wireless computers can find it.

  • Page 76: Configure Static Routes

    System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Network => Routes. The Routes page opens. Click Add. The Add Route page opens. WatchGuard Firebox SOHO 6 Wireless...

  • Page 77: View Network Statistics

    View network statistics From the Type drop-down list, select either Host or Network. Type the IP address and the gateway of the route in the applicable fields. The gateway of the route is the local interface of the router. Click Submit. To remove a route, select the route and click Remove.

  • Page 78: Configure The Dynamic Dns Service

    ISP assigns you a new IP address. Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 WatchGuard Firebox SOHO 6 Wireless...
  • Page 79 Configure the dynamic DNS Service WatchGuard is not affiliated with dyndns.org. From the navigation bar on the left side, select Network => DynamicDNS. The Dynamic DNS client page opens. Select the Enable Dynamic DNS client checkbox. Type the domain, name, and password in the applicable fields.
  • Page 80 WatchGuard Firebox SOHO 6 Wireless...

  • Page 81: Chapter 5 Administrative Options

    Administrative CHAPTER 5 options Use the SOHO 6 Wireless Administration page to configure access to the SOHO 6 Wireless. The System Security, SOHO 6 Wireless Remote Management feature, and VPN Manager Access are configured from the Administration page. The firmware updates, upgrade activation, and display of the SOHO 6 Wireless configuration file in a text format are done from the Administration page.

  • Page 82: System Security

    System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Administration => System Security. The System Security page opens. WatchGuard Firebox SOHO 6 Wireless...
  • Page 83 The System Security page Verify that the HTTP Server Port is set to 80. Click to select the Enable System Security check box. Type a System Administrator Passphrase and then type it again to confirm. Click Submit. SOHO 6 Wireless Remote Management Both the SOHO 6 Wireless and SOHO 6tc Wireless come equipped with the SOHO 6 Wireless Remote Management feature.
  • Page 84 Next, you must install and configure the MUVPN client on your remote computer. For this information, see Chapter 10, “MUVPN Clients” on page 119. Once you have installed and configured the MUVPN client, establish an Internet connection through either Dial-Up WatchGuard Firebox SOHO 6 Wireless...

  • Page 85: Set Up Vpn Manager Access

    Manager software configures and manages VPN tunnels. The VPN Manager software is a separate product and must run on a WatchGuard Firebox II/III. Additional information about the VPN Manager product is available on the WatchGuard Web site: https://www.watchguard.com/products/vpnmanager.asp Follow these instructions to configure VPN Manager access:...
  • Page 86 Type the Status Passphrase again to confirm. Type the Configuration Passphrase. Type the Configuration Passphrase again to confirm. These passphrases must match the passphrases used in the VPN Manager software or the connection will fail. Click Submit. WatchGuard Firebox SOHO 6 Wireless...

  • Page 87: Update The Firmware

    Update the firmware Update the firmware Check regularly for SOHO 6 Wireless firmware updates on the WatchGuard Web site: http://support.watchguard.com/sohoresources/ Download the .exe or .wgd files that contain the firmware update. The .exe file is an installer and the .wgd file is a binary file. The .wgd file is an advanced installation method.

  • Page 88: Activate The Soho 6 Wireless Upgrade Options

    Every SOHO 6 Wireless includes the software for all upgrade options. To activate an upgrade option, you must enter a license key in the configuration of the SOHO 6 Wireless. To receive a license key, purchase and activate an upgrade option at the WatchGuard Firebox SOHO 6 Wireless...
  • Page 89 LiveSecurity Service Web site. See “Register your SOHO 6 Wireless and activate the LiveSecurity Service” on page 33 for more information. Follow these steps to activate an upgrade option: Go to the upgrade page of the WatchGuard Web site: http://www.watchguard.com/upgrade Type your User Name and Password. Click Log In.
  • Page 90 You can add more MUVPN connections with the MUVPN Client upgrade. For more information on configuring a wireless network to require MUVPN connections, see “Configure the Optional Network for Wireless Networking” on page 46. WatchGuard Firebox SOHO 6 Wireless...

  • Page 91: View The Configuration File

    LiveSecurity Service subscription renewals Purchase a LiveSecurity subscription renewal for a period of one or two years from your reseller or the WatchGuard online store. Go to the renew page of the WatchGuard Web site to purchase or activate a subscription renewal: http://www.watchguard.com/renew/...
  • Page 92 WatchGuard Firebox SOHO 6 Wireless...

  • Page 93: Configure The Firewall Settings

    Configure the CHAPTER 6 Firewall Settings Firewall settings The configuration settings of the SOHO 6 Wireless control the flow of traffic between the trusted network and the external network. The configuration you select depends on the types of risks that are acceptable for the trusted network.

  • Page 94: Common Services

    Common services Follow these steps to change the configuration of the incoming filters for common services: From the navigation bar on the left side, select Firewall => Incoming or Outgoing. The Filter Incoming Traffic page opens. WatchGuard Firebox SOHO 6 Wireless...
  • Page 95 Configure incoming and outgoing services Locate a pre-configured service, such as FTP, Web, or Telnet, then select either Allow or Deny from the drop-down list. The illustration shows the HTTP service configured to allow incoming traffic. Type the trusted network IP address of the computer to which this rule applies.
  • Page 96 For a TCP port or a UDP port, specify a port number. For a protocol, specify a protocol number. You cannot specify a port number for a protocol. WatchGuard Firebox SOHO 6 Wireless...

  • Page 97: Block External Sites

    Block external sites Click Add. The following steps determine how the service is filtered. Select Allow or Deny from the Incoming Filter and Outgoing Filter drop-down lists. Select Host IP Address, Network IP Address, or Host Range from the drop-down list at the bottom of the page. The Custom Service page refreshes.
  • Page 98 IP addresses in the address field. The illustration shows the selection Host IP Address and the IP address 207.68.172.246. Click Add. The address information appears in the Blocked Sites field. Click Submit. WatchGuard Firebox SOHO 6 Wireless...

  • Page 99: Firewall Options

    Firewall options Firewall options The previous sections described how to allow or deny complete classes of services. The Firewall Options page allows the configuration of general security policies. Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select...
  • Page 100 SOHO 6 Wireless. The SOHO 6 Wireless supports SOCKS version 5 only. The SOHO 6 Wireless does not support authentication or DNS (Domain Name System) resolution. WatchGuard Firebox SOHO 6 Wireless...
  • Page 101 Firewall options Configure the SOCKS-compatible application to connect to IP addresses and not to domain names. Applications that can only reference domain names are not compatible with the SOHO 6 Wireless. Some SOCKS-compatible applications that function correctly when used through the SOHO 6 Wireless are ICQ, IRC, and AOL Messenger.
  • Page 102 • Set the SOCKS proxy to the URL or IP address of the SOHO 6 Wireless. The default IP address is: http:// 192.168.111.1. WatchGuard Firebox SOHO 6 Wireless...

  • Page 103: Logging All Allowed Outbound Traffic

    You can change the configuration of the SOHO 6 Wireless to record all outbound traffic events. This option records an large number of log entries. WatchGuard recommends that you use this option as a problem solving aid only.

  • Page 104: Enable Override Mac Address For The External Network

    MAC address and reboots. Create an Unrestricted Pass Through The SOHO 6 Wireless can allow traffic to flow from the external network to a computer on the trusted network that has a public IP address. WatchGuard Firebox SOHO 6 Wireless...
  • Page 105 Create an Unrestricted Pass Through Follow these steps to configure a pass through: Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Firewall =>...
  • Page 106 WatchGuard Firebox SOHO 6 Wireless...

  • Page 107: Chapter 7 Configure Logging

    The SOHO 6 Wireless logging feature records a log of the events related to the security of the trusted network. Communication with the WatchGuard WebBlocker database and incoming traffic are examples of events that are recorded. The log records the events that show possible security problems.

  • Page 108: View Soho 6 Wireless Log Messages

    If a new entry is added when the event log is full, the oldest log message is removed. The log messages include the time synchronizations between the SOHO 6 Wireless and the WatchGuard Time Server, packets discarded because of a packet handling violation, duplicate messages, return error messages, and IPSec messages.

  • Page 109: Set Up Logging To A Watchguard Security Event Processor Log Host

    Set up logging to a WatchGuard Security Event Processor log host The newest entry is shown at the top of the event log. This option synchronizes the clock of the SOHO 6 Wireless to your computer: • Click Sync Time with Browser now.

  • Page 110: Set Up Logging To A Syslog Host

    Select Enable WatchGuard Security Event Processor Logging. Type the IP address of the WSEP server that is your log host in the applicable field. In the illustration, the IP address is 192.168.111.5. Type a passphrase in the Log Encryption Key field.
  • Page 111 Set up logging to a Syslog host Follow these steps to configure a Syslog Host: Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Logging =>...

  • Page 112: Set The System Time

    Follow these steps to set the system time: Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 WatchGuard Firebox SOHO 6 Wireless...
  • Page 113 From the navigation bar on the left side, select Logging => System Time. The System Time page opens. This step synchronizes the system time with the WatchGuard Time Server: Select Get Time From WatchGuard Time Server. This step synchronizes the system time with a TCP Port 37 Time Server: Select Get Time From TCP Port 37 Time Server at.
  • Page 114 Get Time From The time zone selection is only used when the WatchGuard Time Server check box is selected. WatchGuard Firebox SOHO 6 Wireless...

  • Page 115: Soho 6 Wireless Webblocker

    WebBlocker uses a database of Web site addresses, which is owned and maintained by SurfControl. The database shows the type of content found on thousands of Web sites. WatchGuard puts the newest version of the SurfControl database on the WebBlocker server at regular intervals.
  • Page 116 Web site not in the WebBlocker database If the Web site is not in the WatchGuard WebBlocker database, the Web browser opens the page. Web site in the WebBlocker database If the site is in the WatchGuard WebBlocker database, the SOHO 6 Wireless examines the configuration to see if that type of site is permitted.

  • Page 117: Purchase And Activate Soho 6 Wireless Webblocker

    Web sites until the password expires or the browser is closed. Purchase and activate SOHO 6 Wireless WebBlocker To use the WatchGuard SOHO 6 Wireless WebBlocker, you must purchase and enable the WebBlocker upgrade license key. See “Activate the SOHO 6 Wireless upgrade options” on page 66 for information about upgrade license keys.
  • Page 118 System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select WebBlocker => Settings. The WebBlocker Settings page opens. Set the Enable WebBlocking check box. WatchGuard Firebox SOHO 6 Wireless...
  • Page 119 Configure the SOHO 6 Wireless WebBlocker Type the full access password. The full access password allows a user to access all Web sites until the password expires or the browser is closed. Type the Inactivity Timeout in minutes. The inactivity timeout disconnects Internet connections that are inactive for the set number of minutes.
  • Page 120 From the navigation bar on the left side, select WebBlocker => Groups. The WebBlocker Groups page opens. Click New to create a group name and profile. WatchGuard Firebox SOHO 6 Wireless...
  • Page 121 Configure the SOHO 6 Wireless WebBlocker Define a Group Name and set the types of content to filter for this group. Click Submit. A new Groups page opens that shows the configuration changes. User Guide...
  • Page 122 To the right of the Users field, click New. The New User page opens. Type a new user name and passphrase. Confirm the passphrase. WatchGuard Firebox SOHO 6 Wireless...

  • Page 123: Webblocker Categories

    WebBlocker Categories Use the Group drop-down list to assign the new user to a given group. 10 Click Submit. To remove a user or group, make a selection and click Delete. WebBlocker Categories The WebBlocker database contains the following 14 categories: A Web site is only added to a category if the contents of the Web Site advocate the subject matter of the category.
  • Page 124 Pictures or text advocating prejudice or discrimination against any race, color, national origin, religion, disability or handicap, gender, or sexual orientation. Any picture or text that elevates one group over another. Also includes intolerant jokes or slurs. WatchGuard Firebox SOHO 6 Wireless...
  • Page 125 WebBlocker Categories Gross Depictions Pictures or text describing anyone or anything that is either crudely vulgar, grossly deficient in civility or behavior, or shows scatological impropriety. Topic includes depictions of maiming, bloody figures, and indecent depiction of bodily functions. Violence/profanity Pictures or text exposing extreme cruelty or profanity.
  • Page 126 Partial/artistic Nudity Pictures exposing the female breast or full exposure of either male or female buttocks except when exposing genitalia which is handled under the Full Nudity category. Topic does not include swimsuits, including thongs. WatchGuard Firebox SOHO 6 Wireless...

  • Page 127: Vpn-Virtual Private Networking

    CHAPTER 9 Networking This chapter tells how to use the VPN with IPSec upgrade option of the WatchGuard SOHO 6 Wireless. Why create a Virtual Private Network? Use a VPN tunnel to make an inexpensive and secure connection between the computers in two locations. Expensive, dedicated point-to-point connections are not necessary for a VPN connection.

  • Page 128: What You Need

    What You Need • One WatchGuard SOHO 6 Wireless with VPN and one IPSec-compatible appliance. IPSec-compatible appliances include the WatchGuard SOHO 6 Wireless, the WatchGuard Firebox II/III, and the Firebox Vclass. • The data from your ISP about the Internet connections for...
  • Page 129 255.255.255.0 Local Network An address used to identify a local network. A Address local network address cannot be used as an external IP address. WatchGuard recommends that you use an address from one of the reserved ranges: 10.0.0.0/8 172.16.0.0/12—255.240.0.0 192.168.0.0/16—255.255.0.0 Site A: 192.168.111.0/24...
  • Page 130 LiveSecurity Service Web site. To activate the VPN upgrade, these items are necessary: • a SOHO 6 Wireless that is installed and configured; • a connection to the Internet; • a VPN upgrade license key. WatchGuard Firebox SOHO 6 Wireless...

  • Page 131: Step-By-Step Instructions To Configure A Soho 6 Wireless Vpn Tunnel

    WatchGuard Web site: https://support.watchguard.com/AdvancedFaqs/sointerop_main.asp Special considerations Think about these points before you configure your WatchGuard SOHO 6 Wireless VPN network: • You can connect a maximum of six SOHO 6 Wireless appliances together in a star configuration. To configure more than one VPN tunnel, a WatchGuard Firebox II/III with the WatchGuard VPN Manager is necessary.

  • Page 132: Frequently Asked Questions

    If the settings are correct, make sure that the computers at Site B have access to the Internet. If this procedure does not give a solution, speak to a service person at your ISP . WatchGuard Firebox SOHO 6 Wireless...

  • Page 133: Set Up Multiple Soho-Soho Vpn Tunnels

    How do I enable a VPN tunnel? The instructions to help you enable a VPN tunnel are available from the WatchGuard Web site: https://support.watchguard.com/AdvancedFaqs/sointerop_main.asp Set Up multiple SOHO-SOHO VPN tunnels An administrator of a SOHO 6 Wireless can configure a maximum of six VPN tunnels to other SOHO 6 Wireless devices.
  • Page 134 From the navigation bar on the left side, select VPN => Manual VPN. The Manual VPN page opens. WatchGuard Firebox SOHO 6 Wireless...
  • Page 135 Set Up multiple SOHO-SOHO VPN tunnels Click Add to set up the VPN tunnel. The Add Gateway page opens. User Guide...
  • Page 136 The default values are “LocalID” and “RemoteID”. In the Type field, specify an IP Address or domain name. - If you set Main Mode, the Local ID Type and the Remote ID Type must contain IP addresses. WatchGuard Firebox SOHO 6 Wireless...
  • Page 137 12 Set the number of hours until negotiation expiration. 13 In the Diffie-Hellman Group drop-down list, set the group number. WatchGuard supports group 1 and group 2. Diffie-Hellman is a mathematical technique used to securely negotiate secret keys through a public network. Diffie-Hellman groups are collections of parameters used to achieve this.

  • Page 138: Configure Split Tunneling

    VPN tunnel is sent through the tunnel and the traffic for other Internet addresses is sent directly to the Internet. Split tunneling allows the control of access to Internet Web sites from one location. WatchGuard Firebox SOHO 6 Wireless...

  • Page 139: Muvpn Clients

    MUVPN Clients To set up split tunneling follow these steps: Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select VPN =>...

  • Page 140: View The Vpn Statistics

    System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select VPN => VPN Statistics. The VPN Statistics page opens. WatchGuard Firebox SOHO 6 Wireless...

  • Page 141: Chapter 10 Muvpn Clients

    MUVPN Clients CHAPTER 10 MUVPN clients uses Internet Protocol Security (IPSec) to establish a secure connection over an unsecured network from a remote computer to your protected network. For example, the MUVPN client is installed on an employee’s computer, on the road or working from home. The employee establishes a standard Internet connection and activates the MUVPN client.

  • Page 142: Configure The Soho 6 Wireless For Muvpn Clients

    With your Web browser, go to the System Status page using the Trusted IP address of the SOHO 6 Wireless. The default trusted IP address is either 192.168.111.1 for a wired computer and 192.168.112.1 for a wireless computer. WatchGuard Firebox SOHO 6 Wireless...
  • Page 143 Configure the SOHO 6 Wireless for MUVPN Clients From the navigation bar on the right side, select VPN => MUVPN Clients. The MUVPN Clients page appears. User Guide...
  • Page 144 Type the Virtual IP address which will be used by the MUVPN computer when connecting to the SOHO 6 Wireless in the appropriate field. Select the Authentication Algorithm. The options are MD5-HMAC and SHA1-HMAC. Select the Encryption Algorithm. The options are DES-CBC and 3DECS-CBC. WatchGuard Firebox SOHO 6 Wireless...

  • Page 145: Prepare The Remote Computers For The Muvpn Client

    Prepare the Remote Computers for the MUVPN Client From the VPN Client Type drop list, select Mobile User. 10 Enable the All traffic uses tunnel (0.0.0.0/0 Subnet) checkbox to force all traffic from the MUVPN client to go through IPSec tunnel.
  • Page 146 Type a name for the remote computer. must This be a unique name on the remote network. Type the domain name you are connecting to. This should be the same as the Logon to Windows NT domain value. WatchGuard Firebox SOHO 6 Wireless...
  • Page 147 Prepare the Remote Computers for the MUVPN Client Type a description for your computer (optional). Click OK. Click OK to close and save changes to the Network control panel. Click Cancel if you do not want to save any changes. Reboot the machine.
  • Page 148 Verify that the Enable DNS option has been enabled. Under the “DNS Server Search Order” heading, enter your DNS server IP address, then click the Add button. If you have multiple remote DNS servers repeat this step. WatchGuard Firebox SOHO 6 Wireless...

  • Page 149: Windows Nt Operating System Setup

    Prepare the Remote Computers for the MUVPN Client must list the DNS server on the Private network behind the Firebox first. Click the WINS Configuration tab. Verify that the Enable WINS Resolution option has been enabled. Under the “WINS Server Search Order” heading, enter your WINS server IP address, then click the Add button.
  • Page 150 You must configure the remote computer to use the WINS and DNS servers of the trusted network behind the Firebox. From the Windows desktop: Select Start => Settings => Control Panel. Double-click the Network icon. The Network window appears. Click the Protocols tab. WatchGuard Firebox SOHO 6 Wireless...

  • Page 151: Windows 2000 Operating System Setup

    Prepare the Remote Computers for the MUVPN Client Select the TCP/IP protocol and click the Properties button. The Microsoft TCP/IP Properties window appears. Click the DNS tab. Click the Add button. Type your DNS server IP address in the appropriate field. If you have multiple remote DNS servers repeat the previous three steps.
  • Page 152 Installing the File and Printer Sharing for Microsoft Networks From the Windows desktop: Select Start => Settings => Network and Dial-up Connections, then select the Dial-up connection you use to access the Internet. The connection window appears. Click the Properties button. WatchGuard Firebox SOHO 6 Wireless...
  • Page 153 Prepare the Remote Computers for the MUVPN Client Select the Networking tab and then click the Install button. The Select Network Component Type window appears. Double click the Services network component. The Select Network Service window appears. Select the File and Printer Sharing for Microsoft Networks Network Service and then click the OK button.
  • Page 154 10 Click the Add button. The TCP/IP Domain Suffix window appears. 11 Type your Domain suffix in the appropriate field. If you have multiple DNS suffixes repeat the last two steps. 12 Click the WINS tab. WatchGuard Firebox SOHO 6 Wireless...

  • Page 155: Windows Xp Operating System Setup

    Prepare the Remote Computers for the MUVPN Client 13 Under the “WINS addresses, in order of use” heading, click the Add button. The TCP/IP WINS Server window appears. 14 Type your WINS server IP address in the appropriate field, then click the Add button. If you have multiple remote DNS servers repeat the last two steps.
  • Page 156 The Select Network Component Type window appears. Double click the Services network component. The Select Network Service window appears. Select the File and Printer Sharing for Microsoft Networks Network Service and then click the OK button. WatchGuard Firebox SOHO 6 Wireless...
  • Page 157 Prepare the Remote Computers for the MUVPN Client Installing the Client for Microsoft Networks From the Windows desktop: Select Start => Control => Network Connections, then select the connection you use to access the Internet. The connection window appears. Click the Properties button. Select the Networking tab and then click the Install button.
  • Page 158 15 Click the OK button to close the Advanced TCP/IP Settings window. 16 Click the OK button to close the Internet Protocol (TCP/IP) Properties window. 17 Click the OK button to close the next window. WatchGuard Firebox SOHO 6 Wireless...

  • Page 159: Install And Configure The Muvpn Client

    Install and Configure the MUVPN Client 18 Click the Cancel button again to close the Dial-up connection window. Install and Configure the MUVPN Client The MUVPN installation files are available at the WatchGuard Web site: http://www.watchguard.com/support must In order to perform the installation process successfully, you into the remote computer with local administrator rights.
  • Page 160 Select the type of setup. By default, Typical is enabled–this is the setup recommended by WatchGuard. Click the Next button. If you are installing the client on a Windows 2000 host, the InstallShield detects the native Windows 2000 L2TP component. The client uses this component and does not need to install its own.
  • Page 161 For more information regarding ZoneAlarm, see “The ZoneAlarm Personal Firewall” on page 153. Configuring the MUVPN Client Once you have restarted the machine, the WatchGuard Policy Import dialog box appears. Click the Cancel button as this step is not necessary.
  • Page 162 IP address of the External interface in the available field. Defining the My Identity settings Follow these instructions to define the My Identity settings. From the Network Security Policy field, expand the new entry. The My Identity and Security Policy entries appear. WatchGuard Firebox SOHO 6 Wireless...
  • Page 163 Install and Configure the MUVPN Client Select My Identity. The My Identity and Internet Interface settings appear to the right. Select Options => Global Policy Settings. The Global Policy Settings dialog box appears. User Guide...
  • Page 164 This value appears by default. Select Any from the Name drop list. This is the default setting. 10 Click Pre-Shared Key. The Pre-Shared Key dialog box appears. 11 Click Enter Key. The text entry field is activated. WatchGuard Firebox SOHO 6 Wireless...
  • Page 165 Defining Phase 1 and Phase 2 settings Follow these instructions to define the phase 1 and phase 2 settings. Make certain that settings match exactly with those on the Firebox SOHO 6 Wireless appliance. From the Network Security Policy field, expand Security Policy.
  • Page 166 This is the default setting. Select Diffie-Hellman Group 1 from the Key Group drop list. Expand Key Exchange (Phase 2). A Proposal entry appears. Select Proposal 1. The IPSec Protocols settings appear to the right. WatchGuard Firebox SOHO 6 Wireless...
  • Page 167 Install and Configure the MUVPN Client 10 Select Both from the SA Life drop list and then type 86400 in the Seconds field and 8192 in the KBytes field. 11 Select None from the Compression drop list. This is the default setting. The SOHO 6 Wireless Firebox appliance does not support compression.

  • Page 168: Uninstall The Muvpn Client

    Uninstall the MUVPN client At some point, it may become necessary to completely uninstall the MUVPN client. WatchGuard recommends a complete uninstall using the Windows Add/Remove Programs tool. First, disconnect all existing tunnels and dial-up connections and reboot the remote computer. Then, from the Windows desktop: Select Start =>...

  • Page 169: Connect And Disconnect The Muvpn Client

    For information on how to determine the status of the MUVPN icon, see the following section “The Mobile User VPN client icon”. Then, from the Windows desktop: Select Start => Programs => Mobile User VPN => Connect. The WatchGuard Mobile User Connect widow appears. Click the Yes button. User Guide...

  • Page 170: The Mobile User Vpn Client Icon

    The red bar on the right of the icon indicates that the client has begun transmitting unsecured data. Activated and Connected The MUVPN client has established at least one secure, MUVPN tunnel connection but is not transmitting data. WatchGuard Firebox SOHO 6 Wireless...

  • Page 171: Allowing The Muvpn Client Through The Personal Firewall

    Connect and Disconnect the MUVPN Client Activated, Connected and Transmitting Unsecured Data The MUVPN client has established at least one secure, MUVPN tunnel connection. The red bar on the right of the icon indicates that the client is transmitting only unsecured data.
  • Page 172 Enable the Remember this answer the next time I use this program option and click the Yes button. This enables ZoneAlarm to allow the IreIKE.exe program through each time you attempt to make a MUVPN connection. WatchGuard Firebox SOHO 6 Wireless...

  • Page 173: Monitor The Muvpn Client Connection

    Monitor the MUVPN Client Connection Disconnecting the MUVPN client The MUVPN tunnel is independent of the Internet connection. Close the MUVPN tunnels when the remote computer encounters either of the following events. - Loses the Internet connection - No longer needs the MUVPN tunnel From the Windows desktop system tray: Right-click the Mobile User VPN client icon.

  • Page 174: The Log Viewer

    • A key indicates that the connection has a Phase 2 IPSec SA, or both a Phase 1 and Phase 2 SA. • A key with a black line moving below it indicates that the client is processing secure IP traffic for that connection. WatchGuard Firebox SOHO 6 Wireless...

  • Page 175: The Zonealarm Personal Firewall

    The ZoneAlarm Personal Firewall • When a single Phase 1 SA to a gateway protects multiple Phase 2 SAs, there is a single Phase 1 connection with the SA icon and individual Phase 2 connections with the key icon displayed above that entry. The ZoneAlarm Personal Firewall A personal firewall is a barrier between your computer and the outside world.

  • Page 176: Allowing Traffic Through Zonealarm

    Program Alert will be displayed on the Windows desktop informing the user which particular program needs access. Often, the program associated with the application is not readily indicative of the application the user is attempting to execute. WatchGuard Firebox SOHO 6 Wireless...
  • Page 177 The ZoneAlarm Personal Firewall In the example above, the Internet Explorer Web browser application has been launched and is attempting to access the users home page. The program which actually needs to pass through the firewall is “IEXPLORE.EXE”. In order to allow this program access each time the application is executed, enable the Remember the answer each time I use this program checkbox.

  • Page 178: Shutting Down Zonealarm

    Click the Yes button when prompted to quit ZoneAlarm. Uninstalling ZoneAlarm From the Windows desktop: Select Start => Programs => Zone Labs => Uninstall ZoneAlarm. The Confirm Uninstall dialog box appears. Click the Yes button. The ZoneLabs TrueVector service dialog box appears. WatchGuard Firebox SOHO 6 Wireless...

  • Page 179: Use The Muvpn Client To Enforce Your Corporate Policy

    Use the MUVPN Client to Enforce your Corporate Policy Click the Yes button to continue with uninstalling the TrueVector service and disable its Internet Security features. The Select Uninstall Method window appears. Verify that Automatic is selected and then click the Next button.
  • Page 180 From the navigation bar on the right side, select VPN => MUVPN Clients. The MUVPN Clients page appears. Click the Add button. The Edit MUVPN Client page appears. WatchGuard Firebox SOHO 6 Wireless...
  • Page 181 Use the MUVPN Client to Enforce your Corporate Policy Type a username in the Username field. This Username will be used as the E-mail Address when setting up the MUVPN client. Type a passphrase in the Passphrase field. This passphrase will be used as the Pre-Shared Key when setting up the MUVPN client.
  • Page 182 Type a unique name for the new connection. If this will be a unique policy for a specific user, enter a unique name to help identify it. For example, you may want to include the actual name of the end user. WatchGuard Firebox SOHO 6 Wireless...

  • Page 183: Defining The Security Policy Settings

    Use the MUVPN Client to Enforce your Corporate Policy Click to select the Secure option. This is the default setting. Click to select the Only Connect Manually checkbox. Select the IP Subnet option from the ID Type drop list. The Remote Part Identity and Addressing settings refresh to display the appropriate fields.

  • Page 184: Defining The My Identity Settings

    Follow these instructions to define the My Identity settings. From the Network Security Policy field, expand the new entry. The My Identity and Security Policy entries appear. Select My Identity. The My Identity and Internet Interface settings appear to the right. WatchGuard Firebox SOHO 6 Wireless...
  • Page 185 Use the MUVPN Client to Enforce your Corporate Policy Select Options => Global Policy Settings. The Global Policy Settings dialog box appears. Click to select the Allow to Specify Internal Network Address checkbox and then click OK. The Internal Network IP Address field appears among the My Identity settings.
  • Page 186 The Pre-Shared Key dialog box appears. 11 Click Enter Key. The text entry field is activated. 12 Type the exact text of the MUVPN client passphrase entered on the Firebox SOHO 6 Wireless appliance and then click OK. WatchGuard Firebox SOHO 6 Wireless...
  • Page 187 Defining Phase 1 and Phase 2 settings Follow these instructions to define the phase 1 and phase 2 settings. Make certain that settings match exactly with those on the Firebox SOHO 6 Wireless appliance. From the Network Security Policy field, expand Security Policy.
  • Page 188 10 Select Both from the SA Life drop list and then type 86400 in the Seconds field and 8192 in the KBytes field. 11 Select None from the Compression drop list. This is the default setting. The SOHO 6 Wireless appliance does not support compression. WatchGuard Firebox SOHO 6 Wireless...

  • Page 189: Troubleshooting Tips

    16 Once you have finished, select File => Save or click the button. Troubleshooting Tips WatchGuard maintains a knowledge base on our Web site, including an In-Depth FAQ section on configuring and using the MUVPN client. This is available at: www.watchguard.com/support...
  • Page 190 This is most likely due to the ZoneAlarm personal firewall application. This program is very good at what it does: keeping your computer secure from unauthorized incoming or outgoing traffic. Unfortunately, it may block your computer from WatchGuard Firebox SOHO 6 Wireless...

  • Page 191: My Mapped Drives Have A Red X Through Them

    Troubleshooting Tips broadcasting its network information thereby preventing the machine from sending the necessary login information. You should be certain to shut down ZoneAlarm each time you disconnect the MUVPN connection. Is the Mobile User VPN tunnel working? The Mobile User VPN client icon, which appears in the Windows desktop system tray once it has been launched, will display a key within the icon once the client has connected.

  • Page 192: It Takes A Really Long Time To Shut Down The Computer After Using Mobile User Vpn

    I lost the connection to my ISP, and now I can’t use the company network... If you lose Internet connection long enough, MUVPN also loses the secure tunnel. Follow the steps to close the tunnel. Then connect to the Internet and restart the MUVPN client. WatchGuard Firebox SOHO 6 Wireless...

  • Page 193: Chapter 11 Support Resources

    Support resources CHAPTER 11 Troubleshooting tips If you have problems during the installation and the configuration of your SOHO 6 Wireless, refer to this information. General What do the PWR, Status, and Mode lights signify on the SOHO 6 Wireless? When the PWR light is lit, the SOHO 6 Wireless is connected to a power source.
  • Page 194 How do I reset my System Security password, if I forgot or lost it? See “Factory default settings” on page 31. How does the seat limitation on the SOHO 6 Wireless work? See “Cabling the SOHO 6 Wireless for more than four appliances” on page 23. WatchGuard Firebox SOHO 6 Wireless...
  • Page 195 How do I install and configure the SOHO 6 Wireless using a Macintosh (or other) operating system? The installation instructions for the Macintosh and other operating systems are available from the WatchGuard Web site: https://support.watchguard.com/sohoresources/ How do I know whether the cables are connected correctly to my SOHO 6 Wireless? The front panel of the SOHO 6 Wireless has fourteen indicators.
  • Page 196 Record these addresses before you call Technical Support. What is the default trusted IP address? The default trusted IP address is either 192.168.111.1 for a wired computer and 192.168.112.1 for a wireless computer. WatchGuard Firebox SOHO 6 Wireless...
  • Page 197 Troubleshooting tips Configuration Where are the SOHO 6 Wireless settings stored? The configuration parameters are stored in memory of the SOHO 6 Wireless. How do I set up DHCP on the trusted network of the SOHO 6 Wireless? Make sure your computer is configured to use DHCP. See “Enable your computer for DHCP”...
  • Page 198 WebBlocker => Settings. The WebBlocker Settings page opens. Set the Enable WebBlocker check box. Set a full access password. Set the number of minutes for the inactivity timeout. To disable WebBlocker, reset Enable WebBlocker check box. WatchGuard Firebox SOHO 6 Wireless...
  • Page 199 Troubleshooting tips How do I allow incoming services such as POP3, Telnet, and Web (HTTP)? Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO 6 Wireless: The default IP address is: http://192.168.111.1 From the navigation bar on the left side, select Firewall =>...

  • Page 200: Vpn Management

    WatchGuard Firebox System software. Purchase the VPN Manager through the WatchGuard Web site: https://www.watchguard.com/products/vpnmanager.asp For more information on how to allow VPN Manager access to a SOHO 6 Wireless, see the WatchGuard Firebox VPN Guide. WatchGuard Firebox SOHO 6 Wireless...
  • Page 201 How do I set up VPN to a SOHO 6 Wireless? Information about how to configure a VPN tunnel between a SOHO 6 Wireless and another IPSec compliant appliance is available from the WatchGuard Web site: https://support.watchguard.com/AdvancedFaqs/sointerop_main.asp Log in to the site.

  • Page 202: Contact Technical Support

    Special notices • The online help system is not yet available on the WatchGuard Web site. Click on the Help link at the top of the System Status page to connect to the WatchGuard Product Documentation page, which has links to more information sources.

  • Page 203: Index

    Dynamic DNS client page Index dynamic DNS service, configuring 56–57 Dynamic Host Configuration Protocol. See DHCP dynamic IP addresses Numerics configuring for described 100 indicator events Add Route page described appliances External Network defined denying ping packets received blocked sites configuring File and Printer Sharing for Microsoft Blocked Sites page...
  • Page 204 11, 171, 172 Groups Logging link indicator Network Statistics LiveSecurity Service New User registering with Routes 47, 54 renewing subscription SOHO 6 Administration log host, setting WSEP Syslog Logging System Security 59, 60 log messages WatchGuard Firebox SOHO 6 Wireless...
  • Page 205 Upgrade serial number, location View Configuration File serial number, viewing VPN Manager Access services VPN Statistics allowing incoming WatchGuard Security Event creating custom 73–75 Processor creating custom incoming WebBlocker Groups described 5, 71 WebBlocker Settings services, add standard...
  • Page 206 171–180 requirements for Trusted Network special considerations for configuring additional computers troubleshooting connections viewing statistics denying FTP access to Trusted Network Configuration page 42, 45 WAN indicator WatchGuard Firebox SOHO 6 Wireless...
  • Page 207 WAN port WatchGuard Security Event Processor WatchGuard Security Event Processor page WebBlocker activating categories 101–104 configuring creating users and groups for database described enabling and disabling purchasing and activating users and groups WebBlocker Groups page WebBlocker Settings page WebBlocker upgrade, purchasing...
  • Page 208 Index WatchGuard Firebox SOHO 6 Wireless...

This manual is also suitable for:

Firebox soho 6tc wirelessBf4s16e5w

Table of Contents