Watchguard SOHO User Manual
  1. Manuals
  2. Brands
  3. Watchguard Manuals
  4. Firewall
  5. SOHO
  6. User manual

Watchguard SOHO User Manual

Version 5.0
Hide thumbs Also See for SOHO:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Feature Manual
WatchGuard
®
SOHO User Guide
SOHO and SOHO|tc version 5.0
WatchGuard SOHO and SOHO | tc

Advertisement

Table of Contents
loading

Related Manuals for Watchguard SOHO

Summary of Contents for Watchguard SOHO

  • Page 1 WatchGuard ® SOHO User Guide SOHO and SOHO|tc version 5.0 WatchGuard SOHO and SOHO | tc...

  • Page 3: Using This Guide

    Using this guide This guide assumes that you are familiar with your computer’s operating system. If you have questions about navigating in your computer’s environment, please refer to your system user manual. The following conventions are used throughout this guide. Convention Indication Bold type...

  • Page 4: Industry Canada

    • This device must accept any interference received, including interference that may cause undesired operation. CE Notice The CE symbol on your WatchGuard Technologies equipment indicates that it is in compliance with the Electromagnetic Compatibility (EMC) directive and the Low Voltage Directive (LVD) of the European Union (EU).
  • Page 5 Taiwanese Notice VCCI Notice Class A ITE User Guide 5.0...
  • Page 6 Declaration of Conformity...
  • Page 7 IMPORTANT - READ CAREFULLY BEFORE ACCESSING WATCHGUARD SOFTWARE This WatchGuard End-User License Agreement (“EULA”) is a legal agreement between you (either an individual or a single entity) and WatchGuard Technologies, Inc. (“WATCHGUARD”) for the WATCHGUARD software product you have purchased, which includes computer software...
  • Page 8 LIMITED WARRANTY. WATCHGUARD makes the following limited warranties for a period of ninety (90) days from the date you obtained the SOFTWARE PRODUCT from WATCHGUARD or an authorized dealer; (A) Media. The disks and documentation will be free from defects in materials and workmanship under normal use. If the disks or documentation fail to conform to this warranty, you may, as your sole and exclusive remedy, obtain a replacement free of charge if you return the defective disk or documentation to WATCHGUARD or the authorized dealer from whom you obtained the SOFTWARE PRODUCT with a dated proof of...
  • Page 9 DFARS 227.7202-3 (Commercial Computer Software) and DFARS 252.227-7015(b) (Technical Data-Commercial Items) -- Restricted Rights Clause at FAR 52.227-19, as applicable. Manufacturer is WatchGuard Technologies, Incorporated, 505 Fifth Avenue, South, Suite 500, Seattle, WA 98104. EXPORT CONTROLS. You agree not to directly or indirectly transfer the SOFTWARE PRODUCT or documentation to any country to which such transfer would be prohibited by the U.S.
  • Page 10 Technologies applicable specifications. This warranty does not apply to any Hardware Product that has been: (i) altered, repaired or modified by any party other than WatchGuard Technologies; or (ii) damaged or destroyed by accidents, power spikes or similar events or by any intentional, reckless or negligent acts or omissions of any party.
  • Page 11 Warranty. This is the entire agreement between WatchGuard Technologies and you relating to the contents of this package, and supersedes any prior purchase order, communications, advertising or representations concerning the contents of this package AND BY USING THE HARDWARE PRODUCT YOU AGREE TO THESE TERMS.
  • Page 12 Copyright and Patent Information Copyright © 1999-2001 WatchGuard Technologies, Inc. All rights reserved. WatchGuard and LiveSecurity are either registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and other countries. Firebox is a trademark of WatchGuard Technologies, Inc.

  • Page 13: Table Of Contents

    Registration and Identification Information How does a firewall work? How does information travel on the internet? How does the SOHO process this information? The SOHO Home Page—System Status ... 22 The Default Factory Settings ... 22 Rebooting a WatchGuard SOHO ...24...
  • Page 14 CHAPTER 4 The System Security Page ... 53 Setting up VPN Manager Access Update Your Configuration from a Non-Windows Platform Redeeming your SOHO upgrade certificates View the Configuration File Configuring Your Firewall Settings CHAPTER 5 Firewall settings Configuring Incoming and Outgoing Services...
  • Page 15 Configuring the SOHO WebBlocker WebBlocker categories Searching for blocked sites Configuring Virtual Private Networking CHAPTER 8 What you will need Step-by-step instructions for configuring a SOHO VPN tunnel ... 100 Frequently asked questions MUVPN Clients View the VPN Statistics Resources CHAPTER 9 Troubleshooting ...

  • Page 17: Chapter 1 Introduction

    DSL modem, a leased line, or ISDN. This User Guide applies to both the SOHO and the SOHO|tc–the name SOHO is used to refer to both these devices throughout the guide. The only difference between them is the ability to create and use a Virtual Private Network (VPN).

  • Page 18: Registration And Identification Information

    SOHO Serial Number: LiveSecurity User ID: Password: The SOHO serial number is located on the bottom of the SOHO unit. You create a LiveSecurity user ID and password when you register your WatchGuard SOHO or SOHO|tc. Please keep this information in a secure place.
  • Page 19 How does a firewall work? these dangers. As is illustrated in the image below, the SOHO physically seperates your trusted network from the Internet. Using rules we will discuss in Chapter 3: “Configuring Incoming and Outgoing Services” on page 63, the WatchGuard SOHO...

  • Page 20: How Does Information Travel On The Internet

    An IP address defines the specific computer on the Internet that should send or receive a packet. Every computer on the Internet has a unique address, including your SOHO device. When defining a service behind your firewall, you need to include the trusted network address for the machine hosting the application.

  • Page 21: How Does The Soho Process This Information

    However, due to the dynamic NAT feature, applications and servers on the Internet only see the public, external IP address of the SOHO itself and are never privy to the addresses in your trusted network address range when they exchange information with a computer behind your firewall.

  • Page 22: The Soho Home Page-System Status

    The SOHO Home Page—System Status The SOHO Home Page—System Status The System Status page is effectively the home page of the SOHO. A variety of information is revealed in an effort to provide you with a comprehensive display of the SOHO configuration.
  • Page 23 (such as a lost System Security passphrase) you may need to reset the SOHO to the factory defaults. To do this, you will need to remove the SOHO from your network disconnect the power, disconnect all cables, plug one end of an Ethernet cable into the WAN port in the back of the device and the other end into any of the other four (numbered 1-4) Ethernet ports.

  • Page 24: Rebooting A Watchguard Soho

    Rebooting a WatchGuard SOHO The Base Model SOHO The base model SOHO comes with a ten seat license, that is ten computers have access to the Internet through the SOHO. Remember, while only four devices connect directly to the four (numbered 1-4) Ethernet ports, one or more of these devices can be a hub or router.
  • Page 25 Rebooting a WatchGuard SOHO • Send an FTP command to the remote SOHO device. Use an FTP application to connect to the SOHO device, then enter the command: quote rebt User Guide 5.0...
  • Page 26 Rebooting a WatchGuard SOHO...

  • Page 27: Chapter 2 Getting Started

    If not, you will need to purchase a second Ethernet, RJ45 cable. Make sure that both cables are long enough to comfortably connect the modem to the SOHO and the SOHO to the computer in your individual office environment. User Guide 5.0...

  • Page 28: The Installation Process

    The Installation Process • An operational Internet connection. Setup of your SOHO requires access to the Internet. If your connection does not work, please contact your Internet service provider (ISP). When your connection has been established, you may proceed with installation and setup.
  • Page 29 Determine your current TCP/IP settings For your reference, record the computer’s current TCP/IP settings in the chart provided at the end of this section. Different operating systems will supply different information. To locate your settings: Microsoft Windows NT or 2000 Click =>...
  • Page 30 To configure a WatchGuard SOHO after it is installed, you must be able to access the special configuration pages that reside on the SOHO. If the HTTP proxy in your browser is enabled, you can not access these pages, and you can not complete the configuration process.
  • Page 31 HTTP will not prevent you from accessing your favorite Web sites, but it will allow you to access the special configuration pages that reside only on the SOHO. To disable the HTTP proxy in three commonly used browsers, see the instructions below. If your browser is not listed, see your browser Help menus to learn how to disable the HTTP proxy.

  • Page 32: Physically Connecting Your Soho

    Click to save the settings. Physically connecting your SOHO Your WatchGuard SOHO can be used to protect a single computer or a multi-computer network. It can also function as a hub to connect a variety of other devices. Cabling the SOHO for one to four devices The SOHO has four (numbered 1-4) Ethernet ports.
  • Page 33 Unplug the Ethernet cable that is connected from your DSL or cable modem to your computer and plug it into the WAN port on the SOHO unit. The SOHO unit is now connected directly to the modem. Plug the Ethernet cable supplied with your SOHO into any one of the four (numbered 1-4) Ethernet ports on the SOHO.
  • Page 34 The Installation Process Attach the power cord to the SOHO and plug it into an outlet. Restart your computer. For information on the factory default configuration options, see “The Default Factory Settings” on page 22. For specialized configurations, see “Configuring Your External Network” on page 37, as well as, “Configuring Your Trusted Network”...
  • Page 35 Internet will be allowed through the SOHO. If you would like to upgrade your SOHO to a twenty-five or fifty-seat user license, please visit: h t t p :/ /w w w .w a t c h g u a rd .
  • Page 36 The Installation Process...

  • Page 37: Setting Up Your Soho Network

    Configuring Your External Network When you configure the external network, you establish how the SOHO communicates with your Internet service provider (ISP). This configuration is very much dependent on how your ISP distributes network addresses–using DHCP or PPPoE.
  • Page 38 Configuring Your External Network method to distribute IP addresses is to use Dynamic Host Configuration Protocol (DHCP). When you connect your computer to the network, a DHCP server at your ISP automatically assigns it a network IP address. This eliminates the ISP from having to manually assign and manage IP addresses.
  • Page 39 Scroll through the list of installed network components. Double-click the TCP/IP network component which is bound to your Ethernet card. Look for (Ethernet) in parentheses. The TCP/IP Properties dialog box appears. User Guide 5.0 Configuring Your External Network...
  • Page 40 Configuring the SOHO External network for dynamic addressing Out of the box, the SOHO is configured to obtain its external address information automatically, using DHCP. If your ISP supports this method, the SOHO will obtain all the necessary address information when it powers on and attempts to connect to the Internet.
  • Page 41 SOHO Configuration pages. The SOHO supports a mini, onboard Web server which provides a Web page interface for configuring the unit. Therefore, the SOHO configuration pages are reached via your Web browser.
  • Page 42 Web pages installed on the SOHO itself. With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the left side, select Network =>...
  • Page 43 Enter the TCP/IP settings you copied from the computer when you started the install process. Click the Submit button. To complete the SOHO External Network configuration, see “Release and renew the IP configuration” on page 46. Configuring the SOHO external network for...
  • Page 44 Web pages installed on the SOHO itself. With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the left side, select Network =>...
  • Page 45 Enter the PPPoE password supplied by your ISP Click Automatically restore lost connections. This enables a constant flow of “heartbeat” traffic between the SOHO and the PPPoE server. In the event of routine packet loss, this option allows the SOHO to maintain the PPPoE connection. The SOHO may reboot to recover this connection if the heartbeat fails.

  • Page 46: Configuration Information

    Regardless of what type of addressing your computer used originally, it will now obtain this information from the SOHO using DHCP. To enable your computer to receive this information from the SOHO, you must force it to release and renew its IP configuration information. From your computer desktop: Click =>...

  • Page 47: Configuring Your Trusted Network

    Out of the box, the SOHO automatically uses DHCP to assign addresses to computers on your trusted network. In other words, every time you connect a computer to the SOHO, either directly or through a hub, it automatically attempts to obtain its addresses from the SOHO.
  • Page 48 Up to four computers can be plugged directly into the four (numbered 1-4) Ethernet ports of the SOHO. A larger number of computers can be networked together by using one or more 10BaseT Ethernet hubs with RJ-45 connectors. The SOHO system...

  • Page 49: Configuring Static Routes

    Ensure that any additional computer has an Ethernet card installed. Shut the computer down, connect it to the network the same way you did in “Cabling the SOHO for more than four computers” on page 34. Restart the computer. Set the computer to obtain its address dynamically.

  • Page 50: View The Network Statistics

    Enter the IP address and the Gateway of the route in the appropriate field. Click the Submit button. View the Network Statistics The SOHO has a configuration page which displays a variety of network statistics to assist you in monitoring data traffic as well as troubleshooting potential problems.
  • Page 51 Follow these instructions to view this page: With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the left side, select Network =>...
  • Page 52 View the Network Statistics...

  • Page 53: Your Administrative Options

    The System Security Page The System Security configuration page allows you to create secure settings in order to protect the configuration of your SOHO. Setting a System Administrator Name and System Passphrase allows you to protect the SOHO by using a simple authentication method.
  • Page 54 SOHO to its factory settings; please see “Resetting a SOHO to the Factory Defaults” on page 23, you will then need to reconfigure your SOHO.
  • Page 55 Follow these steps to setup the SOHO System Passphrase: With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1. From the navigation bar on the left side, select Administration =>...

  • Page 56: Setting Up Vpn Manager Access

    :/ /w w w .w a t c h g u a r d . c o m /p r o d u c t s /v p n m a n a g e r .a s p Follow these steps to setup VPN Manager access: With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO.
  • Page 57 Enable the checkbox labeled Enable VPN Manager Access. Enter the Status Passphrase in the appropriate field. Enter the Status Passphrase in the appropriate field again to confirm it. Enter the Configuration Passphrase in the appropriate field. Enter the Configuration Passphrase in the appropriate field again to confirm it.

  • Page 58: Update Your Configuration From A Non-Windows Platform

    Update Your Configuration from a Non-Windows Platform Update Your Configuration from a Non- Windows Platform If you are managing your SOHO from a computer running a operating system platform other than Windows (such as a Macintosh or Linux OS), you must update your firmware from this configuration page as firmware versions are released.
  • Page 59 SOHO. Once you have purchased an upgrade option and redeemed it, the Feature key stored on your unit is modified to enable the software upgrade. Follow these steps to redeem your upgrade certificate: With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO.
  • Page 60 Redeeming your SOHO upgrade certificates Upgrade certificates Seat Licenses The SOHO can be upgraded to provide for more seats than are available with the base model (for example, the 25 seat license certificate). These certificates must be purchased separately. IPSec Virtual Private Networking (VPN)

  • Page 61: View The Configuration File

    Follow these steps to view the file: With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the left side, select Administration =>...
  • Page 62 View the Configuration File...

  • Page 63: Configuring Your Firewall Settings

    Configuring Incoming and Outgoing Services By default, the security stance of the SOHO is to deny unsolicited incoming packets to computers on the trusted network protected User Guide 5.0...
  • Page 64 SOHO firewall. You can, however, selectively open your network to certain types of Internet connectivity. For example, if you would like to set up a Web server behind the SOHO, you can add an incoming Web service. It is important to remember that each service you add opens a small window into your trusted network and marginally reduces your security.
  • Page 65 In our example, 192.168.111.2. Click the Submit button. Creating a Custom Service In addition to the pre-configured services provided by the WatchGuard SOHO Configuration interface, you can create a User Guide 5.0 Configuring Incoming and Outgoing Services...
  • Page 66 Follow these steps to create a custom service for either TCP or UDP ports: With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the left side, select Firewall =>...

  • Page 67: Blocking External Sites

    10 Click the Submit button. Blocking External Sites By default, the security stance of the SOHO is to deny all incoming packets from the Internet to computers on the trusted network protected by the SOHO firewall. However, if a user initiates contact with an external site, the return traffic will be allowed through the firewall.
  • Page 68 Blocking External Sites Follow these steps to configure blocked sites: From the navigation bar on the left side, select Firewall => Blocked Sites. The Blocked Sites page appears. Select either Host IP Address, Network IP Address, or Host Range from the drop list. The configuration page refreshes.

  • Page 69: Firewall Options

    Click the Submit button. Firewall Options The SOHO firewall feature includes a few rule settings which are less specific then the service settings discussed previously and can be used to provide further security for your private network. These options are found on the Firewall Options page.

  • Page 70: Ping Requests Received On The External Network

    Firewall Options Ping requests received on the External Network You can configure the SOHO to deny all ping packets which it may receive on the external interface. Enable the checkbox labeled Do not respond to PING requests received on External Network.
  • Page 71 Denying FTP access to the Trusted Network interface You can configure the SOHO to deny FTP access to Trusted interface. Enable the checkbox labeled Do not allow FTP access to Trusted Network. Click the Submit button. When performing an update of the system firmware, this option must be disabled or the procedure will fail an the unit becomes unrecoverable and must be reset to the factory defaults.
  • Page 72 Configure the particular application so that it will DNS look-ups with SOCKS. However, some applications use only DNS through SOCKS and therefore will not function properly with the SOHO. • Compatible SOCKS-aware applications that can be used through the SOHO include ICQ, IRC, and AOL Messenger.

  • Page 73: Logging All Allowed Outbound Traffic

    Disable the checkbox labeled Disable SOCKS proxy. This enables the SOHO to act as a SOCKS proxy. Click the Submit button. The SOHO is enabled again as a Proxy server and ready to pass SOCKS packets. Logging all allowed outbound traffic By default, the SOHO logs only particular events and not all traffic passing through it.

  • Page 74: Creating A Virtual Dmz

    Access. Click the Submit button. Creating a virtual DMZ The SOHO can be configured to allow traffic to be passed through to a dedicated machine that has been separated from the rest of the Trusted Network. Follow these steps to configure DMZ pass through: With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO.
  • Page 75 Enable the checkbox labeled Enable pass through address. Enter the IP address to the pass through machine in the appropriate field. Click the Submit button. User Guide 5.0 Creating a virtual DMZ...
  • Page 76 Creating a virtual DMZ...

  • Page 77: What Is Logging

    Viewing SOHO log messages The WatchGuard SOHO generates an ongoing activity log stored on the SOHO: The Event Log. This log stores a maximum of 150 messages. When it reaches its maximum, the oldest message is deleted.

  • Page 78: Setting A Watchguard Security Event Processor Log Host

    Follow these steps to view these log messages: With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1.
  • Page 79 Setting a WatchGuard Security Event Processor log host Enable the checkbox labeled Enable WatchGuard Security Event Processor Logging. Enter the IP address of the WSEP server that will be your Log Host in the appropriate field. In our example, 206.253.208.100. In the Log Encryption Key field, enter a passphrase that will serve as a password to gain access to the log server.

  • Page 80: Setting A Syslog Host

    Setting a Syslog Host Setting a Syslog Host The SOHO can also be configured to transmit log entries to a Syslog host. Follow these steps to setup a Syslog Host: With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO.

  • Page 81: Setting The System Time

    Click the Submit button. Setting the System Time The SOHO stamps each log entry with the time that the event occurred. By default, the SOHO is set to record event times in seconds beginning from the last time the unit was rebooted.
  • Page 82 Setting the System Time If you have decided to use the WatchGuard Time Server: Enable the option labeled Get Time From WatchGuard Time Server. Or, if you have decided to use a TCP Port 37 Time Server: Enable the option labeled Get Time From TCP Port 37 Time Server at.
  • Page 83 • Enable the checkbox labeled Set to GMT. If you want to have your log messages sync with your computer: • Click the Sync Time Now button. User Guide 5.0 Setting the System Time...
  • Page 84 Setting the System Time...

  • Page 85: Watchguard Soho Webblocker

    WatchGuard SOHO CHAPTER 7 WebBlocker WatchGuard SOHO WebBlocker is an optional feature of the WatchGuard SOHO and SOHO|tc that provides Web site filtering capabilities. It gives you precise control over the types of Web sites users on your trusted network are allowed to view.

  • Page 86: Watchguard Webblocker Database Unavailable

    How WebBlocker works site, the SOHO queries the WatchGuard database and determines whether or not to block the site. The SOHO considers the following conditions in determining whether or not to block the site: Web site not in WebBlocker database If the site is not in the WatchGuard WebBlocker database, the Web browser opens the page for viewing.

  • Page 87: Purchasing And Enabling Soho Webblocker

    Occasionally, you may want to allow select individuals to bypass the filtering functions of SOHO WebBlocker. For example, if you are using the SOHO at your remote office as a telecommuter, you may want to block a particular category from your children while still retaining access for the adults in the household.

  • Page 88: Configuring The Soho Webblocker

    Users feature option). With your Web browser, go to the SOHO Configuration Settings page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the left side, select WebBlocker =>...
  • Page 89 Web browsers will be disconnected after sitting idle for 15 minutes. If you intend to use WebBlocker Groups and Users, enable the Require Web users to authenticate checkbox. Click the Submit button to register your changes. User Guide 5.0 Configuring the SOHO WebBlocker...
  • Page 90 WebBlocker without selecting a Group. With your Web browser, go to the SOHO Configuration Settings page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the left side, select WebBlocker =>...
  • Page 91 A new Groups page appears indicating the configuration changes have been accepted and providing access to creating users. To the right of the “Users” field, click the New button. The New User page appears. User Guide 5.0 Configuring the SOHO WebBlocker...
  • Page 92 Configuring the SOHO WebBlocker Enter a unique User name and Passphrase (remember to confirm the Passphrase). Use the Group drop down list to assign the new user to a given group. In our example, we have assigned the User “rodolfo” to the Group “chicosmalos”...

  • Page 93: Webblocker Categories

    WebBlocker categories WebBlocker relies on a URL database, the CyberNOT list, a service of CyberPatrol. The WebBlocker database contains many thousands of IP addresses and directories. These addresses are divided into categories based on content such as Drug Culture, Intolerance, or Sexual Acts. CyberPatrol constantly searches the Internet to update the list of blocked sites.
  • Page 94 WebBlocker categories measures. Topic includes groups that advocate violence as a means to achieve their goals. It also includes pages devoted to “how to” information on the making of weapons (for both lawful and unlawful reasons), ammunition, and pyrotechnics. Drug Culture Pictures or text advocating the illegal use of drugs for entertainment.
  • Page 95 of maiming, bloody figures, and indecent depiction of bodily functions. Violence/Profanity Pictures or text exposing extreme cruelty or profanity. Cruelty is defined as: Physical or emotional acts against any animal or person that are primarily intended to hurt or inflict pain. Topic includes obscene words, phrases, and profanity in either audio, text, or pictures.

  • Page 96: Searching For Blocked Sites

    Searching for blocked sites adult personals, and sites devoted to selling pornographic CD-ROMs and videos. Full Nudity Pictures exposing any or all portions of human genitalia. Topic does not include sites categorized as Partial/Artistic Nudity containing partial nudity of a wholesome nature. For example, it does not include Web sites for publications such as National Geographic or Smithsonian magazine nor sites hosted by museums such as the Guggenheim, the...

  • Page 97: Configuring Virtual Private Networking

    Configuring Virtual CHAPTER 8 Private Networking This chapter describes an optional feature of the WatchGuard SOHO: Virtual Private Networking (VPN) with IPSec. The following WatchGuard SOHO products support IPSec tunnels: • WatchGuard SOHO with VPN option enabled • WatchGuard SOHO|tc...

  • Page 98: What You Will Need

    • One WatchGuard SOHO with VPN and an IPSec-compliant device. While you can create a SOHO to SOHO VPN, you can also create a VPN with a WatchGuard Firebox or other IPSec-compliant devices. • The following information from your Internet service...
  • Page 99 IP Address Table (example): Item Description External IP The IP address that identifies the SOHO to the Internet. Address Site A: 207.168.55.2 Site B: 68.130.44.15 External The overlay of bits that determines which part of the IP Subnet Mask address identifies your network. For example, a Class C address licenses 256 addresses and has a netmask of 255.255.255.0.

  • Page 100: Step-By-Step Instructions For Configuring A Soho Vpn Tunnel

    Step-by-step instructions for configuring a SOHO VPN tunnel WatchGuard has developed a series of step-by-step instructions to facilitate configuration for a SOHO VPN tunnel to any of several other IPSec-compliant devices. To download these instructions, using your Web browser, go to: h t t p :/ /w w w .w a t c h g u a rd .

  • Page 101: Frequently Asked Questions

    Frequently asked questions Why do I need a static external address? To create a VPN connection, one SOHO must be able to find its partner device. If the addresses were allowed to change, the SOHO could not find its remote computer.
  • Page 102 Firebox. How do I troubleshoot the connection? If you can ping the remote SOHO and computers behind it, your VPN tunnel is up and running. Any remaining problems are probably caused by the MS Networking or the applications being used.

  • Page 103: Muvpn Clients

    _ m a in . a sp MUVPN Clients The SOHO can be upgraded to use the MUVPN clients option. This feature allows single remote users to securely connect to the SOHO through an IPSec VPN tunnel and access network resources on the Trusted network.
  • Page 104 View the VPN Statistics...

  • Page 105: Chapter 9 Resources

    For example, if using the default IP address, go to: http://192.168.111.1 Click the Reboot button. Wait for the SOHO to finish rebooting. The MODE light on the front of the SOHO will turn off, then back on. User Guide 5.0...
  • Page 106 What do the ON and MODE lights signify on the SOHO? When the ON light is illuminated, the SOHO has power. When the MODE light is illuminated, the SOHO is operational. If the ON light is blinking it is indicative of a couple of concerns: •...
  • Page 107 Factory Defaults” on page 23. How does the seat limitation on the SOHO work? The default user license on the SOHO is 10. The first 10 computers on the network behind the SOHO to access the Internet are allowed through the SOHO. To clear the list of these first 10 computers you will need to reboot the SOHO.
  • Page 108 The Link lights numbered 1 through 4 correspond to the four number Ethernet ports for the Trusted network. They tell you if the SOHO is connected to a computer or hub. If the lights are not illuminated, the SOHO is not connected to the computer or hub.
  • Page 109 “Release and renew the IP configuration” on page 46. With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the left side, select Network =>...

  • Page 110: Submit Button

    172.16.x.x 192.168.x.x To change to a static trusted IP address: With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the left side, select Network =>...
  • Page 111 How do I allow incoming services such as POP3, Telnet, and Web (HTTP)? With your Web browser, go to the SOHO System Status page using the Trusted IP address of the SOHO. For example, if using the default IP address, go to: http://192.168.111.1 From the navigation bar on the left side, select Firewall =>...

  • Page 112: Vpn Management

    10 Click the Submit button. VPN Management Before setting up a VPN, you must have the following: • Two properly configured and working SOHOs or one SOHO and one Firebox with the latest version of firmware. Each SOHO must have the VPN option enabled.
  • Page 113 • The same authentication method for each end (MD-5 or SHA-1). How do I set up my SOHO for VPN Manager Access? This requires the add-on product, WatchGuard VPN Manager software, which is purchased separately. To purchase VPN Manager, use your Web browser to go to: h t t p s : // ww w .

  • Page 114: Contacting Technical Support

    Contacting Technical support Contacting Technical support (877) 232-3531 (206) 521-8375 (360) 482-1083 Online Documenting and In-Depth FAQs WatchGuard maintains an extensive knowledge base consisting of product documentation in the form of printer friendly .pdf files, tutorials, In-Depth FAQs, and more. This information is available h t t p s :/ /s u p p o rt .
  • Page 115 WebBlocker Browser Netscape 4.0 disabling HTTP proxy Browsers, supported Cables, required Cabling, new SOHO Categories, WebBlocker certification, FCC Checklist, pre-installation Configure PPPoE client Copyright Information Custom incoming services, creating Cyber Patrol, copyright information Database WebBlocker Default gateway...
  • Page 116 HTTP proxy disabling ICQ, enable with SOCKS ICQ, IRC, AOL Messenger Incoming service creating custom Information copyright patent Installation cabling the SOHO manual pre-installation checklist Introduction information & Internet IP address port number protocol services IP address reason for static...
  • Page 117 Macintosh, setting TCP/IP Manual installation Masquerading Network private network default factory settings Network Address Translation Part number, SOHO Password saving Patent Information Ping Port number, introduction PPPoE, configuring client Pre-configured service, adding Pre-installation, checklist Private network setting default factory settings...
  • Page 118 adding pre-configured creating custom incoming Services, introduction SOCKS and ICQ and IRC SOCKS and AOL Messenger Static IP address 98, 99 Static IP address, reason for TCP/IP releasing IP configuration setting in Macintosh setting in Unix, Linux, etc. setting in Windows ’95, ’98 Troubleshooting checking link LED connecting more than two offices...

This manual is also suitable for:

Soho tc

Table of Contents