Page 1 WatchGuard ® Firebox System ® Reference Guide WatchGuard Firebox System...
Page 2 No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc. Copyright, Trademark, and Patent Information Copyright©...
Page 3 Hudson (tjh@cryptsoft.com). © 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code;...
Page 4 Portions of this software are based upon public domain software originally written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign. All other trademarks or trade names mentioned herein, if any, are the property of their respective owners. Part No: WFS Software Number 7.0 WatchGuard Firebox System...
Page 5: Table Of Contents
Internet Protocol Options Transfer Protocols ICMP Other protocols Standard Ports and Random Ports CHAPTER 2 CHAPTER 3 Ports Used by WatchGuard Products Ports used by Microsoft Products Well-Known Services List CHAPTER 4 Packet Filter Services Reference Guide Internet Protocol Reference ...
Page 6 ... 49 ... 50 ... 50 ... 50 ... 51 ... 51 ... 52 ... 52 ... 53 ... 53 ... 55 ... 55 ... 55 ... 56 ... 56 ... 57 ... 58 ... 58 ... 59 WatchGuard Firebox System...
Page 7 TFTP Timbuktu Time traceroute WAIS WatchGuard WatchGuard Encrypted Connections WatchGuard Logging WGAgent whois Proxied Services DCE-RPC H323 HTTP Proxied-HTTP RTSP SMTP CHAPTER 5 CHAPTER 6 Publishers Books Non-Fiction Fiction White Papers & Requests for Comments Mailing Lists Web Sites Newsgroups...
Page 8 ... 160 ... 160 ... 160 ... 161 ... 162 ... 98 ... 99 ... 100 ... 102 ... 102 ... 104 ... 105 ... 153 ... 153 ... 154 ... 155 ... 155 ... 156 ... 161 WatchGuard Firebox System...
Page 9 Add Firebox Group dialog box Add IP Address dialog box Add Member dialog box Add Port dialog box Add Route dialog box Add Service dialog box Add Static NAT dialog box Advanced DVCP Policy Configuration dialog box Advanced Dynamic NAT dialog box Advanced Export File Preferences dialog box Advanced Mobile User VPN Policy Configuration dialog Aliases dialog box...
Page 10 ... 209 ... 212 ... 212 ... 214 ... 219 ... 219 ... 220 ... 222 ... 222 ... 223 ... 225 ... 225 ... 225 ... 225 ... 226 ... 228 ... 228 ... 229 WatchGuard Firebox System ... 208...
Page 11 Setup Routes dialog box Slash Notation dialog box SpamScreen dialog box WatchGuard Find dialog box WatchGuard VPN dialog box Firebox Monitors Add Displayed Service dialog box Remove Site dialog box View Properties dialog box Historical Reports Add Report Filter dialog box...
Page 12 WatchGuard Firebox System...
Page 13: Chapter 1 Internet Protocol Reference
Internet Protocol Reference CHAPTER 1 Internet Protocol (IP) specifies the format of packets and the addressing scheme for sending data over the Internet. By itself, it functions like a postal system allowing you to address a package and drop it into the system.
Page 14: Ip Header Number List
Checksum for the IP header 32 bits Source IP address 32 bits Destination IP address 24 bits IP Options (Present if IHL is 6) Number Protocol Reserved Internet Control Message Internet Group Management Gateway-to-Gateway IP-within-IP (encapsulation) Stream WatchGuard Firebox System...
Page 15 Keyword BBN-RCC- NVP-II ARGUS EMCON XNET CHAOS DCN-MEAS XNS-IDP TRUNK-1 TRUNK-2 LEAF-1 LEAF-2 IRTP ISO-TP4 NETBLT MFE-NSP MERIT-INP Reference Guide Number Protocol Transmission Control Protocol Exterior Gateway Protocol Any private interior gateway BBN RCC Monitoring Network Voice Protocol ARGUS EMCON Cross Net Debugger Chaos User Datagram Protocol...
Page 16 Integrated Net Layer Security TUBA IP with Encryption NBMA Next Hop Resolution Protocol 55-60 Unassigned Any host internal protocol CFTP Any local network SATNET and Backroom EXPAK Kryptolan MIT Remote Virtual Disk Protocol Internet Pluribus Packet Core Any distributed file system WatchGuard Firebox System...
Page 17 Keyword SAT-MON VISA IPCV CPNX CPHB BR-SAT- SUN-ND WB-MON WB-EXPAK ISO-IP VMTP SECURE- VMTP VINES NSFNET-IGP IGRP OSPFIGP SPRITE-RPC LARP AX.25 IPIP MICP Reference Guide Number Protocol SATNET Monitoring VISA Protocol Internet Packet Core Utility Computer Protocol Network Executive Computer Protocol Heart Beat Wang Span Network Packet Video Protocol Backroom SATNET Monitoring...
Page 18: Internet Protocol Options
The record route option was originally intended for use in testing the Internet. Unfortunately, record route can record only ten IP Number Protocol Semaphore Communications Security Protocol Ethernet-within-IP Encapsulation Encapsulation Header Any private encryption scheme GMTP 101-254 Unassigned Reserved WatchGuard Firebox System...
Page 19: Transfer Protocols
addresses. On the present Internet, typical long-haul transmissions can involve twenty or thirty hops, rendering the record route option obsolete. Time Stamp The time stamp option helps measure network propagation delays. This task is done more effectively, however, with higher- level time protocols or time-stamp messages.
Page 20: Tcp
ICMP packet is the ICMP redirect packet, which can change routing information on the machines that receive it. Other protocols The vast majority of the traffic on the Internet uses one of the three protocols mentioned in the previous section. Some other protocols are as follows: WatchGuard Firebox System...
Page 21: Standard Ports And Random Ports
IGMP (Internet Group Multicast Protocol) A protocol primarily designed for hosts on multiaccess networks to inform locally attached routers of their group membership information. IPIP (IP-within-IP) An encapsulation protocol used to build virtual networks over the Internet. GGP (Gateway-Gateway Protocol) A routing protocol used between autonomous systems.
Page 22 CHAPTER 1: Internet Protocol Reference WatchGuard Firebox System...
Page 23: Chapter 2 Mime Content Types
People are probably most familiar with the MIME content types sent in email. The WatchGuard Proxied HTTP service uses content-type headers to determine whether to allow or deny an HTTP transaction. Use Policy Manager to configure the Proxied HTTP service to allow or deny content- types.
Page 24 CHAPTER 2: MIME Content Types In addition, WatchGuard encourages you to email requests for inclusion of new content types in our master list to: manual@watchguard.com Type text Subtype plain richtext enriched tab-separated-values html sgml vnd.latex-z vnd.fmi.flexstor uri-list vnd.abc rfc822-headers vnd.in3d.3dml prs.lines.tag...
Page 25 text multipart message application Reference Guide t140 vnd.ms-mediapackage vnd.IPTC.NewsML vnd.IPTC.NITF vnd.curl vnd.DMClientScript parityfec mixed alternative digest parallel appledouble header-set form-data related report voice-message signed encrypted byteranges rfc822 partial external-body news http delivery-status disposition-notification s-http octet-stream [RFC2793] [Nelson] [IPTC] [IPTC] [Hodge] [Bradley] [RFC3009] [RFC2045, RFC2046]...
Page 26 Larry Campbell] [Ehud Shapiro] [Paul Lindner] [MacMime, Patrick Faltstrom] [MacMime, Patrik Faltstrom] [RFC1036, Henry Spencer] [RFC1036, Henry Spencer] [Paul Lindner] [Paul Lindner] [Paul Lindner] [Paul Lindner] [Paul Lindner] [RFC1486, Rose] [Van Nostern] [Eastlake] [Glazer] [Parks] [Smith] [Katz] WatchGuard Firebox System...
Page 27 application Reference Guide x400-bp sgml cals-1840 pgp-encrypted pgp-signature pgp-keys vnd.framemaker vnd.mif vnd.ms-excel vnd.ms-powerpoint vnd.ms-project vnd.ms-works vnd.ms-tnef vnd.svd vnd.music-niff vnd.ms-artgalry vnd.truedoc vnd.koan vnd.street-stream vnd.fdf set-payment-initiation set-payment set-registration-initiation set-registration vnd.seemail vnd.businessobjects vnd.meridian-slingshot vnd.xara sgml-open-catalog vnd.rapid vnd.enliven [RFC1494] [RFC1874] [RFC1895] [RFC3156] [RFC3156] [RFC3156] [Wexler] [Wexler] [Gill]...
Page 28 [Fujii] [Fujii] [Fujii] [Fujii] [Tomasello] [Tomasello] [Alvestrand] [Solomon] [Solomon] [Solomon] [Doggett] [Rehem] [Domino] [Selzler] [Selzler] [Selzler] [Selzler] [Applebaum] [Klos] [Herzberg] [Yoshitake] [Yoshitake] [Yoshitake] [Yoshitake] [Pentecost] [Pentecost] [Pentecost] [Adams] [Floersch] [Gurak] WatchGuard Firebox System...
Page 29 application Reference Guide vemmi vnd.ms-asf vnd.ecdis-update vnd.powerbuilder6 vnd.powerbuilder6-s vnd.lotus-wordpro vnd.lotus-approach vnd.lotus-1-2-3 vnd.lotus-organizer vnd.lotus-screencam vnd.lotus-freelance vnd.fujitsu.oasys vnd.fujitsu.oasys2 vnd.swiftview-ics vnd.dna prs.cww vnd.wt.stf vnd.dxr vnd.mitsubishi.misty- guard.trustweb vnd.ibm.modcap vnd.acucobol vnd.fujitsu.oasys3 marc vnd.fujitsu.oasysprs vnd.fujitsu.oasysgp vnd.visio vnd.netfpx vnd.audiograph vnd.epson.salt vnd.3M.Post-it-Notes [RFC2122] [Fleischman] [Buettgenbach] [Guy] [Guy] [Wattenberger] [Wattenberger] [Wattenberger] [Wattenberger]...
Page 30 [Swenson] [Swenson] [Swenson] [Simpson] [Dellutri] [RFC2311] [RFC2311] [RFC2311] [Yellow] [Olsson] [Olsson] [Olsson] [Olsson] [Olsson] [Olsson] [RFC1767] [RFC1767] [RFC1767] [Bartram] [Bartram] [Holstage] [Aubrey] [Taguchi] [RFC3023] [RFC3023] [RFC3023] [Mori] [Mori] [Natarajan] WatchGuard Firebox System...
Page 31 application Reference Guide vnd.intu.qbo vnd.publishare-delta-tree vnd.cybank batch-SMTP vnd.uplanet.alert vnd.uplanet.cacheop vnd.uplanet.list vnd.uplanet.listcmd vnd.uplanet.channel vnd.uplanet.bearer-choice vnd.uplanet.signal vnd.uplanet.alert-wbxml vnd.uplanet.cacheop-wbxml vnd.uplanet.list-wbxml vnd.uplanet.listcmd-wbxml vnd.uplanet.channel-wbxml vnd.uplanet.bearer-choice-wbxml vnd.epson.quickanime vnd.commonspace vnd.fut-misnet vnd.xfdl vnd.intu.qfx vnd.epson.ssf vnd.epson.msf vnd.powerbuilder7 vnd.powerbuilder7-s vnd.lotus-notes pkixcmp vnd.wap.wmlc vnd.wap.wmlscriptc vnd.motorola.flexsuite [Scratchley] [Ben-Kiki] [Helmee] [RFC2442] [Martin] [Martin] [Martin] [Martin] [Martin]...
Page 32 [Stark] [Patton] [Patton] [Patton] [Patton] [Patton] [Patton] [Manning] [Leow] [Leow] [T.Sugimoto] [RFC2910] [RFC2560] [RFC2560] [Smolgovsky] [Flurry] [Gandert] [Gandert] [Gupta] [RFC2585] [RFC2585] [Kabayama] [Kabayama] [Kabayama] [Kabayama] [Kabayama] [Sweet] [Sweet] [Sweet] [RFC2652] [RFC2652] WatchGuard Firebox System...
Page 33 application Reference Guide index.response index.obj index.vnd vnd.triscape.mxs vnd.powerbuilder75 vnd.powerbuilder75-s vnd.dpgraph http vnd.eudora.data vnd.fujixerox.docuworks.binder vnd.vectorworks vnd.grafeq vnd.bmi vnd.ericsson.quickcall vnd.hzn-3d-crossword vnd.wap.slc vnd.wap.sic vnd.groove-injector vnd.fujixerox.ddd vnd.groove-account vnd.groove-identity-message vnd.groove-tool-message vnd.groove-tool-template vnd.groove-vcard vnd.ctc-posml vnd.canon-lips vnd.canon-cpdl vnd.trueapp vnd.s3sms iotp [RFC2652] [RFC2652] [RFC2652] [Simonoff] [Shilts] [Shilts] [Parker] [RFC2616] [RFC2327] [Resnick]...
Page 34 [Gotoh] [Lefevre] [Gales] [Borcherding] [Ledoux] [Patz] [Hoshina] [RFC2957] [RFC2958] [McDaniel] [RFC3009] [Peacock] [D.Smith] [Welsh] [RFC3029] [RFC3028] [Risher] [Jones] [RFC3080] [RFC3073] [Le Bodic] [Moskowitz] [Devasia] [Devasia] [Hess] [Buis] [Knowles] [Bruno] [Bruno] [Dani] [Lamb] WatchGuard Firebox System...
Page 35 image audio Reference Guide isup qsig timestamp-query timestamp-reply vnd.pwg-xhtml-print+xml jpeg g3fax tiff naplps vnd.dwg vnd.svf vnd.dxf vnd.fpx vnd.net-fpx vnd.xiff prs.btif vnd.fastbidsheet vnd.wap.wbmp prs.pti vnd.cns.inf2 vnd.mix vnd.fujixerox.edmics-rlc vnd.fujixerox.edmics-mmr vnd.fst basic 32kadpcm vnd.qcelp [RFCISUP] [RFCISUP] [RFC3161] [RFC3161] [Wright] [RFC2045,RFC2046] [RFC2045,RFC2046] [RFC1314] [RFC1494] [RFC2302] [Francis] [Ferber]...
Page 36 [Strazds] [Vaudreuil] [Vaudreuil] [Vaudreuil] [Vaudreuil] [Parsons] [McLaughlin] [McLaughlin] [RFC2586] [Cicelsky] [RFC2833] [RFC2833] [Walleij] [Fox] [Fox] [RFC3003] [RFC3009] [RFC3016] [Fox] [RFC3047] [RFC3119] [Kumar] [RFC2045,RFC2046] [Paul Lindner] [Wolfe] [McGinty] [McGinty] [Fuldseth] [RFC2862] [RFC3009] Recktenwald] WatchGuard Firebox System...
Page 37 model model Reference Guide MP4V-ES vnd.nokia.interleaved-multimedia iges vrml mesh vnd.dwf vnd.gtw vnd.flatland.3dml vnd.vtu vnd.mts vnd.gdl vnd.gs-gdl vnd.parasolid.transmit.text vnd.parasolid.transmit.binary [RFC3016] [Kangaslampi] [RFC2077] [Parks] [RFC2077] [RFC2077] [Pratt] [Ozaki] [Powers] [Rabinovitch] [Rabinovitch] [Babits] [Babits] [Dearnaley, Juckes] [Dearnaley, Juckes]...
Page 38 CHAPTER 2: MIME Content Types WatchGuard Firebox System...
Page 39: Chapter 3 Services And Ports
Services and Ports CHAPTER 3 Well-known services are a combination of port number and transport protocol for specific, standard applications. This chapter contains several tables that list service names, port number, protocol, and description. Reference Guide...
Page 40: Ports Used By Watchguard Products
CHAPTER 3: Services and Ports Ports Used by WatchGuard Products The WatchGuard Firebox, Management Station, and WatchGuard Security Event Processor use several ports during normal functioning. Port # 4100 4101 4105 4106 4107 4103 4102 Protocol Purpose Authentication applet WSEP and Management Station...
Page 41: Ports Used By Microsoft Products
Ports used by Microsoft Products Port # 137, 138 67, 68 137, 138 137, 138 1723 137, 138 137, 138 137, 138 Reference Guide Protocol Purpose Browsing DHCP Lease DHCP Manager Directory Replication DNS Administration DNS Resolution Event Viewer File Sharing Logon Sequence NetLogon Pass Through Validation...
Page 42: Well-Known Services List
CHAPTER 3: Services and Ports Well-Known Services List In addition to the ports used by services described above, WatchGuard maintains a list of well-known services. Because software developers regularly add new services, this does not represent a comprehensive list of all possible services. For more information, see J. Reynolds and J.
Page 43 Service Name Port # tcpmux compressnet echo discard systat daytime qotd chargen ftp-data telnet smtp nsw-fe msg-icp msg-auth time graphics nameserver nicname mpm-flags mpm-snd ni-ftp Reference Guide Protocol Description TCP/UDP TCP Port Service Multiplexer TCP/UDP Management Utility TCP/UDP Remote Job Entry TCP/UDP Echo TCP/UDP...
Page 44 TCP/UDP Remote Job Service TCP/UDP Remote Job Service TCP/UDP Remote Job Service TCP/UDP Remote Job Service TCP/UDP Distributed External Object Store TCP/UDP vettcp TCP/UDP Finger TCP/UDP World Wide Web HTTP TCP/UDP HOSTS2 Name Server TCP/UDP XFER utility WatchGuard Firebox System...
Page 45 Service Name Port # mit-ml-dev mit-ml-dev mfcobol kerberos sug-mit-tug dnsix mit-dov objcall supdup dixie swift-rvf tacnews metagram newacct hostname iso-tsap gppitnp acr-nema csnet-ns 3com-tsmux rtelnet snagas pop2 pop3 sunrpc mcidas Reference Guide Protocol Description TCP/UDP MIT ML device TCP/UDP Common Trace Facility TCP/UDP MIT ML device TCP/UDP...
Page 46 SYSMAINT TCP/UDP Statistics Service TCP/UDP INGRES-NET Service TCP/UDP DCE-RPC Endpoint resolution TCP/UDP PROFILE naming system TCP/UDP NETBIOS Name Service TCP/UDP NETBIOS Datagram Service TCP/UDP NETBIOS Session Service TCP/UDP Internet Message Access Protocol TCP/UDP NewS TCP/UDP Jargon WatchGuard Firebox System...
Page 47 Service Name Port # sql-net bftp sgmp sqlsrv pcmail-srv sgmp-traps snmp snmptrap cmip-man cmip-agent smip-agent namp rsvd send xyplex-mux xdmcp NextStep unify at-rtmp at-nbp at-3 at-echo at-5 at-zis at-7 at-8 qmtp z39.50 Reference Guide Protocol Description TCP/UDP SQL-NET TCP/UDP Background File Transfer TCP/UDP SGMP TCP/UDP...
Page 48 RIP local routing process (on site) TCP/UDP Timeserver TCP/UDP Newdate TCP/UDP TCP/UDP Chat TCP/UDP Readnews TCP/UDP For emergency broadcasts TCP/UDP Uucpd TCP/UDP Uucp-rlogin Stuart Lynne TCP/UDP Kerberos (v4/v5) TCP/UDP krcmd Kerberos (v4/v5) TCP/UDP DHCPv6 Client TCP/UDP DHCPv6 Server WatchGuard Firebox System...
Page 49 Service Name Port # cybercash remotefs 9pfs whoami doom kerberos-adm webster phonebook socks 1080 hermes 1248 lotusnote 1352 netware-csp 1366 novell-lu6.2 1416 netopia 1419 8000 ms-sql-s 1433 ms-sql-m 1434 winframe 1494 watcom-sql 1498 ingreslock 1524 groupwise 1677 2049 www-dev 2784 Squid 3128 ccmail...
Page 50 X Window System (through 6063) TCP/UDP X Font Service TCP/UDP NCD Network Audio Server for connecting to the phone server for audio for the address server, in 4.x and 5.0 for the conference engine in 4.x and 5.0 WatchGuard Firebox System...
Page 51: Chapter 4 Types Of Services
IP or network addresses. Configuring the Any service opens a “hole” through the Firebox, allowing all traffic to flow unfiltered between specific hosts. WatchGuard strongly recommends that the Any service be used only for traffic over a VPN.
Page 52: Aol
A current list of archie servers is available via anonymous FTP from: ftp://microlib.cc.utexas.edu/microlib/mac/info/archie-servers.txt External hosts can be spoofed; WatchGuard cannot verify that these packets were actually sent from the correct location. You can configure WatchGuard Firebox System...
Page 53: Auth (Ident)
WatchGuard to add the source IP address to the Blocked Sites List whenever an incoming archie connection is denied. All of the usual logging options can be used with archie. WatchGuard recommends that you use the available WWW interfaces to archie, such as: http://www.macsch.com/stress/archie.html...
Page 54: Citrix Ica (Winframe)
• Client Port(s): client For more information on adding the Citrix ICA service, refer to the Advanced FAQs in the Knowledge Base. (Go to www.watchguard.com/ support and log in to the LiveSecurity Service.) Clarent-gateway Clarent Corporation is an IP telephony technology supplier to mainstream carriers and service providers.
Page 55: Clarent-Command
In addition, your Clarent server may be subject to denial of service attacks in this configuration. Where possible, WatchGuard recommends using VPN options to provide additional security for such a configuration. Characteristics •...
Page 56: Cu-Seeme
Dynamic Host Configuration Protocol (DHCP) provides a means of dynamically allocating IP addresses to devices on a network. Characteristics • Service Name: DHCP-Server or DHCP-Client • Protocol: UDP • Client Port: client • Port Number: Server: 68; Client: 67 WatchGuard Firebox System...
Page 57: Dns
External hosts can be spoofed. WatchGuard cannot verify that these packets were actually sent from the correct location. Configure WatchGuard to add the source IP address to the Blocked Sites List whenever an incoming HTTP connection is denied. All of the usual logging options can be used with HTTP.
Page 58: Filtered-Smtp
Although this information is often useful, it can also reveal too much information that can be abused. WatchGuard does not recommend putting finger servers on the trusted interface. Characteristics •...
Page 59: Gopher
Gopher Gopher is a data-retrieval protocol developed at the University of Minnesota. As HTML has proliferated and Web browsers improved Gopher servers replaced by Web servers. It is unlikely that you will ever need to run a Gopher server. Characteristics •...
Page 60: Ldap
Adding an icon for this service enables the proprietary Lotus Notes protocol. Because the protocol supports encapsulation and tunneling, as well as access to internal data, WatchGuard does not recommend adding the Lotus Notes service for addresses outside of the trusted network.
Page 61: Nntp
WatchGuard cannot verify that these packets were actually sent from the correct location. Configure WatchGuard to add the source IP address to the Blocked Sites List whenever an incoming NNTP connection is denied. All of the usual logging options can be used with NNTP.
Page 62: Ntp
In addition, your pcAnywhere server may be subject to denial of service attacks. WatchGuard recommends using VPN options to provide additional security. Characteristics •...
Page 63: Ping
- 5632/UDP - 5631/TCP - 65301/TCP • Client Port: ignore (all cases) ping ping can be used to determine whether a host can be reached and is operable and on the network). To intercept DOS-based or Windows-based traceroute packets, configure the ping service. Like traceroute, it is generally a bad idea to allow ping into a network;...
Page 64: Pptp
RADIUS is a client-server system that stores authentication information for users, remote access servers, and VPN gateways in a central user database that is available to all servers. Authentication for the entire network happens WatchGuard Firebox System...
Page 65: Rip
from one location. RADIUS prevents hackers from intercepting and responding to authentication requests by transmitting an authentication key that identifies it to the RADIUS client. Characteristics • Protocol: UDP • Server Port(s): 1645 • Client Port(s): client RIP is a routing protocol that predates IP, making it one of the oldest protocols on the Internet.
Page 66 Icons in the Services Arena SMB is a multi-service icon. You may, however, need to add these icons to your services arena: - One UDP icon for port 137. Set client port to “port” to enable NetBIOS lookups. WatchGuard Firebox System...
Page 67: Snmp
SNMP-Trap Simple Network Management Protocol (SNMP) traps are notification messages that an SNMP agent (for example, a router) sends to a network management station. These messages generally report an important event that should be logged or otherwise investigated.
Page 68: Sybase Sql-Server
TCP and the client port to ignore, as shown under Characteristics below. With both the WatchGuard SQL-Server and a custom built service, configure the rest of the service the same way: list the external clients that should be allowed to connect to the Sybase server as Incoming From, and the Sybase server address as Incoming To.
Page 69: Syslog
(encrypted) communications. WatchGuard recommends the use of ssh instead of more vulnerable protocols like telnet, rssh, and rlogin. If you use ssh, you should also use its strong authentication mechanisms. Strong encryption mechanisms are available for U.S. customers, Canadian customers, and customers who have been approved for use of strong encryption by WatchGuard and/or the U.S.
Page 70: Tacacs
CHAPTER 4: Types of Services • Add the WatchGuard Logging icon to the Services Arena Attacks often focus on flooding syslog with log entries so that attacks are either lost in the noise or the disk fills up and attack attempts are not recorded.
Page 71: Telnet
Use of this protocol is not recommended because it can allow unauthorized remote access to system or user files without asking for a password. WatchGuard recommends TFTP be used only for accessing limited subdirectory trees that cannot result in root access. TFTP should be restricted by using a TCP wrapper and filtering packets coming in on port 111.
Page 72: Timbuktu
Client Port(s): ignore (both cases) Time The Time service is similar to NTP and used to synchronize clocks between hosts on a network. Time is generally less accurate and less efficient than NTP over a WAN. WatchGuard recommends using NTP. Characteristics • Protocols: UDP •...
Page 73: Wais
Internet service provider. The WatchGuard traceroute service is for filtering UNIX-based UDP-style traceroute only. For DOS-based or Windows-based traceroute packet filtering, use the ping service instead (see “ping” on page 51). traceroute uses ICMP and UDP packets to build pathways across networks using the UDP TTL field to return packets from every router and machine between a source and a destination.
Page 74: Watchguard Encrypted Connections
• Server Port(s): 4107 WGAgent WatchGuard Agent is a service that is primarily used for the management of software and security policies. It uses one TCP port allowing WatchGuard Agents to communicate with each other using an SSL secured connection. For this service to work properly, add the HTTPS service as well.
Page 75: Whois
• Client Port(s): greater than 1023 Proxied Services This section describes the services proxied by the WatchGuard Firebox System, including a separate description of the transparent proxies, HTTP, SMTP, and FTP. The proxied service opens packets of its particular type, strips out any embedded forbidden data types, and reassembles the packets with the proxy’s own origin and destination headers.
Page 76: Ftp
Allowed To the FTP server. Outgoing connections are usually Allowed From Any to To Any. Scenario 2 Description There is a “public” FTP server on the Trusted network. DCE RPC traffic through the firewall (to and from WatchGuard Firebox System...
Page 77: H323
HTTP is the Hypertext Transfer Protocol used by the World Wide Web to move information around the Internet. The WatchGuard service called HTTP Proxy is not to be confused with an HTTP caching proxy. An HTTP caching proxy is a separate machine, and it performs caching of Web data.
Page 78: Proxied-Http
Proxied-HTTP rule ensures that all outgoing HTTP traffic, regardless of port, will be proxied according to the HTTP proxy rules. WatchGuard recommends that you allow incoming HTTP only to any public HTTP servers maintained behind the Firebox. External hosts can be...
Page 79: Rtsp
WatchGuard cannot verify that these packets were actually sent from the correct location. Configure WatchGuard to add the source IP address to the Blocked Sites List whenever an incoming HTTP connection is denied. Adjusting the settings and MIME types is the same as for the HTTP Proxy.
Page 80 SMTP server from Any. The Outgoing tab should Allow To Any from Any. Scenario 2 Description There is an SMTP server on the trusted interface. Icons in the Services Arena This scenario is configured exactly as in Scenario 1. WatchGuard Firebox System...
Page 81: Chapter 5 Common Log Messages
This chapter provides explanations for many of the log messages most commonly generated by the Firebox. For more information on log messages, refer to the In-Depth FAQs in the WatchGuard Knowledge Base. Go to the following Web site and log into the LiveSecurity Service: http://www.watchguard.com/support...
Page 82 The file descriptor limit is rarely a problem, but an occasional site may notice slow name resolution and many instances of the above log message You can work around this problem in two ways (the first method is the most secure): WatchGuard Firebox System...
Page 83 - Avoid using dynamic NAT between your clients and your DNS server. - Disable the outgoing portion of the DNS proxied service and replace it with a filtered DNS service. firewalld[xxx] cs_server() failed (keys didn't match) The cs_server is the process that listens for management connections to the Firebox.
Page 84 Because this property is per proxy service, it may be different for each FTP proxy icon configured. fwcheck[x] fwcheck in low memory mode Indicates that fwcheck is active because the Firebox passed its predefined low memory threshold. WatchGuard Firebox System...
Page 85 fwcheck[] Killing process http-proxy (pid x) Fwcheck is the process responsible for low memory scavenging on the Firebox. If Firebox memory is overloaded for some reason, fwcheck kills other processes until memory usage returns to a safer state. http-proxy[] [x.x.x.x:1091 x.x.x.x:80] Request denied: No URI found This message indicates a connection to a Web server was not compliant with RFC 2068.
Page 86 If this message appears when a Web page is not being accessed, it may be because data transfers are being attempted using HTTP on ports other than 80. The Proxied-HTTP service (as distinct from the HTTP proxy) proxies any outgoing port, not just server was WatchGuard Firebox System...
Page 87 http-proxy[205]: sending/receiving: Invalid transfer-encoding type "Identity" HTTP has a provision for defining the encoding type used in the page data transfer. The default is called "Identity," which means that no encoding or transformations are performed on the page data. The RFC for HTTP 1.1 says the following about identity: identity: The default (identity) encoding;...
Page 88 If the counts match, the receiver assumes that it received a complete transmission. kernel Memory use at 90 percent, low memory condition in effect Indicates that fwcheck will activate because the Firebox passed its predefined low memory threshold. WatchGuard Firebox System...
Page 89 Problem: block on freelist at xxxxxxxxx isn't free If you see this log message, contact WatchGuard Technical Support immediately. A small number of Fireboxes experienced a manufacturing problem with their power supply, which causes this symptom. kernel: Indicates that an IP address was dynamically added to the blocked site list.
Page 90 10 seconds before a connection can be acknowledged (such as systems over slow links in distant parts of the world, or heavily loaded servers), you can try raising this value by adding (or editing) the following property in the configuration file: WatchGuard Firebox System...
Page 91 - For SMTP: default.proxies.smtp.connect_timeout: <value> Note that this property is global to all SMTP services, unlike the FTP version described previously. smtp-proxy[589]: [x.x.x.x:1098 x.x.x.x:25] proxy connect failed (Operation now in progress) This message indicates a Proxy Backlog. The Proxy Backlog defines the number of connection requests held by the Firebox until a proxy can be started to handle the connection.
Page 92 CHAPTER 5: Common Log Messages WatchGuard Firebox System...
Page 93: Chapter 6 Resources
You can draw upon many resources to support your efforts to improve network security. This chapter lists several sources of information commonly used by WatchGuard engineers, developers, and Technical Support teams to learn more about network security in general and the WatchGuard product line in particular.
Page 94: Books
ISBN 0-07-024645-9. McClure, Stewart; Scambray, Joel; and Kurtz, George. Hacking Exposed. Second Edition. McGraw-Hill Publishing, January 2000. ISBN 0072127481. Power, Richard. Tangled Web: Tales of Digital Crime from the Shadows of Cyberspace. Que; September 2000. ISBN 078973443x. WatchGuard Firebox System...
Page 95: Fiction
Schneier, Bruce. Applied Cryptography. Second Edition. New York: John Wiley & Sons, Inc., 1996. ISBN 0-471-11709-9. Schwartau, Winn. Cybershock: Surviving Hacker, Phreakers, Identity Theives, Internet Terrorists and Weapons of Mass Disruption. New York: Thunder’s Mouth Press, 2000. ISBN 1-56025-246-4. Sheldon, Tom (Editor); Cox, Phil. Windows 2000 Security Handbook. McGraw-Hill Publishing, November 2000.
Page 96: Mailing Lists
CHAPTER 6: Resources Mailing Lists wg-users@watchguard.com WatchGuard sponsors a listserv for our customers. For more information, see the Technical Support chapter in the User Guide. firewall-wizards@nfr.net Web Sites WatchGuard Frequently Asked Questions http://www.watchguard.com (Click Support, Log into LiveSecurityService, click Knowledge Base, click In-Depth FAQs) Attrition http://www.attrition.org/...
Page 97 Gene Spafford’s Homepage http://www.cerias.purdue.edu/homes/spaf/ Honeynet Project http://project.honeynet.org Information Security Magazine http://www.infosecuritymag.com Internet Firewalls - Frequently Asked Questions http://www.interhack.net/pubs/fwfaq Internet Firewalls — Resources http://www.cerias.purdue.edu/coast/firewalls The Java Security Web Site http://www.rstcorp.com/javasecurity/ National Institute of Standards and Technology, Computer Security Resource Center http://www-08.nist.gov Note: Yes, the dash after “www”...
Page 98: Newsgroups
Usenet newsgroup. Deja.com Deja.com provides a Web-based alternative to news reader services. In addition to comp.security.firewalls, it includes several discussion groups and the occasional room discussing network security issues. It can be found at: http://www.deja.com/ WatchGuard Firebox System...
Page 99: Chapter 7 Out-Of-Band Initialization Strings
Out-of-Band Initialization CHAPTER 7 Strings This chapter provides a reference list of PPP and modem initialization strings used to configure out-of-band (OOB) management. The PPP client for Linux is called Pppd. PPP Initialization Strings These are the strings and syntaxes available for use when configuring a Firebox for out-of-band management in Policy Manager: asyncmap <map>...
Page 100 If nt is not specified, it defaults to the value given for nr. Values in the range 9 to 15 can be used for nr and nt; larger WatchGuard Firebox System...
Page 101 values give better compression but consume more kernel memory for compression dictionaries. Alternatively, a value of 0 for nr or nt disables compression in the corresponding direction. Use nobsdcomp or bsdcomp 0 to disable BSD-Compress compression entirely. debug Enables connection debugging facilities. When this option is given, pppd logs the contents of all control packets sent or received in a readable form.
Page 102 When this option is given, pppd sends an LCP echo-request frame to the peer every n seconds. Normally the peer should respond to the echo-request by sending an echo-reply. This option can be used with the lcp-echo-failure option to detect that the peer is no longer connected. WatchGuard Firebox System...
Page 103 lcp-max-configure n Sets the maximum number of LCP configure-request transmissions to n (default 10). lcp-max-failure n Sets the maximum number of LCP configure-NAKs. lcp-max-terminate n Sets the maximum number of LCP terminate-request transmissions to n (default 3). lcp-restart n Sets the LCP restart interval (retransmission time-out) to n seconds (default 3).
Page 104 TCP/IP headers, nor ask the peer to do so. silent Pppd does not transmit LCP packets to initiate a connection until a valid LCP packet is received from the peer (as for the “passive” option with older versions of pppd). WatchGuard Firebox System...
Page 105: Modem Initialization Strings
xonxoff Uses software flow control (that is, XON/XOFF) to control the flow of data on the serial port. Modem Initialization Strings These parameters specify a chat session that occurs between the Firebox and the modem to properly initialize the modem. In most cases the default initializations work with a wide variety of modems.
Page 106 Many are legal in the expect sequence. Those that are not valid in the expect sequence are so indicated. x, where x = the number of rings before ATS0= WatchGuard Firebox System ATS0=1...
Page 107 "" or ‘ ‘ Expect or send a null string. If you send a null string, it will still send the return character. This sequence can either be a pair of apostrophes or quotes. Backspace. Suppress the new line at the end of the reply string. This is the only method to send a string without a trailing return character.
Page 108 Some characters are not valid in Ctrl+C; for these characters, substitute the sequence with the control character represented by C. For example, the character DC1 (17) is shown as Ctrl+Q. Some characters are not valid in expect. WatchGuard Firebox System...
Page 109: Chapter 8 Firebox Read-Only System Area
CHAPTER 8 Area WatchGuard ships all Fireboxes with a fixed, baseline set of functionality stored on the read-only system area of the Firebox flash disk memory. It is possible to start the Firebox using this read-only system area when the primary user area is misconfigured or corrupted.
Page 110: Enhanced System Mode
Enhanced System Mode; any older box already initialized using System 4.1 or later is automatically upgraded to run in Enhanced System Mode. To confirm that your Firebox is upgraded to run in Enhanced System Mode, use a cross-over cable to connect any two Firebox Ethernet WatchGuard Firebox System...
Page 111: Initializing A Firebox Using A Serial Cable
interfaces. Turn on the Firebox. A flickering Sys A light indicates that the Firebox is running System 4.1 or later. To perform this procedure, you must have: • A newly shipped Firebox or any model of Firebox already initialized with System 4.1 or later •...
Page 112: Booting From The System Area
Ping the temporary address assigned to the Trusted interface. If the Firebox does not respond to the ping command, you may have a connectivity problem. must be available on the same IP subnet as the WatchGuard Firebox System...
Page 113: Troubleshooting
Try a different cable or another device (like a modem) to test that the COM port is responding. If these solutions do not work, contact WatchGuard Technical Support. Why is the Flash Disk Management Tool unable to open the COM port on my computer? Enable the serial port (COM).
Page 114: Initializing A Firebox Using A Modem
CHAPTER 8: Firebox Read-Only System Area Initializing a Firebox Using a Modem The WatchGuard Firebox can accept both external and PCMCIA modems. Use a modem for out-of-band initialization and configuration in cases where the Firebox is located remotely from the Management Station Before starting this procedure, make sure you have: •...
Page 115 LAN. (If this happens, reboot into Enhanced System Mode and try again.) The Firebox and the router should be the only two devices on the LAN. Complete the following: Attach both the Firebox External interface and the router’s interface to a common local area network, or use the red cross-over cable to connect them directly.
Page 116: Managing Flash Disk Memory
CHAPTER 8: Firebox Read-Only System Area Select an unused IP address behind the router on the same network to which the Firebox is attached. Set the Firebox’s read-write passphrase to wg. Set the timeout to 90 seconds. Click OK. If the procedure is successful, the open operation on the Management Station completes.
Page 117: Restoring A Backup Configuration
Select a file name for the Firebox backup. The Enter Encryption Key dialog box appears. Enter a key for encrypting the backup file. Click OK. This ensures that no one can obtain sensitive information from the backup file. When the backup is successful, an Operation Complete alert appears. Click OK.
Page 118 CHAPTER 8: Firebox Read-Only System Area WatchGuard Firebox System...
Page 119: Chapter 9 Glossary
Glossary CHAPTER 9 This glossary contains a list of terms, abbreviations, and acronyms frequently used when discussing networks, firewalls, and WatchGuard products. access control A method of restricting access to resources, allowing access only to privileged entities. active mode FTP One of two ways an FTP data connection is made.
Page 120 A shortcut that enables a user to identify a group of hosts, networks, or users with one identifying name. Aliases are used to speed user authentication and service configuration. Application Program Interface (API) Software that allows dissimilar software products to interact upon one another. WatchGuard Firebox System...
Page 121 armed A state of a Firebox in which it is actively guarding against intrusion and attack. See Address Resolution Protocol. ARP table A table of active ARP addresses on a computer. ascending A method of ordering a group of items from lowest to highest, such as from A to Z.
Page 122 A computer placed outside a firewall to provide public services (such as WWW and FTP) to other Internet sites. The term is sometimes generalized to refer to any host critical to the defense of a local network. In WatchGuard documentation, also called the optional network. bitmask...
Page 123 A type of VPN that creates a secure tunnel over an unsecure network, between two networks that are protected by the WatchGuard Firebox System, or between a WatchGuard Firebox and an IPSec-compliant device. It allows a user to connect two or more locations over the Internet while protecting the resources on the trusted and optional networks.
Page 124 An online, up-to-date list of previously issued certificates that are no longer valid. certification Endorsement of functionality by a trusted entity. Challenge Authentication Protocol (CHAP) A session-based, two-way password authentication scheme. channel A communications path between two computers or devices. WatchGuard Firebox System...
Page 125 checkbox A dialog box option that is not mutually exclusive with other options. Selecting a checkbox inserts or removes an X or a checkmark; clearing a checkbox removes it. CIDR (Classless Inter-Domain Routing) A routing mechanism designed to deal with the exhaustion of Class B network addresses, and the subsequent allocation of multiple Class C addresses to sites.
Page 126 A file or token passed from the Web server to the Web client (a user’s browser) that is used to identify a user and could record personal information such as ID and password, mailing address, or credit card number. WatchGuard Firebox System...
Page 127 coprocessor A separate processor designed to assist in specific functions, such as handling complex mathematics or graphics, and to temporarily reduce the workload of the microprocessor. corporate signing key A public key that is designated by the security officer of a corporation as the system-wide key that all corporate users trust to sign other keys.
Page 128 A protocol for exchanging IP packets over a serial line, which compresses the headers of many TCP/IP packets. custom filter rules Filter rules created in WatchGuard Policy Manager to allow specific content types through the Firebox. data Distinct pieces of information, usually formatted in a special way.
Page 129 A method of ordering a group of items from highest to lowest, such as from Z to A. device Networking equipment such as a hub, switch, bridge, or router. DHCP (Dynamic Host Configuration Protocol) A means of dynamically allocating IP addresses to devices on a network.
Page 130 A software program that manipulates the computer hardware in order to transmit data to other equipment. drop-in configuration A configuration in which the Firebox is physically located between the router and the LAN without any of the computers on WatchGuard Firebox System...
Page 131 A standard for digital signatures using DSA proposed by the National Institute of Standards and Technology. DVCP (Dynamic VPN Configuration Protocol) A WatchGuard proprietary protocol that simplifies configuration of VPNs. dynamic NAT (Also known as IP masquerading or port address translation) A method of hiding network addresses from hosts on the external network.
Page 132 Any network incident that prompts some kind of notification. event processor See WatchGuard Security Event Processor. expand To display all subordinate entries in an outline or in a folder. extension See file extension.
Page 133 This is the opposite of fail- open mode, in which a firewall crash opens all traffic in both directions. Fail-shut is the default failure mode of the WatchGuard Firebox System. fast Ethernet An Ethernet networking system that transmits data at 100 Mbps, based on the Ethernet 802.3 standard.
Page 134 A U.S. government standard published by the National Institute of Standards and Technology. Firebox The WatchGuard firewall appliance, consisting of a red box with a purpose-built computer and input/output architecture optimized as the resident computer for network firewall software. Firebox System Manager...
Page 135 ANSI X.509 to issue certifying authorities. High Availability A WatchGuard Firebox System option that enables the installation of two Fireboxes on one network in a failover configuration. At any given moment, one Firebox is in active mode while the other is in standby mode, ready to take over if the first box fails.
Page 136 Firebox of this additional host behind the additional router. HostWatch A WatchGuard Firebox System application that provides a real- time display of the hosts that are connected from behind the Firebox to hosts on the Internet. HTML (HyperText Markup Language) A set of rules used to format Web pages, including methods to specify text characteristics, graphic placement, and links.
Page 137 hyperlink An object on a Web page such as a graphic or underlined text that represents a link to another location in the same file or a different file. When clicked, the page or graphic appears. IANA (Internet Assigned Number Authority) The central authority charged with assigning parameter values to Internet protocols.
Page 138 Internet. Intrusion Detection System (IDS) A class of networking products devoted to detecting, monitoring, and blocking attacks from hackers. IDSs that operate on a host to detect malicious activity on that host are called host-based IDSs. WatchGuard Firebox System...
Page 139 IDSs that operate on network data flows are called network-based IDSs. IP (Internet Protocol) A protocol used by the Internet that enables computers to communicate over various physical media. IP address host The 32-bit address that identifies a host. Technically, a host is a network device connected to the Internet.
Page 140 Java virtual machine (JVM). Kerberos A trusted third-party authentication protocol developed at Massachusetts Institute of Technology. A means of gaining or preventing access, possession, or control represented by any one of a large number of values. WatchGuard Firebox System...
Page 141 key exchange A scheme for two or more nodes to transfer a secret session key across an unsecured channel. key fingerprint A uniquely identifying string of numbers and characters used to authenticate public keys. key ID A code that uniquely identifies a key pair. Two key pairs can have the same user ID, but they have different key IDs.
Page 142 An open source version of the UNIX operating system. LiveSecurity Service See WatchGuard LiveSecurity Service. LogViewer A WatchGuard Firebox System application that displays a static view of a log file. loopback interface A pseudo interface that allows a host to use IP to talk to its own services.
Page 143 NetBEUI is not routable, network transmissions sent via NetBEUI cannot be transmitted over the Internet. network address translation (NAT) A method of hiding internal network addresses from hosts on an external network. MAC (Machine Authentication Code) A key-dependent, one-way hash function, requiring the use of the identical key to verify the hash.
Page 144 Class C license address space of 8 bits, the netmask is 255.255.255.0. It can be a smaller number of bits if subnetting is in effect. Some systems require the netmask to be an even number of bits. WatchGuard Firebox System...
Page 145 See National Institute for Standards and Technology. node A computer or CPU on a network. non-seed router A router that waits to receive routing information (the routing maintenance table) from other routers on the network before it begins routing packets. NTP (Network Time Protocol) An Internet service used to synchronize clocks between Internet hosts.
Page 146 A way of controlling access to a network by analyzing the incoming and outgoing packets and letting them pass or halting them based on the IP addresses of the source and destination. WatchGuard Firebox System...
Page 147 Packet filtering is one technique, among many, for implementing security firewalls. passive mode FTP See active mode FTP. passphrase An easy-to-remember phrase used for better security than a single password; key crunching converts it into a random key. password A sequence of characters or a word that a user submits to a system for purposes of authentication, validation, or verification.
Page 148 PLIP (Parallel Line Internet Protocol) A protocol for exchanging IP packets over a parallel cable. Plug and Play A standard in the personal computer market that assures the user that the product is as simple to install as possible. WatchGuard Firebox System...
Page 149 In the WatchGuard Firebox System, an option in which the Firebox redirects IP packets to a specific masqueraded host behind the firewall based on the original destination port number.
Page 150 High-level protocols deal with the data formatting, including the syntax of messages, the terminal-to-computer dialog, character sets, and sequencing of messages. public key The publicly available component of an integrated asymmetric key pair, often referred to as the encryption key. WatchGuard Firebox System...
Page 151 With respect to the Firebox, the minimum Policy Manager configuration is set with the most basic services on the box, Ping and WatchGuard. Provisioning also sets the IP addresses on the Firebox. proxy ARP...
Page 152 A method to place hosts on the optional or external interface when using a simple or drop-in network configuration. Examples include placing a router on the external interface or an HTTP server on the optional interface. related networks...
Page 153 Firebox is put in place with separate logical networks on its interfaces. router A device, connected to at least two networks, that receives and sends packets between those networks. Routers use headers and a forwarding table to forward packets to their destination.
Page 154 SSL connection. SecurID server Each time an end user connects to the specialized-HTTP server running on the Firebox on port 4100, a Java-enabled applet opens and prompts for the username, password, and whether or not to WatchGuard Firebox System...
Page 155 An LED indicator on the front of a Firebox that indicates the directions of traffic between the three Firebox interfaces. seed router A router that supplies routing information (such as network numbers and ranges) to the network. segment One or more nodes in a network. Segments are connected to subnets by hubs and repeaters.
Page 156 SLIP (Serial Line Internet Protocol) A protocol for exchanging IP packets over a serial line. S/MIME (Secure Multipurpose Mail Extension) A proposed standard for encrypting and authenticating MIME data. S/MIME defines a format for the MIME data, the algorithms WatchGuard Firebox System...
Page 157 IP addresses of client applications. SOHO Small Office—Home Office. Also the name of the WatchGuard firewall devices designed for this segment of the market. spam Unsolicited email sent to many recipients, much like an electronic version of junk mail.
Page 158 A device that filters and forwards packets between LAN segments. symmetric algorithm Also called conventional, secret key, and single key algorithms; the encryption and decryption key are either the same or can be calculated from one another. WatchGuard Firebox System...
Page 159 Syslog support is included in Unix- based and Linux-based systems. System Manager A WatchGuard toolkit of applications run from a single location, enabling configuration, management, and monitoring of a network security policy. Formerly called Control Center.
Page 160 An advanced form of encryption using three keys rather than one or two. It is roughly as secure as single DES would be if it had a 112-bit key. trust Confidence in the honesty, integrity, or reliability of a person, company, or other entity. WatchGuard Firebox System...
Page 161 Used quite heavily in local area networks for NFS. URL (Universal Resource Locator) The user-friendly address that identifies the location of a Web site such as http://www.watchguard.com. validation A means to provide timeliness of authorization to use or manipulate information or resources.
Page 162 The directory into which the WatchGuard Firebox System software is installed by default. WatchGuard LiveSecurity Service Part of the WatchGuard Firebox System offering, separate from the software and the Firebox, which keeps network defenses current. It includes the broadcast network that transmits alerts, editorials, threat responses, and software updates via email;...
Page 163 WebBlocker An optional WatchGuard software module that blocks users behind the Firebox from accessing undesirable Web sites based on content type, time of day, and/or specific URL. WINS (Windows Internet Name Service) WINS provides name resolution for clients running Windows NT and earlier versions of Microsoft operating systems.
Page 164 CHAPTER 9: Glossary WatchGuard Firebox System...
Page 165: Chapter 10 Field Definitions
Field Definitions CHAPTER 10 System Manager Connect to Firebox dialog box Firebox Use the drop list or enter the IP address of the Firebox's Trusted interface. Passphrase Enter the Firebox passphrase. When opening the Firebox in System Manager, use the status (read-only) passphrase. When opening the Firebox using VPN Manager or for configuration changes using Policy Manager, enter the configuration (read/ write) passphrase.
Page 166: Enter Read/Write Passphrase Dialog Box
Show Welcome message at startup Enable this checkbox to show the Welcome screen every time System Manager is launched. Syslog Color dialog box Display Logs in Color Enable this checkbox to display the Firebox logs according to the specifications below. WatchGuard Firebox System...
Page 167: Flash Disk Management Tool
Text Color Use to change the log's text color. Background Color Use to change the log's background color. Reset to Defaults Click to reset the format of the Logs to Default. Sample Displays a sample log with format changes. Flash Disk Management Tool Enter Encryption Key dialog box Encryption Key Enter an encryption key to be used to encrypt your backup image.
Page 168: Log Utility
Browse Click to specify the destination of the copied or merged files. Copy or Merge Click to execute the selected command (copy or merge log files). The name changes based on the checkbox enabled. WatchGuard Firebox System...
Page 169: Logviewer
LogViewer Find Keyphrase dialog box Keyphrase Enter the keyphrase you want to find in the current log file. Use Whole Words Select to use all the words in the keyphrase. Case Insensitive Select to make the keyphrase case insensitive. In the main window Select to show search results in the main window.
Page 170: Preferences Dialog Box
Filter Data tab Filter Data Enable the check box(es) next to the columns you would like to appear in the main window. Search Fields dialog box Search Parameters Set the search parameters using the Field and Value columns. WatchGuard Firebox System...
Page 171 - Click the Field column. Use the Field drop list to select a field name. - Click the Value column. Use the Value drop list to select a value, or type in a specific value. Search Click to search the fields. Close Closes this dialog box without saving any changes.
Page 172: Policy Manager
Click to open the NAT Setup dialog box. This dialog box enables you to specify the public address to be used for this service. Add Other Click to open the Add Member dialog box. This dialog box enables you to configure a new host or network member. WatchGuard Firebox System...
Page 173: Add Dynamic Nat Dialog Box
Selected Members and Addresses Lists the names and addresses of selected members. Closes this dialog box and saves any changes. Add Dynamic NAT dialog box From Select from the drop list or select the ... to enter the IP address or host alias of the origin of outgoing packets.
Page 174: Add External Ip Dialog Box
Closes this dialog box and saves any changes. Add IP Address dialog box Enter IP Address Enter the IP address of the WatchGuard Security Event Processor. The WSEP must be on a network address accessible by the Firebox. Log Encryption Key Enter the log encryption key for the WatchGuard Security Event Processor.
Page 175: Add Member Dialog Box
Add Member dialog box Choose Type Use the drop list to select the new type: Host IP Address - Designate a single host by IP address. Network IP Address - Designate an entire network by IP address using slash notation. Host Range - Designate a range of IP addresses within a single network.
Page 176: Add Route Dialog Box
Add Route dialog box Route Select to add a new route to the network protected by the Firebox. Net - Select when an entire network is behind a router. Host - Select when only one host is behind a router. IP Address Enter the IP address of the host behind the router.
Page 177: Advanced Dvcp Policy Configuration Dialog Box
Internal IP Address Enter the final destination of incoming packets on the Trusted network. Set internal port to different port than service This feature is rarely used. It enables you to redirect packets to not only a specific internal host but also to an alternative port. Internal Port If you enable the above checkbox, enter the final port destination of incoming packets to the Trusted network.
Page 178: Advanced Export File Preferences Dialog Box
Mobile User VPN. Dst Port Enter a port number to restrict the routing policy to a single destination port. Protocol Select a protocol type to restrict the routing policy to a particular protocol. WatchGuard Firebox System...
Page 179 Src Port Enter a port number to restrict the routing policy to a single source port. Closes this dialog box and saves any changes. Advanced NAT Settings dialog box Server-Based tab Enable Service-Based NAT Enable this checkbox to allow service-based NAT, which is dynamic NAT on a per-service basis.
Page 180: Aliases Dialog Box
Click to access the Setup Firebox User dialog box. Edit Click to modify the selected item in the list above. The Setup Firebox User dialog box opens. Remove Click to remove the selected item from the list above. WatchGuard Firebox System...
Page 181 Groups A list of Firebox user groups. Groups enable you to configure services for multiple users at the same time. Two Firebox user groups used for remote user virtual private networking are automatically added to the basic configuration file: ipsec_users and ruvpn_users.
Page 182 Enable this checkbox to specify a backup for the Radius server. IP Address (backup) Enter the IP address of the backup RADIUS server. The server must be accessible by the Firebox. Port (backup) Enter the port number configured on the backup RADIUS server to receive authentication requests. WatchGuard Firebox System...
Page 183 CRYPTOCard Server tab IP Address Enter the IP address of the CRYPTOCard server. The server must be accessible by the Firebox. Port Enter the port number configured on the CRYPTOCard server to receive authentication requests. Administrator Password Enter the administrator password for the CRYPTOCard server. This password must be represented identically on both the CRYPTOCard server and the Firebox.
Page 184: Basic Dvcp Server Configuration Dialog Box
Blocked Ports dialog box Blocked Ports A list of currently blocked ports. Enter the port number to add to the Blocked Ports list and click Add. Remove Click to remove the selected blocked port from the Blocked Ports list. WatchGuard Firebox System...
Page 185: Blocked Sites Dialog Box
Auto-block sites that attempt to use blocked ports Enable the checkbox to ensure that attempts from a single location to penetrate your network are prevented without your direct intervention. You can click the Logging button to configure logging and notification of attempts on blocked ports. Closes this dialog box and saves any changes.
Page 186: Blocked Sites Exceptions Dialog Box
The duration in seconds the Management Station waits for a response from the Certificate Authority. Use the arrows to select your preferred value. Arrows Use the arrows to select your preferred value. Closes this dialog box and saves any changes. WatchGuard Firebox System...
Page 187: Configure Gateways Dialog Box
Configure Gateways dialog box Configure Gateways A list of all currently configured gateways. A gateway specifies a point of connection for one or more tunnels. Tunnels Click to access the Configure Tunnels dialog box. Click to access the Remote Gateways dialog box where you can configure new gateways.
Page 188: Configure Tunnels Dialog Box
Select the security association protocol type from the drop list: ESP (Encapsulated Security Payload) or AH (Authentication Header). Authentication From the drop list select an authentication method. None - No authentication MD5-HMAC - 128-bit algorithm SHA1-HMAC - 160-bit algorithm WatchGuard Firebox System...
Page 189: Default Gateway Dialog Box
Default Gateway dialog box IP Address Enter the default gateway IP address. This is frequently the address of the router connected to the Internet pipeline. Closes this dialog box and saves any changes. Default Packet Handling dialog box Dangerous Activities The Firebox can automatically identify and block sites from which certain types of attacks originate.
Page 190 SYN Validation Timeout Select how long (in seconds) until SYN Validation timesout. Arrows Use the arrows to select your preferred value. Maximum Incomplete Connections Select the maximum number of incomplete connections. WatchGuard Firebox System...
Page 191: Dhcp Server Dialog Box
Arrows Use the arrows to select your preferred value. Auto-Block source of packets not handled Enable this checkbox to auto-block the source of packets blocked due to another packet handling option. When enabled, the Firebox automatically temporarily rejects all communication attempts from a site that has been sending IP options or probes.
Page 192: Dhcp Subnet Properties Dialog Box
Enter the DHCP subnet network address in slash notation. Start Enter the first address in the IP address range for distribution by the DHCP server. Enter the last address in the IP address range for distribution by the DHCP server. WatchGuard Firebox System...
Page 193: Dvcp Client Setup Dialog Box
DVCP Client Setup dialog box Enable this Firebox as a DVCP Client The Firebox can be treated as a client in an Enhanced DVCP network even if the Management Station and Firebox itself are not upgraded with Enhanced DVCP (VPN Manager 2.0 or later). Enable this checkbox to enable this Firebox to be a DVCP client and then add the servers to which it can be connected.
Page 194: Dvcp Client Wizard
Using slash notation, enter the address of the primary network to which the client has access behind the Firebox. Telecommuter IP Address Select only for WatchGuard SOHO Telecommuter devices. Enter the virtual IP address of the Telecommuter on the internal network of the Firebox.
Page 195 Encryption Select the level of encryption from the drop list: None - No encryption DES-CBC - 56-bit encryption 3DES-CBC - 168-bit encryption Key expires Select the key expiration date based on kilobytes and/or hours. Arrows Use the arrows to select your preferred value. Additional Access screen Configured policies Lists the networks to which you want to provide access.
Page 196 Root Certificate Lifetime Select the root certificate lifetime in days using the arrows. Arrows Use to specify the amount of time. Enable debug log messages for CA Enable this checkbox to run and save the debug log messages. WatchGuard Firebox System...
Page 197: Dynamic Nat Dialog Box
Dynamic NAT dialog box Enable Dynamic NAT Select to enable dynamic NAT. TCP Idle Timeouts Enter the time in seconds for TCP idle timeouts. For more information on TCP, see chapter 1 of the Reference Guide. Arrows Use the arrows to select your preferred value. TCP Finish Timeout Enter the TCP finish timeout in seconds.
Page 198: Edit Routing Policy Dialog Box
Select the tunnel from the drop down list. Closes this dialog box and saves any changes. Cancel Closes this dialog box without saving any changes. More or Less Click to enable or disable the advanced routing policy configuration options-Dst Port, Protocol, and Src Port WatchGuard Firebox System...
Page 199: Enter Firebox Access Passphrases Dialog Box
Dst Port Enter a port number to restrict the policy to a single destination port. To enable communication to all ports, enter 0. Protocol Select a protocol type to restrict the routing policy to a particular protocol. Options include TCP and UDP. Src Port Enter a port number to restrict the policy to a single source port.
Page 200: Filter Authentication Dialog Box
Use the arrows to select your preferred value. Session Timeout Enter the number of hours before an inactive session times out. Arrows Use the arrows to select your preferred value. Closes this dialog box and saves any changes. WatchGuard Firebox System...
Page 201: Firebox Flash Disk Dialog Box
Firebox Flash Disk dialog box Save to firebox Check to save the Flash Image and/or configuraiton file to the firebox, which you specify by checking the circles below. Save Configuration File ONLY Check to save the Configuration File to the Firebox. Save Configuration File and New Flash Image Check to save the Configuration File and Flash Image to the Firebox.
Page 202: Firebox Name Dialog Box
Log incoming accounting/auditing information Enable this checkbox to record the number of bytes transferred per incoming FTP session. You can then retrieve this "byte count" information by running Historical Reports and specifying the statistical parameters you want. WatchGuard Firebox System...
Page 203: Generate Key Dialog Box
Log outgoing accounting/auditing information Enable this checkbox to record the number of bytes transferred per outgoing FTP session. You can then retrieve "byte count" information by running Historical Reports and specifying the statistical parameters you want. Closes this dialog box and saves any changes. Generate Key dialog box Generate Key Enter a phrase and press OK to generate a key.
Page 204: Host Alias Dialog Box
Remove cookies Enable this checkbox to strip cookies from client submissions as well as server requests. Cookies are a few dozen bytes of WatchGuard Firebox System...
Page 205 To do so, enable the checkbox and enter the IP address and the port of the caching proxy server in the fields below. This is not the WatchGuard HTTP Proxy. The HTTP caching proxy is a separate machine that must be located off the External interface of the...
Page 206 With the Deny unsafe path patterns checkbox enabled, the path patterns listed here will be denied. Click to add a new entry to the unsafe path patterns list. Remove Click to remove the selected item from the list above. WatchGuard Firebox System...
Page 207 WebBlocker Controls tab Activate WebBlocker Enable this checkbox to filter Web sites based on the rule set defined by the WB tabs. WebBlocker Servers The WebBlocker Contorls tab in the HTTP Proxy dialog box allows you to configure one or more WebBlocker servers in a failover configuration.
Page 208 Pictures or text advocating extremely aggressive or combative behavior or advocacy of unlawful political measures. Topic includes groups that advocate violence as a means to achieve their goals. It also includes pages devoted to "how to" information on WatchGuard Firebox System...
Page 209 the making of weapons (for both lawful and unlawful reasons), ammunition, and pyrotechnics. Drug Culture Pictures or text advocating the illegal use of drugs for entertainment. Includes substances used for other than their primary purpose to alter the individual's state of mind, such as glue sniffing.
Page 210 Modern Art. Partial/Artistic Nudity Pictures exposing the female breast or full exposure of either male or female buttocks except when exposing genitalia which is handled under the Full Nudity category. Topic does not include swimsuits, including thongs. WatchGuard Firebox System...
Page 211 WB: Exceptions tab Allowed Exceptions Use exceptions to override any WebBlocker setting. Exceptions take precedence over all other rules. These blocked URLs apply only to HTTP traffic and are not related to the Blocked Sites list. Add network or host IP addresses to be allowed through the HTTP proxy at all times.
Page 212: Incoming Dialog Box
Select to use an Authentication Header. Select the SP1 from the drop list. Arrows Use the arrows to select your preferred value. Authentication Select the authentication from the drop list. Authentication Key Enter an authentication key. Click to create an encryption key. WatchGuard Firebox System...
Page 213: Incoming Smtp Proxy Dialog Box
Use Incoming settings for Outgoing Enable the checkbox to use incoming settings for outgoing. Incoming SMTP Proxy dialog box General tab Idle Timeout The duration in seconds that an idle or hung SMTP connection remains before terminated by the firewall. Arrows Use the arrows to select your preferred value.
Page 214 Click to access the Select MIME Type dialog box from which you can select known MIME content types as well as add new MIME types. A list of content types can be found in the Online Help system and in Chapter 2. WatchGuard Firebox System...
Page 215 Remove Click to remove the selected item from the list above. Deny attachments based on these file name patterns A list of file name patterns denied by the Firebox if they appear in email attachments. Enter the file name pattern you want to add to the list and click add.
Page 216: Ipsec Configuration Dialog Box
Source Port - (optional) The port from which the Firebox receives all communication for the policy DVCP - Identify if use DVCP Move Up The Firebox handles policies in the order listed top to bottom in the IPSec Routing Policies list. Initially, the policies are listed in WatchGuard Firebox System...
Page 217 the order created. Use the Move Up and Move Down buttons to reorder the policies from the most specific to the least specific to ensure that sensitive connections are routed along the higher security tunnels. Move Down The Firebox handles policies in the order listed top to bottom in the IPSec Routing Policies list.
Page 218: Ipsec Logging Dialog Box
The Firebox can trace IKE packets and log their movements. This option often generates a high volume of log entries, slowing passage of VPN traffic. It is generally only used by WatchGuard Technical Support to assist with debugging an IPSec VPN tunnel problem.
Page 219: Logging Setup Dialog Box
Logging Setup dialog box WSEP Log Hosts tab WacthGuard Security Event Processors A list of log hosts to run the WatchGuard Firebox system. Click to add a new log host to the list. The Add IP Address dialog box opens.
Page 220: Manual Security Dialog Box
Enable this checkbox to enable the syslog logging function. Note that syslog logging is not encrypted. The Firebox sends the syslogs to the defined syslog server. This can be the same machine as the WatchGuard Security Event Processor. Syslog Server Enter the interface to set as the Syslog Server.
Page 221: Mobile User Vpn Wizard
Accept Select to accept the passphrase entered. Skip This User Select to not change the passphrase of this user. Skip All Select to not change the passphrase for all users. Mobile User VPN Wizard Select User screen Select User Name Select a user from the drop list to create a new Mobile User VPN account.
Page 222 Enable this checkbox to use a certificate to negotiate the encryption and/or authentication. Export File Preferences screen Security Policy is readonly in the client Enable this checkbox to allow the Mobile User read-only access to their security policy. WatchGuard Firebox System...
Page 223 Virtual Adapter Select the Virtual Adapter configuration setting you want applied to the mobile user. Choose from the following in the drop list: Disabled: The mobile user cannot use a Virtual Adapter to connect to the Secure VPN Client. Preferred: It is preferred but not required for the mobile user to use a Virtual Adapter to connect to the Secure VPN Client.
Page 224: Mobile User Vpn Dialog Box
Select an entry and click to move it up in the list. Down Select an entry and click to move it down in the list. Click to add a new Dynamic NAT entry to the list above. This Add Dynamic NAT dialog box opens. WatchGuard Firebox System...
Page 225 Remove Select an entry and click to remove it. Closes this dialog box and saves any changes. Cancel Closes this dialog box without saving any changes. Help Click to access the online Help system. Advanced Click to access the Advanced NAT Settings dialog box. You use this dialog box to enable service-based dynamic NAT, setup 1-to-1 NAT, and define dynamic NAT exceptions.
Page 226: Network Configuration Dialog Box
Drop-in static, Routed static, and DHCP configurations allow static NAT. To setup static Nat, click Aliases to access the Adding External IP dialog box. Trusted Interface Enter the IP address for the Trusted Interface. Optional Interface Enter the IP address for the Optional Interface. WatchGuard Firebox System...
Page 227 Configure interfaces in Drop-in mode Enable this checkbox to configure the Firebox in Drop-in mode. The Interface dialog box changes to allow only one IP address and Default Gateway. This is because in a Drop-in configuration the Firebox is put in place with the same network address on all Firebox interfaces.
Page 228 Enter the IP address of the secondary network you want to add to the interface you specify in the drop down menu. Trusted (drop down menu selection) Select to view or add the secondary networks on the Trusted interface. WatchGuard Firebox System...
Page 229 Optional (drop down menu selection) Select to view or add the secondary networks on the Optional interface. External (drop down menu selection) Select to view or add the secondary network on the External interface. Click to add the secondary network to the interface you specify in the drop list.
Page 230 BUG Need to find out if in GUI and if so, where should it be in chapter. WINS Servers (Primary and Secondary) Enter the name of the primary and secondary WINS server. The server values entered in this dialog box are used by the DHCP server, RUVPN, and other features of the firewall. WatchGuard Firebox System...
Page 231: New Mime Type Dialog Box
DNS Servers (Primary and Secondary) Enter the primary and secondary name of the domain name server (DNS). The server values entered in this dialog box are used by the DHCP server, RUVPN, and other features of the firewall. Domain Name Enter the DNS domain name.
Page 232: Outgoing Smtp Proxy Dialog Box
All patterns entered here appear as the official domain names outside the firewall. Click Add and the address pattern appears in the list of masqueraded addresses. Click to add the new address pattern entered in the text box to the list. WatchGuard Firebox System...
Page 233 Remove Click to remove the selected item from the list above. Don't substitute for these address patterns Enter the addresses to appear "as is" outside the firewall. Click to add the new address pattern to the list. Remove Click to remove the selected item from the list above. Masquerade Message IDs When this feature is enabled, message IDs in the Message-ID and Resent-Message-ID header fields are converted to a new ID...
Page 234: Pptp Logging Dialog Box
In the drop list, specify IP Address, Domain Name, or User Name. To determine local ID type, in Policy Manager, select Setup => Name. Authentication In the drop list, specify the type of authentication: SHA1 or MD5. WatchGuard Firebox System...
Page 235: Remote User Setup Dialog Box
In the drop list, specify the Diffie-Hellman group. Diffie-Hellman refers to a mathematical technique for securely negotiating secret keys over a public medium. Diffie-Hellman groups are collections of parameters used to achieve this. WatchGuard supports groups 1 & 2. Enable Perfect Forward Secrecy Enable this checkbox to enable Perfect Forward Secrecy.
Page 236 A list of the pool of IP and network addresses for remote clients using PPTP. Logging Click to access the Logging and Notification dialog box. Click to add another IP or network address for remote clients. Remove Select an item from the list and click to delete it. WatchGuard Firebox System...
Page 237: Select Firebox Time Zone Dialog Box
Select Firebox Time Zone dialog box Select Firebox Time Zone Select a Firebox time zone from the list. Closes this dialog box and saves any changes. Cancel Closes this dialog box without saving any changes. Select Gateway dialog box Select Gateway Select a gateway from the list and click OK to open the Configure Tunnel dialog box.
Page 238: Service Properties Dialog Box
Configure From and To to restrict source and destination. Disabled - Traffic via this service is forbidden. When a service is Enabled and Denied - Traffic via this service is forbidden, Enabled and Allowed - Traffic via this service is allowed WatchGuard Firebox System...
Page 239 From Restricts the source of incoming connections by host, network, user name, or alias. The Any global icon indicates that the service is allowed inbound from any source. Click to open the Add Member dialog box. Remove Click to remove the selected item from the list above. A list of outbound connections that meet the connection criterion.
Page 240: Set Policy Ordering Dialog Box
Down Moves a selected policy down in the Set Policy Ordering list. Closes this dialog box and saves your selection. Setup Firebox User dialog box Username Enter the name of the user to add to the Firebox. WatchGuard Firebox System...
Page 241: Setup New User Dialog Box
Password Enter the user password. Member Of A list of all groups to which the user named above is a member. Arrows Use the arrow to move a user in or out of a group. Not Member Of A list of groups to which the above named user is not a member. Click to add the user to a group.
Page 242: Slash Notation Dialog Box
Click to remove RBLs from the RBL list. Exceptions to Spam List (Email Address Patterns) Lists the exceptions to spam list. Click to add exceptions entered in the text box to the exceptions list. Remove Click to remove exceptions from the exceptions list. WatchGuard Firebox System...
Page 243: Watchguard Find Dialog Box
Remote Fireboxes A list of remote Fireboxes configured for VPN tunnels using the WatchGuard VPN protocol. Click to open the WatchGuard VPN Setup dialog box and add another remote Firebox. Edit Select a remote device from the list above and click Edit to open the WatchGuard VPN Setup dialog box and modify tunnel configuration properties.
Page 244 Enter a pass phrase or secret. Click Make a Key to hash the pass phrase which will appear below. The hashed encryption key must be identical on both Fireboxes. If you are running different versions of WatchGuard Firebox System software, verify that the hashes match exactly on the two Fireboxes.
Page 245: Firebox Monitors
Activate Outgoing Log You have the option of logging outgoing traffic using WatchGuard VPN protocol. Activating logging often generates a high volume of log entries, however, which can significantly slow the passage of VPN traffic. It is recommended only for debugging purposes.
Page 246: Historical Reports
Historical Reports Add Report Filter dialog box Filter tab Filter Name The name of the filter as it will appear in the Filter drop list in the Report Properties Setup tab. WatchGuard Firebox System...
Page 247 Type Include - Select this option to include in the report all log records that match any of the filter's criteria. Exclude - Select this option to exclude from the report all log records that match any of the filter's criteria. Host Filter tab Hosts Restrict report output to only those records that specifically...
Page 248: Historical Reports Dialog Box
Help Click to access the online Help system. Reports A list of reports created and ready to be scheduled using the WatchGuard Security Event Processor. For each report, there is a ReportName.rep created in [WatchGuard installation directory]\report-def. WatchGuard Firebox System...
Page 249: Report Properties Dialog Box
Setup tab Report Name The name of the report as it appears in Historical Reports, the WatchGuard Security Event Processor and the title of the output. Log Directory Browse to designate the location of the log files (.wgl and .idx) used for this report.
Page 250 CHAPTER 10: Field Definitions Output Directory The location of report output files. The default location is the \reports subdirectory of the WatchGuard installation directory. Overwrite Previous Text Export If exporting a report as a .txt file, selecting this option will result in the previous text-based report being overwritten with the new file.
Page 251 If Specify Time Filter selected in Time Span, this field defines the ending of the report interval. Sections tab Sections A list of report methods. A single report can include multiple sections, each describing a different feature of the log files. Enable the checkbox next to the sections you would like included in this report.
Page 252: Filter Properties Dialog Box
Click to add the new host to the list. Remove Select an item from the list and click to delete it. Outside Hosts tab Display all hosts Enable this checkbox to display all hosts. Displayed hosts A list of all displayed hosts. WatchGuard Firebox System...
Page 253 New Host Enter a new host to add to the list. Click to add the new host to the list. Remove Select an item from the list and click to delete it. Authenticated Users tab Display all authenticated users Check to display all authenticated users. New User Enter a new user to add to the list.
Page 254: Properties Dialog Box
Displays the icons used in Policy Manager for Telnet, HTTP, Mail, FTP, and Other services. Sample interval Displays the sample interval and allows you to change it. Limit monitored connections at Enter the limit of monitored connections. WatchGuard Firebox System...
Page 255: Watchguard Security Event Processor
WatchGuard Security Event Processor WSEP: Firebox List Firebox list A list of Fireboxes logging to the log host and their current status. Close Closes this dialog box and saves any changes. Save Changes Click to save changes. Discard Changes Click to discard changes.
Page 256 Select to run the highlighted report on a daily basis. Weekly Select to run the highlighted report on a weekly basis. First of the Month Select to run the highlighted report on the first day of every month. WatchGuard Firebox System...
Page 257 The pager program looks for a suitable dial-out modem for paging on COM2 of the event processor. Mail Host The SMTP host that performs email notifications. Enter either the IP address or host name. Reference Guide WatchGuard Security Event Processor...
Page 258: Set Log Encryption Key Dialog Box
WSEP. The key must be identical on both the Firebox and the WSEP. Use a key that you can easily remember but would be difficult for a potential intruder to guess. Confirm Log Encryption Key Reenter the log encryption key to verify. WatchGuard Firebox System...
Page 259 Index Numerics 1-to-1 NAT Setup dialog box Add Address dialog box Add Displayed Service dialog box Add Dynamic NAT dialog box Add Exception dialog box Add External IP dialog box Add Firebox Group dialog box Add IP Address dialog box Add Member dialog box Add Port dialog box Add Report Filter dialog box...
Page 260 Enter Encryption Key dialog box Enter Read/Write Passphrase dialog box ESMTP keywords Filter Properties dialog box Filtered-HTTP service Filtered-SMTP service Find Keyphrase dialog box finger service Firebox Flash Disk dialog box Firebox flash disk memory 226, 242 105, 155 WatchGuard Firebox System...
Page 261 Firebox Monitors, dialog boxes Firebox Name dialog box Firebox read-only system area described running from visual indicators Fireboxes and modems booted from system area configuring for out-of-band management failed connection to flash disk memory flash memory initializing using modem initializing using remote provisioning initializing using serial cable installed with Enhanced System Mode issued reboot command...
Page 262 Policy Manager, dialog boxes Polling dialog box POP2 service POP3 service ports random standard used by Microsoft products used by WatchGuard products PPP initialization strings Pppd PPTP Logging dialog box PPTP service Preferences dialog box process ID Processor Load Indicator...
Page 263 TACACS+ telnet TFTP Timbuktu Time traceroute types WAIS WatchGuard Logging well-known whois Services dialog box Set Log Encryption Key dialog box Set Policy Ordering dialog box Setup Firebox User dialog box Setup New User dialog box Setup Routes dialog box...
Page 264 Uniform Resource Identifiers URIs User Datagram Protocol View Properties dialog box VPNs, and Any service WAIS service WatchGuard encrypted connections WatchGuard Find dialog box WatchGuard Logging service WatchGuard Security Event Processor dialog boxes WatchGuard VPN dialog box webblocker database well-known services...

Watchguard Firebox X1000 Reference Manual

CHAPTER 1 Internet Protocol Reference

CHAPTER 2 MIME Content Types

CHAPTER 3 Services and Ports

CHAPTER 4 Types of Services

CHAPTER 5 Common Log Messages

CHAPTER 6 Resources

CHAPTER 7 Out-Of-Band Initialization Strings

CHAPTER 8 Firebox Read-Only System Area

CHAPTER 9 Glossary

CHAPTER 10 Field Definitions

Quick Links

Need help?

Questions and answers

Related Manuals for Watchguard Firebox X1000

Summary of Contents for Watchguard Firebox X1000

This manual is also suitable for:

Table of Contents