1. Manuals
  2. Brands
  3. Watchguard Manuals
  4. Firewall
  5. Firebox V10
  6. Installation manual

Watchguard Firebox V10 Installation Manual

Watchguard firebox v10 firewall: install guide
Hide thumbs Also See for Firebox V10:
Table of Contents

Advertisement

Quick Links

Download this manual See also: User Manual
Firebox
Vclass
®
Installation Guide
Vcontoller
3.2

Advertisement

Table of Contents
loading

Related Manuals for Watchguard Firebox V10

Summary of Contents for Watchguard Firebox V10

  • Page 1 Firebox Vclass ® Installation Guide ™ Vcontoller...
  • Page 2 No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc. Copyright, Trademark, and Patent Information Copyright©...
  • Page 3 © 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code;...
  • Page 4 Supercomputing Applications, University of Illinois, Urbana-Champaign. PLEASE NOTE: Some components of the WatchGuard Vclass software incorporate source code covered under the GNU General Public License (GPL). To obtian the source code covered under the GPL, please contact WatchGuard Technical Support at: 877.232.3531 in the United States and Canada...
  • Page 5 The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This General Public License applies to most of the Free Software Foundation's software and to any other program whose authors commit to using it.
  • Page 6 language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you". Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program).
  • Page 7 In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3.
  • Page 8 6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein.
  • Page 9 By installing or using the SOFTWARE PRODUCT you agree to be bound by the terms of this Agreement. If you do not agree to the terms of this AGREEMENT, WATCHGUARD will not license the SOFTWARE PRODUCT to you, and you will not have any rights in the SOFTWARE PRODUCT. In that case, promptly return the SOFTWARE PRODUCT, along with proof of payment, to the authorized dealer from whom you obtained the SOFTWARE PRODUCT for a full refund of the price you paid.
  • Page 10 AGREEMENT. You must also maintain a current subscription to the WatchGuard LiveSecurity Service (or its equivalent) for each additional WATCHGUARD hardware product on which you will use a copy of an updated or modified version of the SOFTWARE PRODUCT received through the WatchGuard LiveSecurity Service (or its equivalent).
  • Page 11 FOR SUCH PRODUCT. THIS SHALL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF AN AGREED REMEDY. IN NO EVENT WILL WATCHGUARD BE LIABLE TO YOU OR ANY THIRD PARTY, WHETHER ARISING IN CONTRACT (INCLUDING WARRANTY), TORT (INCLUDING ACTIVE, PASSIVE OR IMPUTED...
  • Page 12 Vcontroller 3.2...

  • Page 13: Table Of Contents

    WatchGuard Firebox V60 and V80 security appliance WatchGuard Firebox V100 security appliance After unpacking the security appliance Key features of the Firebox V10 security appliance What you should know about these features Features of the appliance’s back panel Key features of the Firebox V60 and V80 appliances What you should know about these features Features of the appliance’s back panel...
  • Page 14 Discovering a new Firebox Vclass appliance If no appliance is found If an appliance is found Changing the IP address of an appliance’s Private interface Extra: Using the WatchGuard CLI to record an IP address CHAPTER 4 Before you begin Starting the process When the Installation Wizard appears ...
  • Page 15 Completing interface 1 (Public) entries Completing interface 2 (DMZ) entries. Completing the Wizard Interface tab entries Concluding the installation Relocating the appliance to a permanent network setting After relocation CHAPTER 5 Requirements Exporting a profile from an existing security appliance EXTRA: Editing the profile Getting started Importing a profile...
  • Page 16 Vcontroller 3.2...

  • Page 17: Chapter 1 A Tour Of The Watchguard Firebox Vclass Security Appliances

    CHAPTER 1 Firebox Vclass Security Appliances This chapter provides a visual tour of the external hardware features of the WatchGuard® Firebox® Vclass security appliances, focusing on the buttons, LEDs, interfaces, ports and outlets for the following models: • Firebox V10 •...

  • Page 18: The Watchguard Firebox Vclass Operating System™ (Os)

    CHAPTER 1: A Tour of the WatchGuard Firebox Vclass Security Appliances hardware features rely wholly on the next two component sets for operational guidance. The WatchGuard Firebox Vclass Operating System™ (OS) Every Firebox Vclass security appliance is pre-installed with the latest version of the Firebox Vclass Operating System–which is identified on the...

  • Page 19: Watchguard Firebox V10 Security Appliance

    • Two 6-foot straight-through 10/100 BaseT Ethernet cables (TAN) • A CD containing the WatchGuard Vcontroller application software for use with three different operating systems: Windows 9x/2000/XP, Sun Solaris, and Linux. The CD also provides electronic versions of the complete user guide documentation, including this Installation Guide, a System Administration Guide, a Policy Configuration Guide and the CLI Guide.

  • Page 20: After Unpacking The Security Appliance

    CHAPTER 1: A Tour of the WatchGuard Firebox Vclass Security Appliances • One APC-manufactured appliance-to-UPS device cable • One 6-foot console RJ-45-to-RJ 45 serial cable and DB-9 adapter • A kit containing rack-mounting hardware for this appliance • A CD containing the WatchGuard Vcontroller application software for use with three different operating systems: Windows 9x/2000/XP, Sun Solaris, and Linux.

  • Page 21: Key Features Of The Firebox V10 Security Appliance

    Key features of the Firebox V10 security appliance The front panel of a Firebox V10 appliance contains the features shown in the following illustration. Three LED’s One Power LED What you should know about these features Power Alarm Admin Installation Guide...

  • Page 22: Features Of The Appliance's Back Panel

    CHAPTER 1: A Tour of the WatchGuard Firebox Vclass Security Appliances Ready Features of the appliance’s back panel Data interfaces The Ready LED will blink when the appliance is powering up. It will be steadily lit when the appliance is ready for network traffic.
  • Page 23 Key features of the Firebox V10 security appliance Make sure, too, that the cable is the correct type for the connection. If connecting the Firebox V10 appliance to a hub or switch, a straight-through cable is needed (two 3-ft. 10/100 cables are provided). If connecting directly to a computer, a crossover cable is required (a 6-ft.

  • Page 24: Key Features Of The Firebox V60 And V80 Appliances

    CHAPTER 1: A Tour of the WatchGuard Firebox Vclass Security Appliances Key features of the Firebox V60 and V80 appliances The front panels of both Firebox V60 and V80 security appliances contain the features shown in the following illustration. Four Ethernet interfaces...
  • Page 25 Vcontroller software or by means of a terminal window and the WatchGuard CLI. The Ready LED is steadily lit when the appliance is ready for network traffic. (This LED will blink when the appliance is powering up or powering down.)

  • Page 26: Features Of The Appliance's Back Panel

    CHAPTER 1: A Tour of the WatchGuard Firebox Vclass Security Appliances HA status LED Console interface Reset port Features of the appliance’s back panel AC power This light reports on the current status of this appliance, if it is one of two connected as a high- availability system.
  • Page 27 UPS devices from American Power Company (APC) are currently supported by the Firebox Vclass power management firmware. Check WatchGuard's Web site (www.watchguard.com) for updated information on complete UPS support.

  • Page 28: Key Features Of The Firebox Vclass 100 Appliance

    CHAPTER 1: A Tour of the WatchGuard Firebox Vclass Security Appliances IN THE EVENT OF A POWER FAILURE… This security appliance, if left connected to the power source, will automatically restart itself once electrical power has been restored. You do not have to press either the Power button on the front or the power supply switch on the back of the appliance.

  • Page 29: What You Should Know About These Features

    The Firebox Vclass appliance supports multiple types of alarm notification including LED activation, page/e-mail message, and the Alarm Manager feature of the WatchGuard Vcontroller, which are discussed in the System Administration Guide. The Admin LED is lit whenever a user or system...
  • Page 30 CHAPTER 1: A Tour of the WatchGuard Firebox Vclass Security Appliances HA status LED Console interface Reset port Firebox Vclass appliances for failover (backup) protection. Incorporated into the two high- availability Ethernet ports are two indicator lights labeled 10 and 100.These LEDs indicate (1) a...

  • Page 31: Features Of The Appliance's Back Panel

    Features of the appliance’s back panel Do not connect any Firebox Vclass appliance to a source of power that supplies the wrong voltage. Doing so will damage the appliance and void the warranty. Power switch AC power The power supply can auto-detect 110/220 voltage. DB-9 interface Installation Guide Key features of the Firebox Vclass 100 appliance...

  • Page 32: Connecting To A Ups Device

    CHAPTER 1: A Tour of the WatchGuard Firebox Vclass Security Appliances IN THE EVENT OF A POWER FAILURE… This security appliance, if left connected to the power source, will automatically restart itself once electrical power has been restored. You do not have to press either the Power button on the front or the power supply switch on the back of the appliance.

  • Page 33: What's Next

    What’s next To learn where a Firebox Vclass security appliance can best be used in a network environment, and how to place (or mount) your new Firebox Vclass appliance in your particular network setting, turn to the next chapter. Installation Guide What’s next...
  • Page 34 CHAPTER 1: A Tour of the WatchGuard Firebox Vclass Security Appliances Vcontroller 3.2...

  • Page 35: Chapter 2 Installing A Firebox Vclass Security Appliance

    CHAPTER 2 Security Appliance This chapter provides guidelines for the physical placement of a WatchGuard Firebox Vclass security appliance, then describes the start of the actual hardware installation process. Before physically placing (which is referred to as installing in this...

  • Page 36: What You'll Be Doing

    Configure the appliance and deploy the needed appliance profile, featuring the complete configuration and a full complement of security policies. The rest of this Installation Guide will get you to the point where you’ve set up the appliance and installed WatchGuard Vcontroller. At this point Vcontroller 3.2...

  • Page 37: Considering The Location Options

    you can take advantage of the other user guides in preparing this appliance for use. Considering the location options This section proposes some basic network scenarios that should help you determine where the appliance could be placed for the maximum benefit. Generally, there are two general options for mounting a Firebox Vclass appliance: •...

  • Page 38: Protecting The Whole Network From External Access

    CHAPTER 2: Installing a Firebox Vclass Security Appliance to interface 1. Any public-to-private access would then be strictly controlled by the appliance. Protecting the whole network from external access You may want to protect your entire network from unauthorized users or from attack, as shown in the following illustration.

  • Page 39: An Extremely Short Vcontroller/Watchguard Glossary

    Profile Address Group Installation Guide An extremely short Vcontroller/WatchGuard Glossary This term refers to a self-contained WatchGuard Firebox Vclass security hardware unit that can be configured and maintained with Vcontroller. This term refers to the full "package" of hardware configuration, security policies and other specific settings (TOS marking, tunnel switching, etc.) that...

  • Page 40: Connecting The Appliance For Setup And Software Installation

    CHAPTER 2: Installing a Firebox Vclass Security Appliance Public Private Connecting the appliance for setup and software installation After you determine where to place the appliance so that its provides maximum service, you should first physically place the appliance where it has access to a network hub or router.
  • Page 41 (preferably one that is fully protected). If connecting the appliance to a UPS device, be sure to use the WatchGuard-supplied cable to connect the two devices through their respective RS-232 ports. You can now power up the appliance and start the installation process, as detailed in the next chapter.
  • Page 42 CHAPTER 2: Installing a Firebox Vclass Security Appliance Vcontroller 3.2...

  • Page 43: Starting The Firebox Vclass Appliance Setup

    If you choose, you can use the WatchGuard Command Line Interface (CLI) from your workstation to initiate this process. This is detailed in “Extra: Using the WatchGuard CLI to record an IP address” on page 44. Configuring more than one security appliance...

  • Page 44: Turning On A Firebox Vclass Security Appliance

    Once you have placed the appliance and made the network connections, you can power up the Firebox Vclass appliance. (This covers all models with the exception of the Firebox V10.) Connect the power cord to a UPS or protected outlet, then connect the other end to the port on the back of the appliance.

  • Page 45: An Overview Of Vcontroller Hardware And Software Requirements

    An overview of Vcontroller hardware and software requirements The stand-alone WatchGuard Vcontroller application serves as the primary administrative access to a Firebox Vclass appliance, that you can install and run on more than one administrative workstations (for information on the range of operating systems, see the following section).
  • Page 46 CHAPTER 3: Starting the Firebox Vclass Appliance Setup input device hard disk space network interface additional resources If installing Vcontroller onto a Linux workstation The host computer may be any workstation matching the following qualifications. operating system processor type processor speed memory input device hard disk space...

  • Page 47: What's Next

    For up-to-date information on hardware and operating system requirements, review (1) the "ReadMe" file on the Installer CD, or (2) updates posted on the WatchGuard support Web site. What’s next Once the appliance has been powered on and is ready, you can now install the Vcontroller software on your workstation as described in one of these operating-system sections.
  • Page 48 Please review the release notes included with this package for information about Windows-Java issues that you should be aware of. For additional updates, be sure to check the WatchGuard Web site. To install the Vcontroller, follow these steps: Remove the Vcontroller CD from the package and insert it in the workstation CD-ROM.

  • Page 49: Installing The Vcontroller (Solaris)

    BE SURE TO REVIEW the release notes that were included in this package for information about Solaris-Java issues that you should be aware of. For additional updates, be sure to check the WatchGuard Web site. To install the Vcontroller, follow these steps: Insert the WatchGuard CD into the CD-ROM.
  • Page 50 JDK install location is the current user's home directory, however you can type another directory at this time.) When the JDK software has been installed (and any needed Solaris updates are completed), run this command: cd /cdrom/watchguard Then run this command: ./setup.sh This will restart the installation process.

  • Page 51: Installing The Vcontroller (Linux)

    You must activate your LiveSecurity Service to enable VPN 3DES encryption or receive WatchGuard Support. To activate your LiveSecurity Service, go to: http:\\www.watchguard.com\activate For more information on LiveSecurity Service, see the Configuration Guide You can now turn to for step-by-step guidance through the process of discovering your new Firebox Vclass appliance via the network.
  • Page 52 CHAPTER 3: Starting the Firebox Vclass Appliance Setup of, including Linux versions and JRE versions. For additional updates, be sure to check the WatchGuard Web site. To install the Vcontroller, follow these steps: Insert the WatchGuard CD into the CD-ROM.
  • Page 53 PATH environment variable. The Vcontroller Login dialog box appears. You must activate your LiveSecurity Service to enable VPN 3DES encryption or receive WatchGuard Support. To activate your LiveSecurity Service, go to: http:\\www.watchguard.com\activate For more information on LiveSecurity Service, see the Configuration Guide You can now turn to “Discovering a new Firebox Vclass appliance”...

  • Page 54: Discovering A New Firebox Vclass Appliance

    CHAPTER 3: Starting the Firebox Vclass Appliance Setup Discovering a new Firebox Vclass appliance Once the WatchGuard Vcontroller is installed on your administrative workstation, you need to use Vcontroller to discover any new factory- default appliance on the network. The first task at that point is assigning a permanent IP address to interface 0 for use in the initial configuration.
  • Page 55 As this dialog box notes, if your administration workstation/computer has more than one NIC, you must open the pop-up menu and select the IP address of the appropriate card, as shown here, before proceeding. A status dialog box appears and remains open until the discovery process is complete.

  • Page 56: If No Appliance Is Found

    CHAPTER 3: Starting the Firebox Vclass Appliance Setup If no appliance is found If no appliances were found, a Devices Not Found dialog box appears. Review the message in this dialog box, then inspect your appliance for the following indicators: - Make sure the appliance has been properly connected to the network.

  • Page 57: If An Appliance Is Found

    If an appliance is found When a discovery has been made, the Devices Found window appears, displaying all discovered appliances with their model and serial numbers, as shown here. This window offers the following features: - A large list area that displays all of the appliances discovered in the local subnet.

  • Page 58: Changing The Ip Address Of An Appliance's Private Interface

    CHAPTER 3: Starting the Firebox Vclass Appliance Setup If you are a network administrator and have already installed and configured at least one Firebox Vclass appliance and want to import its configurations into a new factory default appliance by means of an XML- format profile, you can get complete information on this setup option in “Importing a Profile into a New Appliance”...
  • Page 59 If there is more than one appliance listed in the list area of this dialog box, you can set the IP address of each at this time, prior to clicking Apply. This will save the changes made to all appliances. If there are no more appliances to be processed, click Apply.

  • Page 60: Extra: Using The Watchguard Cli To Record An Ip Address

    Extra: Using the WatchGuard CLI to record an IP address You can, if you prefer, reconfigure interface 0 (Private) of a new appliance with an IP address by means of a terminal window and the WatchGuard CLI. The process requires that you connect the new security appliance directly to a workstation by means of the Console interface (which implicitly discovers the appliance).
  • Page 61 The WG# prompt reappears. 13 To verify the complete change of addresses, type show system interface at the prompt and press Enter. A full report appears, followed by the WG# prompt. Installation Guide Extra: Using the WatchGuard CLI to record an IP address...
  • Page 62 CLI syntax does not represent all of the administrative controls incorporated in the Vcontroller GUI. The WatchGuard CLI User Guide is stored on the WatchGuard CD or is available for downloading from the WatchGuard Technologies Web site.

  • Page 63: Chapter 4 Completing The Vcontroller Installation Wizard

    Installation Wizard This chapter will guide you through the Installation Wizard (a component of the WatchGuard Vcontroller application). The Vcontroller Installation Wizard efficiently primes a newly discovered security appliance with a basic configuration while it prepares the Vcontroller for use with this and other WatchGuard Firebox Vclass appliances.

  • Page 64: Starting The Process

    CHAPTER 4: Completing the Vcontroller Installation Wizard • The VPN client user name and password (for Firebox V10 setup) If you need to make any changes to these configurations at any later date, you can easily do so with the Vcontroller. Your primary workspace will be the System Configuration window and all of its features are fully detailed in the System Administration Guide.
  • Page 65 When the Installation Wizard appears Click Next to proceed with the actual installation process. If needed, you can pause the installation process at any time to gather system information. Installation Guide...
  • Page 66 CHAPTER 4: Completing the Vcontroller Installation Wizard The General Information wizard appears. Make the following entries in the General tab: System Name System Location Click in this field and type a name of your choosing. For example, you might type the model number and an abbreviation of the geographical location.
  • Page 67 System Contact System Time If you need to change the date and/or time displayed in the System Time field, click Change to open the two-tabbed Date, Time, and Time Zone dialog box, shown in the following illustration. Make any needed adjustments to the settings in this dialog box. Click OK when you are finished with this dialog box.
  • Page 68 CHAPTER 4: Completing the Vcontroller Installation Wizard The Interface tab appears. Make the following entries in the interface 0 features: IP Address Network Mask Enable DHCP Server Click in this field and type the assigned IP address for interface 0 (usually used for private/trusted network connections).

  • Page 69: Completing Interface 1 (Public) Entries

    The Firebox V100 appliance does not support DHCP or PPPoE. Only Static IP addressing is available. If this is a V10 appliance, interface 1 (Public) will be the primary interface between the ISP (represented by the modem) and the user’s own network.
  • Page 70 CHAPTER 4: Completing the Vcontroller Installation Wizard As shown below, interface 0 is the one that is connected to the modem that provides the external connectivity. Click the button by the appropriate interface option, then make any relevant entries, as noted in the following: Click Static IP The related DNS server and routing table information should also be entered in their respective Configuration Wizard tabs, as noted later in...

  • Page 71: Completing Interface 2 (Dmz) Entries

    Click DHCP Click PPPoE If you are configuring PPPoE access, be sure to direct the appliance user to the printed instructions on how to change their PPPoE access user name and password, if they would like an additional measure of security. Completing interface 2 (DMZ) entries.

  • Page 72: Completing The Wizard Interface Tab Entries

    CHAPTER 4: Completing the Vcontroller Installation Wizard Click in the Network Mask field and type the correct entry. If a 3 interface (DMZ2) is available, it cannot be put to use at this time. Completing the Wizard Interface tab entries To save your new Interface tab entries (no matter which model of appliance you are configuring), follow these steps: When you have finished with the Interface tab entries, click Next to...
  • Page 73 The Routing tab appears. Any entries made in this display are optional, depending upon your network environment. Click in the Default Route field and type the IP address of the default gateway. (This is an optional configuration tab; if you do not need to record routes, skip this tab.) If you want to enter any additional network routes for this appliance, click Add.
  • Page 74 CHAPTER 4: Completing the Vcontroller Installation Wizard The Add Route dialog box appears, as shown in the following illustration. To add a new route, make the following entries: Destination Network Mask Gateway Interface Metric Click OK to list this route in the Additional Routes table (in the Installation Wizard).
  • Page 75 The Setup DNS Servers tab appears. Any entries made in this display are optional. Delete any text in the Domain Name field and type the domain name of this Firebox Vclass appliance. 10 To add a DNS server to the Servers table, click Insert. The DNS Server dialog box appears, as shown in the following illustration.
  • Page 76 CHAPTER 4: Completing the Vcontroller Installation Wizard - Repeat this process as needed to compile your list of DNS servers. 13 When you have finished listing the DNS servers, click Next to proceed. The Default Firewall Policy tab appears. 14 You have the following options: - Deactivate the three default firewall policies entirely by deselecting the Select a predefined Firewall policy button.
  • Page 77 Allow all outbound traffic Activating this option allows all internal Deny all inbound traffic If you choose not to activate either predefined policy, the Firebox Vclass appliance will not permit any traffic to pass through in any direction. You will then need to create at least one firewall policy that permits some type of traffic in a particular direction once this installation is complete.
  • Page 78 CHAPTER 4: Completing the Vcontroller Installation Wizard You can activate the following anti-hacker defense options: Denial-of-service options The options included in this dialog box safeguard your servers from denial-of-service (DOS) attacks. Basically, all such attacks flood your network with requests for information, clogging your servers and possibly shutting down your site.
  • Page 79 malicious purposes and program them to simultaneously assault a network with information requests. If allowed to pass through, they can overwhelm and crash your servers. Per Server Quota Per Client Quota For a brief overview of the Distributed Denial-of-service options, click How does this work?.
  • Page 80 CHAPTER 4: Completing the Vcontroller Installation Wizard If you left the Allow all outbound traffic option active, a DNAT query dialog box appears. 18 If you want to utilize Dynamic Network Address Translation, click Yes. (Otherwise, click No. If you click Yes, a default DNAT policy will be entered and put into effect.) As you may already know, dynamic NAT allows internal users to substitute a valid Internet address (the Firebox Vclass appliance’s...
  • Page 81 Make sure that you write down the new password and store the note in a safe place. If you forget the new password and cannot find any written record, the appliance will have to be returned to WatchGuard for resetting to a factory-default state.

  • Page 82: Concluding The Installation

    CHAPTER 4: Completing the Vcontroller Installation Wizard 21 When you have finished, click Next to proceed. When the Ready to use wizard panel appears, the configuration is complete. Concluding the installation When the final Wizard panel appears, click Finish. If you changed the IP address for interface 0 (Private), a dialog box will appear, asking if you want to restart the Firebox Vclass appliance.

  • Page 83: Relocating The Appliance To A Permanent Network Setting

    Click Yes. The Firebox Vclass appliance will close this dialog box and the Installation Wizard, and will then reboot and reinitialize itself. If this appliance is in its final in-service location, you can now use Vcontroller to complete the configuration and policy-deployment processes needed to outfit this appliance.
  • Page 84 CHAPTER 4: Completing the Vcontroller Installation Wizard The Login dialog box appears. Type the interface 0 (Private) IP address of the specific appliance in the Server/IP Name field. The Server IP/Name menu provides a shortcut to any appliance you log into, as the Vcontroller remembers the IP addresses of all appliances and stores them in this menu, saving you the effort of remembering all those addresses.

  • Page 85: After Relocation

    You can now press the power switch on the back of the appliance to cut power to the appliance. Or, if this appliance is a V10, simply disconnect the power cord to complete the shutdown.
  • Page 86 CHAPTER 4: Completing the Vcontroller Installation Wizard When the appliance has been fully turned on, you should see the following lights on the front of the device: - If you have connected the appliance to a network or to a computer, one of the Ethernet10/100 indicator lights should be lit (or, in the Firebox V100, the Link light will be lit).

  • Page 87: Importing A Profile Into A New Appliance

    Importing a Profile into a CHAPTER 5 New Appliance If you have already set up and configured at least one WatchGuard Firebox Vclass appliance, you can short-cut the installation and configuration process for new, factory default appliances by importing a profile from an existing appliance during the discovery process.

  • Page 88: Exporting A Profile From An Existing Security Appliance

    CHAPTER 5: Importing a Profile into a New Appliance Exporting a profile from an existing security appliance A profile contains all of the system settings and policy database records of an operational Firebox Vclass security appliance. Such a file can be imported into a new, unconfigured device as an efficient means of short- cutting the set-up process.

  • Page 89: Extra: Editing The Profile

    Click Close to close the Backup/Restore window. Be sure to note the directory pathway and name of this profile file. EXTRA: Editing the profile You can use any word processor or text editor to open this profile for the purposes of fine-tuning or editing the entries. As this file contains XML code, you can browse or search for the desired options and change them according to your requirements.

  • Page 90: Getting Started

    Turn on the appliance by connecting it to a safe power source and pressing the power switch on the back. The power cord connection will power up the V10 appliance. Wait until the appliance is fully powered up before proceeding, as indicated by the Ready LED being steadily lit.
  • Page 91 The Device Discovery process will inventory the local subnet and will record any unconfigured security appliances in the Devices Found window. If none are found, a different dialog box will report this fact, and allow you to try to find the appliance again. Before attempting the discovery again, be sure that (1) the appliance is fully turned on and (2) the cable connecting interface 0 to the network is firmly inserted into the socket.

  • Page 92: Importing A Profile

    CHAPTER 5: Importing a Profile into a New Appliance Importing a profile Follow this procedure if you are setting up an additional appliance and have exported the configuration settings from an existing appliance for use in the new device. Scroll through the list of found appliances and select the one that you want to configure with an imported profile.
  • Page 93 for the duration of the XML importation process. When the importation is complete, the temporary addressing information will be purged from the appliance. To start the profile importation, click Update. A confirmation dialog box appears, as shown here. Review the information, then click Yes to proceed. When the update process is complete, a Results dialog box appears.
  • Page 94 CHAPTER 5: Importing a Profile into a New Appliance Vcontroller 3.2...

  • Page 95: Index

    Index adding new appliance address, IP binoculars icon command line interface configuration more than one appliance date & time, changing devices found window Devices Not Found dialog box DHCP server, address assigned by DHCP server, enable discovering appliance(s) 38–42 appliance found DMZ connections.
  • Page 96 DHCP client max number, assigning PPPoE, IP address assigned using private interface 42–44 static IP address using WatchGuard CLI to record leasing time. See Installation Wizard or IP address location default configured appliances physical 19, 24–25, 74–75 virtual 21–23...
  • Page 97 appliance discovered appliance discovery 38–42 assigning permanent IP address Linux. See installation. Microsoft Windows. See installation no appliance found Sun/Solaris. See installation. software requirements 29–31 startup procedures. See setup static IP address supported operating systems system administrator, identifying system location. system name system time, entering troubleshooting...

This manual is also suitable for:

Firebox v100Firebox v200Firebox v60Firebox v60lFirebox v80

Table of Contents