Watchguard Firebox X15 User Manual page 175

Firewall options are pre-configured to meet the needs of many Edge customers. Select the check box of any
option you want to enable and click Submit to save your changes to the Edge. Firewall options include:
Do not respond to ping requests
You can configure the Firebox X Edge e-Series to deny ping requests received on the trusted,
external, or optional network. This option overrides all other Edge settings.
Do not allow FTP access to the Edge
You can configure the Firebox X Edge e-Series to not allow any FTP connections from the trusted or
optional network. This option overrides all other Edge settings.
Log all allowed outbound access
If you use the standard property settings, the Firebox X Edge e-Series records only unusual events.
When traffic is denied, the Edge records the information in the log file. You can configure the Edge to
record information about all the outgoing traffic in the log file. When you record all outgoing traffic,
it creates a large number of log records. We recommend that you record all the outgoing traffic only
as a problem-solving tool, unless you send log messages to a remote Log Server. For more
information, see
Log denied broadcast traffic
If you use the standard property settings, the Firebox X Edge e-Series records only unusual events.
When traffic is denied, the Edge records the information in the log file. You can configure the Edge to
record information about denied network traffic that was sent to many destinations at the same time.
Log denied spoofed traffic
If you use the standard property settings, the Firebox X Edge e-Series records only unusual events.
When traffic is denied, the Edge records the information in the log file. You can configure the Edge to
record information when the source IP address of network traffic does not match the IP address of the
host that sent the traffic.
Log traffic denied because of IP options
IP options are extensions of the Internet Protocol. The Edge uses the extensions for special software
applications or for advanced troubleshooting. An attacker can use the IP options in the packet header
to find a path into your network. Select this check box to create a log message when traffic is denied
because of IP options.
Log inbound traffic that is denied by default
Select this check box to have the Edge send a log message to the log file each time an incoming
connection is denied by the default rules configured in your Edge.
Log outbound traffic that is denied by default
Select this check box to have the Edge send a log message to the log file each time an outgoing
connection is denied by the default rules configured in your Edge.
User Guide
You must clear the Do not allow FTP access to the Edge from the Trusted Network check box
when you apply an update to the Firebox X Edge firmware with the automatic installer. If you do not
clear this check box, the Software Update Installer cannot move firmware files to the Edge.
See the event log file topic.
Default Threat Protection
163