Watchguard Firebox X20E Guide de l'utilisateur

WatchGuard®Firebox® X EdgeUser GuideFirebox X Edge - Firmware Version 7.0

x WatchGuard Firebox X EdgeTHEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

Configuring Firewall Settings72 WatchGuard Firebox X Edge2 From the navigation bar at left, select Firewall => Options.The Firewall Options page ap

Configuring Firewall OptionsUser Guide 73SOCKS implementation for the Firebox X EdgeThe Firebox X Edge functions as a SOCKS network proxy server. An a

Configuring Firewall Settings74 WatchGuard Firebox X Edge NOTEThe Firebox X Edge uses port 1080 to communicate with a computer that uses a SOCKS-comp

Configuring Firewall OptionsUser Guide 752 Click Submit.Enabling the MAC address override If your ISP has previously registered your computer’s MAC ad

Configuring Firewall Settings76 WatchGuard Firebox X EdgeCreating an Unrestricted Pass ThroughThe Firebox® X Edge can allow traffic to flow from the e

User Guide 77CHAPTER 6 Configuring LoggingAn event is any single activity that occurs at the Firebox® X Edge, such as denying a packet from passing th

Configuring Logging78 WatchGuard Firebox X Edgebecause of a packet handling violation, duplicate messages, return error messages, and IPSec messages.E

Logging to a WatchGuard Security Event Processor Log HostUser Guide 79to do this, see the WatchGuard System Manager User Guide. Then follow these inst

Configuring Logging80 WatchGuard Firebox X EdgeLogging to a Syslog HostSyslog is a logging interface, originally developed for UNIX, but now used by a

Setting the System TimeUser Guide 81Setting the System TimeFor each log entry, the Firebox® X Edge records the time from its system clock. You can sel

Copyright, Trademark, and Patent InformationUser Guide xi1. This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;

Configuring Logging82 WatchGuard Firebox X Edge4 (Optional) Select the Adjust for daylight savings time checkbox.5 Select the method you want to set s

User Guide 83CHAPTER 7 Configuring WebBlockerAllowing network users to access any Web site they choose can lead to problems. An obvious one is loss of

Configuring WebBlocker84 WatchGuard Firebox X EdgeHow WebBlocker WorksWebBlocker uses a database of Web site addresses that is owned and maintained by

Creating WebBlocker ProfilesUser Guide 852 From the navigation bar at left, select WebBlocker => Settings.The WebBlocker Settings page appears.3 Se

Configuring WebBlocker86 WatchGuard Firebox X EdgeAfter you define profiles, you can apply them to users when you set up user accounts, as described i

WebBlocker CategoriesUser Guide 87WebBlocker CategoriesThe WebBlocker database contains 14 categories.A Web site is added to a category only if the co

Configuring WebBlocker88 WatchGuard Firebox X EdgeSatanic/cult Pictures or text advocating devil worship, an affinity for evil, wickedness, or the adv

Allowing Certain Sites to Bypass WebBlockerUser Guide 89Sexual ActsPictures or text exposing anyone or anything involved in explicit sexual acts and/o

Configuring WebBlocker90 WatchGuard Firebox X EdgeNOTE NOTEThis WebBlocker feature is applicable only for outbound requests to access Web sites. Y

Blocking Additional Web SitesUser Guide 91is corrupted with hacker code. Using the Denied Sites feature, you can make sure your employees do not acces

xii WatchGuard Firebox X Edgetoo, but we suggest you first think carefully about whether this license or the ordinary General Public License is the be

Configuring WebBlocker92 WatchGuard Firebox X EdgeAllowing Internal Hosts to Bypass WebBlockerYou can define a list of internal hosts that bypass WebB

User Guide 93CHAPTER 8 Configuring Virtual Private NetworksA virtual private network (VPN) allows secure connections between computers or networks in

Configuring Virtual Private Networks94 WatchGuard Firebox X Edge• The static IP address of each Firebox X Edge external interface, the network address

What You Need to Create a VPNUser Guide 95If the devices that connect through the VPN tunnel are not config-ured correctly, the VPN tunnel will not fu

Configuring Virtual Private Networks96 WatchGuard Firebox X EdgeSample VPN Address Information TableItem Description Assigned ByExternal IP AddressThe

Using a DVCP server to manage your VPN tunnelsUser Guide 97Using a DVCP server to manage your VPN tunnelsDynamic VPN Configuration Protocol (DVCP) is

Configuring Virtual Private Networks98 WatchGuard Firebox X EdgeSetting up management for a dynamic Edge deviceThis procedure is necessary for Edge de

Setting Up Manual VPN TunnelsUser Guide 992 From the navigation bar at left, select VPN => Managed VPN.The Managed VPN page appears.3 Select the En

Configuring Virtual Private Networks100 WatchGuard Firebox X Edge4 Type the Name and Shared Key for the VPN tunnel.The shared key is a passphrase used

Setting Up Manual VPN TunnelsUser Guide 101NOTE NOTEThe Phase 1 settings must be the same on both devices.1 Select the negotiation mode for Phase

Copyright, Trademark, and Patent InformationUser Guide xiiiThe precise terms and conditions for copying, distribution and modification follow. Pay cl

Configuring Virtual Private Networks102 WatchGuard Firebox X EdgeNOTE NOTEThe IKE Keep Alive feature is different from the VPN Keep Alive feature

VPN Keep AliveUser Guide 1037 Click Submit.VPN Keep AliveTo help keep the VPN tunnel open when there is no communication across it, enter the IP addre

Configuring Virtual Private Networks104 WatchGuard Firebox X Edge2 From the navigation bar at left, selectVPN => Keep Alive.The VPN Keep Alive page

Frequently Asked QuestionsUser Guide 105addresses can change. A changing address prevents a connection between the two appliances. However, this issue

Configuring Virtual Private Networks106 WatchGuard Firebox X EdgeIs the Firebox X Edge compabtible with WatchGuard System Manager?Yes. The default Fir

User Guide 107CHAPTER 9 Configuring the MUVPN ClientThe MUVPN client is a software application that is installed on a remote computer. This applicatio

Configuring the MUVPN Client108 WatchGuard Firebox X EdgePreparing Remote Computers to Use the MUVPN ClientThe MUVPN client can be installed only on c

Preparing Remote Computers to Use the MUVPN ClientUser Guide 1092 Double-click the Network icon.The Network window appears.3 Make sure the Client for

Configuring the MUVPN Client110 WatchGuard Firebox X EdgeFrom the Windows desktop:1 Select Start => Settings => Control Panel.2 Double-click the

Preparing Remote Computers to Use the MUVPN ClientUser Guide 1117 Click the WINS Configuration tab and then select the Enable WINS Resolution checkbox

xiv WatchGuard Firebox X Edgethen this License, and its terms, do not apply to those sections when you distribute them as separate works. But when yo

Configuring the MUVPN Client112 WatchGuard Firebox X Edgemodem is not available, you can select a serial cable between two computers.8 Select the mod

Preparing Remote Computers to Use the MUVPN ClientUser Guide 113From the Windows desktop:1 Select Start => Settings => Network and Dial-up Conne

Configuring the MUVPN Client114 WatchGuard Firebox X EdgeConfiguring the WINS and DNS settingsThe remote computer must be able to communicate with the

Preparing Remote Computers to Use the MUVPN ClientUser Guide 115These components must be installed before the MUVPN Client will function correctly on

Configuring the MUVPN Client116 WatchGuard Firebox X Edge2 Double-click the Client network component.The Select Network Protocol window appears.3 Sele

Installing and Configuring the MUVPN ClientUser Guide 11711 Click Cancel to close the connection window.Installing and Configuring the MUVPN ClientThe

Configuring the MUVPN Client118 WatchGuard Firebox X Edge11 The InstallShield wizard searches for a user profile file. Click Next to skip this step. T

Installing and Configuring the MUVPN ClientUser Guide 1194 Type a unique name for the new connection.If this will be a unique policy for a specific us

Configuring the MUVPN Client120 WatchGuard Firebox X EdgeUsing this option also allows the MUVPN client to access any networks across a VPN that the F

Installing and Configuring the MUVPN ClientUser Guide 1213 Select Aggressive Mode. Make sure the Enable Perfect Forward Secrecy (PFS) checkbox is clea

Copyright, Trademark, and Patent InformationUser Guide xvexecution displays copyright notices, you must include the copyright notice for the Library a

Configuring the MUVPN Client122 WatchGuard Firebox X Edge6 Clear the Allow to Specify Internal Network Address checkbox. Click OK.It is not necessary

Installing and Configuring the MUVPN ClientUser Guide 12310 Select Any from the Name drop-down list.This is the default setting.11 Click Pre-Shared Ke

Configuring the MUVPN Client124 WatchGuard Firebox X EdgeEdge and must match exactly as described below. Phase 2 settings must match the settings of t

Installing and Configuring the MUVPN ClientUser Guide 1257 Select Diffie-Hellman Group 1 from the Key Group drop-down list.8 Expand Key Exchange (Phas

Configuring the MUVPN Client126 WatchGuard Firebox X EdgeUninstalling the MUVPN clientFollow these directions to uninstall the MUVPN client. WatchGuar

Enabling MUVPN Access for a User AccountUser Guide 127Enabling MUVPN Access for a User Account1 Type the IP address of the trusted network in your bro

Configuring the MUVPN Client128 WatchGuard Firebox X EdgeConfiguring the Firebox for MUVPN Clients Using Pocket PCTo create a MUVPN tunnel between the

Connecting and Disconnecting the MUVPN ClientUser Guide 129The MUVPN Security Policy is deactivated. This icon may appear if the Windows operating sys

Configuring the MUVPN Client130 WatchGuard Firebox X EdgeThe MUVPN client has established at least one secure, MUVPN tunnel connection. The red and gr

Monitoring the MUVPN Client ConnectionUser Guide 131From the New Program alert window:1 Select the Remember this answer the next time I use this progr

xvi WatchGuard Firebox X Edgethese terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights g

Configuring the MUVPN Client132 WatchGuard Firebox X Edge2 Select Log Viewer.The Log Viewer window appears.Using Connection MonitorThe Connection Moni

The ZoneAlarm Personal FirewallUser Guide 133• An animated black line underneath a key indicates that the client is processing secure IP traffic for t

Configuring the MUVPN Client134 WatchGuard Firebox X EdgeFor more information about the features and configuration of ZoneAlarm, refer to the ZoneAlar

The ZoneAlarm Personal FirewallUser Guide 135Shutting down ZoneAlarmFrom the Windows desktop system tray:1 Right-click the ZoneAlarm icon shown at rig

Configuring the MUVPN Client136 WatchGuard Firebox X Edgecould be shared by other programs on the system. Click Yes to All to completely remove all of

Troubleshooting TipsUser Guide 137tant that you enter this information correctly, just as you would at the office. Windows stores the information for

Configuring the MUVPN Client138 WatchGuard Firebox X Edge4 Click OK.The mapped drive appears in the My Computer window. Even if you select the Reconne

User Guide 139CHAPTER 10 Managing the Firebox® X EdgeFirebox® X Edge provides a number of ways for you to manage your network and users, such as:• Vie

Managing the Firebox® X Edge140 WatchGuard Firebox X Edgetion on the sessions currently active on your Firebox. You can also see information on the us

Configuring Global SettingsUser Guide 141• The name of the user• Whether Internet access is allowed for the user• Whether the user has full administra

Copyright, Trademark, and Patent InformationUser Guide xviiCopyright (C) 1989, 1991 Free Software Foundation, Inc. 59 Temple Place - Suite 330, Bosto

Managing the Firebox® X Edge142 WatchGuard Firebox X Edge2 From the navigation bar at left, select Firebox => Settings.The Settings page appears.3

Adding or Editing a User AccountUser Guide 143Preferred(Default value) If the virtual adapter is already in use or otherwise unavailable, address assi

Managing the Firebox® X Edge144 WatchGuard Firebox X Edge3 Under Local User Accounts, click Add. The New User page appears with the Settings tab visib

Adding or Editing a User AccountUser Guide 145To create a read-only user account, edit the User Account. Use the Administrative Access drop-down list

Managing the Firebox® X Edge146 WatchGuard Firebox X Edge• the Firebox administrator uses the Firebox Users page to end the session;• the user ends th

Setting up VPN Manager AccessUser Guide 147Follow these instructions to use HTTP instead of HTTPS:1 Type the IP address of the trusted network in your

Managing the Firebox® X Edge148 WatchGuard Firebox X Edge2 From the navigation bar at left, selectAdministration => VPN Manager Access.The VPN Mana

Updating the FirmwareUser Guide 149must update your firmware with the second procedure because those operating systems cannot run Windows executable f

Managing the Firebox® X Edge150 WatchGuard Firebox X Edge3 From the navigation bar at left, select Administration => Update.The Administration Page

Configuring Additional OptionsUser Guide 1517 From the navigation bar at left, select Administration => Upgrade.The Upgrade page appears.8 Paste th

xviii WatchGuard Firebox X EdgeYou may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection

Managing the Firebox® X Edge152 WatchGuard Firebox X EdgeManual VPNThe manual VPN feature allows you to set up VPN tunnels manually. For more informat

Viewing the Configuration FileUser Guide 153

Managing the Firebox® X Edge154 WatchGuard Firebox X Edge

User Guide 155APPENDIX A Firebox® X Edge HardwareThe WatchGuard® Firebox® X Edge is a firewall for small businesses and branch or remote offices. Pac

156 WatchGuard Firebox X Edge• An AC adapter (12 V)• One straight-through Ethernet cableHardware SpecificationsHardware DescriptionThe Firebox® X Edge

Hardware DescriptionUser Guide 157Front panelThe front panel of the Firebox X Edge has 24 indicator lights to pro-vide link and status information. Th

158 WatchGuard Firebox X EdgeStatusIndicates that a management connection has been made. This light turns off a few minutes after you close the browse

Hardware DescriptionUser Guide 159Power inputConnect the power input to a power supply using the 12-volt AC adapter supplied with the Firebox X Edge.

160 WatchGuard Firebox X Edge

User Guide 161APPENDIX B GlossaryThis glossary contains a list of terms, abbreviations, and acronyms fre-quently used when discussing networks, firewa

Copyright, Trademark, and Patent InformationUser Guide xixIf distribution of executable or object code is made by offering access to copy from a desig

162 WatchGuard Firebox X Edgeaddress space probeAn intrusion measure in which a hacker sequentially attacks IP addresses. These probes are usually att

User Guide 163asymmetric keysA separate but integrated user key pair, composed of one public key and one private key. Each key is one way, meaning tha

164 WatchGuard Firebox X Edgeblock cypherA symmetric cipher operating on blocks of plain text and cipher text, usually 64 bits.blocked portA security

User Guide 165cable segmentA section of network cable separated by hubs, routers, or bridges to create a subnet.cascadeA command that arranges windows

166 WatchGuard Firebox X EdgeCIDR (Classless Inter-Domain Routing)A routing mechanism designed to deal with the exhaustion of Class B network addresse

User Guide 167compression functionA function that takes a fixed-size input and returns a shorter, fixed-sized output.connected enterpriseA company or

168 WatchGuard Firebox X EdgecryptanalysisThe art or science of transferring cipher text into plain text without initial knowledge of the key used to

User Guide 169defaultA predefined setting that is built into a program and is used when an alternative setting is not specified.default packet handlin

170 WatchGuard Firebox X EdgedimmedThe grayed appearance of a command or option that is unavailable.disarmedThe state of a Firebox when it is not acti

User Guide 171dynamic NAT(Also known as IP masquerading or port address translation) A method of hiding network addresses from hosts on the external o

ii WatchGuard Firebox X EdgeCertifications and NoticesFCC CertificationThis appliance has been tested and found to comply with limits for a Class A di

xx WatchGuard Firebox X Edgedecision will be guided by the two goals of preserving the free status of all derivatives of our free software and of prom

172 WatchGuard Firebox X Edgeexternal interfaceAn interface connected to the external network that presents the security challenge, typically the Inte

User Guide 173fingerprintA unique identifier for a key that is obtained by hashing specific portions of the key data.FIPS (Federal Information Process

174 WatchGuard Firebox X Edgehash codeA unique, mathematical summary of a document that serves to identify the document and its contents. Any change i

User Guide 175host routeA setup in which an additional router is behind the Firebox and one host is behind that router. A host route must be configure

176 WatchGuard Firebox X EdgeIKE (Internet Key Exchange)A protocol used with IPSec virtual private networks. Automates the process of negotiating keys

User Guide 177Intrusion Detection System (IDS)A class of networking products devoted to detecting, monitoring, and blocking attacks from hackers. IDSs

178 WatchGuard Firebox X EdgeISAKMP (Internet Security Association Key Management Protocol)Defines the procedures for authenticating a communicating p

User Guide 179key managementThe process and procedure for safely storing and distributing accurate cryptographic keys; the overall process of generati

180 WatchGuard Firebox X Edgemanagement stationThe computer on which the WatchGuard Firebox System Manager and Policy Manager runs; sometimes referred

User Guide 181MD5 (Message Digest 5)An improved, more complex version of MD4, but still a 128-bit, one-way hash function.message digestA number that i

Limited Hardware WarrantyUser Guide xxiAND YOU HEREBY WAIVE, DISCLAIM AND RELEASE ANY AND ALL OTHER WARRANTIES, OBLIGATIONS AND LIABILITIES OF WATCHGU

182 WatchGuard Firebox X Edgesubnetting is in effect. Some systems require the netmask to be an even number of bits.network adaptor, network interface

User Guide 183optional interfaceAn interface that connects to a second secured network, typically any network of servers provided for public access.op

184 WatchGuard Firebox X EdgePCMCIA (Personal Computer Memory Code International Association) cardA standard compact physical interface used in person

User Guide 185PLIP (Parallel Line Internet Protocol)A protocol for exchanging IP packets over a parallel cable.Plug and PlayA standard in the personal

186 WatchGuard Firebox X EdgePretty Good Privacy (PGP)An application and protocol (RFC 1991) for secure email and file encryption. PGP uses a variety

User Guide 187pseudo-random numberA number that results from applying randomizing algorithms to input derived from the computing environment, such as

188 WatchGuard Firebox X Edgerelated networksNetworks on the same physical wire as the Firebox interfaces but with network addresses that belong to an

User Guide 189scalable architectureSoftware and/or hardware constructed so that, after configuring a single machine, the same configuration can be pro

190 WatchGuard Firebox X EdgesegmentOne or more nodes in a network. Segments are connected to subnets by hubs and repeaters.self-extracting fileA comp

User Guide 191signTo apply a signature.signatureA digital code created with a private key.single sign-onA sign-on in which one logon provides access t

xxii WatchGuard Firebox X EdgeAbbreviations Used in this Guide3DES Triple Data Encryption StandardBOVPN Branch Office Virtual Private NetworkDES Data

192 WatchGuard Firebox X EdgeSSLSee Secure Sockets Layer.stanceThe policy of a firewall regarding the default handling of IP packets. Stance dictates

User Guide 193syslogAn industry-standard protocol used for capturing log information for devices on a network. Syslog support is included in Unix-base

194 WatchGuard Firebox X EdgetooltipA name or phrase that appears when the mouse pointer pauses over a button or icon.topologyA wiring configuration u

User Guide 195URL (Universal Resource Locator)The user-friendly address that identifies the location of a Web site such as http://www.watchguard.com.v

196 WatchGuard Firebox X EdgeWebBlockerAn optional WatchGuard software module that blocks users behind the Firebox from accessing undesirable Web site

User Guide 197IndexAAdd Gateway page 99Add Route page 58Administration page 33administrator account 145Allowed Sites pages 90Automatically restore los

198 WatchGuard Firebox X EdgeDenied Sites page 91DHCPdescribed 5, 45setting the Firebox to use 22setting your computer to use 20DHCP address reservati

User Guide 199Firewall Options page 72Firewall page 34firewalls, described 8firmware, updating 148FTP access, denying to the trusted interface 72Hhard

200 WatchGuard Firebox X Edgepreparing remote computers for 108–117troubleshooting 136–138uninstalling 126MUVPN Clients upgrade 151My Identity setting

User Guide 201Upgrade 151VPN 37VPN Keep Alive 104VPN Manager Access 147, 148VPN Statistics 104WAN Failover 62WatchGuard Security Event Processor Loggi

User Guide xxiiiContentsCHAPTER 1 Introduction to Network Security ...1Network Security ...

202 WatchGuard Firebox X Edgesystem configuration pages. See configuration pagessystem requirements 108System Security page 147System Status page 21,

User Guide 203WWAN Failoverconfiguring 62described 61, 152WAN Failover page 62WAN ports 158WAN1 port 61WAN2 port 61WatchGuard Security Event Processor

204 WatchGuard Firebox X Edge

xxiv WatchGuard Firebox X EdgeDisabling the HTTP Proxy Setting ...15Connecting the Firebox X Edge ...

User Guide xxvChanging the IP address of the trusted network ...49Configuring the Firebox as a DHCP server ...

xxvi WatchGuard Firebox X EdgeCHAPTER 7 Configuring WebBlocker ...83How WebBlocker Works ...

User Guide xxviiDisconnecting the MUVPN client ...131Monitoring the MUVPN Client Connection ...

xxviii WatchGuard Firebox X EdgeIndex...197

User Guide 1CHAPTER 1 Introduction to Network SecurityCongratulations on your purchase of the WatchGuard Firebox® X Edge. Your new security device pro

Certifications and NoticesUser Guide iiiVCCI Notice Class A ITE

Introduction to Network Security2 WatchGuard Firebox X EdgeComputer security must always be kept up-to-date. Intruders are always discovering new vuln

ProtocolsUser Guide 3share the same bandwidth. Because of this "shared-medium" topol-ogy, cable modem users might experience somewhat slower

Introduction to Network Security4 WatchGuard Firebox X EdgeInternet, the file is divided into chunks of data. Each chunk, or packet, is separately num

IP AddressesUser Guide 5IP AddressesIP addresses are like street addresses—when you want to send some information to someone, you must first know his

Introduction to Network Security6 WatchGuard Firebox X EdgeAbout PPPoESome ISPs assign the IP addresses through Point-to-Point Protocol over Ethernet

PortsUser Guide 7Although some services are essential, they can also be a security risk. To send and receive data, you must “open a door” in your comp

Introduction to Network Security8 WatchGuard Firebox X EdgeFirewallsA firewall divides your internal network from the Internet to reduce this danger.

Firebox® X Edge and Your NetworkUser Guide 9needs.Firewalls are implemented in both hardware and software, or a com-bination of both. Firewalls are fr

Introduction to Network Security10 WatchGuard Firebox X Edge

User Guide 11CHAPTER 2 Installing the Firebox® X EdgeTo install the WatchGuard® Firebox® X Edge in your network, use this procedure:• Identify and rec

iv WatchGuard Firebox X EdgeDeclaration of Conformity

Installing the Firebox® X Edge12 WatchGuard Firebox X EdgePackage ContentsMake sure that the Firebox® X Edge package includes:• The Firebox X Edge Qui

Identifying Your Network SettingsUser Guide 13• The Firebox X Edge serial number. Find this number on the bottom of the Firebox.You use the serial num

Installing the Firebox® X Edge14 WatchGuard Firebox X Edgenetwork address translation (NAT). You must get a public IP address and disable NAT on your

Disabling the HTTP Proxy SettingUser Guide 15Microsoft Windows 98 or ME1 Click Start => Run. 2 At the MS-DOS prompt, type winipcfg and then press t

Installing the Firebox® X Edge16 WatchGuard Firebox X Edgeinformation. Many opensource browsers automatically disable the HTTP proxy feature by defaul

Connecting the Firebox X EdgeUser Guide 17Connecting the Firebox X EdgeUse this procedure to connect your Firebox® X Edge Ethernet and power cables:1

Installing the Firebox® X Edge18 WatchGuard Firebox X Edge6 Find the AC adapter supplied with your Firebox. Connect the AC adapter to the Firebox and

Connecting to the System Configuration PagesUser Guide 19• A straight-through Ethernet cable to connect each hub to the Firebox X Edge.To connect more

Installing the Firebox® X Edge20 WatchGuard Firebox X EdgeA factory default Firebox allows HTTP traffic on port 80. After you set the administrator pa

Connecting to the System Configuration PagesUser Guide 21use DHCP. You must use an IP address on the same network as the Firebox X Edge trusted interf

Notice to UsersUser Guide vNotice to UsersInformation in this guide is subject to change without notice. Companies, names, and data used in examples h

Installing the Firebox® X Edge22 WatchGuard Firebox X Edge2 In the Address bar, type the Firebox trusted interface IP address which is https://192.168

Configuring the External InterfaceUser Guide 232 From the navigation bar on the left side, click the + symbol to the left of Network. Click External.3

Installing the Firebox® X Edge24 WatchGuard Firebox X EdgePPPoE Address SettingsFor more information in PPPoE, see “About PPPoE” on page 6. To configu

Registering Your Firebox and Activating LiveSecurity ServiceUser Guide 255 Type the PPPoE login name and domain as well as the PPPoE password supplied

Installing the Firebox® X Edge26 WatchGuard Firebox X Edgehttp://www.watchguard.com/activateNOTE NOTETo activate the LiveSecurity Service, your br

User Guide 27CHAPTER 3 Configuration and Management BasicsConfiguration is the process of customizing the WatchGuard® Firebox® X Edge to meet the spec

Configuration and Management Basics28 WatchGuard Firebox X Edge“Type the IP address of the trusted network in your browser window to connect to the Sy

Navigating the Configuration PagesUser Guide 29Using the navigation barOn the left side of the System Status page is a navigation bar that provides ac

Configuration and Management Basics30 WatchGuard Firebox X EdgeConfiguration OverviewThe Firebox X Edge system configuration pages are grouped by func

Configuration OverviewUser Guide 31Network PageThe Network page shows the configuration of each network inter-face. It also shows any configured route

vi WatchGuard Firebox X Edge(C) In addition to the copies described in Section 2(A), you may make a single copy of the SOFTWARE PRODUCT for backup or

Configuration and Management Basics32 WatchGuard Firebox X EdgeFirebox Users PageThe Firebox Users page shows statistics on the active sessions and de

Configuration OverviewUser Guide 33Administration PageThe Administration page shows whether the Firebox uses HTTP or HTTPS for its configuration pages

Configuration and Management Basics34 WatchGuard Firebox X EdgeFirewall PageThe Firewall page shows the incoming and outgoing services, blocked sites,

Configuration OverviewUser Guide 35Logging PageThe Logging page shows the current event log, status of WSEP and Syslog logging, and the system time. I

Configuration and Management Basics36 WatchGuard Firebox X EdgeWebBlocker PageThe WebBlocker page shows the WebBlocker settings, profiles, allowed sit

Configuration OverviewUser Guide 37VPN PageThe VPN page shows information on managed VPNs, manual VPN gateways, and echo hosts along with buttons to c

Configuration and Management Basics38 WatchGuard Firebox X EdgeUpdating Firebox X Edge SoftwareOne benefit of your LiveSecurity® Service is ongoing so

Factory Default SettingsUser Guide 39Factory Default SettingsThe term factory default settings refers to how the Firebox® X Edge is configured when yo

Configuration and Management Basics40 WatchGuard Firebox X EdgeResetting the Firebox to the factory default settingsYou may have occasion to reset the

Rebooting the FireboxUser Guide 41Using the Web browser1 Type the IP address of the trusted network in your browser window to connect to the System St

Copyright, Trademark, and Patent InformationUser Guide viiINABILITY TO USE THE SOFTWARE PRODUCT, EVEN IF WATCHGUARD HAS BEEN ADVISED OF THE POSSIBILIT

Configuration and Management Basics42 WatchGuard Firebox X Edge

User Guide 43CHAPTER 4 Changing Your Network SettingsA primary task in setting up your WatchGuard® Firebox® X Edge is configuring the network interfac

Changing Your Network Settings44 WatchGuard Firebox X EdgeThe Network Interface Wizard consists of the following steps:Step 1: WelcomeThe first screen

Configuring the External NetworkUser Guide 45Step 9: SummaryThe wizard’s last screen displays a summary of the settings you have made using the wizard

Changing Your Network Settings46 WatchGuard Firebox X EdgeIf your service provider uses DHCPThe default configuration sets the Firebox X Edge to get t

Configuring the External NetworkUser Guide 47If your ISP uses PPPoEIf your ISP assigns IP addresses through PPPoE, your PPPoE login name and password

Changing Your Network Settings48 WatchGuard Firebox X Edge7 Type the PPPoE password supplied by your ISP.8 Type the time delay before inactive TCP con

Configuring the Trusted NetworkUser Guide 49Changing the IP address of the trusted networkSometimes it is necessary to change the trusted network addr

Changing Your Network Settings50 WatchGuard Firebox X EdgeTo configure the Firebox as a DHCP server:1 If you have not already done so, use your browse

Configuring the Trusted NetworkUser Guide 51Setting DHCP Address ReservationsYou can bind a static IP address to a specific hardware device by way of

viii WatchGuard Firebox X EdgeRealNetworks, RealAudio, and RealVideo are either a registered trademark or trademark of RealNetworks, Inc. in the Unite

Changing Your Network Settings52 WatchGuard Firebox X EdgeTo configure the Firebox as a DHCP relay agent:1 If you have not already done so, use your b

Configuring the Optional NetworkUser Guide 53over the same LAN. If you mix computers with different operating systems on your network, they pass traff

Changing Your Network Settings54 WatchGuard Firebox X Edge2 From the navigation bar at left, select Network => Optional.The Optional Network Config

Configuring the Optional NetworkUser Guide 55Configuring DHCP on the optional networkJust as with the trusted network, you can use the Firebox as eith

Changing Your Network Settings56 WatchGuard Firebox X Edge4 Type the WINS Server address, DNS Server primary address, DNS Server secondary address, an

Configuring Static RoutesUser Guide 57NOTE NOTEAll changes to the Optional Network Configuration page require that you click Submit and then reboo

Changing Your Network Settings58 WatchGuard Firebox X Edge2 From the navigation bar at left, select Network => Routes.The Routes page appears.3 Cli

Viewing Network StatisticsUser Guide 59Viewing Network StatisticsThe Firebox® X Edge Network Statistics page gives information about network performan

Changing Your Network Settings60 WatchGuard Firebox X EdgeOr, see the following FAQs on the WatchGuard Technical Support site at: https://www.watchgu

Enabling the WAN Failover OptionUser Guide 61Enabling the WAN Failover OptionThe WAN Failover option adds redundant support for the external interface

Copyright, Trademark, and Patent InformationUser Guide ix 1. Redistributions of source code must retain the copyright notice, this list of conditions

Changing Your Network Settings62 WatchGuard Firebox X Edgeis used. If the WAN1 port is not available, the Firebox connects through the WAN2 port.To co

Enabling the WAN Failover OptionUser Guide 634 Select the Enable failover using the Ethernet (WAN2) interface checkbox.5 From the drop-down list, sele

Changing Your Network Settings64 WatchGuard Firebox X Edge

User Guide 65CHAPTER 5 Configuring Firewall SettingsThe firewall configuration settings of the WatchGuard® Firebox® X Edge control the flow of traffic

Configuring Firewall Settings66 WatchGuard Firebox X Edgepare the value of access to each service against the security risk caused by that service.Whe

Configuring Incoming and Outgoing ServicesUser Guide 67Creating a custom service using the wizardIf you need to allow a service that is not listed in

Configuring Firewall Settings68 WatchGuard Firebox X Edgeto expose a service such as HTTP (a Web server) to the external network.Step 6: SummaryThe wi

Filtering Outgoing Traffic to the Optional NetworkUser Guide 695 In the fields separated by the word To, either type a port number and leave the secon

Configuring Firewall Settings70 WatchGuard Firebox X Edge4 Click Submit.You can also select the Disable traffic filters checkbox to allow all services

Configuring Firewall OptionsUser Guide 71• Prevents the transmission of all packets from the external network to the trusted networkYou can change the