Watchguard SOHO User guide

Brand: Watchguard

Model: SOHO

Category: Serial switch boxes

Type: User guide

WatchGuard

SOHO

User Guide

SOHO and SOHO|tc 2.2

ii WatchGuard SOHO and SOHOtc

Registration and Identification Information

Please use this area to enter ID information.

SOHO Serial Number:

LiveSecurity User ID:

Password:

Enter the LiveSecurity User ID and Password that you select while regis-

tering your WatchGuard SOHO or SOHO|tc. To register, after you have

installed your SOHO, open your browser to 192.168.111.1/login.htm and

click on the Register link.

Please keep this information in a secure place.

WatchGuard and LiveSecurity are either registered trademarks or trademarks of

WatchGuard Technologies, Inc. in the United States and other countries. Firebox is a

trademark of WatchGuard Technologies, Inc.

All other trademarks and trade names are the property of their respective owners.

Cyber Patrol is a registered trademark of Learning Company Properties, Inc.

DocVer: B-2.2-User-4

User Guide 2.2 iii

Welcome

Congratulations on purchasing the ideal solution for providing secure

access to the Internet—the WatchGuard SOHO or WatchGuard SOHO|tc.

Your new security device will give you peace of mind when connecting to

the Internet using a high-speed modem (cable or DSL) or modem/router

(leased line or ISDN).

This User Guide may be used to install and use either the SOHO or

SOHO|tc. The only difference between these two devices is the ability to

create and use a Virtual Private Network (VPN). VPN can be added to the

SOHO, while the SOHO|tc already has installed VPN capabilities.

In this guide, the name SOHO is used to refer to both the SOHO and

SOHO|tc. The most current installation and user information will always

be available on the Internet at:

http://bisd.watchguard.com/soho/install

Phone support is also available at:

877-232-3531 (U.S.; End-user support)

206-521-8375 (U.S.; Authorized Reseller support)

360-482-1083 (International)

Redeeming SOHO Upgrade Certificates

To upgrade a SOHO with either a Webblocker or a 25/50 user license, go

to the following Web site:

http://bisd.watchguard.com/soho/upgrade

On this Web page, enter the SOHO serial number, the serial number of the

certificate, and a crypto key from the certificate. You do not need to regis-

ter the unit or login information prior to redeeming the certificate.

iv WatchGuard SOHO and SOHOtc

Using This Guide

This manual is written with the assumption that you are familiar with

your computer operating system. If you have questions about navigating

in your computer environment, please refer to your system user manual.

The following conventions have been used in the development of these

installation and configuration instructions:

Convention Indication

Bold type

Bold typeBold type

Bold type Used for menu commands, dialog box options, screens and

file names. For example: “In the Preferences screen,

select Disabled.”

A warning, or precautionary information.

Additional or more detailed information or instructions, a

helpful tip, or especially important information

User Guide 2.2 v

Registration and Identification Information ii

Welcome iii

Redeeming SOHO Upgrade Certificates iii

Using This Guide iv

CHAPTER 1

Installation 1

Before You Begin 1

Pre-Installation Checklist 1

Performing Manual Installation 2

Determine Your Current TCP/IP Settings 2

Disable HTTP Proxy 3

Physically Connecting Your SOHO after Manual

Installation 5

Cabling the SOHO for One to Four Devices 5

Cabling the SOHO for More Than Four Computers 6

CHAPTER 2

Setting Up Your SOHO Network 9

How Does a Firewall Work? 9

Configuring Your Public Network 10

Network Addressing 10

Determining Whether Your ISP Uses DHCP 11

Configuring the SOHO Public Network for Static

Addressing 12

Configuring SOHO Public Network for PPPoE 13

Release and Renew the IP Configuration 14

Configuring Your Private Network 15

Configure Additional Computers to the Private

Network 15

Changing the SOHO System Name and Password 16

Default Factory Settings 17

Troubleshooting Installation and Network

Configuration 18

vi WatchGuard SOHO and SOHO|tc

CHAPTER 3

Configuring Services for a SOHO 21

How Does Information Travel On the Internet? 21

IP Addresses 21

Protocol 22

Port Number 22

Services 22

WatchGuard SOHO Services 22

Allowing Incoming Services 23

Adding a Pre-Configured Incoming Service 23

Creating a Custom Incoming Service 24

Adding an Incoming TCP or UDP Service 24

Adding an Incoming Service with Another Type of

Protocol 25

Adding the Any Service 26

Removing an Incoming Service 26

Blocking Outgoing Services 27

Blocking a TCP or UDP Service 27

Blocking an Alternative Protocol 28

Removing a Blocked Outgoing Service 28

CHAPTER 4

Configuring Virtual Private Networking 31

Why Create a Virtual Private Network? 31

What You Will Need 32

IP Address Table (example) 33

Obtaining a VPN Feature Key 34

Enabling the VPN Feature Key 34

Step-by-Step Instructions for Configuring a SOHO VPN

Tunnel 34

Special Considerations 34

Frequently Asked Questions 35

CHAPTER 5

Additional SOHO Features 37

SOCKS for SOHO 37

SOHO SOCKS Implementation 37

User Guide 2.2 vii

Configuring your SOCKS Application for SOHO 38

Disabling SOCKS on SOHO 38

SOHO Logging 39

Viewing SOHO Log Messages 40

Setting a Remote Log Host 40

Rebooting a WatchGuard SOHO 40

Forcing a Software Update 41

CHAPTER 6

WatchGuard SOHO WebBlocker 43

How WebBlocker Works 43

Bypassing the SOHO WebBlocker 44

Purchasing and Enabling SOHO WebBlocker 44

Configuring the SOHO WebBlocker 45

WebBlocker Categories 46

Communicating with CyberPatrol 48

Visiting the CyberPatrol Web Site 48

Verifying Whether a Web Site is in the WebBlocker

Database 48

viii WatchGuard SOHO and SOHO|tc

User Guide 2.2 1

CHAPTER 1

Installation

Before You Begin

Pre-Installation Checklist

Before installing your new WatchGuard SOHO please complete this

checklist to ensure that you have:

•

A 10BaseT Ethernet I/O network card installed in your computer.

•

A cable or DSL modem with a 10BaseT port.

•

Two Ethernet network cables with RJ45 connectors.

One cable is furnished with your unit. A second cable may have been supplied with

your modem. If you do not have one, you will need to purchase a second RJ45 cable.

Make sure that both cables are long enough to comfortably connect the modem to

the SOHO to the computer in your individual office environment.

•

An operational Internet connection.

Setup of your SOHO requires access to the Internet. If your connection does not

work, please contact your Internet Service Provider (ISP). When your connection

has been established, you may proceed with installation and setup.

•

If you have either a cable or DSL modem, consult the manual that

came with your service, or call the ISP to find out whether your partic-

Installation

2 WatchGuard SOHO and SOHO|tc

ular modem supports DHCP or PPPoE. You will need this information

later in the installation process.

•

If you are using PPPoE to connect to your local Internet Service Pro-

vider, the WatchGuard SOHO must be running firmware version 2.1

or later.

•

An installed Web browser—either Netscape Navigator 4.5 (or above)

or Internet Explorer 4.0 (or above).

Performing Manual Installation

Before you begin the installation process, make a hardcopy of these

instructions—you will need them for reference when you turn off your

computer during installation. Connect to the Internet before you start the

installation process, but disconnect the SOHO.

Determine Your Current TCP/IP Settings

For your reference, and future use, record the current, available TCP/IP

settings for your computer. Different operating systems will supply dif-

ferent information. Complete those fields you can identify.

Before setup, make sure that you:

• Connect to the Internet but keep the SOHO disconnected until you are

prompted to connect it.

• Enter the serial number of your WatchGuard SOHO in the space indi-

cated at the front of this guide.

TCP/IP Setting Value

IP Address

Subnet Mask

Default Gateway

DHCP Enabled Yes No

Primary WINS Server

Secondary WINS Server

DNS Server(s) Primary

Secondary

User Guide 2.2 3

Performing Manual Installation

Here is how to locate your settings:

Microsoft Windows NT

Click Start => Programs => Command Prompt.

At the C:\prompt, enter

ipconfig\all

. Press Enter.

Enter and verify settings in the space provided above.

Click Cancel.

Microsoft Windows 95 or 98

Click Start => Run.

At the C:\ prompt, enter

winipcfg

. Click OK.

Enter and verify all settings in the space provided on page 2.

Click Cancel.

Macintosh

Click Apple menu => Control Panels => TCP/IP.

Enter and verify settings in the space provided on page 2.

Close the window.

Other Operating Systems (Unix, Linux)

Consult your operating system guide to locate the TCP/IP screen.

Enter and verify settings in the space provided on page 2.

Exit the TCP/IP configuration screen.

Disable HTTP Proxy

To configure a WatchGuard SOHO after it is installed, you must be able to

browse the Web pages that reside in the SOHO memory. If the HTTP

proxy in your browser is enabled, then accessing the pages residing in

your SOHO is not possible, and you will not be able to complete the con-

figuration process.

With the HTTP proxy enabled, the browser automatically points itself to

the expanses of the Internet, and you cannot direct it to another place

If you are connecting more than one computer to the private net-

work behind the SOHO, obtain the configuration TCP/IP infor-

mation for each computer.

Installation

4 WatchGuard SOHO and SOHO|tc

from which you want to view Web pages. Disabling the HTTP will in no

way prevent you accessing your favorite Web sites, but it will allow you

to access the special configuration pages that reside only on the SOHO.

To disable the HTTP proxy in three commonly used browsers, see the

instructions below. If your browser is not listed, see your browser Help

menus to learn how to disable the HTTP proxy.

Netscape 4.5 or 4.7

Open Netscape.

Click Edit => Preferences.

The Preference dialog box appears.

Click the + before Advanced to expand the heading.

Click Proxies.

Select Direct Connection to the Internet.

Verify that Automatic Proxy Configuration is unchecked.

Click OK to save the settings.

Internet Explorer 4.0

Open Internet Explorer.

Click View => Internet Options.

Select the Connections tab.

Uncheck Access the Internet using a proxy server.

Check Connect to the Internet using a local area network.

Click Configure at the bottom on the Internet Options screen.

Record the URL box information here: .

Click OK to save settings.

Internet Explorer 5.0

Open Internet Explorer.

Click Tools => Internet Options.

The Internet Options screen displays.

Click the Advanced tab.

Scroll down the page to HTTP 1.1 Settings.

Clear any check marks in either of the boxes there.

Click OK to save the settings.

User Guide 2.2 5

Physically Connecting Your SOHO after Manual Installation

Your WatchGuard SOHO can be used to protect a single computer or a

multi-computer network. It can also function as a hub to connect a variety

of other devices.

Cabling the SOHO for One to Four Devices

The SOHO has four ports. Each can be used to connect a variety of

devices. These may include computers, printers, scanners, or other net-

work peripherals. Your SOHO may replace an existing hub if you have no

more than four devices to connect.

Complete the “Pre-Installation Checklist” on page 1.

Turn off your computer.

Unplug the power from your cable or DSL modem.

Unplug the Ethernet cable that is connected from your cable or DSL

modem to your computer, and instead connect it from your modem to

the WAN port on the SOHO.

This creates a connection between the SOHO and the modem.

Plug the Ethernet cable supplied with your SOHO into any one of the

numbered (1-4) ports on the SOHO. Plug the other end into the Ether-

net card installed in your computer.

Installation

6 WatchGuard SOHO and SOHO|tc

This creates a connection between your modem and computer, with the SOHO in

between. If you have additional computers, use additional Ethernet cables to con-

nect them to the other numbered ports on the SOHO.

Turn on the power to your cable or DSL modem. Wait until the lights

stop flashing, indicating that the modem is ready.

Attach the power cord to the SOHO and plug it into an outlet.

Restart your computer.

See the end of this chapter for information on the factory default con-

figuration options, and Chapter 2 for specialized configurations.

Cabling the SOHO for More Than Four Computers

While there are only four ports on the back of the SOHO, you can connect

many more devices to your SOHO using network hubs.

Complete the “Pre-Installation Checklist” on page 1.

You will need these additional items:

The SOHO and SOHO|tc ship with a “10-seat” license. In other

words, the SOHO allows you to connect up to 10 computers to a

network behind the SOHO, each with access to the Internet. If

you would like to upgrade your SOHO to up to 50 computers,

visit the WatchGuard Online Store http://www.watchguard.com/

sales/buyonline.asp.

User Guide 2.2 7

Physically Connecting Your SOHO after Manual Installation

- One or more Ethernet hubs (you may connect up to 4 hubs).

- An Ethernet cable (with RJ-45 connectors) for each computer to

connect the modem to the SOHO.

- A crossover cable to connect each hub to the SOHO.

Turn off your computer and unplug the power from the cable or DSL

modem.

Unplug the Ethernet cable that is connected from your cable or DSL

modem to your computer, and instead connect it from your modem to

the WAN port on the SOHO.

This creates a connection between the SOHO and the modem.

Plug a crossover cable into any of the numbered (1-4) ports on the

SOHO. Plug the other end into an Ethernet hub.

Using Ethernet cables, connect the hub output to the Ethernet card

installed in each of your computers.

If you have more computers to connect, connect another SOHO output to another

Ethernet hub, and then connect additional Ethernet cables between the second

Ethernet hub and the RJ-45 connections on the backs of those computers.

Turn on the power to your cable or DSL modem. Wait until the lights

stop flashing, indicating that the modem is ready.

Attach the power cord to the SOHO and plug it into an outlet.

Restart your computer.

Installation

8 WatchGuard SOHO and SOHO|tc

User Guide 2.2 9

How Does a Firewall Work?

CHAPTER 2

Setting Up Your

SOHO Network

How Does a Firewall Work?

Fundamentally, a firewall is a way of differentiating between “us” and

“them”. On the public side of your SOHO firewall is the entire Internet.

The Internet has many resources which you want to be able to reach, such

as the Web, e-mail, and conferencing. It also presents dangers to the pri-

vacy and security of your computers. On the private side of your SOHO

firewall are all the devices you want to protect from these dangers.

Using rules we will discuss in Chapter 3: “Configuring Services for a

SOHO” on page 21, the WatchGuard SOHO evaluates all traffic between

the public network and the private network and blocks any suspicious

activity. In order for this to work as described, you must first configure

both the public and private network to work together and to talk to one-

another as well as the rest of the world.

The following configuration instructions assume that you are

using a graphical interface on a PC-based system (e.g. Windows).

If this is not the case, see your operating system help or user guide

to locate the equivalent options and commands.

Setting Up Your SOHO Network

10 WatchGuard SOHO and SOHO|tc

Configuring Your Public Network

When you configure the public network, you establish how the SOHO

will communicate with your Internet Service Provider (ISP). This configu-

ration is very much dependent on how your ISP distributes network

addresses—using DHCP or PPPoE.

Network Addressing

Each networked computer in the entire world must have an address to

identify itself to other computers. The most common method to distribute

addresses is to use Dynamic Host Configuration Protocol (DHCP). Every

time you turn on your computer, a DHCP server at your ISP automati-

cally assigns it a network IP address. It eliminates the ISP having to man-

ually assign IP addresses.

IP address assignment can be either dynamic or static. With dynamic

DHCP, your ISP assigns your computer a new address every time you

connect. When you power down, you release the address and it is reas-

signed. An IP address that is static, on the other hand, belongs to your

computer at all times whether or not you are currently using it. No other

computer anywhere on the network shares the same address.

A third way of assigning addresses is called PPPoE (Point-to-Point Proto-

col over Ethernet). PPPoE combines some of the advantages of Ethernet

and PPP by simulating a standard Dial-Up connection. It is popular

among many ISPs because it enables them to use existing Dial-Up infra-

structure such as billing, authentication, and security for DSL and cable

modems.

User Guide 2.2 11

Configuring Your Public Network

Determining Whether Your ISP Uses DHCP

Most ISPs support both dynamic (DHCP) and static addressing. To deter-

mine if your connection to the Internet is via DHCP and, if so, which

type, on your computer:

Click Start => Control Panel.

The Control Panel window appears.

Click the Network icon.

The Network dialog box appears.

Click the Protocol tab.

Double-click TCP/IP protocol.

If “Obtain an IP Address Automatically” is selected, your computer is configured

for dynamic DHCP. If “Obtain an IP Address Automatically” is not checked, your

computer is configured for static addressing. The actual wording on the menu may

differ depending on your operating system, but all platforms differentiate somehow

between dynamic and static addressing.

Configuring the SOHO Public Network for Dynamic Addressing

Out of the box, the SOHO is configured to obtain its public address infor-

mation automatically, using DHCP. So if your ISP assigns you an address

automatically (or dynamically), the SOHO itself will obtain all the

Setting Up Your SOHO Network

12 WatchGuard SOHO and SOHO|tc

addressing information it needs when it powers on and attempts to con-

nect to the Internet. No further configuration of the SOHO is required. To

complete the SOHO Public Network configuration, see “Release and

Renew the IP Configuration” on page 14.

Configuring the SOHO Public Network for Static Addressing

If you are assigned a static address, then you must transfer the permanent

address assignment from your computer to the SOHO itself. Instead of

communicating directly to your computer, the ISP will now communicate

first through the SOHO. To do this you must both modify the static set-

tings on your personal computer as well as enter the information into the

SOHO Configuration pages.

On Your Computer

Click Start => Control Panel.

The Control Panel window appears.

Click the Network icon.

The Network dialog box appears.

Click the Protocol tab.

Click Properties.

The Properties window appears with the addressing information

already filled in.

Select the Obtain an IP address automatically option. Click OK.

Reminder: The wording may differ slightly depending on the operat-

ing system. A similar option, however, is found on all platforms.

10.

If prompted with “Do you want to enable DHCP?” click Yes.

11.

Save the changes.

12.

On most platforms, click OK until the Control Panel window closes.

13.

Shut down and reboot the computer.

To complete SOHO Public Network configuration, see “Release and

Renew the IP Configuration” on page 14.

If you are switching from a PPPoE or static IP account to

dynamic addressing, open the SOHO Configuration menu, click

Public Network, and enable the checkbox labeled, Use DHCP to

Obtain Configuration.

Page is loading ...

Watchguard SOHO User guide

Brand: Watchguard

Model: SOHO

Category: Serial switch boxes

Type: User guide

Download PDF

report

Watchguard SOHO User guide

Watchguard SOHO User guide

Related papers

Other documents