Page is loading ...
WatchGuard XCS 10.0 User Guide
WatchGuard XCS
10.0 User Guide
About this User Guide
The WatchGuard XCS User Guide is updated with each major product release. For minor product
releases, only the WatchGuard XCS Help system is updated.
For the most recent product documentation, see the WatchGuard XCS Help on the WatchGuard web
site at: http://www.watchguard.com/help/documentation/.
Information in this guide is subject to change without notice. Companies, names, and data used in
examples herein are fictitious unless otherwise noted. No part of this guide may be reproduced or
transmitted in any form or by any means, electronic or mechanical, for any purpose, without the
express written permission of WatchGuard Technologies, Inc.
Guide revised: 2/4/2015
Copyright, Trademark, and Patent Information
Copyright © 2015 WatchGuard Technologies, Inc. All rights reserved. All trademarks or trade names
mentioned herein, if any, are the property of their respective owners.
Complete copyright, trademark, patent, and licensing information can be found in the Copyright and
Licensing Guide, available online at: http://www.watchguard.com/help/documentation/.
Note Thisproductisforindooruseonly.
About WatchGuard
WatchGuard offers affordable, all-in-one network and content
security solutions that provide defense-in-depth and help meet
regulatory compliance requirements. The WatchGuard XTM
line combines firewall, VPN, GAV, IPS, spam blocking and
URL filtering to protect your network from spam, viruses,
malware, and intrusions. The new XCS line offers email and
web content security combined with data loss prevention.
WatchGuard extensible solutions scale to offer right-sized
security ranging from small businesses to enterprises with
10,000+ employees. WatchGuard builds simple, reliable, and
robust security appliances featuring fast implementation and
comprehensive management and reporting tools. Enterprises
throughout the world rely on our signature red boxes to
maximize security without sacrificing efficiency and
productivity.
For more information, please call 206.613.6600 or visit
www.watchguard.com.
Address
505 Fifth Avenue South
Suite 500
Seattle, WA 98104
Support
www.watchguard.com/support
U.S. and Canada +877.232.3531
All Other Countries +1.206.521.3575
Sales
U.S. and Canada +1.800.734.9905
All Other Countries +1.206.613.0895
ii WatchGuard XCS
User Guide iii
User Guide iv
Table of Contents
WatchGuard XCS Overview 1
About the WatchGuard XCS 1
Firewall-level Network and System Security 1
Message Delivery Security 1
Web Security 2
Content Controls 2
Virus and Spyware Scanning 3
Outbreak Control 3
Malformed Message Protection 3
Intercept Anti-Spam 3
Reputation Enabled Defense (RED) 4
Trusted and Blocked Senders Lists 5
Spam Quarantine 5
WatchGuard XCS Outlook Add-in 5
Threat Prevention 5
Secure WebMail 6
Authentication 6
Integrated and External Message Encryption 6
Mail Delivery Encryption 6
Policies 7
Directory Services 7
System Management 7
Clustering 8
Reports 8
Security Connection 8
Internationalization 9
About IPv6 Support 9
WatchGuard XCSv 10
XCSv Licensing 10
Installation Prerequisites for VMware 10
Installation Prerequisites for Microsoft Hyper-V 11
XCSv Device Installation Overview 11
Features Not Supported with WatchGuard XCSv 11
WatchGuard XCS Deployments 13
WatchGuard XCS on the DMZ of a Network Firewall 13
WatchGuard XCS in Parallel with a Network Firewall 14
WatchGuard XCS on the Internal Network 15
Web Deployments 16
Full Proxy Parallel Deployment 16
Internal Network Deployment 16
Transparent Mode Deployment 17
How Messages are Processed 20
Trusted Messages 20
Inbound and Outbound Scanning 20
SMTP Connection 20
Virus and Spyware Checking 21
Malformed Message Checking 21
Attachment Size Limits 21
Attachment Control 22
Outbreak Control 22
OCF (Objectionable Content Filter) 22
Pattern Filters and Specific Access Patterns 22
Trusted and Blocked Senders List 22
Content Scanning 22
Document Fingerprinting 22
Content Rules 22
Encryption 22
Anti-Spam Processing 23
Mail Mappings 23
Virtual Mappings 23
Relocated Users 23
Mail Aliases 23
Mail Routing 23
v WatchGuard XCS
User Guide vi
Message Delivery 24
Message Processing Order Summary 24
Getting Started 27
Before You Begin 27
Verify Basic Components 27
Hardware Installation 27
Get a Feature Key from LiveSecurity 29
Gather Network Addresses 29
DNS Configuration for Mail Routing 32
Network Firewall Configuration 33
Modify Mail Servers for Outbound Mail Routing 35
Exchange 2000 and 2003 35
Exchange 2007 and 2010 36
Installation 37
Connect the WatchGuard XCS 37
Default Network Settings 38
Start the Installation Wizard 39
Post-Installation Tasks 47
Add a Feature Key 47
Update a Feature Key 49
Troubleshoot Feature Key Updates 49
Remove a Feature Key 50
Feature Key Expiration 50
Security Connection 51
Software Updates 52
Install a Software Update 52
Delete a Software Update 54
Install a System Upgrade 54
Update Anti-Virus Pattern Files 55
Mail Routing 57
Add or Edit Mail Routes 57
Upload Mail Routes 58
Subdomain Routing with MX Lookup 60
Subdomain Routing and DNS Caching 60
LDAP Routing 60
Trust Mail Servers 61
Start Messaging Services 62
Administration 63
Connect to the WatchGuard XCS 63
Navigate the Main Menu 65
Activity 65
Security 66
Configuration 67
Administration 68
Support 69
Language Display 70
Frequent Tasks 71
Task Descriptions 72
WatchGuard XCS Console 74
Console Activity Page 74
Configure the Admin User 77
Add Admin Users 79
Admin User Automatic Logout and Lockout 81
Web Server 82
External Proxy Server 84
Customize the Web UI Interface 85
End-User Agreement 86
Customize the HTTP Proxy End-User Agreement 86
Feature Display 87
Regional Settings 88
Configure Mail Delivery 89
Network Configuration 89
Network Interface Configuration 91
Advanced Parameters 94
vii WatchGuard XCS
User Guide viii
Queue Replication 95
Transparent Mode and Bridging 96
Clustering 96
Support Access 97
Static Routes 99
Virtual Interfaces 100
Network Routing of Virtual Interfaces 100
Virtual Interfaces and Trusts 102
Mail Routing 103
Add or Edit Mail Routes 103
Upload Mail Routes 104
Subdomain Routing with MX Lookup 106
Subdomain Routing and DNS Caching 106
LDAP Routing 106
Mail Delivery Settings 107
Delivery Settings 107
Advanced Mail Delivery Options 111
Annotations 114
System Variables for Notifications 116
From and Subject Headers in Notification Messages 118
Mail Aliases 119
Upload Alias Lists 119
LDAP Aliases 120
Mail Mappings 121
Upload Mapping Lists 121
Mail Mapping as Access Control 122
Virtual Mappings 123
Upload Virtual Mapping Lists 123
LDAP Virtual Mappings 124
Queue Replication 125
Import and Process Mirrored Messages 127
Message Archiving 128
Configure Message Archiving 128
Define Mail Routes for Archiving 130
Configure Content Control Filters for Archiving 130
LDAPand Directory Services 133
LDAP Overview 133
Naming Conventions 133
LDAP Schema 135
LDAP Components 135
Directory Servers 138
Test LDAP Servers 140
Directory Users 143
Import Settings 144
Mirror LDAP Accounts 146
Test Directory Users 146
LDAP Aliases 149
LDAP Web Users 150
LDAP Virtual Mappings 152
LDAP Recipients 154
LDAP SMTP Authenticated Relay 156
LDAP Routing 158
Troubleshoot LDAP Issues 159
Cannot Contact the LDAP Server 159
LDAP User and Group Imports are Failing 159
Mirror Accounts are Not Created 160
LDAP Authentication Failures 160
Mail Security 163
Mail Access 163
Specific Access Patterns 168
Anti-Virus 170
Configure Anti-Virus 170
Update Pattern Files 171
Spyware Detection 173
ix WatchGuard XCS
User Guide x
Outbreak Control 174
Malformed Mail 177
SecureMail Email Encryption 179
How SecureMail Email Encryption Works 179
SecureMail Service 180
License and Activate SecureMail 180
Configure SecureMail on the WatchGuard XCS 181
Encrypt Messages with Pattern Filters 182
Encrypt Messages with Content Rules 183
Encrypt Messages with OCF 183
Encrypt Messages with Content Scanning 184
Read Encrypted Messages 185
WatchGuard XCS Outlook SecureMail Add-in 191
External Email Message Encryption 193
Configure the Encryption Server 194
Define Mail Routes for Encryption and Decryption 194
Enable Encryption and Decryption on the WatchGuard XCS 194
Define Filter Rules for Encryption 195
TLS Mail Delivery Encryption 197
Specific Site Policy 199
Upload TLS Policy Sites 200
TLS and Message History 201
Certificates 203
Root CACertificate Bundle (Advanced) 205
Content Control 207
Attachment Control 207
Attachment Stripping 208
Configure Attachment Control 208
Edit Attachment Types 210
Attachment Size Limits 216
Content Scanning 218
Unopenable Attachments 218
Configuring Content Scanning 218
Use Pattern Filters for Content Scanning 220
Use a Compliance Dictionary for Content Scanning 220
Objectionable Content Filter 222
Document Fingerprinting 224
Upload Training Documents 224
Configure Document Fingerprinting 226
Pattern Filters 228
Email Message Structure 229
Default Pattern Filters 230
Credit Card Pattern Filters 231
Validation for Regular Expressions 232
Configure Pattern Filters 233
Search and Sort Pattern Filters 238
Upload and Download Pattern Filters 239
Content Rules 241
Configure Content Rules 241
Rule Ordering 245
Download and Upload Content Rules 245
Custom Actions for Pattern Filters and Content Rules 248
User Reported Spam and Not Spam 249
Reroute Mail with Pattern Filters 250
Connection Rules 252
Rule Ordering 254
Dictionaries 255
Character Set Support 255
Dictionary 257
Clone a Dictionary 259
Search for a Dictionary 259
Financial and Medical Dictionaries 260
Weighted Dictionaries 261
Use Weighted Dictionaries 262
xi WatchGuard XCS
User Guide xii
Data Loss Prevention Wizard 264
Content Scanning Settings for DLP 265
Notifications 265
Run the DLPWizard 265
Content Rules Configured by the DLPWizard 268
Intercept Anti-Spam 271
Intercept Anti-Spam Overview 271
Outbound Anti-Spam 271
Intercept Components 271
Default Intercept Configuration 273
Trusted and Untrusted Mail Sources 275
Trusted Subnet 275
Trust Servers with Specific Access Patterns 276
Intercept Connection Control 278
Recipient Verification 279
Reputation Enabled Defense, DNSBL, and Backscatter Rejects 281
Connection Control Components 283
Mail Relays 283
Configure Intercept Anti-Spam 284
Intercept Anti-Spam Actions 284
Configure Intercept Anti-Spam Components 285
Automatic Intercept Configuration 286
Advanced Intercept Options 288
Outbound Anti-Spam 293
Configure Outbound Anti-Spam 293
Mail Surge Detection 295
Spam Words 296
Add a Spam Words Dictionary 298
Spam Rules 299
Spam Rules Examples 299
Configure Spam Rules 299
Mail Anomalies 301
DNS Block Lists 303
DNSBL Servers 305
Timeout Mode 305
URL Block Lists 306
UBL Domains 307
UBL Whitelist 307
Reputation Enabled Defense (RED) 309
Domain and Sender Reputation 309
Reputation Enabled Defense Statistics Sharing 310
Trusted Clients and Known Mail Servers 311
Configure Reputation Enabled Defense Checks 312
Token Analysis 316
How Token Analysis Works 316
Token Analysis Training 317
Configure Token Analysis 318
Token Analysis Advanced Options 319
Troubleshoot Token Analysis 326
WatchGuard XCS Outlook Add-in 327
Download and Install the WatchGuard XCS Outlook Add-in 327
Configure the WatchGuard XCS Outlook Add-in 329
Backscatter Detection 331
Intercept Anti-Spam Processing 331
Anti-Spam Header 332
Configure Backscatter Detection 333
Sender Policy Framework (SPF) 335
SPF Records 335
Configure SPF 335
DomainKeys 337
DomainKeys and Attachment Stripping 337
Configure DomainKeys Authentication 337
DomainKeys Log Messages 339
DomainKeys Outbound Message Signing 339
xiii WatchGuard XCS
User Guide xiv
DKIM(DomainKeys Identified Mail) 343
Configure DKIM Authentication 343
DKIM Log Messages 344
DKIM Outbound Message Signing 344
Brightmail Anti-Spam 349
Brightmail Conduit 351
Spam Quarantine and Trusted/Blocked Senders List 353
User Spam Quarantine 353
Notification Domain Support 353
WatchGuard Quarantine Management Server (QMS) 354
Local Spam Quarantine Account 354
Configure the Spam Quarantine 355
Access the Spam Quarantine 358
About Trusted and Blocked Senders Lists 360
Trusted Senders List 360
Blocked Senders List 360
Configure the Trusted and Blocked Senders List 361
Add Trusted and Blocked Senders 365
QMS Wizard 366
QMSConfiguration 366
Start the QMSWizard 366
Policies 369
About Policies 369
Sender and Recipient Policy Determination 370
Policy Hierarchy 370
Create Policies 373
Define Global Settings for Default Policy 373
Add a Policy 373
Define Domain, Group, IP Address, and User policies 383
Default Time Policy 383
Domain Policies 384
Upload and Download Domain Policy Lists 385
Group Policies 386
Enable Group Policy 386
Import LDAP Group Information 386
Configure Group Policy 388
Re-order Groups 389
Orphaned groups 390
Upload Group Policy Lists 390
IP Address Policies 391
Upload and Download IP Address Policy Lists 391
User Policies 393
Upload and Download User Policy Lists 394
Policy Diagnostics 395
Web Scanning 397
About the Web Proxy 397
Web Traffic Content Inspection 397
Web Proxy Authentication 398
Traffic Accelerator 398
Web Proxy Chaining 399
Automatic Client Proxy Configuration 399
Web Proxy Limitations 400
Web Proxy Best Practices 400
Configure the Web Proxy 401
Advanced Options 402
Web Proxy Network Interface Settings 404
Transparent Mode 405
HTTPS Deep Inspection 407
HTTPSDeep Inspection Limitations 407
Configure HTTPSDeep Inspection 407
Upload a Resigning CA Certificate 410
Generate a New Resigning CACertificate 411
Generate a Certificate Signing Request 413
Import the Resigning Certificate into the Client Web Browser 415
xv WatchGuard XCS
User Guide xvi
About Web Proxy Authentication 419
About IP Address-based Authentication 419
Enable Web Proxy Authentication 420
WatchGuard Single Sign-On 423
Web Proxy Authentication Logout 434
Flush All Web Single Sign-on Sessions 434
Web URL Block Lists 435
Configure URL Block Lists in a Policy 436
Web Reputation 437
Reputation Score 437
Web Reputation Statistics Sharing 437
Bypass Anti-Virus and Spyware Scanning 437
Configure Web Reputation 438
Web Reputation Lookup 440
Traffic Accelerator 441
Web Cache 442
Streaming Media Bypass 445
Web Client Configuration 447
IP Authentication Browser Configuration Mode 447
Automatic Web Proxy Client Configuration 448
Web Proxy Auto Configuration 451
Client Browser Notifications 453
Web Proxy Access with Policies 454
Web Policy Scanner Actions 454
HTTP Trusted and Blocked Sites 455
HTTP Upload and Download Limit 457
URL Categorization 458
Uncategorized Sites 458
URL Categories 458
Configure URL Categorization 462
Control List Updates 463
Bypass URL Categorization 464
User Accounts 465
Local User Accounts 465
Upload and Download User Lists 466
Tiered Administration 467
Tiered Administration and WebMail Access 468
Log In with Tiered Administration Privileges 469
Delegated Domain Administration 471
Delegated Domain Administration and Clustering 471
Delegated Domain policies 471
Create a Delegated Domain Administrator 472
Create Delegated Domains 473
Administer Delegated Domains 475
Mirror Accounts 478
Remote Accounts and Directory Authentication 479
Configure LDAP Authentication 480
RADIUS Authentication 480
POP3 and IMAP Access 481
Relocated Users 483
Vacation Notification 484
User Vacation Notification Profile 485
Secure WebMail 487
Secure WebMail 487
Configure Secure WebMail 488
WebMail Client 491
Configure WebMail Client Options 491
Configure Secure WebMail for Outlook Web Access 493
Enable the Secure WebMail OWA Proxy 493
Outlook Web Access (OWA) Integration 496
OWA 2007 Configuration 496
OWA2010 Configuration 498
Disable OWAPremium Client Mode 501
Threat Prevention 503
xvii WatchGuard XCS
User Guide xviii
About Threat Prevention 503
How Threat Prevention Works 503
Threat Prevention in a Cluster 504
Configure Threat Prevention 505
Mail Relays 505
About Connection Rules 507
Rules Script 509
Basic Rule Structure 509
Default Connection Rules 509
Create Connection Rules 513
Build Condition Statements 514
Connection Rules Script Error Check 517
IP/CIDR Lists 518
Upload and Download IP Addresses 519
Data Groups 520
Integration with F5 and Cisco Devices 520
Configure Data Groups 520
F5 Devices 522
Enable Data Transfer to an F5 Device 522
Configure F5 Data Groups 523
WatchGuard XCS and F5 Integration Notes 525
Cisco Devices 526
Enable Data Transfer to a Cisco Device 526
Cisco Device Configuration 528
Threat Prevention Status 529
Clustering 531
About Clustering 531
Cluster Architecture 531
XCSv Cluster Setup 532
Load Balancing 533
Cluster Feature Support 533
Configure Clustering 535
Hardware and Licenses 535
Cluster Network Configuration 535
Select a Cluster Mode 536
Cluster Management 537
Cluster Activity 537
Stop and Start Messaging Queues 539
Change Cluster Run Mode 539
Cluster System Maintenance 539
Cluster Reports and Message History 540
Cluster Device Failures 540
Backup and Restore in a Cluster 541
Threat Prevention and Clustering 541
Clustering and Centralized Management 541
Centralized Management 543
About Centralized Management 543
Centralized Management and Clustering 544
Centralized Management Features 545
Deployment 545
Create a Centralized Management Federation 548
Enable Centralized Management on the Manager 548
Configure Manager Systems in a Cluster 549
Enable Centralized Management on Entity systems 551
Add Entities to a Federation on the Manager System 554
Configuration Sets 555
Configuration Set Features 555
Create a Configuration Set 558
Define a Configuration Set 558
Apply a Configuration Set 559
View a Configuration Set on an Entity 560
Centralized Management Activity 562
Entity Status 562
Centralized Management Reports 563
xix WatchGuard XCS
User Guide xx
View Centralized Management Reports 563
View Message History 564
Reports and Logs 565
About Reports 565
Domain Reporting 566
Inbound and Outbound Reporting 566
Schedule Reports 567
Create a New Report 568
View Reports 571
Custom Report Logo 572
Report Types 573
Configure Reports 580
Spam Logging 581
Mail Logs 582
Search the Mail Log 583
System Logs 585
Search the System Log 585
WatchGuard XCS Logs 587
Previous Searches 588
Configure Logs 589
Explain Log Script 589
Offload (Backup) 589
Offload (Report) 590
Log Search Configuration 591
System Management 593
Backup 593
Backup Methods 593
Restore from Backup 594
Backup File Name 594
Start a Backup 596
Restore from Backup 600
Backup and Restore Alarms and Errors 603
/