Watchguard Firebox X Edge e-Series User guide

WatchGuard

®

Firebox

®

X Edge

e-Series User Guide

Firebox X Edge e-Series - Firmware Version 8.5

All Firebox X Edge e-Series Standard and Wireless

Models

ii WatchGuard Firebox X Edge e-Series

Notice to Users

Information in this guide is subject to change without notice.

Companies, names, and data used in examples herein are fictitious

unless otherwise noted. No part of this guide may be reproduced or

transmitted in any form or by any means, electronic or mechanical, for

any purpose, without the express written permission of WatchGuard

Technologies, Inc.

Copyright, Trademark, and Patent Information

reserved.

All trademarks or trade names mentioned herein, if any, are the

property of their respective owners.

End-User License Agreement

IMPORTANT - READ CAREFULLY BEFORE ACCESSING

WATCHGUARD SOFTWARE:

This Firebox Software End-User License Agreement

(“AGREEMENT”) is a legal agreement between you (either an

individual or a single entity) and WatchGuard Technologies, Inc.

(“WATCHGUARD”) for the WATCHGUARD Firebox software

product, which includes computer software components (whether

installed separately on a computer workstation or on the

WATCHGUARD hardware product or included on the WATCHGUARD

hardware product) and may include associated media, printed

materials, and on-line or electronic documentation, and any updates or

modifications thereto, including those received through the

WatchGuard LiveSecurity Service (or its equivalent), (the

Complete copyright, trademark, patent, and licensing information

can be found in an appendix at the end of this book. You can also

find it online at:

http://www.watchguard.com/help/documentation/

This product is for indoor use only.

End-User License Agreement

User Guide iii

“SOFTWARE PRODUCT”). WATCHGUARD is willing to license the

SOFTWARE PRODUCT to you only on the condition that you accept

all of the terms contained in this Agreement. Please read this

Agreement carefully. By installing or using the SOFTWARE

PRODUCT you agree to be bound by the terms of this Agreement. If

you do not agree to the terms of this AGREEMENT, WATCHGUARD

will not license the SOFTWARE PRODUCT to you, and you will not

have any rights in the SOFTWARE PRODUCT. In that case, promptly

return the SOFTWARE PRODUCT, along with proof of payment, to

the authorized dealer from whom you obtained the SOFTWARE

PRODUCT for a full refund of the price you paid. The WATCHGUARD

hardware product is subject to a separate agreement and limited

hardware warranty included with the WATCHGUARD hardware

product packaging and/or in the associated user documentation.

1. Ownership and License. The SOFTWARE PRODUCT is protected by

copyright laws and international copyright treaties, as well as other

intellectual property laws and treaties. This is a license agreement and

NOT an agreement for sale. All title and copyrights in and to the

SOFTWARE PRODUCT (including but not limited to any images,

photographs, animations, video, audio, music, text, and applets

incorporated into the SOFTWARE PRODUCT), the accompanying

printed materials, and any copies of the SOFTWARE PRODUCT are

owned by WATCHGUARD or its licensors. Your rights to use the

SOFTWARE PRODUCT are as specified in this AGREEMENT, and

WATCHGUARD retains all rights not expressly granted to you in this

AGREEMENT. Nothing in this AGREEMENT constitutes a waiver of

our rights under U.S. copyright law or any other law or treaty.

2. Permitted Uses. You are granted the following rights to the

SOFTWARE PRODUCT:

(A) You may install and use the SOFTWARE PRODUCT on any

single WATCHGUARD hardware product at any single location and

may install and use the SOFTWARE PRODUCT on multiple

workstation computers.

(B) To use the SOFTWARE PRODUCT on more than one

WATCHGUARD hardware product at once, you must purchase an

additional copy of the SOFTWARE PRODUCT for each additional

WATCHGUARD hardware product which you want to use it. To the

extent that you install copies of the SOFTWARE PRODUCT on

additional WATCHGUARD hardware products in accordance with the

prior sentence without installing the additional copies of the

SOFTWARE PRODUCT included with such WATCHGUARD hardware

iv WatchGuard Firebox X Edge e-Series

products, you agree that use of any software provided with or included

on the additional WATCHGUARD hardware products that does not

require installation will be subject to the terms and conditions of this

AGREEMENT. You must also maintain a current subscription to the

WatchGuard LiveSecurity Service (or its equivalent) for each

additional WATCHGUARD hardware product on which you will use a

copy of an updated or modified version of the SOFTWARE PRODUCT

received through the WatchGuard LiveSecurity Service (or its

equivalent).

(C) In addition to the copies described in Section 2(A), you may make

a single copy of the SOFTWARE PRODUCT for backup or archival

purposes only.

3. Prohibited Uses. You may not, without express written permission

from WATCHGUARD:

(A) Use, copy, modify, merge or transfer copies of the SOFTWARE

PRODUCT or printed materials except as provided in this

AGREEMENT;

(B) Use any backup or archival copy of the SOFTWARE PRODUCT

(or allow someone else to use such a copy) for any purpose other than

to replace the original copy in the event it is destroyed or becomes

defective;

(C) Sublicense, lend, lease or rent the SOFTWARE PRODUCT;

(D) Transfer this license to another party unless

(i) the transfer is permanent,

(ii) the third party recipient agrees to the terms of this AGREEMENT,

and

(iii) you do not retain any copies of the SOFTWARE PRODUCT; or

(E) Reverse engineer, disassemble or decompile the SOFTWARE

PRODUCT.

4. Limited Warranty. WATCHGUARD makes the following limited

warranties for a period of ninety (90) days from the date you obtained

the SOFTWARE PRODUCT from WATCHGUARD or an authorized

dealer:

(A) Media. The disks and documentation will be free from defects in

materials and workmanship under normal use. If the disks or

documentation fail to conform to this warranty, you may, as your sole

and exclusive remedy, obtain a replacement free of charge if you return

the defective disk or documentation to WATCHGUARD with a dated

proof of purchase.

End-User License Agreement

User Guide v

(B) SOFTWARE PRODUCT. The SOFTWARE PRODUCT will

materially conform to the documentation that accompanies it. If the

SOFTWARE PRODUCT fails to operate in accordance with this

warranty, you may, as your sole and exclusive remedy, return all of the

SOFTWARE PRODUCT and the documentation to the authorized

dealer from whom you obtained it, along with a dated proof of

purchase, specifying the problems, and they will provide you with a

new version of the SOFTWARE PRODUCT or a full refund, at their

election.

Disclaimer and Release. THE WARRANTIES, OBLIGATIONS AND

LIABILITIES OF WATCHGUARD, AND YOUR REMEDIES, SET

FORTH IN PARAGRAPHS 4, 4(A) AND 4(B) ABOVE ARE

EXCLUSIVE AND IN SUBSTITUTION FOR, AND YOU HEREBY

WAIVE, DISCLAIM AND RELEASE ANY AND ALL OTHER

WARRANTIES, OBLIGATIONS AND LIABILITIES OF

WATCHGUARD AND ITS LICENSORS AND ALL OTHER RIGHTS,

CLAIMS AND REMEDIES YOU MAY HAVE AGAINST

WATCHGUARD AND ITS LICENSORS, EXPRESS OR IMPLIED,

ARISING BY LAW OR OTHERWISE, WITH RESPECT TO ANY

NONCONFORMANCE OR DEFECT IN THE SOFTWARE PRODUCT

(INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY

OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR

PURPOSE, ANY IMPLIED WARRANTY ARISING FROM COURSE

OF PERFORMANCE, COURSE OF DEALING, OR USAGE OF

TRADE, ANY WARRANTY OF NONINFRINGEMENT, ANY

WARRANTY THAT THE SOFTWARE PRODUCT WILL MEET

YOUR REQUIREMENTS, ANY WARRANTY OF UNINTERRUPTED

OR ERROR-FREE OPERATION, ANY OBLIGATION, LIABILITY,

RIGHT, CLAIM OR REMEDY IN TORT, WHETHER OR NOT

ARISING FROM THE NEGLIGENCE (WHETHER ACTIVE,

PASSIVE OR IMPUTED) OR FAULT OF WATCHGUARD AND ITS

LICENSORS AND ANY OBLIGATION, LIABILITY, RIGHT, CLAIM

OR REMEDY FOR LOSS OR DAMAGE TO, OR CAUSED BY OR

CONTRIBUTED TO BY, THE SOFTWARE PRODUCT).

Limitation of Liability. WATCHGUARD'S LIABILITY (WHETHER

IN CONTRACT, TORT, OR OTHERWISE; AND

NOTWITHSTANDING ANY FAULT, NEGLIGENCE, STRICT

LIABILITY OR PRODUCT LIABILITY) WITH REGARD TO THE

SOFTWARE PRODUCT WILL IN NO EVENT EXCEED THE

PURCHASE PRICE PAID BY YOU FOR SUCH PRODUCT. THIS

SHALL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF AN

vi WatchGuard Firebox X Edge e-Series

AGREED REMEDY. IN NO EVENT WILL WATCHGUARD BE

LIABLE TO YOU OR ANY THIRD PARTY, WHETHER ARISING IN

CONTRACT (INCLUDING WARRANTY), TORT (INCLUDING

ACTIVE, PASSIVE OR IMPUTED NEGLIGENCE AND STRICT

LIABILITY AND FAULT), FOR ANY INDIRECT, SPECIAL,

INCIDENTAL, OR CONSEQUENTIAL DAMAGES (INCLUDING

WITHOUT LIMITATION LOSS OF BUSINESS PROFITS,

BUSINESS INTERRUPTION, OR LOSS OF BUSINESS

INFORMATION) ARISING OUT OF OR IN CONNECTION WITH

THIS WARRANTY OR THE USE OF OR INABILITY TO USE THE

SOFTWARE PRODUCT, EVEN IF WATCHGUARD HAS BEEN

ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS

SHALL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF AN

AGREED REMEDY.

5. United States Government Restricted Rights. The SOFTWARE

PRODUCT is provided with Restricted Rights. Use, duplication or

disclosure by the U.S. Government or any agency or instrumentality

thereof is subject to restrictions as set forth in subdivision (c)(1)(ii) of

the Rights in Technical Data and Computer Software clause at DFARS

252.227-7013, or in subdivision (c)(1) and (2) of the Commercial

Computer Software -- Restricted Rights Clause at 48 C.F.R. 52.227-

19, as applicable. Manufacturer is WatchGuard Technologies, Inc.,

505 5th Ave. South, Suite 500, Seattle, WA 98104.

6. Export Controls. You agree not to directly or indirectly transfer the

SOFTWARE PRODUCT or documentation to any country to which

such transfer would be prohibited by the U.S. Export Administration

Act and the regulations issued thereunder.

7. Termination. This license and your right to use the SOFTWARE

PRODUCT will automatically terminate if you fail to comply with any

provisions of this AGREEMENT, destroy all copies of the SOFTWARE

PRODUCT in your possession, or voluntarily return the SOFTWARE

PRODUCT to WATCHGUARD. Upon termination you will destroy all

copies of the SOFTWARE PRODUCT and documentation remaining in

your control or possession.

8. Miscellaneous Provisions. This AGREEMENT will be governed by

and construed in accordance with the substantive laws of Washington

excluding the 1980 United National Convention on Contracts for the

International Sale of Goods, as amended. This is the entire

AGREEMENT between us relating to the SOFTWARE PRODUCT,

and supersedes any prior purchase order, communications, advertising

or representations concerning the SOFTWARE PRODUCT AND BY

End-User License Agreement

User Guide vii

USING THE SOFTWARE PRODUCT YOU AGREE TO THESE

TERMS. IF THE SOFTWARE PRODUCT IS BEING USED BY AN

ENTITY, THE INDIVIDUAL INDICATING AGREEMENT TO

THESE TERMS REPRESENTS AND WARRANTS THAT (A) SUCH

INDIVIDUAL IS DULY AUTHORIZED TO ACCEPT THIS

AGREEMENT ON BEHALF OF THE ENTITY AND TO BIND THE

ENTITY TO THE TERMS OF THIS AGREEMENT; (B) THE ENTITY

HAS THE FULL POWER, CORPORATE OR OTHERWISE, TO

ENTER INTO THIS AGREEMENT AND PERFORM ITS

OBLIGATIONS UNDER THIS AGREEMENT AD// (C) THIS

AGREEMENT AND THE PERFORMANCE OF THE ENTITY’S

OBLIGATIONS UNDER THIS AGREEMENT DO NOT VIOLATE

ANY THIRD-PARTY AGREEMENT TO WHICH THE ENTITY IS A

PARTY. No change or modification of this AGREEMENT will be valid

unless it is in writing and is signed by WATCHGUARD.

Firmware Version: 8.5

Guide Version: 8.5

352-2837-001

viii WatchGuard Firebox X Edge e-Series

Abbreviations Used in this Guide

3DES Triple Data Encryption Standard

BOVPN Branch Office Virtual Private Network

DES Data Encryption Standard

DNS Domain Name Service

DHCP Dynamic Host Configuration Protocol

DSL Digital Subscriber Line

IP Internet Protocol

IPSec Internet Protocol Security

ISDN Integrated Services Digital Network

ISP Internet Service Provider

MAC Media Access Control

MUVPN Mobile User Virtual Private Network

NAT Network Address Translation

PPP Point-to-Point Protocol

PPPoE Point-to-Point Protocol over Ethernet

TCP Transfer Control Protocol

UDP User Datagram Protocol

URL Universal Resource Locator

VPN Virtual Private Network

WAN Wide Area Network

User Guide ix

Contents

Notice to Users ....................................................................... ii

End-User License Agreement ................................................... ii

Abbreviations Used in this Guide ...........................................viii

CHAPTER 1

Introduction to Network Security .......................1

Network Security .....................................................................1

About Networks .......................................................................1

Clients and servers ...............................................................2

Connecting to the Internet .......................................................2

Protocols .................................................................................2

How Information Travels on the Internet ...................................3

IP Addresses ...........................................................................3

Network addressing ..............................................................4

About DHCP .........................................................................4

About PPPoE ........................................................................4

Default gateway ...................................................................4

Domain Name Service (DNS) ...................................................4

Services and Policies ..............................................................4

Ports .......................................................................................5

Firewalls ..................................................................................6

The Firebox® X Edge and Your Network ...................................7

CHAPTER 2

Installing the Firebox X Edge

e-Series9

Installation Requirements ........................................................9

x WatchGuard Firebox X Edge e-Series

Package Contents ...................................................................9

Registering Your Firebox & Activating LiveSecurity Service ......10

Identifying Your Network Settings ...........................................11

About network addressing ...................................................11

Static addresses, DHCP, and PPPoE ......................................11

TCP/IP properties ...............................................................12

PPPoE settings ...................................................................13

Web Browser HTTP Proxy Settings ..........................................13

Web Browser Pop-up Blocking Settings ..................................14

Connecting the Firebox X Edge ...............................................15

Connecting the Edge to more than four devices .....................15

About user licenses ............................................................16

Setting Your Computer to Connect to the Edge .......................17

Using DHCP .......................................................................17

Using a static IP address .....................................................18

Using the Quick Setup Wizard ................................................18

CHAPTER 3

Navigation .....................................................21

Connecting to the Firebox X Edge ..........................................21

Navigating the Firebox X Edge User Interface .........................23

System Status page ............................................................23

Network page .....................................................................24

Firebox Users page .............................................................24

Administration page ............................................................25

Firewall page .....................................................................26

Logging page .....................................................................26

WebBlocker page ...............................................................27

spamBlocker page ..............................................................27

GAV/IPS page ....................................................................27

VPN page ..........................................................................28

Wizards page .....................................................................29

Monitoring the Firebox X Edge ...............................................29

ARP Table ..........................................................................29

Authentications ..................................................................30

Connections .......................................................................30

Components List ................................................................31

DHCP Leases .....................................................................31

Disk Usage ........................................................................31

Dynamic DNS .....................................................................32

GAV/IPS ............................................................................32

User Guide xi

spamBlocker ......................................................................32

Interfaces ..........................................................................33

License .............................................................................33

Memory ............................................................................33

Processes ..........................................................................33

Protocols ...........................................................................34

Routes ..............................................................................34

Syslog ...............................................................................35

Traffic Control ....................................................................35

VPN Statistics ....................................................................35

Wireless Statistics ..............................................................36

CHAPTER 4

Configuration and Management Basics ............37

Factory Default Settings ........................................................37

Restoring the Firebox to the factory default settings ...............38

Restarting the Firebox ...........................................................38

Local restart ......................................................................39

Remote restart ...................................................................39

Setting the System Time .......................................................39

Selecting HTTP or HTTPS for Management .............................41

Changing the HTTP server port ............................................41

Setting up WatchGuard System Manager Access ...................42

Rename the Firebox X Edge e-Series ....................................42

Enable remote management with WSM v8.3.1 or higher .........42

Enable remote management with WFS v7.3 or earlier ............44

Allowing Traffic From A Management Server ...........................45

Updating the Firebox X Edge Software ....................................45

Method 1: Installing software automatically ...........................45

Method 2: Installing software manually .................................46

Activating Upgrade Options ....................................................46

Upgrade options .................................................................47

Adding a feature to your Firebox X Edge ................................47

Enabling the Model Upgrade Option .......................................49

Viewing the Configuration File ................................................50

CHAPTER 5

Changing Your Network Settings ......................51

Using the Network Setup Wizard ............................................51

Configuring the External Network ...........................................52

If your ISP uses DHCP .........................................................52

If your ISP uses static IP addresses ......................................53

If your ISP uses PPPoE ........................................................53

xii WatchGuard Firebox X Edge e-Series

Configuring the Trusted Network ............................................56

Changing the IP address of the trusted network .....................56

Using DHCP on the trusted network ......................................57

Setting trusted network DHCP address reservations ...............57

Configuring the trusted network for DHCP relay .....................58

Using static IP addresses for trusted computers ....................59

Adding computers to the trusted network ..............................59

Configuring the Optional Network ...........................................59

Enabling the optional network ..............................................60

Changing the IP address of the optional network ...................60

Using DHCP on the optional network ....................................61

Setting optional network DHCP address reservations ..............62

Configuring the optional network for DHCP relay ....................62

Using static IP addresses for optional computers ...................63

Adding computers to the optional network ............................63

Making Static Routes ............................................................63

Using slash notation ...........................................................64

Making a static route ..........................................................64

Registering with the Dynamic DNS Service ............................65

Using the WAN Failover Option ...............................................66

Understanding WAN Failover ................................................66

WAN Failover and DNS ........................................................67

Configuring WAN Failover .......................................................67

Enabling WAN Failover with the Setup Wizard ........................67

Enabling WAN Failover manually ..........................................68

Configuring advanced WAN Failover settings ..........................70

Configuring BIDS ...................................................................71

CHAPTER 6

Firebox X Edge e-Series Wireless Setup ...........73

Connecting to the Firebox X Edge e-Series Wireless ...............73

Using the Wireless Network Wizard ........................................74

Configuring Basic Wireless Settings .......................................75

Selecting the wireless network assignment ...........................75

Setting the SSID .................................................................76

Setting the operating region and channel ..............................76

Controlling SSID broadcasts ................................................76

Logging authentication events .............................................77

Setting the wireless mode ...................................................77

Setting the fragmentation threshold .....................................77

Setting the RTS threshold ....................................................77

User Guide xiii

Configuring Wireless Security Settings ...................................78

Setting the wireless authentication method ...........................79

Configuring encryption ........................................................79

Configuring wireless clients to use MUVPN ............................80

Restricting Wireless Access by MAC Address .........................80

Configuring Wireless Guest Services .....................................81

Enabling guest services ......................................................82

Setting password protection ................................................82

Setting network access rules for guests ................................82

Connecting to the Edge as a wireless guest ...........................83

Configuring the Wireless Card on Your Computer ...................83

CHAPTER 7

Firewall Policies..............................................85

Understanding Policies ..........................................................85

Incoming and outgoing traffic ..............................................86

Policy rules ........................................................................86

Precedence .......................................................................86

Enabling Common Packet Filter Policies .................................87

Editing Common Packet Filter Policies ...................................88

Incoming settings ...............................................................89

Outgoing settings ...............................................................90

Configuring Custom Packet Filter Policies ...............................90

Adding a custom policy using the wizard ...............................91

Adding a custom packet filter policy manually ........................91

Filter incoming traffic for a custom policy ..............................92

Filter outgoing traffic for a custom policy ...............................93

Configuring Policies for the Optional Network .........................94

Controlling traffic from the trusted to optional network ...........94

Disabling traffic filters between trusted and optional networks 95

CHAPTER 8

Proxy Settings ................................................97

Proxy Policies ........................................................................97

Understanding the POP3 proxy ............................................97

Understanding the HTTP proxy .............................................97

Understanding the FTP proxy ...............................................98

Creating proxy policies ........................................................98

Using the POP3 Proxy ............................................................98

Configuring the POP3 Proxy ....................................................99

Setting access control options ...........................................100

Setting proxy limits ...........................................................101

Filtering email content ......................................................102

xiv WatchGuard Firebox X Edge e-Series

Using the HTTP Proxy ...........................................................103

Configuring the HTTP Proxy ..................................................104

Setting access control options ...........................................105

Setting proxy limits ...........................................................105

Filtering web content ........................................................107

Using the FTP Proxy .............................................................109

Configuring the FTP Proxy ....................................................110

Setting access control options ...........................................111

Setting proxy limits ...........................................................112

Filtering content ...............................................................112

Adding a Custom Proxy Policy ..............................................113

Using Additional Services for Proxies ...................................114

Gateway AntiVirus/Intrusion Prevention Service ...................114

WebBlocker .....................................................................115

spamBlocker ....................................................................115

CHAPTER 9

Configuring Firewall Options ..........................117

Blocking External Sites ........................................................117

Configuring Firewall Options .................................................118

Responding to ping requests .............................................118

Denying FTP access to the Firebox X Edge ...........................118

Logging all allowed outgoing traffic .....................................119

Logging denied broadcast traffic ........................................119

Loging denied spoofed traffic .............................................119

Changing the MAC address of the external interface ............119

CHAPTER 10

Managing Network Traffic ..............................121

About Network Traffic ...........................................................121

Causes for slow network traffic ..........................................121

Traffic Categories ................................................................122

Interactive traffic ..............................................................122

High priority .....................................................................122

Medium priority ................................................................122

Low priority ......................................................................122

Configuring Traffic Control ....................................................122

Enabling traffic control ......................................................123

Adding a traffic control filter ..............................................124

Editing a traffic control filter ..............................................125

Changing the priority of a traffic control filter .......................125

Removing a traffic control filter ..........................................125

Working with Firewall NAT ....................................................125

User Guide xv

NAT types ........................................................................125

NAT behavior ....................................................................126

Secondary IP addresses ....................................................126

Enabling 1-to-1 NAT ..........................................................127

Adding a 1-to-1 NAT entry ..................................................127

Adding or editing a custom policy for 1-to-1 NAT ...................128

Removing a 1-to-1 NAT entry ..............................................130

CHAPTER 11

Configuring Logging ......................................131

Viewing Log Messages ........................................................131

Logging to a WatchGuard Log Server ....................................132

Logging to a Syslog Host .....................................................133

CHAPTER 12

Managing Users and Groups .........................135

About User Licenses ...........................................................135

When a user license is used ..............................................135

When a user license is not used .........................................136

About User Authentication ...................................................136

Setting authentication options for all users .........................136

Configuring MUVPN client settings ......................................138

Using Local Firebox Authentication ......................................138

Configuring an individual user account ...............................138

Authenticating to the Edge ................................................140

Setting a WebBlocker profile for a user ...............................141

Changing a user account name or password .......................142

Using LDAP/Active Directory Authentication .........................143

Configuring the LDAP/Active Directory authentication service 143

Using the LDAP authentication test feature .........................145

Configuring groups for LDAP authentication ........................145

Adding a group .................................................................145

Setting a WebBlocker profile for a group .............................146

LDAP authentication and MUVPN .......................................147

Seeing Current Sessions and Users ....................................147

Firebox Users settings .......................................................147

Active Sessions ................................................................147

Stopping a session ...........................................................148

Local User Accounts .........................................................148

Allowing Internal Devices to Bypass User Authentication ......149

CHAPTER 13

Configuring WebBlocker ................................151

How WebBlocker Works .......................................................151

Configuring Global WebBlocker Settings ...............................151

xvi WatchGuard Firebox X Edge e-Series

Creating WebBlocker Profiles ...............................................153

WebBlocker Categories ........................................................155

Determining a category .....................................................163

Adding, removing, or changing a web site category ..............164

Allowing Certain Sites to Bypass WebBlocker .......................165

Blocking Additional Web Sites ..............................................166

Bypassing WebBlocker .........................................................166

CHAPTER 14

spamBlocker................................................169

Understanding How spamBlocker Works ..............................169

spamBlocker categories ....................................................169

spamBlocker actions ........................................................170

spamBlocker exceptions ...................................................170

Configuring spamBlocker .....................................................170

Enabling spamBlocker ......................................................170

Setting spamBlocker actions .............................................171

Creating exceptions ..........................................................172

Configuring Rules For Your Email Reader ..............................172

Sending spam or bulk email to special folders in Outlook ......172

CHAPTER 15

Gateway AntiVirus and Intrusion Prevention

Service175

Understanding Gateway AntiVirus Settings ...........................175

Understanding Intrusion Prevention Service Settings ...........176

Configuring GAV/IPS ............................................................177

Gateway AntiVirus settings .................................................177

Intrusion Prevention Service settings ..................................178

POP3 proxy deny messages and GAV/IPS ............................178

Updating GAV/IPS ...............................................................178

CHAPTER 16

Configuring Virtual Private Networks ..............181

About This Chapter ..............................................................181

What You Need to Create a VPN ..........................................181

Managed VPNs ....................................................................182

Manual VPN: Setting Up Manual VPN Tunnels ......................183

What you need for Manual VPN ..........................................183

Phase 1 settings ..............................................................185

Phase 2 settings ..............................................................187

VPN Traffic Control ...............................................................188

VPN Keep Alive ....................................................................188

Viewing VPN Statistics .........................................................189

User Guide xvii

Frequently Asked Questions .................................................189

CHAPTER 17

Configuring the MUVPN Client .......................191

About This Chapter ..............................................................191

Enabling MUVPN for Firebox X Edge e-Series Users ..............192

Configuring MUVPN client settings ......................................192

Enabling MUVPN access for a Firebox user account .............193

Configuring the Edge for MUVPN clients using a Pocket PC ...194

Distributing the Software and the .wgx File ..........................194

Preparing Remote Computers for MUVPN ............................195

WINS and DNS servers .....................................................195

Windows NT setup ............................................................196

Windows 2000 setup ........................................................197

Windows XP setup ............................................................198

Installing and Configuring the MUVPN Client ........................200

Installing the MUVPN client ................................................200

Uninstalling the MUVPN client ............................................201

Connecting and Disconnecting the MUVPN Client .................202

Connecting the MUVPN client ............................................202

The MUVPN client icon ......................................................202

Allowing the MUVPN client through a personal firewall ..........203

Disconnecting the MUVPN client ........................................203

Monitoring the MUVPN Client Connection ............................204

Using Log Viewer ..............................................................204

Using Connection Monitor .................................................204

The ZoneAlarm Personal Firewall .........................................205

Allowing traffic through ZoneAlarm .....................................205

Shutting down ZoneAlarm .................................................206

Uninstalling ZoneAlarm .....................................................206

Using MUVPN on a Firebox X Edge e-Series Wireless Network ....

207

Tips for Configuring the Pocket PC .......................................208

Troubleshooting Tips ............................................................209

CHAPTER A

Firebox X Edge e-Series Hardware..................211

Package Contents ...............................................................211

Specifications .....................................................................212

Hardware Description ..........................................................213

Front panel ......................................................................213

Rear view ........................................................................214

Side panels .....................................................................214

xviii WatchGuard Firebox X Edge e-Series

AC power adapter .............................................................215

About the Firebox X Edge e-Series Wireless. ........................215

Antenna directional gain ...................................................216

Signal attenuation ............................................................216

Channel data rate ............................................................216

CHAPTER B

Legal Notifications .......................................217

Copyright, Trademark, and Patent Information ......................217

General Information ..........................................................217

Licensing .........................................................................217

OpenSSL .........................................................................217

OpenLDAP .......................................................................219

Lua .................................................................................219

libtar ...............................................................................220

ossp_mm ........................................................................220

NCFTP .............................................................................221

DHCP ..............................................................................222

bzip2 ..............................................................................223

libexpat ...........................................................................224

viewlib .............................................................................224

lsof .................................................................................224

libarchive ........................................................................224

zlib .................................................................................225

sasl ................................................................................225

pppd ...............................................................................225

OpenNTPD .......................................................................230

GNU Public License (GPL) ..................................................231

PCRE ..............................................................................236

Traceroute .......................................................................237

Redboot ..........................................................................238

ctengine ..........................................................................243

curl .................................................................................244

DB ..................................................................................244

free extractor ...................................................................247

libpcap ............................................................................247

portmap ..........................................................................247

tcpdump .........................................................................248

tinyxpath .........................................................................249

Certifications and Notices ...................................................250

WEEE Statement: .............................................................250

RoHS Statement: ..............................................................250

User Guide xix

FCC Certification ..............................................................250

FCC Part 68 Statement (DSL Version) .................................251

CE Notice ........................................................................252

Industry Canada ...............................................................252

CANADA RSS-210 .............................................................252

France ............................................................................252

Class A Korean Notice .......................................................253

VCCI Notice Class A ITE .....................................................253

Taiwanese Class A Notice ..................................................253

Taiwanese Wireless Notice .................................................253

Declaration of Conformity ....................................................254

Limited Hardware Warranty ..................................................254

xx WatchGuard Firebox X Edge e-Series

Page is loading ...

Watchguard Firebox X Edge e-Series User guide

Watchguard Firebox X Edge e-Series User guide

Related papers

Other documents