Watchguard Legacy Firebox X Core & Peak User guide

User Guide 1

WatchGuard

LiveSecurity System

User Guide

LiveSecurity System 4.5

2 WatchGuard LiveSecurity System

Disclaimer

Information in this guide is subject to change without notice. Companies, names, and data

used in examples herein are fictitious unless otherwise noted. No part of this guide may be

reproduced or transmitted in any form or by any means, electronic or mechanical, for any

purpose, without the express written permission of WatchGuard® Technologies, Inc.

Copyright and Patent Information

WatchGuard, Firebox, LiveSecurity, and SpamScreen are either trademarks or registered

trademarks of WatchGuard Technologies, Inc. in the United States and other countries.

This product is covered by one or more pending patent applications.

Red Hat® is a registered trademark of Red Hat, Inc. This product is not a product of Red

Hat, Inc. and is not endorsed by Red Hat, Inc. This is a product of WatchGuard and we

have no relationship with Red Hat, Inc.

Adobe, Acrobat, the Acrobat logo, and PostScript are trademarks of Adobe Systems

Incorporated.

trademark of BackWeb Technologies, Inc.

CyberNOT, CyberNOT List, CyberYES, and CyberYES List are trademarks of Learning

Company Properties Inc.

5146221 and other patents pending.

Java and all Java-based marks are trademarks or registered trademarks of Sun

Microsystems, Inc. in the United States and other countries.

Microsoft®, Internet Explorer®, Windows® 95, Windows® 98, Windows NT® and

Windows® 2000 are either registered trademarks or trademarks of Microsoft Corporation

in the United States and/or other countries.

Netscape and Netscape Navigator are registered trademarks of Netscape Communications

Corporation in the United States and other countries.

RC2 Symmetric Block Cipher, RC4 Symmetric Stream Cipher, RC5 Symmetric Block

Cipher, BSAFE, TIPEM, RSA Public Key Cryptosystem, MD, MD2, MD4, and MD5 are

either trademarks or registered trademarks of RSA Data Security, Inc. Certain materials

RealNetworks, RealAudio, and RealVideo are either a registered trademark or trademark of

RealNetworks, Inc. in the United States and/or other countries.

All other trademarks and tradenames are the property of their respective owners.

Printed in the United States of America.

DocVer: S-41-User-7

User Guide 3

Disclaimer

WatchGuard Technologies, Inc.

LiveSecurity System Software (LSS) End-User License Agreement

IMPORTANT - READ CAREFULLY BEFORE ACCESSING WATCHGUARD

SOFTWARE:

This LSS End-User License Agreement (the “AGREEMENT”) is a legal agreement

between you (either an individual or a single entity) and WatchGuard Technologies, Inc.

("WATCHGUARD") for the WATCHGUARD LSS Software you have purchased, which

includes computer software, any separately installed components, and any updates or

modifications thereto, and which may include associated media, printed materials, and

online or electronic documentation ("SOFTWARE PRODUCT"). WATCHGUARD is

willing to license the SOFTWARE PRODUCT to you only on the condition that you accept

all of the terms contained in this AGREEMENT. Please read this AGREEMENT carefully.

By installing or using the SOFTWARE PRODUCT you agree to be bound by the terms of

this AGREEMENT. If you do not agree to the terms of this AGREEMENT,

WATCHGUARD will not license the SOFTWARE PRODUCT to you, and you will not

have any rights in the SOFTWARE PRODUCT. In that case, promptly return the

SOFTWARE PRODUCT, along with proof of payment, to the authorized dealer from

whom you obtained the SOFTWARE PRODUCT for a full refund of the price you paid.

1.Ownership and License. The SOFTWARE PRODUCT is protected by copyright laws

and international copyright treaties, as well as other intellectual property laws and treaties.

This is a license agreement and NOT an agreement for sale. All title and copyrights in and

to the SOFTWARE PRODUCT (including, but not limited to, any images, photographs,

animations, video, audio, music, text, and applets incorporated into the SOFTWARE

PRODUCT) and any copies of the SOFTWARE PRODUCT are owned by

WATCHGUARD or its suppliers. Your rights to use the SOFTWARE PRODUCT are as

specified in this AGREEMENT, and WATCHGUARD retains all rights not expressly

granted to you in this AGREEMENT. Nothing in this AGREEMENT constitutes a waiver

of the rights of WATCHGUARD under U.S. copyright law or any other law or treaty.

2.Permitted Uses. You are granted the following rights to the SOFTWARE PRODUCT:

(A)You may install and use the SOFTWARE PRODUCT on any single computer at any

single location where you conduct your business operations. If you wish to use the

SOFTWARE PRODUCT on a different computer, you must erase the SOFTWARE

PRODUCT from the first computer on which you installed it before you install it onto a

second.

(B)To use the SOFTWARE PRODUCT on more than one computer at once, you must

license an additional copy of the SOFTWARE PRODUCT for each additional computer

on which you want to use it.

(C)You may make a single copy of the SOFTWARE PRODUCT for backup or archival

purposes only.

3.Prohibited Uses. You may not, without express written permission from

WATCHGUARD:

(A) Use, copy, modify, merge or transfer copies of the SOFTWARE except as provided in

this AGREEMENT;

(B) Use any backup or archival copy of the SOFTWARE PRODUCT (or allow someone

else to use such a copy) for any purpose other than to replace the original copy in the event

it is destroyed or becomes defective;

(C) Sublicense, lend, lease or rent the SOFTWARE PRODUCT;

(D) Transfer this license to another party unless:

(i) the transfer is permanent;

(ii) the third party recipient agrees to the terms of this AGREEMENT, and

(iii) you do not retain any copies of the SOFTWARE PRODUCT; or

4 WatchGuard LiveSecurity System

(E) Reverse engineer, disassemble or decompile the SOFTWARE PRODUCT.

4. Limited Warranty. WATCHGUARD makes the following limited warranties for a

period of ninety (90) days from the date you obtained the SOFTWARE PRODUCT from

WATCHGUARD or an authorized dealer:

(A) Media. The disks and documentation will be free from defects in materials and

workmanship under normal use. If the disks or documentation fail to conform to this

warranty, you may, as your sole and exclusive remedy, obtain a replacement free of charge

if you return the defective disk or documentation to us with a dated proof of purchase.

(B) SOFTWARE PRODUCT. The SOFTWARE PRODUCT will materially conform to

the documentation that accompanies it. If the SOFTWARE PRODUCT fails to operate in

accordance with this warranty, you may, as your sole and exclusive remedy, return the

SOFTWARE PRODUCT and the documentation to the authorized dealer from whom you

obtained it, along with a dated proof of purchase, specifying the problems, and such

authorized dealer will provide you with a new version of the SOFTWARE PRODUCT or a

full refund, at their election.

Disclaimer and Release. THE WARRANTIES, OBLIGATIONS AND LIABILITIES OF

WATCHGUARD, AND YOUR REMEDIES, SET FORTH IN PARAGRAPHS 4, 4(A)

AND 4(B) ABOVE ARE EXCLUSIVE AND IN SUBSTITUTION FOR, AND YOU

HEREBY WAIVE, DISCLAIM AND RELEASE ANY AND ALL OTHER

WARRANTIES, OBLIGATIONS AND LIABILITIES OF WATCHGUARD AND ALL

OTHER RIGHTS, CLAIMS AND REMEDIES YOU MAY HAVE AGAINST

WATCHGUARD, EXPRESS OR IMPLIED, ARISING BY LAW OR OTHERWISE,

WITH RESPECT TO ANY NONCONFORMANCE OR DEFECT IN THE SOFTWARE

PRODUCT (INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY OF

MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ANY IMPLIED

WARRANTY ARISING FROM COURSE OF PERFORMANCE, COURSE OF

DEALING, OR USAGE OF TRADE, ANY WARRANTY OF NONINFRINGEMENT,

ANY WARRANTY THAT THIS SOFTWARE PRODUCT WILL MEET YOUR

REQUIREMENTS, ANY WARRANTY OF UNINTERRUPTED OR ERROR-FREE

OPERATION, ANY OBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY IN

TORT, WHETHER OR NOT ARISING FROM THE NEGLIGENCE (WHETHER

ACTIVE, PASSIVE OR IMPUTED) OR FAULT OF WATCHGUARD AND ANY

OBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY FOR LOSS OR DAMAGE

TO, OR CAUSED BY OR CONTRIBUTED TO BY, THE SOFTWARE PRODUCT).

Limitation of Liability. WATCHGUARD’S LIABILITY (WHETHER IN CONTRACT,

TORT, OR OTHERWISE; AND NOTWITHSTANDING ANY FAULT, NEGLIGENCE,

STRICT LIABILITY OR PRODUCT LIABILITY) WITH REGARD TO THE

SOFTWARE PRODUCT WILL IN NO EVENT EXCEED THE PURCHASE PRICE

PAID BY YOU FOR SUCH PRODUCT. IN NO EVENT WILL WATCHGUARD BE

LIABLE TO YOU OR ANY THIRD PARTY, WHETHER ARISING IN CONTRACT

(INCLUDING WARRANTY), TORT (INCLUDING ACTIVE, PASSIVE OR IMPUTED

NEGLIGENCE AND STRICT LIABILITY AND FAULT), FOR ANY INDIRECT,

SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES (INCLUDING

WITHOUT LIMITATION LOSS OF BUSINESS PROFITS, BUSINESS

INTERRUPTION, OR LOSS OF BUSINESS INFORMATION) ARISING OUT OF OR

IN CONNECTION WITH THIS WARRANTY OR THE USE OF OR INABILITY TO

USE THE SOFTWARE PRODUCT, EVEN IF WATCHGUARD HAS BEEN ADVISED

OF THE POSSIBILITY OF SUCH DAMAGES.

5. United States Government Restricted Rights. The enclosed SOFTWARE PRODUCT

and documentation are provided with Restricted Rights. Use, duplication or disclosure by

the U.S. Government or any agency or instrumentality thereof is subject to restrictions as

set forth in subdivision (c)(1)(ii) of the Rights in Technical Data and Computer Software

User Guide 5

Declaration of Conformity

clause at DFARS 252.227-7013, or in subdivision (c)(1) and (2) of the Commercial

Computer Software -- Restricted Rights Clause at 48 C.F.R. 52.227-19, as applicable.

Manufacturer is WatchGuard Technologies, Incorporated, 505 Fifth Avenue South, Suite

500, Seattle, WA 98104.

6.Export Controls. You agree not to directly or indirectly transfer the SOFTWARE

PRODUCT or documentation to any country to which such transfer would be prohibited by

the U.S. Export Administration Act and the regulations issued thereunder.

7.Termination. This license and your right to use the SOFTWARE PRODUCT will

automatically terminate in the event you (i) fail to comply with any provisions of this

AGREEMENT; (ii) destroy all copies of the SOFTWARE PRODUCT in your possession,

or; (iii) voluntarily return the SOFTWARE PRODUCT to WATCHGUARD. Upon

termination you will destroy all copies of the SOFTWARE PRODUCT and documentation

remaining in your control or possession.

8.Miscellaneous Provisions. This AGREEMENT will be governed by and construed in

accordance with the substantive laws of Washington excluding the 1980 United National

Convention on Contracts for the International Sale of Goods, as amended. This is the

entire AGREEMENT between us relating to the contents of this package, and supersedes

any prior purchase order, communications, advertising or representations concerning the

contents of this package AND BY USING THE SOFTWARE PRODUCT YOU AGREE

TO THESE TERMS. No change or modification of this AGREEMENT will be valid

unless it is in writing, and is signed by WATCHGUARD.

9.Canadian Transactions: If you obtained this SOFTWARE PRODUCT in Canada, you

agree to the following:

The parties hereto have expressly required that the present AGREEMENT and its Exhibits

be drawn up in the English language. / Les parties aux presentes ont expressement exige

que la presente conventions et ses Annexes soient redigees en la langue anglaise.

Declaration of Conformity

WatchGuard Technologies, Inc.

505 Fifth Avenue South

Suite 500

Seattle WA 98104-3892

Declares the CE-marked product:

Product

Models:

Firebox II, Firebox II Plus, Firebox II Fast VPN

Complies with: 73/23/EEC Low Voltage Directive 89/336/EEC Electromagnetic

Compatibility Directive

Compliance

Standards:

EN60950:1992 Electrical Safety A1:1993, A2:1993, A3:1995,

A4:1997, A11:1997

EN55022,Class A RF Emissions Information Technology

EN50082-1 EMC Immunity Standard

6 WatchGuard LiveSecurity System

FCC Certification

This device has been tested and found to comply with limits for a Class A digital

device, pursuant to Part 15 of the FCC Rules. Operation is subject to the following

two conditions:

1. This device may not cause harmful interference.

2. This device must accept any interference received, including interference that

may cause undesired operation.

User Guide 7

Declaration of Conformity

CE Notice

The official CE symbol indicates compliance of this WatchGuard Technologies, Inc.

product to the EMC directive of the European Community. The CE symbol found

here or elsewhere indicates that this WatchGuard product meets or exceeds the fol-

lowing standards:

CSA Statement

This Class A digital apparatus meets all requirements of the Canadian Interference-

Causing Equipment Regulations.

Cet appareil numerique de la classe A respecte toutes les exigences du Reglement

sur le materiel broulleur du Canada.

EN60950:1992 Electrical Safety A1:1993, A2:1993, A3:1995, A4:1997, A11:1997

EN55022,Class A RF Emissions Information Technology

EN50082-1 EMC Immunity Standard

8 WatchGuard LiveSecurity System

User Guide 9

LiveSecurity System

User Guide

Table of Contents

Disclaimer 2

Declaration of Conformity 5

PART I Introduction 1

Welcome to WatchGuard 1

WatchGuard LiveSecurity System Components 2

LiveSecurity Service 2

WatchGuard Control Center 2

WatchGuard Security Suite 2

WatchGuard Firebox 2

Minimum Requirements 3

Software Requirements 3

Web Browser Requirements 3

Hardware Requirements 4

What is New in the WatchGuard LiveSecurity System

4.5? 5

PART II WatchGuard LiveSecurity Services 7

Chapter 1 LiveSecurity Service 9

LiveSecurity Broadcasts 9

Registering for LiveSecurity Service 11

Subscribing to Types of LiveSecurity Broadcasts 11

Receiving LiveSecurity Broadcasts by E-Mail 11

Using the LiveSecurity Inbox 12

Starting the LiveSecurity Inbox 13

Stopping the LiveSecurity Inbox 13

Working with Broadcasts 13

Forcing a Broadcast Download 14

10 WatchGuard LiveSecurity System

Displaying a Broadcast 14

Saving the Contents of a Broadcast to a File 15

Printing a Broadcast 15

Sending Comments on a Broadcast to the Rapid Response

Team 16

Working with Read and Unread Broadcasts 16

Deleting a Broadcast 17

Expanding Beyond Broadcasts 17

Chapter 2 Technical Support 19

Accessing Frequently Asked Questions (FAQ) 20

Known Issues 20

Getting Internet Technical Support 20

Getting Telephone Support 21

Training 22

LiveSecurity System Basic Course (Classroom) 22

WatchGuard Interactive Training System (WITS) 22

WatchGuard Users Group 23

Online Help 24

Starting WatchGuard Online Help 24

Searching for Topics 24

Copying the Help System to Additional Platforms 24

Online Help System Requirements 24

Context-Sensitive Help 25

Chapter 3 WatchGuard Options 27

Currently Available Options 27

VPN Manager 27

High Availability 27

Mobile User VPN 27

SpamScreen 28

WatchGuard SOHO 28

WatchGuard SOHO|tc 28

Obtaining WatchGuard Options 28

PART III Security Policy Configuration 29

Chapter 4 WatchGuard Control Center 31

Navigating the WatchGuard Control Center 31

Starting the Control Center 32

Changing the Display Size 32

Connecting to a Firebox 33

Changing the Polling Rate 33

Manipulating the Traffic Monitor 34

User Guide 11

Opening WatchGuard LiveSecurity Tools 34

Policy Manager 34

Changing the Policy Manager View 35

Firebox Monitors 35

LogViewer 36

HostWatch 37

Historical Reports 37

LiveSecurity Service 38

LiveSecurity Event Processor 39

Monitoring VPN Tunnels 39

Reading and Interpreting Monitoring Displays 40

QuickGuide 40

Front Panel 40

Firebox and Tunnel Status 40

Firebox Status 41

Branch Office VPN Tunnels 41

Remote VPN Tunnels 41

Using DVCP to Connect to SOHO and Telecommuter

Boxes 42

How Does DVCP Work? 42

Creating a Tunnel to a SOHO or Telecommuter Client 42

Editing a Tunnel to a SOHO or Telecommuter Client 44

Removing a Tunnel to a SOHO or Telecommuter Client 45

Chapter 5 Firebox Basics 47

What is a Firebox? 47

Firebox II Description 48

Locating a Firebox Within a Network 50

Opening a Configuration File 51

Opening a Configuration from a Local Hard Drive 51

Opening a Configuration from the Firebox 52

Saving a Configuration File 52

Saving a Configuration to the Local Hard Drive 52

Saving a Configuration to the Firebox 53

Resetting Firebox Pass Phrases 53

Setting the Time Zone 53

Reinitializing a Misconfigured Firebox 54

Managing Flash Disk Memory 54

Making a Backup of the Current Configuration File 55

Restoring a Backup Configuration File 55

Booting from the System Area 56

Working with a Firebox Booted from the System Area 57

12 WatchGuard LiveSecurity System

Chapter 6 Configure a Network 59

Running the QuickSetup Wizard 59

Setting Up a Drop-In Network 60

Setting Up a Routed Network 61

Adding a Secondary Network 61

Defining a Network Route 63

Defining a Host Route 63

Changing an Interface IP Address 64

Setting the Default Gateway 64

Chapter 7 Block Sites and Ports 65

Configuring Default Packet Handling 65

Blocking a Site Permanently 66

Blocking a Port Permanently 68

Blocking Sites Temporarily with Service Settings 70

Configuring a Service to Temporarily Block Sites 70

Viewing the Blocked Sites List 70

Chapter 8 Configure Services 71

Adding an Existing Service 71

Creating a New Service 73

Defining Service Properties 74

Adding Incoming Service Properties 75

Adding Outgoing Service Properties 76

Adding Addresses to Service Properties 76

Working with wg_ Icons 77

Configuring Services for Authentication 77

Modifying a Service 78

Deleting a Service 78

Setting Up Proxy Services 79

Configuring an SMTP Proxy Service 79

Configuring an FTP Proxy Service 83

Chapter 9 Control Web Traffic 85

How WebBlocker Works 85

Reverting to Old WebBlocker Databases 85

Logging and WebBlocker 86

Prerequisites to Using WebBlocker 86

Configuring an HTTP Proxy Service 87

Configuring the WatchGuard WebBlocker Service 87

Activating WebBlocker 88

Scheduling Operation and Non-Operational Hours 89

Setting Privileges 90

User Guide 13

Creating WebBlocker Exceptions 90

Downloading the WebBlocker Database Manually 92

Chapter 10 Set Up Network Address Translation 93

What is Dynamic NAT? 93

Using Simple Dynamic NAT 94

Enabling Simple Dynamic NAT 94

Adding Dynamic NAT Entries 94

Reordering Dynamic NAT Entries 95

Using Service-Based NAT 95

Enabling Service-Based NAT 95

Configuring Service-Based NAT Exceptions 96

Configuring a Service for Static NAT 96

Adding External IP Addresses 97

Setting Static NAT on a Service 97

Chapter 11 Set Up Logging and Notification 99

What is Failover Logging? 99

WatchGuard Logging Architecture 100

Designating Log Hosts for a Firebox 100

Adding a Log Host 101

Editing a Log Host 101

Removing a Log Host 102

Reordering Log Hosts 102

Synchronizing Log Hosts 102

Setting Up the LiveSecurity Event Processor 103

Installing the LSEP 103

Running the LSEP on a Windows 95/98 Event Processor 103

Running the LSEP on a Windows NT Event Processor 103

Running the LSEP on a Windows 2000 Processor 104

Displaying the LSEP 104

Starting and Stopping the LSEP 105

Setting the Log Encryption Key 105

Setting Global Logging and Notification Preferences 105

Setting the Interval for Log Roll Over 105

Controlling Notification 106

Customizing Logging and Notification by Service or

Option 107

Setting Logging and Notification for a Service 108

Setting Logging and Notification for Default Packet Handling

Options 109

Setting Logging and Notification for Blocked Sites and

Ports 110

14 WatchGuard LiveSecurity System

Chapter 12 Connect with Out-of-Band Management 111

Connecting a Firebox with OOB Management 111

Enabling the Management Station 111

Preparing a Windows NT Management Station for OOB 111

Preparing a Windows 95/98 Management Station for

OOB 112

Preparing a Windows 2000 Management Station for

OOB 112

Configuring the Firebox for OOB 112

Establishing an Out-of-Band Connection 113

PART IV Security Policy Administration 115

Chapter 13 Create Aliases and Implement Authentication 117

Using Host Aliases 117

Adding a Host Alias 118

Modifying a Host Alias 119

Removing a Host Alias 119

What is User Authentication? 120

User Authentication Types 120

How User Authentication Works 121

Configuring Firebox Authentication 121

Configuring Windows NT Server Authentication 123

Configuring RADIUS Server Authentication 124

Configuring CRYPTOCard Server Authentication 125

Configuring SecurID Authentication 127

Using Authetication to Define Remote User VPN

Access

127

Chapter 14 Monitor Firebox Activity 131

Firebox Monitors 131

Starting Firebox Monitors and Connecting to a Firebox 131

Setting Firebox Monitor View Properties 132

BandwidthMeter 132

ServiceWatch 133

StatusReport 133

Authentication List 137

Blocked Site List 137

HostWatch 138

Connecting to a Firebox 139

Replaying a Log File 140

Controlling the HostWatch Display 140

Modifying View Properties 141

User Guide 15

Chapter 15 Review and Work With Log Files 143

Viewing Files with LogViewer 143

Starting LogViewer and Opening a Log File 143

Setting LogViewer Preferences 144

Searching for Specific Entries 144

Copying and Exporting LogViewer Data 145

Log Entry Fields 146

Displaying and Hiding Fields 147

Colorizing Log Entries for Display 148

Working With Log Files 148

Consolidating Logs from Multiple Locations 148

Copying Log Files 149

Forcing the Roll Over of Log Files 149

Chapter 16 Generate Reports of Network Activity 151

Starting Historical Reports 151

Creating and Editing Reports 151

Creating a New Report 151

Editing an Existing Report 153

Removing a Report 153

Customizing Reports 154

Specifying a Report Time Span 154

Consolidating Report Sections 154

Setting Report Properties 155

Exporting Reports 155

Exporting Reports to HTML Format 155

Exporting a Report to WebTrends for Firewalls and VPNs 156

Using Report Filters 156

Creating a New Filter 157

Editing a Filter 157

Deleting a Filter 157

Applying a Filter 158

Scheduling and Running Reports 159

Scheduling a Report 159

Manually Running a Report 159

Report Sections and Consolidated Sections 160

PART V WatchGuard Virtual Private Networking 165

Chapter 17 Configure Branch Office Virtual Private Networking 167

Configuration Checklist 167

Configuring WatchGuard VPN 168

WatchGuard VPN Configuration Models 168

Setting Up WatchGuard VPN 169

16 WatchGuard LiveSecurity System

Changing Remote Network Entries 171

Preventing IP Spoofing with WatchGuard VPN 172

Configuring Incoming Services to Allow VPN 172

Verifying Successful WatchGuard VPN Configuration 172

Reading and Interpreting the VPN Display 172

QuickGuide 172

Front Panel 172

Device and Tunnel Status 172

Branch Office VPN with IPSec 172

Configuring a Gateway 173

Configuring a Tunnel with Manual Security 174

Configuring a Tunnel with Dynamic Security 177

Creating an IPSec Policy 179

Changing IPSec Policy Order 180

Configuring Services to Work with Branch Office VPN 181

Integrating VPN Manager with Third-Party Products 181

Using DVCP to Connect to SOHO Boxes 181

How Does DVCP Work? 181

Creating a Tunnel to a SOHO 182

Editing a Tunnel to a SOHO 182

Removing a Tunnel to a SOHO 182

Chapter 18 Configure the Firebox for Remote User VPN 183

Configuration Checklist 183

Entering WINS and DNS Server Addresses 184

Adding Remote Access Users 185

Adding a Member to Built-In RUVPN User Groups 185

Configuring Services to Allow Incoming Remote User

VPN 186

Configuring the Firebox for Remote User PPTP 187

Activating Remote User PPTP 187

Entering IP Address for Remote User Sessions 187

Configuring the Firebox for Mobile User VPN 188

Purchasing a Mobile User VPN License 189

Entering License Keys 189

Preparing Mobile User VPN Configuration Files 190

Saving the Configuration to a Firebox 193

Distributing the Software and Configuration Files 193

Configuring Debugging Options 193

Chapter 19 Preparing a Host for Remote User VPN 195

Obtaining an Internet Service Provider 195

Preparing the Client Computers 196

Remote Host Operating System 196

Windows 95/98 Platform Preparation 196

User Guide 17

Windows NT Platform Preparation 197

Windows 2000 Platform Preparation 198

Configuring the Remote Host for RUVPN with PPTP 199

Using Remote User PPTP 200

Starting Remote User PPTP 200

Running Remote User PPTP 201

Configuring Debugging Options 201

18 WatchGuard LiveSecurity System

User Guide 1

PART I INTRODUCTION

Welcome to WatchGuard

The WatchGuard LiveSecurity System consists of:

A broadcast service coupled with a suite of management and security software

tools

A plug-and-play network appliance called the WatchGuard Firebox.

LiveSecurity is specifically designed to guard critical corporate or organizational

assets from a continually changing barrage of threats, and to keep your system up-

to-date.

In the past, a connected enterprise needed a complex set of tools, systems, and per-

sonnel for access control, authentication, virtual private networking (VPN), net-

work management, and security analysis. These costly systems were difficult to

integrate and not easy to update. Today, the WatchGuard LiveSecurity System

delivers a complete network security solution to meet modern security challenges:

Keep network defenses current

Protect every office connected to the Internet

Encrypt communications to remote offices and traveling users

Manage the security system from a single site

WatchGuard LiveSecurity is a reliable, flexible, scalable, and inexpensive network

security solution. Its setup and maintenance costs are small, and it supports a rich

feature set. When properly configured and administered, the LiveSecurity System

reliably defends any network against external threats.

2 WatchGuard LiveSecurity System

WatchGuard LiveSecurity System Components

The WatchGuard LiveSecurity System has all of the components needed to conduct

e-business safely. It is made up of four components:

LiveSecurity Service

Control Center

Security Suite

Hardware

LiveSecurity Service

The innovative LiveSecurity Service subscription makes it easy to maintain the

security of an organization network. The service automatically connects to the

WatchGuard team of security experts who broadcast alerts and software updates

via the Internet directly to your desktop.

WatchGuard Control Center

The WatchGuard Control Center is a toolkit of applications run from a single loca-

tion, enabling you to configure, manage, and monitor your network security policy.

The Control Center includes:

Policy Manager

Firebox Monitors

LogViewer

HostWatch

Historical Reports

LiveSecurity Inbox

WatchGuard Security Suite

In addition to basic security policy configuration, the Policy Manager includes a

suite of advanced software features. These include:

User authentication

Network address translation

Remote user virtual private networking

Branch office virtual private networking

Selective Web site blocking

WatchGuard Firebox

The Firebox hardware platforms are specially designed and optimized machines.

They are small, efficient, and reliable. Because WatchGuard software supports only

Fireboxes that contain a flash disk, compatible Fireboxes have one of the following

configurations:

Firebox II or Firebox II

Page is loading ...

Watchguard Legacy Firebox X Core & Peak User guide

Watchguard Legacy Firebox X Core & Peak User guide

Related papers

Other documents