Watchguard SOHO User guide

WatchGuard

SOHO User Guide

SOHO and SOHOtc 2.1

ii WatchGuard SOHO and SOHOtc

Registration and Identification Information

Please use this area to enter ID information.

SOHO Serial Number:

.

LiveSecurity User ID:

.

Password:

.

Enter the LiveSecurity User ID and Password that you select while regis-

tering your WatchGuard SOHO or SOHOtc. To register, after you have

installed your SOHO, open your browser to 192.168.111.1/login.htm and

click on the Register link.

Please keep this information in a secure place.

Copyright and Patent Information

&RS\ULJKW:DWFK*XDUG7HFKQRORJLHV,QF$OOULJKWVUHVHU Y HG

:DWFK*XDUG62+2:DWFK*XDUG62+2WF:HE%ORFNHUDQG9310DQDJHUDUHHLWKHU

WUDGHPDUNVRUUHJLVWHUHGWUDGHPDUNVRI:DWFK*XDUG7HFKQRORJLHV,QFLQWKH8QLWHG

6WDWHVDQGRWKHUFRXQWULHV)LUHER[DQG/LYH6HFXULW\DUHWUDGHPDUNVRI:DWFK*XDUG

7HFKQRORJLHV,QF

2WKHUEUDQGVDQGWKHLUSURGXFWVDUHWUDGHPDUNVRUUHJLVWHUHGWUDGHPDUNVRIWKHLU

UHVSHFWLYHKROGHUVDQGVKRXOGEHQRWHGDVVXFK

&\EHU3DWUROLVDUHJLVWHUHGWUDGHPDUNRI/HDUQLQJ&RPSDQ\3URSHUWLHV,QF

'RF9HU%8VHU

User Guide 2.1 iii

Welcome

Congratulations on purchasing the ideal solution for providing secure

access to the Internet—the WatchGuard SOHO or WatchGuard SOHOtc.

Your new security device will give you peace of mind when connecting to

the Internet using a high-speed modem (cable or DSL) or modem/router

(leased line or ISDN).

This User Guide may be used to install and use either the SOHO or

SOHOtc. The only difference between these two devices is the ability to

create and use a Virtual Private Network (VPN). VPN can be added to the

SOHO, while the SOHOtc already has installed VPN capabilities.

In this guide, the name SOHO is used to refer to both the SOHO and

SOHOtc. The most current installation and user information will always

be available on the Internet at:

http://bisd.watchguard.com/soho/install

Phone support is also available to assist you 24 hours/ day, 7 days/week

at:

(206) 521-8375 (USA)

iv WatchGuard SOHO and SOHOtc

Using This Guide

This manual is written with the assumption that you are familiar with

your computer operating system. If you have questions about navigating

in your computer environment, please refer to your system user manual.

The following conventions have been used in the development of these

installation and configuration instructions:

&RQYHQWLRQ ,QGLFDWLRQ

%ROGW\SH 8VHGIRU PHQX FRPPDQ GV GLD O RJE R[RS WLRQ VVFUHHQ VDQG

ILOHQD PHV ) RUH[D PSO H´,Q WK H3UHIHUHQFHVVFUHHQ

VHOHFW'LVDEOHGµ

$ZDUQLQ J RUSUHFD XWL RQDU\LQIRUPDWLRQ

$GGLW LRQ DORU PRUHGHWD LOHG L QIRUPDWLRQ RULQV WUXFWLRQVD 

KHOSIX O WLS RUHVS HFLD OO\L PSRUWD QWLQ I RUPDWLRQ

User Guide 2.1 v

Table of Contents

CHAPTER 1 Installation 1

Before You Begin 1

Pre-Installation Checklist 1

Determine Your Current TCP/IP Settings 2

Disable HTTP Proxy 3

Physically Installing Your SOHO 5

Cabling the SOHO for One to Four Devices 5

Cabling the SOHO for More Than Four Computers 6

CHAPTER 2 Setting Up Your SOHO Network 9

How Does a Firewall Work? 9

Configuring Your Public Network 10

Network Addressing 10

Determining Whether Your ISP Uses DHCP 11

Configuring the SOHO Public Network for Static Addressing 12

Configuring SOHO Public Network for PPPoE 13

Release and Renew the IP Configuration 14

Configuring Your Private Network 15

Configure Additional Computers to the Private Network 15

Changing the SOHO System Name and Password 16

Default Factory Settings 17

Troubleshooting Installation and Network Configuration 18

vi WatchGuard SOHO and SOHOtc

CHAPTER 3 Configuring Services for a SOHO 21

How Does Information Travel On the Internet? 21

IP Addresses 21

Protocol 22

Port Number 22

Services 22

WatchGuard SOHO Services 22

Allowing Incoming Services 23

Adding a Pre-Configured Incoming Service 23

Creating a Custom Incoming Service 24

Adding an Incoming TCP or UDP Service 24

Adding an Incoming Service with Another Type of Protocol 25

Adding the Any Service 26

Removing an Incoming Service 26

Blocking Outgoing Services 27

Blocking a TCP or UDP Service 27

Blocking an Alternative Protocol 28

Removing a Blocked Outgoing Service 28

CHAPTER 4 Configuring Virtual Private Networking 31

Why Create a Virtual Private Network? 31

What You Will Need 32

IP Address Table (example) 33

Obtaining a VPN Feature Key 33

Enabling the VPN Feature Key 34

Step-by-Step Instructions for Configuring a SOHO VPN Tunnel 34

Special Considerations 34

Frequently Asked Questions 35

CHAPTER 5

Additional SOHO Features 37

SOCKS for SOHO 37

SOHO SOCKS Implementation 37

Configuring your SOCKS Application for SOHO 38

Disabling SOCKS on SOHO 38

SOHO Logging 39

Viewing SOHO Log Messages 40

Setting a Remote Log Host 40

Rebooting a WatchGuard SOHO 41

Forcing a Software Update 41

User Guide 2.1 vii

CHAPTER 6 WatchGuard SOHO WebBlocker 43

How WebBlocker Works 43

Bypassing the SOHO WebBlocker 44

Purchasing and Enabling the SOHO WebBlocker 45

Configuring the SOHO WebBlocker 45

WebBlocker Categories 47

Communicating with CyberPatrol 49

Visiting the CyberPatrol Web Site 49

Verifying Whether a Web Site is in the WebBlocker Database 49

Copyright and Patent Information 50

viii WatchGuard SOHO and SOHOtc

User Guide 2.1 1

CHAPTER 1 Installation

Before You Begin

Pre-Installation Checklist

Before installing your new WatchGuard SOHO please complete this

checklist to ensure that you have:

• A 10BaseT Ethernet I/O network card installed in your computer.

• A cable or DSL modem with a 10BaseT port.

• Two Ethernet network cables with RJ45 connectors.

2QHFDEOHLVIXUQLVKHGZLWK\RXUXQLW$VHFRQGFDEOHPD\KDYHEHHQVXSSOLHGZLWK

\RXUPRGHP,I\RXGRQRWKDYHRQH\RXZLOOQHHGWRSXUFKDVHDVHFRQG5-FDEOH

0DNHVXUHWKDWERWKFDEOHVDUHORQJHQRXJKWRFRPIRUWDEO\FRQQHFWWKHPRGHPWR

WKH62+2WRWKHFRPSXWHULQ\RXULQGLYLGXDORIILFHHQYLURQPHQW

• An operational Internet connection.

6HWXSRI\RXU62+2UHTXLUHVDFFHVVWRWKH,QWHUQHW,I\RXUFRQQHFWLRQGRHVQRW

ZRUNSOHDVHFRQWDFW\RXU,QWHUQHW6HUYLFH3URYLGHU,63:KHQ\RXUFRQQHFWLRQ

KDVEHHQHVWDEOLVKHG\RXPD\SURFHHGZLWKLQVWDOODWLRQDQGVHWXS

• If you have either a cable or DSL modem, consult the manual that

came with your service, or call the ISP to find out whether your partic-

2 WatchGuard SOHO and SOHOtc

ular modem supports DHCP or PPPoE. You will need this information

later in the installation process.

• If you are using PPPoE to connect to your local Internet Service Pro-

vider, the WatchGuard SOHO must be running firmware version 2.1

or later.

• An installed Web browser—either Netscape Navigator 4.5 (or above)

or Internet Explorer 4.0 (or above).

• A print-out of these instructions—you will need them for reference

when you turn off your computer during installation.

Determine Your Current TCP/IP Settings

For your reference, and future use, record the current, available TCP/IP

settings for your computer. Different operating systems will supply dif-

ferent information. Complete those fields you can identify.

Here is how to locate your settings:

Microsoft Windows NT

1. Click Start 56 Programs 56 Command Prompt.

2. At the C:\prompt, enter LSFRQILJ ?DOO . Press Enter.

3. Enter and verify settings in the space provided above.

4. Click Cancel.

%HIRUHVHWXSZHVXJJHVWWKDW\RXHQWHUWKHVHULDOQXPEHURI

\RXU:DWFK*XDUG62+2LQWKHVSDFHLQGLFDWHGDWWKHIURQWRI

WKLVJXLGH

7&3,36HWWLQJ 9DOXH

,3$GG UHVV

6XEQHW0DVN

'HIDXOW *DWHZD \

'+&3(QD EOHG <HV1R

3ULPD U\:,166HUYHU

6HFRQGDU\:,166HUYHU

'166HUYHUV

User Guide 2.1 3

Before You Begin

Microsoft Windows 95 or 98

1. Click Start 56 Run.

2. At the C:\ prompt, enter ZLQLSFIJ. Click OK.

3. Enter and verify all settings in the space provided on page 2.

4. Click Cancel.

Macintosh

1. Click Apple menu 56 Control Panels 56 TCP/IP.

2. Enter and verify settings in the space provided on page 2.

3. Close the window.

Other Operating Systems (Unix, Linux)

1. Consult your operating system guide to locate the TCP/IP screen.

2. Enter and verify settings in the space provided on page 2.

3. Exit the TCP/IP configuration screen.

Disable HTTP Proxy

To configure a WatchGuard SOHO after it is installed, you must be able to

browse the Web pages that reside in the SOHO memory. If the HTTP

proxy in your browser is enabled, then accessing the pages residing in

your SOHO is not possible, and you will not be able to complete the con-

figuration process.

With the HTTP proxy enabled, the browser automatically points itself to

the expanses of the Internet, and you cannot direct it to another place

from which you want to view Web pages. Disabling the HTTP will in no

way prevent you accessing your favorite Web sites, but it will allow you

to access the special configuration pages that reside only on the SOHO.

To disable the HTTP proxy in three commonly used browsers see the

instructions below. If your browser is not listed, see your browser Help

menus to learn how to disable the HTTP proxy.

,I\RXDUHFRQQHFWLQJPRUHWKDQRQHFRPSXWHUWRWKHSULYDWHQHW

ZRUNEHKLQGWKH62+2REWDLQWKHFRQILJXUDWLRQ7&3,3LQIRU

PDWLRQIRUHDFKFRPSXWHU

4 WatchGuard SOHO and SOHOtc

Netscape 4.5 or 4.7

1. Open Netscape.

2. Click Edit 56 Preferences.

7KH3UHIHUHQFHGLDORJER[DSSHDUV

3. Click the + before Advanced to expand the heading.

4. Click Proxies.

5. Select Direct Connection to the Internet.

6. Verify that Automatic Proxy Configuration is unchecked.

7. Click OK to save the settings.

Internet Explorer 4.0

1. Open Internet Explorer.

2. Click View 56 Internet Options.

3. Select the Connections tab.

4. Uncheck Access the Internet using a proxy server.

5. Check Connect to the Internet using a local area network.

6. Click Configure at the bottom on the Internet Options screen.

7. Record the URL box information here: .

8. Click OK to save settings.

Internet Explorer 5.0

1. Open Internet Explorer.

2. Click Tools 56 Internet Options.

7KH,QWHUQHW2SWLRQVVFUHHQGLVS OD\V

3. Click the Advanced tab.

4. Scroll down the page to HTTP 1.1 Settings.

5. Clear any check marks in either of the boxes there.

6. Click OK to save the settings.

User Guide 2.1 5

Physically Installing Your SOHO

Your WatchGuard SOHO can be used to protect a single computer or a

multi-computer network. It can also function as a hub to connect a variety

of other devices.

Cabling the SOHO for One to Four Devices

The SOHO has four ports. Each can be used to connect a variety of

devices. These may include computers, printers, scanners, or other net-

work peripherals. Your SOHO may replace an existing hub if you have no

more than four devices to connect.

1. Complete the “Pre-Installation Checklist” on page 1.

2. Turn off your computer.

3. Unplug the power from your cable or DSL modem.

4. Unplug the Ethernet cable that is connected from your cable or DSL

modem to your computer, and instead connect it from your modem to

the WAN port on the SOHO.

7KLVFUHDWHVDFRQQHFWLRQEHWZHHQWKH62+2DQGWKHPRGHP

5. Plug the Ethernet cable supplied with your SOHO into any one of the

numbered (1-4) ports on the SOHO. Plug the other end into the Ether-

net card installed in your computer.

6 WatchGuard SOHO and SOHOtc

7KLVFUHDWHVDFRQQHFWLRQEHWZHHQ\RXUPRGHPDQGFRPSXWHUZLWKWKH62+2LQ

EHWZHHQ,I\RXKDYHDGGLWLRQDOFRPSXWHUVXVHDGGLWLRQDO(WKHUQHWFDEOHVWRFRQ

QHFWWKHPWRWKHRWKHUQXPEHUHGSRUWVRQWKH62+2

6. Turn on the power to your cable or DSL modem. Wait until the lights

stop flashing, indicating that the modem is ready.

7. Attach the power cord to the SOHO and plug it into an outlet.

8. Restart your computer.

9. See the end of this chapter for information on the factory default con-

figuration options, and Chapter 2 for specialized configurations.

Cabling the SOHO for More Than Four Computers

While there are only four ports on the back of the SOHO, you can connect

many more devices to your SOHO using network hubs.

1. Complete the “Pre-Installation Checklist” on page 1

2. You will need these additional items:

7KH62+2DQG62+2WFVKLSZLWKD´VHDWµOLFHQVH,QRWKHU

ZRUGVWKH62+2DOORZV\RXWRFRQQHFWXSWRFRPSXWHUVWRD

QHWZRUNEHKLQGWKH62+2HDFKZLWKDFFHVVWRWKH,QWHUQHW,I\RX

ZRXOGOLNHWRXSJUDGH\RXU62+2WRXSWRFRPSXWHUVYLVLWWKH

:DWFK*XDUG2QOLQH6WRUHKWWSZZZZDWFKJXDUGFRPVDOHVEX\

RQOLQHDVS

User Guide 2.1 7

Physically Installing Your SOHO

2QHRUPRUH(WKHUQHWKXEV\RXPD\FRQQHFWXSWRKXEV

$Q(WKHUQHWFDEOHZLWK5-FRQQHFWRUVIRUHDFKFRPSXWHUWRFRQQHFWWKH

PRGHPWRWKH62+2

$FURVVRYHUFDEOHWRFRQQHFWHDFKKXEWRWKH62+2

3. Turn off your computer and unplug the power from the cable or DSL

modem.

4. Unplug the Ethernet cable that is connected from your cable or DSL

modem to your computer, and instead connect it from your modem to

the WAN port on the SOHO.

7KLVFUHDWHVDFRQQHFWLRQEHWZHHQWKH62+2DQGWKHPRGHP

5. Plug a crossover cable into any of the numbered (1-4) ports on the

SOHO. Plug the other end into an Ethernet hub.

6. Using Ethernet cables, connect the hub output to the Ethernet card

installed in each of your computers.

,I\RXKDYHPRUHFRPSXWHUVWRFRQQHFWFRQQHFWDQRWKHU62+2RXWSXWWRDQRWKHU

(WKHUQHWKXEDQGWKHQFRQQHFWDGGLWLRQDO(WKHUQHWFDEOHVEHWZHHQWKHVHFRQG

(WKHUQHWKXEDQGWKH5-FRQQHFWLRQVRQWKHEDFNVRIWKRVHFRPSXWHUV

7. Turn on the power to your cable or DSL modem. Wait until the lights

stop flashing, indicating that the modem is ready.

8. Attach the power cord to the SOHO and plug it into an outlet.

9. Restart your computer.

10. See the end of this chapter for information on the factory default con-

figuration options, and Chapter 2 for specialized configurations.

8 WatchGuard SOHO and SOHOtc

User Guide 2.1 9

How Does a Firewall Work?

CHAPTER 2 Setting Up Your

SOHO Network

How Does a Firewall Work?

Fundamentally, a firewall is a way of differentiating between “us” and

“them”. On the public side of your SOHO firewall is the entire Internet.

The Internet has many resources which you want to be able to reach, such

as the Web, e-mail, and conferencing. It also presents dangers to the pri-

vacy and security of your computers. On the private side of your SOHO

firewall are all the devices you want to protect from these dangers.

Using rules we will discuss in Chapter 3: “Configuring Services for a

SOHO” on page 21, the WatchGuard SOHO evaluates all traffic between

the public network and the private network and blocks any suspicious

activity. In order for this to work as described, you must first configure

both the public and private network to work together and to talk to one-

another as well as the rest of the world.

7KHIROORZLQJFRQILJXUDWLRQLQVWUXFWLRQVDVVXPHWKDW\RXDUH

XVLQJDJUDSKLFDOLQWHUIDFHRQD3&EDVHGV\ VWHPHJ:LQGRZV

,IWKLVLVQRWWKHFDVHVHH\RXURSHUDWLQJV\VWHPKHOSRUXVHUJXLGH

WRORFDWHWKHHTXLYDOHQWRSWLRQVDQGFRPPDQGV

Setting Up Your SOHO Network

10 WatchGuard SOHO and SOHOtc

Configuring Your Public Network

When you configure the public network, you establish how the SOHO

will communicate with your Internet Service Provider (ISP). This configu-

ration is very much dependent on how your ISP distributes network

addresses—using DHCP or PPPoE.

Network Addressing

Each networked computer in the entire world must have an address to

identify itself to other computers. The most common method to distribute

addresses is to use Dynamic Host Configuration Protocol (DHCP). Every

time you turn on your computer, a DHCP server at your ISP automati-

cally assigns it a network IP address. It eliminates the ISP having to man-

ually assign IP addresses.

IP address assignment can be either dynamic or static. With dynamic

DHCP, your ISP assigns your computer a new address every time you

connect. When you power down, you release the address and it is reas-

signed. An IP address that is static, on the other hand, belongs to your

computer at all times whether or not you are currently using it. No other

computer anywhere on the network shares the same address.

A third way of assigning addresses is called PPPoE (Point-to-Point Proto-

col over Ethernet). PPPoE combines some of the advantages of Ethernet

and PPP by simulating a standard Dial-Up connection. It is popular

among many ISPs because it enables them to use existing Dial-Up infra-

structure such as billing, authentication, and security for DSL and cable

modems.

User Guide 2.1 11

Configuring Your Public Network

Determining Whether Your ISP Uses DHCP

Most ISPs support both dynamic (DHCP) and static addressing. To deter-

mine if your connection to the Internet is via DHCP and, if so, which

type, on your computer:

1. Click Start 56 Control Panel.

7KH&RQWURO3DQHOZLQGRZDSSHDUV

2. Click the Network icon.

7KH1HWZRUNGLDORJER[DSSHDUV

3. Click the Protocol tab.

4. Double-click TCP/IP protocol.

,I´2EWDLQDQ,3$GGUHVV$XWRPDWLFDOO\µLVVHOHFWHG\RXUFRPSXWHULVFRQILJXUHG

IRUG\QDPLF'+&3,I´2EWDLQDQ,3$GGUHVV$XWRPDWLFDOO\µLVQRWFKHFNHG\RXU

FRPSXWHULVFRQILJXUHGIRUVWDWLFDGGUHVVLQJ7KHDFWXDOZRUGLQJRQWKHPHQXPD\

GLIIHUGHSHQGLQJRQ\RXURSHUDWLQJV\VWHPEXWDOOSODWIRUPVGLIIHUHQWLDWHVRPHKRZ

EHWZHHQG\QDPLFDQGVWDWLFDGGUHVVLQJ

Configuring the SOHO Public Network for Dynamic Addressing

Out of the box, the SOHO is configured to obtain its public address infor-

mation automatically, using DHCP. So if your ISP assigns you an address

automatically (or dynamically), the SOHO itself will obtain all the

Setting Up Your SOHO Network

12 WatchGuard SOHO and SOHOtc

addressing information it needs when it powers on and attempts to con-

nect to the Internet. No further configuration of the SOHO is required. To

complete the SOHO Public Network configuration, see “Release and

Renew the IP Configuration” on page 14.

Configuring the SOHO Public Network for Static Addressing

If you are assigned a static address, then you must transfer the permanent

address assignment from your computer to the SOHO itself. Instead of

communicating directly to your computer, the ISP will now communicate

first through the SOHO. To do this you must both modify the static set-

tings on your personal computer as well as enter the information into the

SOHO Configuration pages.

On Your Computer

1. Click Start 56 Control Panel.

2. The Control Panel window appears.

3. Click the Network icon.

4. The Network dialog box appears.

5. Click the Protocol tab.

6. Click Properties.

7. The Properties window appears with the addressing information

already filled in.

8. Select the Obtain an IP address automatically option. Click OK.

9. Reminder: The wording may differ slightly depending on the operat-

ing system. A similar option, however, is found on all platforms.

10. If prompted with “Do you want to enable DHCP?” click Yes.

11. Save the changes.

12. On most platforms, click OK until the Control Panel window closes.

13. Shut down and reboot the computer.

To complete SOHO Public Network configuration, see “Release and

Renew the IP Configuration” on page 14.

,I\RXDUHVZLWFKLQ JIURPD333R(RUVWDWLF,3DFFRXQWWR

G\QDPLFD GGUHVVLQJRSHQWKH62+2&RQILJXUDWLRQPHQXFOLFN

3XEOLF1HWZRUN DQGHQDEOHWKHFKHFNER[ODEHOHG8VH'+&3WR

2EWDLQ&RQILJXUDWLRQ

Page is loading ...

Watchguard SOHO User guide

Watchguard SOHO User guide

Related papers

Other documents