WatchGuard Technologies SOHO manual How do I connect three or four offices together?

Page 102

Frequently asked questions

How do I connect three or four offices together?

To connect more than two offices together, WatchGuard recommends designating one office the center of a “star” network configuration and upgrading it to a WatchGuard Firebox. You can then manage multiple tunnels to SOHOs or other IPSec compliant devices from the central Firebox.

How do I troubleshoot the connection?

If you can ping the remote SOHO and computers behind it, your VPN tunnel is up and running. Any remaining problems are probably caused by the MS Networking or the applications being used.

OK, why is ping not working?

If you cannot ping the local network address of the remote SOHO, take the following steps to classify the problem:

1Ping the external address of the remote SOHO.

For example, at Site A, ping 68.130.44.15 (Site B). You should get a reply. If not, verify the External Network Settings of Site B. If they are correct, verify that computers at Site B can access the internet. If you are still having trouble, contact your ISP.

2Once you can ping the external address of each SOHO, try

pinging the local address.

From Site A, ping 192.168.112.1. If the tunnel is up, you should get a reply from the remote SOHO. If not, re-check the Local Settings page. Make sure that the local DHCP addresses ranges do not overlap. For example, IP addresses on either side of the tunnel must not be the same.

How do I obtain a VPN upgrade certificate?

Upgrade certificates come inside the box when you buy a WatchGuard SOHOtc. They can also be purchased online. Using your Web browser, go to:

http://www.watchguard.com/sales/buyonline .asp

102

Image 102
Contents WatchGuard Soho User Guide Page Using this guide Following conventions are used throughout this guideCE Notice Certifications and NoticesFCC Certification Industry CanadaTaiwanese Notice Vcci Notice Class a ITE Declaration of Conformity WatchGuard End-User License Agreement Page User Guide WatchGuard Limited Hardware Warranty User Guide Copyright and Patent Information Table of Contents Your Administrative Options Configuring Virtual Private Networking Page Introduction WelcomeRegistration and Identification Information How does a firewall work?How does a firewall work? Protocol How does information travel on the internet?IP Addresses Port numberServices How does the Soho process this information?Network Address Translation NAT Default Factory Settings Soho Home Page-System StatusResetting a Soho to the Factory Defaults Firewall SettingsRebooting a WatchGuard Soho Base Model SohoRebooting a WatchGuard Soho Rebooting a WatchGuard Soho Pre-installation checklist Before you beginInstallation Process Microsoft Windows 95 or 98 or ME Determine your current TCP/IP settingsMicrosoft Windows NT or MacintoshDisable your browser’s Http proxy Exit the TCP/IP configuration screenNetscape Netscape 6/6.1Physically connecting your Soho Internet Explorer 5.0/5.5Cabling the Soho for one to four devices Installation Process Cabling the Soho for more than four computers This creates a connection between the Soho and the modem Installation Process Configuring Your External Network Network addressingDouble-click the Network icon TCP/IP Properties dialog box appears Configuring the Soho External network for dynamic addressing Configuring the Soho External network for static addressing On your computerOn the Soho ExternalConfiguring the Soho external network for PPPoE From the Configuration Mode drop list, select PPPoE Client Click Automatically restore lost connections Release and renew the IP configuration Configuring Your Trusted Network Configure the Trusted network with static addressesRoutes Configure additional computers to the trusted network Configuring Static Routes View the Network Statistics Network Statistics View the Network Statistics Your Administrative Options System SecuritySetting a System Administrator Name and System Passphrase = System Security Setting up VPN Manager Access = VPN Manager AccessClick the Submit button Update Your Configuration from a Non- Windows Platform Redeeming your Soho upgrade certificates= Update = Upgrade Upgrade certificates Seat LicensesView the Configuration File = View Configuration FileView the Configuration File Firewall settings Configuring Incoming and Outgoing ServicesPre-configured Services Incoming or OutgoingCreating a Custom Service Custom Service TCP and UDP PortsIP Protocols Blocking External Sites Blocked Sites Firewall Options Firewall OptionsPing requests received on the External Network Denying FTP access to the Trusted Network interface Socks implementation for the SohoConfigure your Socks application Logging all allowed outbound traffic Disabling Socks on the SohoCreating a virtual DMZ DMZCreating a virtual DMZ Creating a virtual DMZ What is Logging? Viewing Soho log messagesSetting a WatchGuard Security Event Processor log host Wsep LoggingOur example Setting a Syslog Host Syslog LoggingSetting the System Time System TimeIf you have decided to use the WatchGuard Time Server Setting the System Time Setting the System Time WatchGuard Soho WebBlocker How WebBlocker worksWatchGuard WebBlocker database unavailable Web site not in WebBlocker databaseWeb site in WebBlocker database WebBlocker Users and GroupsPurchasing and enabling Soho WebBlocker Bypassing the Soho WebBlockerConfiguring the Soho WebBlocker Enable WebBlockerSettings Enter the Inactivity Timeout in minutes Create WebBlocker Groups and Users GroupsTo the right of the Users field, click the New button Click the Submit button WebBlocker categories Alcohol/TobaccoDrug Culture Search Engines Searching for blocked sites Click Check if the URL is on the CyberNOT ListConfiguring Virtual Private Networking Why create a virtual private network?What you will need IP Address Table example Enabling the VPN upgrade Step-by-step instructions for configuring a Soho VPN tunnelObtaining the VPN upgrade Special considerationsFrequently asked questions Why do I need a static external address?How do I get a static external IP address? How do I connect three or four offices together? OK, why is ping not working?How do I obtain a VPN upgrade certificate? How do I troubleshoot the connection?How do I enable a VPN Tunnel? Muvpn ClientsView the VPN Statistics View the VPN Statistics 104 Troubleshooting How do I reboot my SOHO?General What do the on and Mode lights signify on the SOHO? How do I register my SOHO?Cant get a certain Soho feature to work with a DSL modem Set a password on my unit, but I forgot it. Can you help?What is a Soho feature key? How does the seat limitation on the Soho work?How do I install a Soho using a Macintosh? How can I see the MAC address of my SOHO? ConfigurationWhere are the Soho settings stored? How do I change to a Dhcp trusted IP address?How do I set up and disable Webblocker? How do I change to a static trusted IP address?WebBlocker IncomingVPN Management How do I set up my Soho for VPN Manager Access? How do I set up VPN between two SOHOs?Online Documenting and In-Depth FAQs Contacting Technical supportSpecial Notices Database WebBlocker Default gateway 98 DNS service 116 User Guide 117 Socks