WatchGuard Technologies WatchGuard SOHO and SOHO | tc manual Blocking outgoing services

Page 52

Blocking outgoing services

4Click Remove a Service.

A list of existing, incoming services appears. Services are identified by protocol, port number, and destination address.

5Enable the checkbox next to the services you would like to

remove.

You can disable multiple services simultaneously.

6Click Submit.

The selected service(s) are removed from the list. The list reappears. To return to the Configuration menu, click Configuration at the top of the page.

Blocking outgoing services

By default, the security stance of the SOHO is to allow all outgoing packets from computers on the private network protected by the SOHO firewall to the Internet. You can, however, selectively close your network to certain types of Internet connectivity. For example, one way to prevent users behind your firewall from transferring unsafe files from the Internet to the private network is to block all outgoing FTP.

It is important to remember that each service you block reduces accessibility to the files and destinations on the Internet. Again, this is representative of the inherent trade-off between access and security.

Blocking a TCP or UDP service

The two most commonly used network protocols are TCP and UDP. You can choose to block outgoing TCP or UDP traffic by port number or range.

1 Using your Web browser, go to http://192.168.111.1.

40

Image 52

Contents WatchGuard Soho User Guide Registration and identification information Copyright and patent informationWatchGuard Soho End-User License Agreement User Guide IiiPage User Guide WatchGuard Limited Hardware Warranty User Guide Vii Redeeming Soho upgrade certificates WelcomeUsing this guide Following conventions are used throughout this guidePage Table of Contents Additional Soho Features Pre-installation checklist InstallationBefore you begin Performing manual installation Determine your current TCP/IP settingsMicrosoft Windows NT or Microsoft Windows 95 or 98 or MEMacintosh Other operating systems Unix, LinuxDisable your browser’s Http proxy Netscape 4.5 or Internet ExplorerPhysically connecting your Soho Cabling the Soho for one to four devicesThis creates a connection between the Soho and the modem Cabling the Soho for more than four computers This creates a connection between the Soho and the modem Physically connecting your Soho Setting Up Your Soho Network How does a firewall work?Configuring your public network Network addressingDouble-click the Network icon Configuring your public network Configuring the Soho public network for dynamic addressing On your computer Configuring the Soho public network for static addressingSelect the Obtain an IP address automatically option. Click On the Soho Click Public NetworkConfiguring Soho public network for PPPoE Release and renew the IP configuration Click Automatically restore lost connectionsConfiguring your private network Configure additional computers to the private network Select System Administration Changing the Soho system name and passwordSelect System Password Default factory settings Default factory settings Troubleshooting installation and network configuration Virtual Private Networking IPSec VPN is not installedWhat do the on and Mode lights signify on the SOHO? Where are the Soho settings stored?How do I register my SOHO? How do I change to a Dhcp private IP address?How do I allow any incoming service? How do I change to a static private IP address?Click Services and then click Allowed Incoming Services How do I set up and disable Web blocking?How do I allow incoming IP protocols? How do I set up VPN between two SOHOs? VPN ManagementHow do I set up my Soho for remote configuration? How do I reboot my SOHO?How do I reset the Soho to factory defaults? Set a password on my unit, but I forgot it. Can you help? How do I install a Soho using a Macintosh?How does the seat limitation on the Soho work? How do I get to the Soho Knowledge Base?What is a Soho feature key? Cant get a certain Soho feature to work with a DSL modemHow do I register for Live Security? How can I see the MAC address of my SOHO?How does information travel on the internet? Configuring Services for a SohoIP addresses Services WatchGuard Soho servicesProtocol Port numberAllowing incoming services Network address translationSelect Allowed Incoming Services Adding a pre-configured incoming serviceClick Add a Service Creating a custom incoming service Adding an incoming TCP or UDP serviceClick Allowed Incoming Services. Click Add a Service Click Add Other TCP or UDP ServiceAdding the Any service Adding an incoming service with another type of protocolClick Add Other Service Click Add Any Service Removing an incoming serviceClick Allowed Incoming Services Blocking a TCP or UDP service Blocking outgoing servicesClick Remove a Service Select Blocked Outgoing Services Click Block TCP or UDP ServiceClick Blocked Outgoing Services Blocking an alternative protocolRemoving a blocked outgoing service Click Remove Blocked ServiceConfiguring Virtual Private Networking Why create a virtual private network?What you will need One WatchGuard Soho with VPN and an IPSec-compliant DeviceIP Address Table example About Feature Keys Obtaining a VPN Feature KeyEnabling the VPN Feature Key Step-by-step instructions for configuring a Soho VPN tunnelSpecial considerations Frequently asked questions Why do I need a static public address?How do I get a static public IP address? How do I connect three or four offices together?How do I enable a VPN Tunnel? How do I obtain a VPN Feature Key?OK, ping is not working Frequently asked questions Additional Soho Features Socks for SohoConfiguring your Socks application on the Soho Soho Socks implementationSelect Service Options Disabling Socks on the SohoSetting a remote log host Soho loggingViewing Soho log messages Click System InformationClick System Administration Rebooting a WatchGuard SohoSelect Remote Logging Rebooting a WatchGuard Soho WatchGuard Soho WebBlocker How WebBlocker worksWeb site not in WebBlocker database Web site in WebBlocker databaseWatchGuard WebBlocker database unavailable Bypassing the Soho WebBlockerPurchasing and enabling Soho WebBlocker Configuring the Soho WebBlockerSelect Web Blocking Enter the full access password WebBlocker categoriesAlcohol/Tobacco Satanic/Cult Search Engines Searching for blocked sites Click Check if the URL is on the CyberNOT ListIndex Primary IP address 44 secondary IP address TCP UDP