WatchGuard Technologies SOHO 6.1 manual WatchGuard Firebox Soho User Guide

Contents WatchGuard Firebox Soho User Guide Following conventions are used in this guide Using this GuideFCC Certification Certifications and NoticesCE Notice Industry CanadaVcci Notice Class a ITE Declaration of Conformity Watchguard Soho Software END-USER License Agreement User Guide Vii Viii WatchGuard Firebox Soho Copyright, Trademark, and Patent Information WatchGuard Firebox Soho User Guide Xii WatchGuard Firebox Soho Contents Configure the Network Interfaces Configure the Firewall Settings VPN-Virtual Private Networking Index 117 Xviii WatchGuard Firebox Soho Welcome IntroductionPackage Contents How Does a Firewall Work? IP addresses How Does Information Travel on the Internet?Protocol How Does the Soho 6 Process Information? ServicesPort numbers Network Address TranslationSoho 6 front and rear views Soho 6 Hardware DescriptionFaster Processor Ethernet portsLink Status100 ModeOPT port Power input Reset buttonWAN port Numbered portsIntroduction WatchGuard Firebox Soho Installation Click Start = Programs = Accessories = Command Prompt Review and record your current TCP/IP settingsBefore You Begin Microsoft Windows 2000 and Windows XPMicrosoft Windows 95 or 98 or ME Microsoft Windows NTMacintosh Other operating systems Unix, LinuxExit the TCP/IP configuration screen Disable the Http proxy setting of your Web browserClick Edit = Preferences NetscapeClick Start = Settings = Control Panel Enable your computer for DhcpInternet Explorer 5.0, 5.5, Click Tools = Internet OptionsClick Properties Physically connect the Soho Cabling the Soho 6 for one to four appliances Cabling the Soho 6 for more than four computers Physically connect the Soho Soho 6 is now connected to the Internet and your hub Soho 6 Home Page-System Status Soho 6 BasicsSoho 6 Basics External Network Default Factory SettingsTrusted Network Firewall Settings Reset a Soho 6 to factory defaultUpgrade Options System SecurityBase model Soho Register your Soho 6 and Activate the LiveSecurity ServiceReboot the Soho Reboot the Soho Soho 6 Basics WatchGuard Firebox Soho Configure Your External Network Configure Network InterfacesNetwork addressing Configure the Soho 6 External Network for dynamic addressing Manual Configuration Configure the Soho 6 External Network for static addressingNetwork = External Configure the Soho 6 External Network for PPPoE Click Automatically restore lost connections Configure Dhcp Server and Dhcp Relay Configure the Trusted NetworkTrusted Network Configuration page appears Configure additional computers on the Trusted Network Network = Trusted Configure the Trusted Network with static addressesConfigure Static Routes Click Add Network = Network Statistics View Network StatisticsSelect the Enable Dynamic DNS client checkbox Configure the Dynamic DNS ServiceNetwork = DynamicDNS Configure Dual ISP Port Configure OPT Port UpgradesConfigure OPT Port Upgrades Network = Dual ISP Configure VPNforce Port Network = Optional Configure OPT Port Upgrades Configure the Network Interfaces WatchGuard Firebox Soho Administrative Options System management System SecurityAdministration = System Security Soho Remote Management Set up VPN Manager AccessSelect Enable VPN Manager Access Administration = VPN Manager AccessAdministration = Update Update Your FirmwareRedeem your Soho 6 Upgrade Options Upgrade options Administration = UpgradeSeat Licenses Dual ISP Port LiveSecurity Service Subscription RenewalsVPNforce Port IPSec Virtual Private Networking VPNAdministration = View Configuration File View the Configuration FileFirewall Settings Configure Firewall SettingsPre-configured Services Configure Incoming and Outgoing ServicesFirewall = Incoming or Outgoing Create a Custom Service Custom Service page refreshes Firewall = Custom ServiceBlock External Sites Blocked Sites page appears Firewall = Firewall Options Firewall OptionsSelect Do not allow FTP access to Trusted Network Denying FTP access to the Trusted Network interfacePing requests received on the External Network Socks implementation for the SohoConfiguring your Socks application Disabling Socks on the Soho Logging all allowed outbound trafficSelect Log All Allowed Outbound Access Enable override MAC address for the External NetworkSelect Enable override MAC address for the External Network Create an Unrestricted Pass Through Select Enable pass through addressFirewall = Pass Through Create an Unrestricted Pass Through Configure the Firewall Settings WatchGuard Firebox Soho Configure Logging From the navigation bar on the left side, select Logging View Soho 6 Log MessagesTo have your log messages synchronize with your computer Select Enable WatchGuard Security Event Processor Logging Select Enable syslog output Set up Logging to a Syslog HostLogging = Syslog Logging Select Include local time in syslog message Set the System TimeSelect a time zone from the drop list Select Adjust for daylight savings timeConfigure Logging WatchGuard Firebox Soho VPN-Virtual Private Networking Why Create a Virtual Private Network?What You Need IP Address Table example Enable the VPN Upgrade Why do I need a static external address? Frequently Asked QuestionsSpecial Considerations How do I get a static external IP address?How do I obtain a VPN upgrade license key? Why is ping not working?How do I enable a VPN Tunnel? How do I troubleshoot the connection?VPN = Manual VPN Set Up Multiple SOHO-SOHO VPN TunnelsEnter the Name, IPSec Gateway Address, and Shared Key for Soho 6 you want to set up a VPN tunnelSet Up Multiple SOHO-SOHO VPN Tunnels Forward Secrecy Muvpn Clients Configure Split TunnelingStatistics View the VPN StatisticsHow WebBlocker Works Soho 6 WebBlockerWeb site in the WebBlocker database Web site not in the WebBlocker databaseWatchGuard WebBlocker database unavailable WebBlocker users and groups Purchase and Activate Soho 6 WebBlockerBypass the Soho 6 WebBlocker GroupsWebBlocker = Settings Configure the Soho 6 WebBlockerActivate WebBlocker Create WebBlocker Groups and Users Select Enable WebBlockingClick New to create a group name and profile Click Submit To the right of the Users field, click New Alcohol/tobacco WebBlocker CategoriesIllegal Gambling Drug Culture Militant/extremistSatanic/cult IntoleranceViolence/profanity Gross DepictionsSearch Engines Sports and LeisureFull Nudity Sexual ActsPartial/artistic Nudity Support Resources Troubleshooting TipsGeneral How do I restart my Soho 6? How do I register my Soho 6 with the LiveSecurity Service?Cant get a certain Soho 6 feature to work with a DSL modem What is a Soho 6 Feature Key?How does the seat limitation on the Soho 6 work? 110 Where are the Soho 6 settings stored? ConfigurationHow do I set up Dhcp on the trusted network of the Soho 6? Select Enable Dhcp Server and then click SubmitHow do I set up and disable Webblocker? Disable Enable Dhcp Server and then click SubmitHow do I change to a static, trusted IP address? Firewall = Incoming VPN Management How do I set up VPN to a Soho 6s? How do I set up my Soho 6 for VPN Manager Access?Contact Technical support Online Documentation and In-Depth FAQsNumerics IndexWAN Socks Redeeming 57 types Upgrade page 58 upgrading Processor WebBlocker 122