WatchGuard Technologies Firebox X manual Setting Up Your Management Server

Page 12

Setting Up Your Management Server

Strong export limits apply to the strong encryption software. It is possible that it is not available for download.

Backing up your previous configuration

If you have an earlier version of WatchGuard System Manager, you must make a backup of your security policy configuration before you install a new version. For instructions on creating a backup of your con- figuration:

If you are upgrading to a newer version of the WFS appliance software, refer to the Upgrade Guide.

If you are moving from WFS to Fireware appliance software, refer to the Migration Guide.

Using the Quick Setup Wizard

After you configure the management station, install the Firebox cables, and (if applicable) make a back up of your previous configuration, use the Quick Setup Wizard to make a basic configuration file. The Fire- box uses this basic configuration file when it starts for the first time. This enables the Firebox to operate as a basic firewall.

After the Firebox is configured with this basic configuration, you can use Policy Manager to expand or change the Firebox configuration.

The Quick Setup Wizard uses a device discovery procedure to find the Firebox X model you are configur- ing. This procedure uses a UDP broadcast. Software firewalls, including the firewall in Microsoft Windows XP SP2, can cause problems with the discovery procedure.

You can start the Quick Setup Wizard from the Windows desktop or from System Manager. The instruc- tions in the wizard help you through the procedure.

From the desktop, select Start > Programs > WatchGuard System Manager 8 > Quick Setup Wizard. Or, from System Manager, select Resources > Quick Setup Wizard.

Putting the Firebox into operation on your network

You have completed the installation of your Firebox. You can use the Firebox as a basic firewall that allows all outgoing traffic.

Complete these steps to put the Firebox into operation on your network:

Put the Firebox in its permanent physical location.

In WatchGuard System Manager, use File > Connect To to connect the management station to the Firebox.

If you use a routed configuration, change the default gateway on all computers that you connect to the Firebox trusted IP address.

Configure the Log Server to start recording log messages.

Open Policy Manager to change the basic configuration to meet your security needs.

Setting Up Your Management Server

You can select to install the Management Server on the your management station during installation. Or, you can use the same installation procedure to install the Management Server on a different computer. You must install the Management Server software on a computer that is behind a Firebox with a static external IP address. The Management Server does not operate correctly if it is behind a Firebox with a dynamic IP address on its external interface.

You use this server to:

Start and stop the Management Server

Set the server passphrases and license key

6

WatchGuard System Manager

Page 11 Page 13
Image 12
Page 11 Page 13
Contents WatchGuardSystem Manager User Guide Address Contents Setting Up Logging and Notification Copy the online help system to more computersLogViewer Settings Importing Certificates Microsoft Internet Explorer 5.5Apache Software License, Version 2.0, January Getting Started About WatchGuard System ManagerWatchGuard Management Server Log ServerInstalling WatchGuard System Manager About Hardware and Appliance Software License Keys Network addresses1Network IP Addresses Without the Firebox External interfaceTrusted interface Optional interfacesSoftware encryption levels BaseUses 40-bit encryption StrongSetting Up Your Management Server Putting the Firebox into operation on your networkMaster password Admin passwordAfter Your Installation Installation TopicsWFS appliance software configuration modes Routed configurationDrop-in configuration Adding secondary networks to your configuration To add a secondary networks, do one of these proceduresUse the Quick Setup Wizard during installation Dynamic IP support on the external interfaceEntering IP addresses About slash notationInstalling the Firebox cables Installation Topics Service and Support LiveSecurity Service SolutionsThreat responses, alerts, and expert advice Easy software updatesLiveSecurity Service Broadcasts LiveSecurity Service Self Help Tools Basic FAQsNew from WatchGuard Advanced FAQs Known IssuesInteractive Support Forum Online TrainingUsing the WatchGuard Users Forum WatchGuard Users ForumWatchGuard Users Group Online HelpProduct Documentation Technical SupportCopy the online help system to more computers Software requirementsWeb Site Service Time We try to supply a solution in a maximum time of four hoursType of Service HoursTraining and Certification Monitoring Your Network Starting WatchGuard System ManagerAbout the WatchGuard System Manager Window From the Windows DesktopConnecting to a Firebox Disconnecting from a FireboxDevice LogConnecting to a Server Type the password for the Management ServerDisconnecting from a Server Seeing Information about DevicesFirebox Status CertificatesBranch Office VPN Tunnels Seeing Information on Log Servers Mobile user VPN tunnelsPptp user VPN tunnels No exclamation pointMonitoring VPNs About the WatchGuard Toolbar Starting Security ApplicationsPolicy Manager Firebox ManagerQuick Setup Wizard HostWatchLog Viewer Historical ReportsSetting Up Logging and Notification Setting Up the Log ServerLog Server collects logs from each WatchGuard Firebox WatchGuard Log Server Configuration dialog box appears Configuration Guide for your version of appliance softwareSetting Global Logging and Notification Preferences Type the new log encryption key two times Click OKClick Save Changes or Close Click Save Changes Setting Global Logging and Notification Preferences Traffic Alarm Event Diagnostic Reviewing and Working with Log FilesTypes of Log Messages Traffic log messagesAlarm log messages Diagnostic log messagesLog File Names and Locations Starting LogViewerBrowse to find the log file and click Open LogViewer Settings Changing LogViewer settings with WFS appliance software Click to set the format of the logs to the default colorsUsing LogViewer Select Edit FindPaste the data into any text editor Click File Merge log files Click Browse to find the files to put together Click MergeUsing LogViewer Using LogViewer Generating Reports of Network Activity Creating and Editing ReportsFrom Historical Reports, click Add Type the report nameSelect the filter Specifying a Report Time Interval Type the Firebox IP address or host name. Click AddChange the report definition Specifying Report Sections Setting Report Properties To consolidate report sectionsType the number of items to put in the table Exporting Reports Using Report Filters Complete the Filter tabsWhen finished, click OK Running ReportsReport Sections and Consolidated Sections Change the filter propertiesReport Sections and Consolidated Sections Session Summary Proxied Traffic Consolidated sections Report Sections and Consolidated Sections Managing Certificates Certificate Authority Public Key Cryptography and Digital CertificatesPKI in a WatchGuard VPN Managing the Certificate Authority From the menu, select the correctCertificate Authority CA Certificate Management Server CA Certificate Generate a New CertificateGWvpn gateway name Find and Manage CertificatesRevoke ReinstatePuts back a certificate that was revoked before DestroyManaging the Firebox X Edge Firebox Soho Importing CertificatesNetscape Communicator NetscapeTroubleshooting ideas AdministrationManaging the Firebox X Edge or Soho Device System StatusRemoving Certificates System security and remote managementFirewall LoggingSelect File Soho Management Clean up on PC Removing Certificates Appendix a Copyright and Licensing WatchGuard Firebox Software End-User License AgreementWatchGuard System Manager Copyright and Trademarks Licenses OpenSSL LicenseOriginal SSLeay License Apache Software License, Version 2.0, January Licenses Pcre License GNU Lesser General Public License Licenses Licenses Licenses GNU General Public License Licenses Licenses Licenses Sleepycat License Licenses Appendix B WatchGuard File Locations General File LocationsDefault File Locations Quick Setup WizardFirebox System Manager for Fireware Appliance Software HostWatch for Fireware Appliance SoftwarePolicy Manager for Fireware Appliance Software WatchGuard System Manager Policy Manager for WFS Appliance SoftwareFirebox System Manager for WFS Appliance Software HostWatch for WFS Appliance SoftwareFlash Disk Management for WFS Appliance Software LogViewerManagement Server WebBlocker ServerLog Server User Interface Log Server for Fireware Appliance Software Log Server for WFS Appliance SoftwareHistorical Reports Management Server Setup Wizard Log MergeManagement Server User Interface WatchGuard Certificate Authority Default File Locations Index Muvpn Wctp 100
Top Page Image Contents