WatchGuard Technologies Firebox X manual Master password, Admin password

Page 13

Setting Up Your Management Server

•Set the CRL distribution point and publication period

•Set the client and root certificate lifetime

•Launch the CA Web GUI

For information on how to set up the other WatchGuard System Manager servers—Log Server and Web- Blocker server, see the “Working with Log Files” chapter in this guide, and the Configuration Guide, respectively.

Note

If you install the Management Server, Log Server, or WebBlocker Server on a computer with an active desktop firewall other than Windows Firewall, you must open the ports necessary for the servers to connect through the firewall. Windows Firewall users do not have to change their configuration. See the section “Installing WatchGuard Servers on computers with desktop firewalls” on page 8 for more information.

Management Server passwords

The WatchGuard Management Server uses passwords to protect sensitive information kept on disk or to secure communications with client systems.

Master password

This password is used to protect all the passwords that are kept in the password file. You must use it when you move the Management Server data to a new system or when you restore a lost or corrupt master key file. Because you do not frequently use the master password, we recommend that you write it down and lock it in a secure location.

The master password is not stored in the password file. An encryption key is derived from the master pass- word and the key data is kept on disk. The default locations for the password file and encryption key are:

•C:\Documents and Settings\WatchGuard\wgauth\wgauth.ini

•C:\Documents and Settings\WatchGuard\wgauth\wgauth.key

Because these files are used by the Management Server software, you must never change them manually.

Admin password

The administrator uses the admin password frequently because it is necessary to use it to connect to the Management Server using WatchGuard System Manager.

Using the Management Server Setup Wizard

1Right-click the Management Server icon in the WatchGuard toolbar at the bottom of the screen.

2Select Start Service.

The Management Server setup wizard starts. The instructions in the wizard help you through the proce- dure.

User Guide

7

Image 13

Contents WatchGuardSystem Manager User Guide Address Contents Copy the online help system to more computers Setting Up Logging and NotificationImporting Certificates Microsoft Internet Explorer 5.5 LogViewer SettingsApache Software License, Version 2.0, January About WatchGuard System Manager Getting StartedWatchGuard Management Server Log ServerAbout Hardware and Appliance Software Installing WatchGuard System ManagerNetwork addresses License KeysExternal interface 1Network IP Addresses Without the FireboxTrusted interface Optional interfacesBase Software encryption levelsUses 40-bit encryption StrongPutting the Firebox into operation on your network Setting Up Your Management ServerAdmin password Master passwordInstallation Topics After Your InstallationRouted configuration WFS appliance software configuration modesDrop-in configuration To add a secondary networks, do one of these procedures Adding secondary networks to your configurationUse the Quick Setup Wizard during installation Dynamic IP support on the external interfaceAbout slash notation Entering IP addressesInstalling the Firebox cables Installation Topics LiveSecurity Service Solutions Service and SupportThreat responses, alerts, and expert advice Easy software updatesLiveSecurity Service Broadcasts Basic FAQs LiveSecurity Service Self Help ToolsNew from WatchGuard Known Issues Advanced FAQsInteractive Support Forum Online TrainingWatchGuard Users Forum Using the WatchGuard Users ForumWatchGuard Users Group Online HelpTechnical Support Product DocumentationCopy the online help system to more computers Software requirementsWe try to supply a solution in a maximum time of four hours Web Site Service TimeType of Service HoursTraining and Certification Starting WatchGuard System Manager Monitoring Your NetworkAbout the WatchGuard System Manager Window From the Windows DesktopDisconnecting from a Firebox Connecting to a FireboxDevice LogType the password for the Management Server Connecting to a ServerDisconnecting from a Server Seeing Information about DevicesCertificates Firebox StatusBranch Office VPN Tunnels Mobile user VPN tunnels Seeing Information on Log ServersPptp user VPN tunnels No exclamation pointMonitoring VPNs Starting Security Applications About the WatchGuard ToolbarPolicy Manager Firebox ManagerHostWatch Quick Setup WizardLog Viewer Historical ReportsSetting Up the Log Server Setting Up Logging and NotificationLog Server collects logs from each WatchGuard Firebox Configuration Guide for your version of appliance software WatchGuard Log Server Configuration dialog box appearsType the new log encryption key two times Click OK Setting Global Logging and Notification PreferencesClick Save Changes or Close Click Save Changes Setting Global Logging and Notification Preferences Reviewing and Working with Log Files Traffic Alarm Event DiagnosticTypes of Log Messages Traffic log messagesDiagnostic log messages Alarm log messagesLog File Names and Locations Starting LogViewerBrowse to find the log file and click Open LogViewer Settings Click to set the format of the logs to the default colors Changing LogViewer settings with WFS appliance softwareSelect Edit Find Using LogViewerPaste the data into any text editor Click Browse to find the files to put together Click Merge Click File Merge log filesUsing LogViewer Using LogViewer Creating and Editing Reports Generating Reports of Network ActivityType the report name From Historical Reports, click AddSelect the filter Type the Firebox IP address or host name. Click Add Specifying a Report Time IntervalChange the report definition Specifying Report Sections To consolidate report sections Setting Report PropertiesType the number of items to put in the table Exporting Reports Complete the Filter tabs Using Report FiltersRunning Reports When finished, click OKReport Sections and Consolidated Sections Change the filter propertiesReport Sections and Consolidated Sections Session Summary Proxied Traffic Consolidated sections Report Sections and Consolidated Sections Public Key Cryptography and Digital Certificates Managing Certificates Certificate AuthorityPKI in a WatchGuard VPN From the menu, select the correct Managing the Certificate AuthorityCertificate Authority CA Certificate Generate a New Certificate Management Server CA CertificateGWvpn gateway name Find and Manage CertificatesReinstate RevokePuts back a certificate that was revoked before DestroyImporting Certificates Managing the Firebox X Edge Firebox SohoNetscape Netscape CommunicatorAdministration Troubleshooting ideasManaging the Firebox X Edge or Soho Device System StatusSystem security and remote management Removing CertificatesFirewall LoggingSelect File Soho Management Clean up on PC Removing Certificates WatchGuard Firebox Software End-User License Agreement Appendix a Copyright and LicensingWatchGuard System Manager Copyright and Trademarks OpenSSL License LicensesOriginal SSLeay License Apache Software License, Version 2.0, January Licenses Pcre License GNU Lesser General Public License Licenses Licenses Licenses GNU General Public License Licenses Licenses Licenses Sleepycat License Licenses General File Locations Appendix B WatchGuard File LocationsQuick Setup Wizard Default File LocationsHostWatch for Fireware Appliance Software Firebox System Manager for Fireware Appliance SoftwarePolicy Manager for Fireware Appliance Software Policy Manager for WFS Appliance Software WatchGuard System ManagerHostWatch for WFS Appliance Software Firebox System Manager for WFS Appliance SoftwareFlash Disk Management for WFS Appliance Software LogViewerWebBlocker Server Management ServerLog Server User Interface Log Server for WFS Appliance Software Log Server for Fireware Appliance SoftwareHistorical Reports Log Merge Management Server Setup WizardManagement Server User Interface WatchGuard Certificate Authority Default File Locations Index Muvpn Wctp 100