WatchGuard Technologies Firebox X manual WFS appliance software configuration modes

Page 15

Installation Topics

This table shows you the ports you must open on a desktop firewall.

Server Type/Appliance Software	Protocol/Port
Management Server	TCP 4109, TCP 4110, TCP 4112, TCP 4113

Log Server
with Fireware appliance software	TCP 4115
with WFS appliance software	TCP 4107

WebBlocker Server	TCP 5003, UDP 5003

WFS appliance software configuration modes

There are two configuration modes available for users with WFS appliance software: a routed configura- tion or a drop-in configuration. (If you are using Fireware appliance software, drop-in mode is not avail- able.) Many networks operate the best with a routed configuration. But we recommend the drop-in mode if:

•You have a large number of public IP addresses

•You have a static external IP address

•You cannot configure the computers on your trusted and optional networks that have public IP addresses with private IP addresses

The table below shows three conditions that can help you to select a firewall configuration mode. We then give more information about each mode.

	Routed Configuration	Drop-in Configuration
Condition 1	All interfaces of the Firebox are on	All interfaces of the
	different networks. The minimum	Firebox are on the same
	configured interfaces are external and	network and have the same
	trusted.	IP address (Proxy ARP).

Condition 2	Trusted and optional interfaces must be	The computers on the
	on different networks. The two interfaces	trusted or optional
	must have an IP address on their	interfaces can have a
	respective network.	public IP address.

Condition 3	Use static NAT to map public addresses	The machines that have
	to private addresses behind the trusted	public access have public
	or optional interfaces.	IP addresses. Thus, no
		static NAT is necessary.

Routed configuration

You use the routed configuration when you have a small number of public IP addresses or when your Firebox gets its external IP address using PPPoE or DHCP. This configuration also makes it easier to con- figure virtual private networks.

User Guide

9

Image 15

Contents WatchGuardSystem Manager User Guide Address Contents Copy the online help system to more computers Setting Up Logging and NotificationImporting Certificates Microsoft Internet Explorer 5.5 LogViewer SettingsApache Software License, Version 2.0, January Log Server Getting StartedAbout WatchGuard System Manager WatchGuard Management ServerAbout Hardware and Appliance Software Installing WatchGuard System ManagerNetwork addresses License KeysOptional interfaces 1Network IP Addresses Without the FireboxExternal interface Trusted interfaceStrong Software encryption levelsBase Uses 40-bit encryption Putting the Firebox into operation on your network Setting Up Your Management ServerAdmin password Master passwordInstallation Topics After Your InstallationRouted configuration WFS appliance software configuration modesDrop-in configuration Dynamic IP support on the external interface Adding secondary networks to your configurationTo add a secondary networks, do one of these procedures Use the Quick Setup Wizard during installationAbout slash notation Entering IP addressesInstalling the Firebox cables Installation Topics Easy software updates Service and SupportLiveSecurity Service Solutions Threat responses, alerts, and expert adviceLiveSecurity Service Broadcasts LiveSecurity Service Self Help Tools Basic FAQsNew from WatchGuard Online Training Advanced FAQsKnown Issues Interactive Support ForumOnline Help Using the WatchGuard Users ForumWatchGuard Users Forum WatchGuard Users GroupSoftware requirements Product DocumentationTechnical Support Copy the online help system to more computersHours Web Site Service TimeWe try to supply a solution in a maximum time of four hours Type of ServiceTraining and Certification From the Windows Desktop Monitoring Your NetworkStarting WatchGuard System Manager About the WatchGuard System Manager WindowLog Connecting to a FireboxDisconnecting from a Firebox DeviceSeeing Information about Devices Connecting to a ServerType the password for the Management Server Disconnecting from a ServerFirebox Status CertificatesBranch Office VPN Tunnels No exclamation point Seeing Information on Log ServersMobile user VPN tunnels Pptp user VPN tunnelsMonitoring VPNs Firebox Manager About the WatchGuard ToolbarStarting Security Applications Policy ManagerHistorical Reports Quick Setup WizardHostWatch Log ViewerSetting Up Logging and Notification Setting Up the Log ServerLog Server collects logs from each WatchGuard Firebox Configuration Guide for your version of appliance software WatchGuard Log Server Configuration dialog box appearsType the new log encryption key two times Click OK Setting Global Logging and Notification PreferencesClick Save Changes or Close Click Save Changes Setting Global Logging and Notification Preferences Traffic log messages Traffic Alarm Event DiagnosticReviewing and Working with Log Files Types of Log MessagesStarting LogViewer Alarm log messagesDiagnostic log messages Log File Names and LocationsBrowse to find the log file and click Open LogViewer Settings Click to set the format of the logs to the default colors Changing LogViewer settings with WFS appliance softwareSelect Edit Find Using LogViewerPaste the data into any text editor Click Browse to find the files to put together Click Merge Click File Merge log filesUsing LogViewer Using LogViewer Creating and Editing Reports Generating Reports of Network ActivityFrom Historical Reports, click Add Type the report nameSelect the filter Specifying a Report Time Interval Type the Firebox IP address or host name. Click AddChange the report definition Specifying Report Sections Setting Report Properties To consolidate report sectionsType the number of items to put in the table Exporting Reports Complete the Filter tabs Using Report FiltersChange the filter properties When finished, click OKRunning Reports Report Sections and Consolidated SectionsReport Sections and Consolidated Sections Session Summary Proxied Traffic Consolidated sections Report Sections and Consolidated Sections Managing Certificates Certificate Authority Public Key Cryptography and Digital CertificatesPKI in a WatchGuard VPN Managing the Certificate Authority From the menu, select the correctCertificate Authority CA Certificate Find and Manage Certificates Management Server CA CertificateGenerate a New Certificate GWvpn gateway nameDestroy RevokeReinstate Puts back a certificate that was revoked beforeImporting Certificates Managing the Firebox X Edge Firebox SohoNetscape Netscape CommunicatorSystem Status Troubleshooting ideasAdministration Managing the Firebox X Edge or Soho DeviceLogging Removing CertificatesSystem security and remote management FirewallSelect File Soho Management Clean up on PC Removing Certificates WatchGuard Firebox Software End-User License Agreement Appendix a Copyright and LicensingWatchGuard System Manager Copyright and Trademarks OpenSSL License LicensesOriginal SSLeay License Apache Software License, Version 2.0, January Licenses Pcre License GNU Lesser General Public License Licenses Licenses Licenses GNU General Public License Licenses Licenses Licenses Sleepycat License Licenses General File Locations Appendix B WatchGuard File LocationsQuick Setup Wizard Default File LocationsFirebox System Manager for Fireware Appliance Software HostWatch for Fireware Appliance SoftwarePolicy Manager for Fireware Appliance Software Policy Manager for WFS Appliance Software WatchGuard System ManagerLogViewer Firebox System Manager for WFS Appliance SoftwareHostWatch for WFS Appliance Software Flash Disk Management for WFS Appliance SoftwareManagement Server WebBlocker ServerLog Server User Interface Log Server for Fireware Appliance Software Log Server for WFS Appliance SoftwareHistorical Reports Management Server Setup Wizard Log MergeManagement Server User Interface WatchGuard Certificate Authority Default File Locations Index Muvpn Wctp 100