WatchGuard Technologies Firebox X manual Adding secondary networks to your configuration

Page 17

Installation Topics

•You use one logical network for all three interfaces.

•The Firebox uses proxy ARP. The trusted interface ARP address replaces the ARP address of the router. It then resolves the ARP data for those devices behind the Firebox that cannot receive the transmitted data.

•During installation, it is not necessary to change the TCP/IP properties of computers on the trusted and optional interfaces. The router cannot receive the transmitted ARP data from the trusted host, but the Firebox continues to control ARP data for the router.

•Usually, the Firebox is the default gateway as an alternative to the router.

•You must flush the ARP cache of each computer on the trusted network.

•A large part of a LAN is on the trusted interface because there is a secondary network for the LAN.

With a drop-in configuration you do not have to change the configuration of each computer on the trusted network that has a public IP address. But, a drop-in configuration is not easy to manage. It can also be more difficult to troubleshoot problems.

Adding secondary networks to your configuration

A secondary network is a different network that connects to a Firebox interface with a switch or hub.

When you add a secondary network, you map an IP address from the secondary network to the IP address of the Firebox interface. Thus, you make (or add) an IP alias to the network interface. This IP alias is the default gateway for all the computers on the secondary network. The secondary network also tells the Firebox that there is one more network on the Firebox interface.

To add a secondary networks, do one of these procedures:

Use the Quick Setup Wizard during installation

Enter an IP address for the secondary network in the Quick Setup Wizard, as described in “Using the Quick Setup Wizard” on page 6. This is the default gateway for your secondary private network.

Add the secondary network after the Firebox installation is complete

Use Policy Manager to add secondary networks to an interface. For information on how to use Policy Manager, see the Configuration Guide.

Dynamic IP support on the external interface

If you use dynamic IP addressing, you must select routed configuration.

User Guide

11

Image 17

Contents WatchGuardSystem Manager User Guide Address Contents Copy the online help system to more computers Setting Up Logging and NotificationImporting Certificates Microsoft Internet Explorer 5.5 LogViewer SettingsApache Software License, Version 2.0, January About WatchGuard System Manager Getting StartedWatchGuard Management Server Log ServerAbout Hardware and Appliance Software Installing WatchGuard System ManagerNetwork addresses License KeysExternal interface 1Network IP Addresses Without the FireboxTrusted interface Optional interfacesBase Software encryption levelsUses 40-bit encryption StrongPutting the Firebox into operation on your network Setting Up Your Management ServerAdmin password Master passwordInstallation Topics After Your InstallationRouted configuration WFS appliance software configuration modesDrop-in configuration To add a secondary networks, do one of these procedures Adding secondary networks to your configurationUse the Quick Setup Wizard during installation Dynamic IP support on the external interfaceAbout slash notation Entering IP addressesInstalling the Firebox cables Installation Topics LiveSecurity Service Solutions Service and SupportThreat responses, alerts, and expert advice Easy software updatesLiveSecurity Service Broadcasts New from WatchGuard LiveSecurity Service Self Help ToolsBasic FAQs Known Issues Advanced FAQsInteractive Support Forum Online TrainingWatchGuard Users Forum Using the WatchGuard Users ForumWatchGuard Users Group Online HelpTechnical Support Product DocumentationCopy the online help system to more computers Software requirementsWe try to supply a solution in a maximum time of four hours Web Site Service TimeType of Service HoursTraining and Certification Starting WatchGuard System Manager Monitoring Your NetworkAbout the WatchGuard System Manager Window From the Windows DesktopDisconnecting from a Firebox Connecting to a FireboxDevice LogType the password for the Management Server Connecting to a ServerDisconnecting from a Server Seeing Information about DevicesBranch Office VPN Tunnels Firebox StatusCertificates Mobile user VPN tunnels Seeing Information on Log ServersPptp user VPN tunnels No exclamation pointMonitoring VPNs Starting Security Applications About the WatchGuard ToolbarPolicy Manager Firebox ManagerHostWatch Quick Setup WizardLog Viewer Historical ReportsLog Server collects logs from each WatchGuard Firebox Setting Up Logging and NotificationSetting Up the Log Server Configuration Guide for your version of appliance software WatchGuard Log Server Configuration dialog box appearsType the new log encryption key two times Click OK Setting Global Logging and Notification PreferencesClick Save Changes or Close Click Save Changes Setting Global Logging and Notification Preferences Reviewing and Working with Log Files Traffic Alarm Event DiagnosticTypes of Log Messages Traffic log messagesDiagnostic log messages Alarm log messagesLog File Names and Locations Starting LogViewerBrowse to find the log file and click Open LogViewer Settings Click to set the format of the logs to the default colors Changing LogViewer settings with WFS appliance softwareSelect Edit Find Using LogViewerPaste the data into any text editor Click Browse to find the files to put together Click Merge Click File Merge log filesUsing LogViewer Using LogViewer Creating and Editing Reports Generating Reports of Network ActivitySelect the filter From Historical Reports, click AddType the report name Change the report definition Specifying a Report Time IntervalType the Firebox IP address or host name. Click Add Specifying Report Sections Type the number of items to put in the table Setting Report PropertiesTo consolidate report sections Exporting Reports Complete the Filter tabs Using Report FiltersRunning Reports When finished, click OKReport Sections and Consolidated Sections Change the filter propertiesReport Sections and Consolidated Sections Session Summary Proxied Traffic Consolidated sections Report Sections and Consolidated Sections PKI in a WatchGuard VPN Managing Certificates Certificate AuthorityPublic Key Cryptography and Digital Certificates Certificate Authority CA Certificate Managing the Certificate AuthorityFrom the menu, select the correct Generate a New Certificate Management Server CA CertificateGWvpn gateway name Find and Manage CertificatesReinstate RevokePuts back a certificate that was revoked before DestroyImporting Certificates Managing the Firebox X Edge Firebox SohoNetscape Netscape CommunicatorAdministration Troubleshooting ideasManaging the Firebox X Edge or Soho Device System StatusSystem security and remote management Removing CertificatesFirewall LoggingSelect File Soho Management Clean up on PC Removing Certificates WatchGuard Firebox Software End-User License Agreement Appendix a Copyright and LicensingWatchGuard System Manager Copyright and Trademarks OpenSSL License LicensesOriginal SSLeay License Apache Software License, Version 2.0, January Licenses Pcre License GNU Lesser General Public License Licenses Licenses Licenses GNU General Public License Licenses Licenses Licenses Sleepycat License Licenses General File Locations Appendix B WatchGuard File LocationsQuick Setup Wizard Default File LocationsPolicy Manager for Fireware Appliance Software Firebox System Manager for Fireware Appliance SoftwareHostWatch for Fireware Appliance Software Policy Manager for WFS Appliance Software WatchGuard System ManagerHostWatch for WFS Appliance Software Firebox System Manager for WFS Appliance SoftwareFlash Disk Management for WFS Appliance Software LogViewerLog Server User Interface Management ServerWebBlocker Server Historical Reports Log Server for Fireware Appliance SoftwareLog Server for WFS Appliance Software Management Server User Interface Management Server Setup WizardLog Merge WatchGuard Certificate Authority Default File Locations Index Muvpn Wctp 100