WatchGuard Technologies Firebox X Seeing Information on Log Servers, Mobile user VPN tunnels

Page 33

Seeing Information on Log Servers

•The tunnel name, the IP address of the destination IPSec device (a different Firebox, Edge, SOHO, or SOHOtc), and the tunnel type. If the tunnel is managed by the Management Server, the IP address refers to the full remote network address.

•The volume of data sent and received on the tunnel in bytes and packets.

•The time before the key expires and when the tunnel is created again. This appears as a time limit or as the volume of bytes. If you use the Management Server to configure a tunnel to expire using time and volume limits, the two expiration values appear.

•Authentication and encryption layers set for the tunnel.

•Routing policies for the tunnel.

Mobile user VPN tunnels

After the branch office VPN tunnels list is an entry for Mobile User VPN tunnels. The entry shows the same information as for Branch Office VPN. This includes the tunnel name, the destination IP address, and the tunnel type. Packet information, the key expiration date, authentication, and encryption data also appear.

PPTP user VPN tunnels

For PPTP RUVPN tunnels, the WatchGuard System Manager shows only the quantity of sent and received packets. The volume of bytes and total volume of bytes are not applicable to PPTP tunnels.

Connection status

The tree view for each device shows a red, yellow, or no exclamation point. The exclamation point shows whether the WSM is receiving status information from the device. The status descriptions are as follows:

No exclamation point

Usual operation. The device is successfully sending data to WatchGuard System Manager.

Red exclamation point

Problem. The device cannot send or receive traffic with the management station at this time.

Seeing Information on Log Servers

Click the Log tab to see a list of log servers managed by WatchGuard® System Manager. The list of servers in use is collected from the configuration files of the devices that are monitored. The display also shows

User Guide

27

Image 33

Contents WatchGuardSystem Manager User Guide Address Contents Copy the online help system to more computers Setting Up Logging and NotificationImporting Certificates Microsoft Internet Explorer 5.5 LogViewer SettingsApache Software License, Version 2.0, January About WatchGuard System Manager Getting StartedWatchGuard Management Server Log ServerAbout Hardware and Appliance Software Installing WatchGuard System ManagerNetwork addresses License KeysExternal interface 1Network IP Addresses Without the FireboxTrusted interface Optional interfacesBase Software encryption levelsUses 40-bit encryption StrongPutting the Firebox into operation on your network Setting Up Your Management ServerAdmin password Master passwordInstallation Topics After Your InstallationRouted configuration WFS appliance software configuration modesDrop-in configuration To add a secondary networks, do one of these procedures Adding secondary networks to your configurationUse the Quick Setup Wizard during installation Dynamic IP support on the external interfaceAbout slash notation Entering IP addressesInstalling the Firebox cables Installation Topics LiveSecurity Service Solutions Service and SupportThreat responses, alerts, and expert advice Easy software updatesLiveSecurity Service Broadcasts LiveSecurity Service Self Help Tools Basic FAQsNew from WatchGuard Known Issues Advanced FAQsInteractive Support Forum Online TrainingWatchGuard Users Forum Using the WatchGuard Users ForumWatchGuard Users Group Online HelpTechnical Support Product DocumentationCopy the online help system to more computers Software requirementsWe try to supply a solution in a maximum time of four hours Web Site Service TimeType of Service HoursTraining and Certification Starting WatchGuard System Manager Monitoring Your NetworkAbout the WatchGuard System Manager Window From the Windows Desktop Disconnecting from a Firebox Connecting to a Firebox Device LogType the password for the Management Server Connecting to a ServerDisconnecting from a Server Seeing Information about DevicesFirebox Status CertificatesBranch Office VPN Tunnels Mobile user VPN tunnels Seeing Information on Log ServersPptp user VPN tunnels No exclamation pointMonitoring VPNs Starting Security Applications About the WatchGuard ToolbarPolicy Manager Firebox ManagerHostWatch Quick Setup WizardLog Viewer Historical ReportsSetting Up Logging and Notification Setting Up the Log ServerLog Server collects logs from each WatchGuard Firebox Configuration Guide for your version of appliance software WatchGuard Log Server Configuration dialog box appearsType the new log encryption key two times Click OK Setting Global Logging and Notification PreferencesClick Save Changes or Close Click Save Changes Setting Global Logging and Notification Preferences Reviewing and Working with Log Files Traffic Alarm Event DiagnosticTypes of Log Messages Traffic log messagesDiagnostic log messages Alarm log messagesLog File Names and Locations Starting LogViewerBrowse to find the log file and click Open LogViewer Settings Click to set the format of the logs to the default colors Changing LogViewer settings with WFS appliance softwareSelect Edit Find Using LogViewerPaste the data into any text editor Click Browse to find the files to put together Click Merge Click File Merge log filesUsing LogViewer Using LogViewer Creating and Editing Reports Generating Reports of Network ActivityFrom Historical Reports, click Add Type the report nameSelect the filter Specifying a Report Time Interval Type the Firebox IP address or host name. Click AddChange the report definition Specifying Report Sections Setting Report Properties To consolidate report sectionsType the number of items to put in the table Exporting Reports Complete the Filter tabs Using Report FiltersRunning Reports When finished, click OKReport Sections and Consolidated Sections Change the filter propertiesReport Sections and Consolidated Sections Session Summary Proxied Traffic Consolidated sections Report Sections and Consolidated Sections Managing Certificates Certificate Authority Public Key Cryptography and Digital CertificatesPKI in a WatchGuard VPN Managing the Certificate Authority From the menu, select the correctCertificate Authority CA Certificate Generate a New Certificate Management Server CA CertificateGWvpn gateway name Find and Manage CertificatesReinstate RevokePuts back a certificate that was revoked before DestroyImporting Certificates Managing the Firebox X Edge Firebox SohoNetscape Netscape CommunicatorAdministration Troubleshooting ideasManaging the Firebox X Edge or Soho Device System StatusSystem security and remote management Removing CertificatesFirewall LoggingSelect File Soho Management Clean up on PC Removing Certificates WatchGuard Firebox Software End-User License Agreement Appendix a Copyright and LicensingWatchGuard System Manager Copyright and Trademarks OpenSSL License LicensesOriginal SSLeay License Apache Software License, Version 2.0, January Licenses Pcre License GNU Lesser General Public License Licenses Licenses Licenses GNU General Public License Licenses Licenses Licenses Sleepycat License Licenses General File Locations Appendix B WatchGuard File LocationsQuick Setup Wizard Default File LocationsFirebox System Manager for Fireware Appliance Software HostWatch for Fireware Appliance SoftwarePolicy Manager for Fireware Appliance Software Policy Manager for WFS Appliance Software WatchGuard System ManagerHostWatch for WFS Appliance Software Firebox System Manager for WFS Appliance SoftwareFlash Disk Management for WFS Appliance Software LogViewerManagement Server WebBlocker ServerLog Server User Interface Log Server for Fireware Appliance Software Log Server for WFS Appliance SoftwareHistorical Reports Management Server Setup Wizard Log MergeManagement Server User Interface WatchGuard Certificate Authority Default File Locations Index Muvpn Wctp 100