Routed configuration | WatchGuard Technologies Firebox X manual

Installation Topics

This table shows you the ports you must open on a desktop firewall.

Server Type/Appliance Software	Protocol/Port
Management Server	TCP 4109, TCP 4110, TCP 4112, TCP 4113

Log Server
with Fireware appliance software	TCP 4115
with WFS appliance software	TCP 4107

WebBlocker Server	TCP 5003, UDP 5003

WFS appliance software configuration modes

There are two configuration modes available for users with WFS appliance software: a routed configura- tion or a drop-in configuration. (If you are using Fireware appliance software, drop-in mode is not avail- able.) Many networks operate the best with a routed configuration. But we recommend the drop-in mode if:

•You have a large number of public IP addresses

•You have a static external IP address

•You cannot configure the computers on your trusted and optional networks that have public IP addresses with private IP addresses

The table below shows three conditions that can help you to select a firewall configuration mode. We then give more information about each mode.

	Routed Configuration	Drop-in Configuration
Condition 1	All interfaces of the Firebox are on	All interfaces of the
	different networks. The minimum	Firebox are on the same
	configured interfaces are external and	network and have the same
	trusted.	IP address (Proxy ARP).

Condition 2	Trusted and optional interfaces must be	The computers on the
	on different networks. The two interfaces	trusted or optional
	must have an IP address on their	interfaces can have a
	respective network.	public IP address.

Condition 3	Use static NAT to map public addresses	The machines that have
	to private addresses behind the trusted	public access have public
	or optional interfaces.	IP addresses. Thus, no
		static NAT is necessary.

Routed configuration

You use the routed configuration when you have a small number of public IP addresses or when your Firebox gets its external IP address using PPPoE or DHCP. This configuration also makes it easier to con- figure virtual private networks.

User Guide

9

Image 15

WatchGuard Technologies Firebox X manual WFS appliance software configuration modes, Routed configuration

Contents

WatchGuardSystem Manager User Guide Address Contents Copy the online help system to more computers Setting Up Logging and Notification Importing Certificates Microsoft Internet Explorer 5.5 LogViewer Settings Apache Software License, Version 2.0, January Log Server Getting StartedAbout WatchGuard System Manager WatchGuard Management Server About Hardware and Appliance Software Installing WatchGuard System Manager Network addresses License Keys Optional interfaces 1Network IP Addresses Without the FireboxExternal interface Trusted interface Strong Software encryption levelsBase Uses 40-bit encryption Putting the Firebox into operation on your network Setting Up Your Management Server Admin password Master password Installation Topics After Your Installation Routed configuration WFS appliance software configuration modes Drop-in configuration Dynamic IP support on the external interface Adding secondary networks to your configurationTo add a secondary networks, do one of these procedures Use the Quick Setup Wizard during installation About slash notation Entering IP addresses Installing the Firebox cables Installation Topics Easy software updates Service and SupportLiveSecurity Service Solutions Threat responses, alerts, and expert advice LiveSecurity Service Broadcasts LiveSecurity Service Self Help Tools Basic FAQsNew from WatchGuard Online Training Advanced FAQsKnown Issues Interactive Support Forum Online Help Using the WatchGuard Users ForumWatchGuard Users Forum WatchGuard Users Group Software requirements Product DocumentationTechnical Support Copy the online help system to more computers Hours Web Site Service TimeWe try to supply a solution in a maximum time of four hours Type of Service Training and Certification From the Windows Desktop Monitoring Your NetworkStarting WatchGuard System Manager About the WatchGuard System Manager Window Log Connecting to a FireboxDisconnecting from a Firebox Device Seeing Information about Devices Connecting to a ServerType the password for the Management Server Disconnecting from a Server Firebox Status CertificatesBranch Office VPN Tunnels No exclamation point Seeing Information on Log ServersMobile user VPN tunnels Pptp user VPN tunnels Monitoring VPNs Firebox Manager About the WatchGuard ToolbarStarting Security Applications Policy Manager Historical Reports Quick Setup WizardHostWatch Log Viewer Setting Up Logging and Notification Setting Up the Log ServerLog Server collects logs from each WatchGuard Firebox Configuration Guide for your version of appliance software WatchGuard Log Server Configuration dialog box appears Type the new log encryption key two times Click OK Setting Global Logging and Notification Preferences Click Save Changes or Close Click Save Changes Setting Global Logging and Notification Preferences Traffic log messages Traffic Alarm Event DiagnosticReviewing and Working with Log Files Types of Log Messages Starting LogViewer Alarm log messagesDiagnostic log messages Log File Names and Locations Browse to find the log file and click Open LogViewer Settings Click to set the format of the logs to the default colors Changing LogViewer settings with WFS appliance software Select Edit Find Using LogViewer Paste the data into any text editor Click Browse to find the files to put together Click Merge Click File Merge log files Using LogViewer Using LogViewer Creating and Editing Reports Generating Reports of Network Activity From Historical Reports, click Add Type the report nameSelect the filter Specifying a Report Time Interval Type the Firebox IP address or host name. Click AddChange the report definition Specifying Report Sections Setting Report Properties To consolidate report sectionsType the number of items to put in the table Exporting Reports Complete the Filter tabs Using Report Filters Change the filter properties When finished, click OKRunning Reports Report Sections and Consolidated Sections Report Sections and Consolidated Sections Session Summary Proxied Traffic Consolidated sections Report Sections and Consolidated Sections Managing Certificates Certificate Authority Public Key Cryptography and Digital CertificatesPKI in a WatchGuard VPN Managing the Certificate Authority From the menu, select the correctCertificate Authority CA Certificate Find and Manage Certificates Management Server CA CertificateGenerate a New Certificate GWvpn gateway name Destroy RevokeReinstate Puts back a certificate that was revoked before Importing Certificates Managing the Firebox X Edge Firebox Soho Netscape Netscape Communicator System Status Troubleshooting ideasAdministration Managing the Firebox X Edge or Soho Device Logging Removing CertificatesSystem security and remote management Firewall Select File Soho Management Clean up on PC Removing Certificates WatchGuard Firebox Software End-User License Agreement Appendix a Copyright and Licensing WatchGuard System Manager Copyright and Trademarks OpenSSL License Licenses Original SSLeay License Apache Software License, Version 2.0, January Licenses Pcre License GNU Lesser General Public License Licenses Licenses Licenses GNU General Public License Licenses Licenses Licenses Sleepycat License Licenses General File Locations Appendix B WatchGuard File Locations Quick Setup Wizard Default File Locations Firebox System Manager for Fireware Appliance Software HostWatch for Fireware Appliance SoftwarePolicy Manager for Fireware Appliance Software Policy Manager for WFS Appliance Software WatchGuard System Manager LogViewer Firebox System Manager for WFS Appliance SoftwareHostWatch for WFS Appliance Software Flash Disk Management for WFS Appliance Software Management Server WebBlocker ServerLog Server User Interface Log Server for Fireware Appliance Software Log Server for WFS Appliance SoftwareHistorical Reports Management Server Setup Wizard Log MergeManagement Server User Interface WatchGuard Certificate Authority Default File Locations Index Muvpn Wctp 100