WatchGuard Technologies Firebox X instruction

Managing the Certificate Authority

authenticates to the Management Server. The CA makes sure that the managed Firebox clients are authenticated and then gives a certificate to each client. The two managed Firebox clients use the certif- icates to authenticate the VPN tunnel being created between them.

MUVPN and certificates

Because MUVPN clients are not clients of the Management Server, they authenticate to the Firebox. Use the MUVPN Wizard from Policy Manager to contact the CA and create a certificate for the MUVPN client. Policy Manager creates a package that includes this certificate and two other files.

The Firebox administrator gives each MUVPN user a package of files. Together, these files are the MUVPN end-user profile. Users who authenticate with shared keys receive one .wgx file. Users who authenticate with certificates receive a .wgx file, a .p12 file (which is the client certificate), and a cacert.pem file (which contains the root certificate).

The MUVPN user who authenticates with certificates then opens the .wgx file. The root and client certif- icates contained in the cacert.pem and the .p12 files are automatically loaded.

For more information on MUVPN, see the MUVPN Administrator Guide.

Managing the Certificate Authority

You can control different parameters of the Certificate Authority with the Web-based CA Manager.

1From WatchGuard System Manager, connect to the Management Server.

You must type the configuration passphrase to connect.

1Select Resources > CA Manager.

or

Click the CA Manager icon on the WatchGuard System Manager toolbar. The icon is shown at left.

The menu of the Certificate Authority Settings pages appears.

2From the menu, select the correct page:

Certificate Authority CA Certificate

Print a copy of the CA (root) certificate to the screen. You can then manually save it to the client.

60	WatchGuard System Manager

Image 66

WatchGuard Technologies Firebox X manual Managing the Certificate Authority, From the menu, select the correct

Contents

WatchGuardSystem Manager User Guide Address Contents Setting Up Logging and Notification Copy the online help system to more computers LogViewer Settings Importing Certificates Microsoft Internet Explorer 5.5 Apache Software License, Version 2.0, January WatchGuard Management Server Getting StartedAbout WatchGuard System Manager Log Server Installing WatchGuard System Manager About Hardware and Appliance Software License Keys Network addresses Trusted interface 1Network IP Addresses Without the FireboxExternal interface Optional interfaces Uses 40-bit encryption Software encryption levelsBase Strong Setting Up Your Management Server Putting the Firebox into operation on your network Master password Admin password After Your Installation Installation Topics WFS appliance software configuration modes Routed configuration Drop-in configuration Use the Quick Setup Wizard during installation Adding secondary networks to your configurationTo add a secondary networks, do one of these procedures Dynamic IP support on the external interface Entering IP addresses About slash notation Installing the Firebox cables Installation Topics Threat responses, alerts, and expert advice Service and SupportLiveSecurity Service Solutions Easy software updates LiveSecurity Service Broadcasts LiveSecurity Service Self Help Tools Basic FAQsNew from WatchGuard Interactive Support Forum Advanced FAQsKnown Issues Online Training WatchGuard Users Group Using the WatchGuard Users ForumWatchGuard Users Forum Online Help Copy the online help system to more computers Product DocumentationTechnical Support Software requirements Type of Service Web Site Service TimeWe try to supply a solution in a maximum time of four hours Hours Training and Certification About the WatchGuard System Manager Window Monitoring Your NetworkStarting WatchGuard System Manager From the Windows Desktop Device Connecting to a FireboxDisconnecting from a Firebox Log Disconnecting from a Server Connecting to a ServerType the password for the Management Server Seeing Information about Devices Firebox Status CertificatesBranch Office VPN Tunnels Pptp user VPN tunnels Seeing Information on Log ServersMobile user VPN tunnels No exclamation point Monitoring VPNs Policy Manager About the WatchGuard ToolbarStarting Security Applications Firebox Manager Log Viewer Quick Setup WizardHostWatch Historical Reports Setting Up Logging and Notification Setting Up the Log ServerLog Server collects logs from each WatchGuard Firebox WatchGuard Log Server Configuration dialog box appears Configuration Guide for your version of appliance software Setting Global Logging and Notification Preferences Type the new log encryption key two times Click OK Click Save Changes or Close Click Save Changes Setting Global Logging and Notification Preferences Types of Log Messages Traffic Alarm Event DiagnosticReviewing and Working with Log Files Traffic log messages Log File Names and Locations Alarm log messagesDiagnostic log messages Starting LogViewer Browse to find the log file and click Open LogViewer Settings Changing LogViewer settings with WFS appliance software Click to set the format of the logs to the default colors Using LogViewer Select Edit Find Paste the data into any text editor Click File Merge log files Click Browse to find the files to put together Click Merge Using LogViewer Using LogViewer Generating Reports of Network Activity Creating and Editing Reports From Historical Reports, click Add Type the report nameSelect the filter Specifying a Report Time Interval Type the Firebox IP address or host name. Click AddChange the report definition Specifying Report Sections Setting Report Properties To consolidate report sectionsType the number of items to put in the table Exporting Reports Using Report Filters Complete the Filter tabs Report Sections and Consolidated Sections When finished, click OKRunning Reports Change the filter properties Report Sections and Consolidated Sections Session Summary Proxied Traffic Consolidated sections Report Sections and Consolidated Sections Managing Certificates Certificate Authority Public Key Cryptography and Digital CertificatesPKI in a WatchGuard VPN Managing the Certificate Authority From the menu, select the correctCertificate Authority CA Certificate GWvpn gateway name Management Server CA CertificateGenerate a New Certificate Find and Manage Certificates Puts back a certificate that was revoked before RevokeReinstate Destroy Managing the Firebox X Edge Firebox Soho Importing Certificates Netscape Communicator Netscape Managing the Firebox X Edge or Soho Device Troubleshooting ideasAdministration System Status Firewall Removing CertificatesSystem security and remote management Logging Select File Soho Management Clean up on PC Removing Certificates Appendix a Copyright and Licensing WatchGuard Firebox Software End-User License Agreement WatchGuard System Manager Copyright and Trademarks Licenses OpenSSL License Original SSLeay License Apache Software License, Version 2.0, January Licenses Pcre License GNU Lesser General Public License Licenses Licenses Licenses GNU General Public License Licenses Licenses Licenses Sleepycat License Licenses Appendix B WatchGuard File Locations General File Locations Default File Locations Quick Setup Wizard Firebox System Manager for Fireware Appliance Software HostWatch for Fireware Appliance SoftwarePolicy Manager for Fireware Appliance Software WatchGuard System Manager Policy Manager for WFS Appliance Software Flash Disk Management for WFS Appliance Software Firebox System Manager for WFS Appliance SoftwareHostWatch for WFS Appliance Software LogViewer Management Server WebBlocker ServerLog Server User Interface Log Server for Fireware Appliance Software Log Server for WFS Appliance SoftwareHistorical Reports Management Server Setup Wizard Log MergeManagement Server User Interface WatchGuard Certificate Authority Default File Locations Index Muvpn Wctp 100