Manuals / WatchGuard Technologies / Computer Equipment / Network Router

WatchGuard Technologies FireboxTM System 4.6 Configuring an FTP proxy service, Click Outgoing

Models: FireboxTM System 4.6

1 170

Download 170 pages 21.61 Kb

Page 64

Setting up proxy services

Configuring the outgoing SMTP proxy

Use the Outgoing SMTP Proxy dialog box to set the parameters for traffic going from your Trusted and Optional network to the world. You must already have an SMTP Proxy service icon in the Services Arena. Double-click the icon to open the service’s Properties dialog box:

1Click the Properties tab.

2Click Outgoing.

The Outgoing SMTP Proxy dialog box appears, displaying the General tab.

3To add a new header pattern, type the pattern name in the text box to the left of the Add button. Click Add.

4To remove a header from the pattern list, click the header pattern. Click Remove.

5 Set a time-out value in seconds.

6 To modify logging properties, click the Logging tab.

Add masquerading options

SMTP masquerading converts an address pattern behind the firewall into an anonymized public address. For example, the internal address pattern might be inside.salesdept.bigcompany.com, which would be anonymized to their public address bigcompany.com.

1Click the Masquerading tab.

2Enter the official domain name.

This is the name you want visible to the outside world.

3In the Substitute text box, type the address patterns that are behind your firewall

that you want replaced by the official domain name.

All patterns entered here appear as the official domain name outside the Firebox.

4In the Don’t Substitute text box, type the address patterns that you want to appear “as is” outside the firewall.

5Enable other masquerading properties according to your security policy preferences.

Configuring an FTP proxy service

To enable the FTP proxy, add the FTP icon to the Services Arena. From the Policy Manager Services Arena:

1Double-click the FTP Proxy service icon to open the FTP Proxy Properties dialog box.

Outgoing FTP does not work without an FTP icon in the Services Arena to trigger the FTP proxy.

2Click the Properties tab.

3 Click Settings.

4Enable FTP proxy properties according to your security policy preferences.

For a description of each control, right-click it, and then click What’s This?

54

Image 64

WatchGuard Technologies FireboxTM System 4.6 manual Configuring an FTP proxy service, Configuring the outgoing Smtp proxy

Contents

WatchGuard Firebox System User Guide Disclaimer Copyright and Patent InformationWatchGuard Firebox System WFS End-User License Agreement Page Declaration of Conformity WatchguardCE Notice FCC CertificationCSA Statement Table of Contents Using the WatchGuard Control Center Setting Up Network Address Translation 149 Welcome to WatchGuard Part I IntroductionWatchGuard Firebox System components WatchGuard Control Center WatchGuard FireboxWatchGuard security suite LiveSecurity Service Minimum requirementsSoftware requirements Web browser requirementsHardware requirements CPUPart II WatchGuard Services LiveSecurity ServiceWatchGuard Optional Features Technical SupportPage LiveSecurity Service Software UpdateLiveSecurity broadcasts Information AlertActivating the LiveSecurity Service EditorialSupport Flash Virus AlertMinimize or close your Web browser LiveSecurity broadcasts Accessing frequently asked questions FAQ Technical SupportKnown issues Click the LSS/SOHO Known Issues link on the leftGetting Internet technical support Getting telephone supportTraining WatchGuard Interactive Training System WitsOnline Help WatchGuard users groupInstructor-led courses Starting WatchGuard Online Help Searching for topicsCopying the Help system to additional platforms Online Help system requirementsContext-sensitive Help WatchGuard Options Currently available optionsVPN Manager High AvailabilityMobile User VPN Obtaining WatchGuard optionsSpamScreen Part III Configuring a Security Policy Set up logging and notification Set up network address translation NATConnect with out-of-band management What is a Firebox? Firebox BasicsPlacing a Firebox within a network Opening a configuration file Saving a configuration fileOpening a configuration from the Firebox Opening a configuration from a local hard diskResetting Firebox passphrases Saving a configuration to the local hard diskSaving a configuration to the Firebox Tips for creating secure passphrasesSetting the time zone Reinitializing a misconfigured FireboxSelect Setup =Time Zone Reinitialize the Firebox using the QuickSetup wizardBooting from the system area Using the WatchGuard Control Center Starting the Control Center and connecting to a FireboxNavigating the WatchGuard Control Center Control Center componentsFront panel QuickGuideFirebox and VPN tunnel status IPSec Remote VPN tunnelsExpanding and collapsing the display Red exclamation pointConnecting to a Firebox Setting the maximum number of log messagesWorking with the Control Center Traffic MonitorManipulating the Traffic Monitor Policy ManagerOpening WatchGuard Firebox System tools LogViewer Firebox MonitorsChanging the Policy Manager view Historical Reports HostWatchLiveSecurity Event Processor LiveSecurity Event Processor Configuring a Network Running the QuickSetup wizardTrusted ExternalSetting up a drop-in network Setting up a routed network Select Network = Configuration Adding a secondary networkDefining a network route Select Network = RoutesSetting the default gateway Select Network = Default GatewayDefining a host route Changing an interface IP addressSelect Network = Configuration. Click the General tab Select Network = Configuration. Click the Dhcp Server tabEntering Wins and DNS server addresses Defining a Firebox as a Dhcp serverRemoving a Subnet Modifying an existing subnetClick the subnet to remove it. Click Remove Click OK Defining a Firebox as a Dhcp server Select Setup = Default Packet Handling Configuring default packet handlingBlocking Sites and Ports Blocking a site permanently Removing a blocked siteChanging the auto-block duration Logging and notification for blocked sitesBlocking a port permanently Removing a blocked portLogging and notification for blocked ports Category list, click Blocked SitesConfiguring a service to temporarily block sites Blocking sites temporarily with service settingsViewing the Blocked Sites list Adding an existing service Configuring ServicesClick OK to close the Properties dialog box Creating a new service IgnoreSecure PortDefining service properties Adding incoming service propertiesAdding addresses to service properties Adding outgoing service propertiesWorking with wg icons Configuring services for authentication Modifying a serviceDeleting a service Under Internal Hosts, click AddSetting up proxy services Configuring an Smtp proxy serviceConfiguring the incoming Smtp proxy Click YesSelecting content types Adding address patternsProtecting your mail server against relaying Select headers to allowConfiguring an FTP proxy service Configuring the outgoing Smtp proxyClick Outgoing Add masquerading optionsConfiguring an Http proxy service Service precedence From Rank Any List Service precedence How WebBlocker works Controlling Web TrafficReverting to old WebBlocker databases Configuring the WebBlocker service Prerequisites to using WebBlockerLogging and WebBlocker Activating WebBlockerSetting privileges Scheduling operational and non-operational hoursCreating WebBlocker exceptions Click the WebBlocker Controls tabManually downloading the WebBlocker database Debug- Outputs debugging informationSetting Up Network Address Translation What is dynamic NAT?Using simple dynamic NAT Select Setup = NATEnabling simple dynamic NAT Adding dynamic NAT entriesEnabling service-based NAT Using service-based NATConfiguring service-based NAT exceptions Configuring a service for incoming static NAT Setting static NAT for a serviceSelect Network = Configuration. Click the External tab Adding external IP addressesCheckbox Enter the internal IP addressClick OK to close the Add Static NAT dialog box Configuring a service for incoming static NAT Setting Up Logging Notification Ensure logging with failover loggingDesignating Event Processors for a Firebox WatchGuard logging architectureLiveSecurity Event Processor Editing an Event Processor setting Select Setup = LoggingAdding an Event Processor Enabling Syslog loggingRemoving an Event Processor Reordering Event ProcessorsSynchronizing Event Processors For Windows NT Event ProcessorsSetting up the LiveSecurity Event Processor Installing the Event Processor programRunning an Event Processor on Windows Running an Event Processor on Windows NT or WindowsAs a Windows NT or Windows 2000 Service Interactive mode from a DOS windowViewing the Event Processor Click WG LiveSecurity Event Processor. Click StartupSetting global logging and notification preferences Setting the log encryption keySetting the interval for log rollover Starting and stopping the Event ProcessorCustomizing logging and notification by service or option Scheduling log reportsControlling notification CategorySetting logging and notification for a service Setting Launch Interval and Repeat CountSetting logging and notification for blocked sites and ports Select Setup = Blocked SitesConnect with Out-of-Band Management Connecting a Firebox with OOB managementEnabling the Management Station Install the modem Configure the dial-up connectionPreparing a Windows NT Management Station for OOB Preparing a Windows 95/98 Management Station for OOBConfiguring the Firebox for OOB Select Network = Configuration. Click the OOB tabConfiguring PPP for connecting to a Firebox Establishing an OOB connectionEstablishing an OOB connection Part IV Administering a Security Policy Aliases and AuthenticationFirebox Activity Monitors Network Activity ReportsPage Creating Aliases Implementing Authentication Using host aliasesModifying a host alias Adding a host aliasRemoving a host alias User authentication types What is user authentication?How user authentication works Configuring Firebox authentication Configuring Windows NT Server authenticationUnder Authentication Enabled Via, click the Firebox option To close the Setup Remote User dialog box, click CloseConfiguring Radius server authentication Click the Windows NT Server tabConfiguring CRYPTOCard server authentication Enter the administrator passwordOn the Radius Server Enter or accept the time-out in secondsConfiguring SecurID authentication Using authentication to define remote user VPN access Example Configuring a service for Remote User VPNStarting Firebox Monitors and connecting to a Firebox Monitoring Firebox ActivitySetting Firebox Monitors view properties ServiceWatchBandwidth Meter StatusReportNetwork configuration Packet countsLog and notification hosts Blocked Sites listAuthentication host information Logging optionsMemory Load averageRoutes InterfacesInterface the Firebox uses for each destination address Blocked Sites list Authentication listARP table Replaying a log file HostWatch displaySelect File = Connect Select File = OpenViewing authenticated users Controlling the HostWatch displayViewing specific hosts Viewing specific portsModifying view properties AddHostWatch 102 Setting LogViewer preferences Reviewing and Working with Log FilesViewing files with LogViewer Starting LogViewer and opening a log fileSearching for specific entries Copying and exporting LogViewer dataDisplaying and hiding fields Working with log files Consolidating logs from multiple locationsSetting log encryption keys Copying log filesForcing the rollover of log files From LiveSecurity Event ProcessorWorking with log files 108 Generating Reports of Network Activity Starting Historical ReportsCreating and editing reports Viewing the reports listSpecifying report sections Creating a new reportEditing an existing report Deleting a reportSpecifying a report time span Setting report propertiesConsolidating report sections Exporting reports Exporting reports to Html formatExporting a report to WebTrends for Firewalls and VPNs Enter the number of elements to rank in the tableExporting a report to a text file Using report filtersCreating a new filter Scheduling and running reports Editing a filterDeleting a filter Applying a filterReport sections and consolidated sections Manually running a reportSession Summary Packet Filtered Time Summary Proxied TrafficHost Summary Proxied Traffic Proxy SummaryConsolidated Sections 118 Branch office virtual private network Part V WatchGuard Virtual Private NetworkingRemote user virtual private network 120 Configuring Branch Office Virtual Private Networking Configuration checklistUsing Dvcp to connect to devices How does Dvcp work?Basic and Enhanced Dvcp Creating a tunnel to a Soho or SOHOtcEditing a tunnel to a device Select Network = Branch Office VPN = Basic DvcpTelecommuter IP Address Soho Private NetworkBranch office VPN with IPSec Removing a tunnel to a deviceDefining a Firebox as an Enhanced Dvcp Client Select the tunnel policy. Click EditConfiguring a gateway Select Network = Branch Office VPN = IPSecAdding a gateway Click GatewaysConfiguring a tunnel with manual security Incoming Settings for Outgoing checkboxUsing Encapsulated Security Protocol ESP Removing a gatewayConfiguring a tunnel with dynamic security Using Authenticated Headers AHClick Key. Enter a passphrase. Click OK Click the Dynamic Security tabCreating an IPSec policy BlockBypass Dst Port field, enter the remote host portConfiguring services for branch office VPN with IPSec Changing IPSec policy orderSrc Port field, enter the local host port IncomingConfiguring WatchGuard VPN WatchGuard VPN configuration modelsSetting up WatchGuard VPN Allow VPN access to any servicesEnable the Activate WatchGuard VPN checkbox Changing remote network entriesPreventing IP spoofing with WatchGuard VPN Enter the encryption key. Click Make KeyConfiguring incoming services to allow VPN Verifying successful WatchGuard VPN configurationRemote User Pptp Configuring the Firebox for Remote User VPNMobile User VPN Adding remote access users Configuring shared servers for RuvpnAdding a member to built-in Ruvpn user groups By individual service Configuring services to allow incoming RuvpnUsing the Any service Configuring the Firebox for Remote User Pptp Activating Remote User PptpEntering IP addresses for Remote User sessions Select Network = Remote User. Click the Pptp tabPurchasing a Mobile User VPN license Configuring the Firebox for Mobile User VPNRules for valid Remote User Pptp addresses Preparing Mobile User VPN configuration files Entering license keysDefining a new mobile user Select Network = Remote User. Click the Mobile User VPN tabSaving the configuration to a Firebox Distributing the software and configuration filesModifying an existing Mobile User VPN entry Select Network = Remote UserDebugging Mobile User VPN Configuring debugging optionsDebugging Remote User VPN Pptp Preparing a Host for Remote User VPN Preparing the client computersWindows 95/98 platform preparation Remote host operating systemClick the Identification tab Installing Dial-Up Adapter #2 VPN Support Installing Client for Microsoft NetworksWindows NT platform preparation Setting up Ruvpn for Windows Click Dial Out Only. Click ContinueAdding a domain name to a Windows NT workstation Select Computer BrowserConfiguring the remote host for Ruvpn with Pptp Installing a VPN adapter on Windows 95/98Initial Connection window that appears, click Yes Click Obtain an IP Address Automatically. Click OKInstalling a VPN adapter on Windows NT Using Remote User PptpStarting Remote User Pptp Enter the remote client username and password Running Remote User PptpDouble-click the Ruvpn connection Click ConnectConfiguring debugging options 148 Index 150 User Guide 151 152 User Guide 153 154 User Guide 155 156 User Guide 157 158 User Guide 159 160