Manuals / WatchGuard Technologies / Computer Equipment / Network Card

WatchGuard Technologies Comprehensive Guide to Logging in WatchGuard SOHO Network Cards

Models: SOHO

1 118

Download 118 pages 46.32 Kb

Page 77

CHAPTER 6 What is Logging?

Logging is the act of recording “events” that occur at the SOHO interfaces. An event is any single activity, such as communication with the WatchGuard Feature Key Server or the WatchGuard WebBlocker database and incoming traffic passing through the SOHO.

Logging is intended to record the kinds of activities that can indicate security concerns–most importantly denied packets. Certain patterns of denied packets can indicate the type of attack that is being attempted.

Viewing SOHO log messages

The WatchGuard SOHO generates an ongoing activity log stored on the SOHO: The Event Log. This log stores a maximum of 150 messages. When it reaches its maximum, the oldest message is deleted.

User Guide 5.0

77

Image 77

WatchGuard Technologies SOHO manual What is Logging?, Viewing Soho log messages

Contents

WatchGuard Soho User Guide Page Following conventions are used throughout this guide Using this guideFCC Certification Certifications and NoticesCE Notice Industry CanadaTaiwanese Notice Vcci Notice Class a ITE Declaration of Conformity WatchGuard End-User License Agreement Page User Guide WatchGuard Limited Hardware Warranty User Guide Copyright and Patent Information Table of Contents Your Administrative Options Configuring Virtual Private Networking Page Welcome IntroductionHow does a firewall work? Registration and Identification InformationHow does a firewall work? IP Addresses How does information travel on the internet?Protocol Port numberNetwork Address Translation NAT ServicesHow does the Soho process this information? Soho Home Page-System Status Default Factory SettingsFirewall Settings Resetting a Soho to the Factory DefaultsBase Model Soho Rebooting a WatchGuard SohoRebooting a WatchGuard Soho Rebooting a WatchGuard Soho Before you begin Pre-installation checklistInstallation Process Microsoft Windows NT or Determine your current TCP/IP settingsMicrosoft Windows 95 or 98 or ME MacintoshExit the TCP/IP configuration screen Disable your browser’s Http proxyNetscape 6/6.1 NetscapeCabling the Soho for one to four devices Physically connecting your SohoInternet Explorer 5.0/5.5 Installation Process Cabling the Soho for more than four computers This creates a connection between the Soho and the modem Installation Process Network addressing Configuring Your External NetworkDouble-click the Network icon TCP/IP Properties dialog box appears Configuring the Soho External network for dynamic addressing On your computer Configuring the Soho External network for static addressingExternal On the SohoConfiguring the Soho external network for PPPoE From the Configuration Mode drop list, select PPPoE Client Click Automatically restore lost connections Release and renew the IP configuration Routes Configuring Your Trusted NetworkConfigure the Trusted network with static addresses Configure additional computers to the trusted network Configuring Static Routes View the Network Statistics Network Statistics View the Network Statistics System Security Your Administrative OptionsSetting a System Administrator Name and System Passphrase = System Security = VPN Manager Access Setting up VPN Manager AccessClick the Submit button = Update Update Your Configuration from a Non- Windows PlatformRedeeming your Soho upgrade certificates = Upgrade Seat Licenses Upgrade certificates= View Configuration File View the Configuration FileView the Configuration File Configuring Incoming and Outgoing Services Firewall settingsIncoming or Outgoing Pre-configured ServicesCreating a Custom Service IP Protocols Custom ServiceTCP and UDP Ports Blocking External Sites Blocked Sites Firewall Options Firewall OptionsPing requests received on the External Network Socks implementation for the Soho Denying FTP access to the Trusted Network interfaceConfigure your Socks application Disabling Socks on the Soho Logging all allowed outbound trafficDMZ Creating a virtual DMZCreating a virtual DMZ Creating a virtual DMZ Viewing Soho log messages What is Logging?Wsep Logging Setting a WatchGuard Security Event Processor log hostOur example Syslog Logging Setting a Syslog HostSystem Time Setting the System TimeIf you have decided to use the WatchGuard Time Server Setting the System Time Setting the System Time How WebBlocker works WatchGuard Soho WebBlockerWeb site in WebBlocker database Web site not in WebBlocker databaseWatchGuard WebBlocker database unavailable WebBlocker Users and GroupsBypassing the Soho WebBlocker Purchasing and enabling Soho WebBlockerSettings Configuring the Soho WebBlockerEnable WebBlocker Enter the Inactivity Timeout in minutes Groups Create WebBlocker Groups and UsersTo the right of the Users field, click the New button Click the Submit button Alcohol/Tobacco WebBlocker categoriesDrug Culture Search Engines Click Check if the URL is on the CyberNOT List Searching for blocked sitesWhy create a virtual private network? Configuring Virtual Private NetworkingWhat you will need IP Address Table example Obtaining the VPN upgrade Step-by-step instructions for configuring a Soho VPN tunnelEnabling the VPN upgrade Special considerationsHow do I get a static external IP address? Frequently asked questionsWhy do I need a static external address? How do I obtain a VPN upgrade certificate? OK, why is ping not working?How do I connect three or four offices together? How do I troubleshoot the connection?View the VPN Statistics How do I enable a VPN Tunnel?Muvpn Clients View the VPN Statistics 104 General TroubleshootingHow do I reboot my SOHO? How do I register my SOHO? What do the on and Mode lights signify on the SOHO?What is a Soho feature key? Set a password on my unit, but I forgot it. Can you help?Cant get a certain Soho feature to work with a DSL modem How does the seat limitation on the Soho work?How do I install a Soho using a Macintosh? Where are the Soho settings stored? ConfigurationHow can I see the MAC address of my SOHO? How do I change to a Dhcp trusted IP address?How do I change to a static trusted IP address? How do I set up and disable Webblocker?Incoming WebBlockerVPN Management How do I set up VPN between two SOHOs? How do I set up my Soho for VPN Manager Access?Special Notices Online Documenting and In-Depth FAQsContacting Technical support Database WebBlocker Default gateway 98 DNS service 116 User Guide 117 Socks