VPN Management | WatchGuard Technologies SOHO 6.1 specification

Chapter 10: Support Resources

5Enter the protocol number to allow in the Protocol field.

6Click Submit.

7From the navigation bar on the left side, select

Firewall => Incoming.

The Firewall Incoming Traffic page appears.

8Near the bottom of the page, under the Custom Service header, locate the service you created and select Allow from the drop list.

9Under the header Service Host, enter the IP address of the computer to which this traffic is allowed.

10Click Submit.

VPN Management

Before setting up VPN, you must have:

•Two properly configured and working SOHO 6s or one SOHO 6 with the latest version of firmware and one Firebox II/III. Each SOHO 6 must have the VPN option activated.

•The static external IP address, the network address, and the subnet masks of both appliances. (The base trusted IP address of each SOHO 6 must be static and unique.)

•The DNS and WINS server IP address, if used.

•The shared key (passphrase) for the tunnel.

•The same encryption method for each end of the tunnel (DES or 3DES).

•The same authentication method for each end (MD-5 or SHA-1).

114	WatchGuard Firebox SOHO 6.1

Image 132

WatchGuard Technologies SOHO 6.1 manual VPN Management

Contents

WatchGuard Firebox Soho User Guide Using this Guide Following conventions are used in this guide Certifications and Notices FCC CertificationCE Notice Industry Canada Vcci Notice Class a ITE Declaration of Conformity Watchguard Soho Software END-USER License Agreement User Guide Vii Viii WatchGuard Firebox Soho Copyright, Trademark, and Patent Information WatchGuard Firebox Soho User Guide Xii WatchGuard Firebox Soho Contents Configure the Network Interfaces Configure the Firewall Settings VPN-Virtual Private Networking Index 117 Xviii WatchGuard Firebox Soho Introduction Welcome Package Contents How Does a Firewall Work? How Does Information Travel on the Internet? IP addressesProtocol Services How Does the Soho 6 Process Information?Port numbers Network Address Translation Soho 6 Hardware Description Soho 6 front and rear viewsFaster Processor Ethernet ports Status Link100 Mode OPT port Reset button Power inputWAN port Numbered ports Introduction WatchGuard Firebox Soho Installation Review and record your current TCP/IP settings Click Start = Programs = Accessories = Command PromptBefore You Begin Microsoft Windows 2000 and Windows XP Microsoft Windows NT Microsoft Windows 95 or 98 or MEMacintosh Other operating systems Unix, Linux Disable the Http proxy setting of your Web browser Exit the TCP/IP configuration screen Netscape Click Edit = Preferences Enable your computer for Dhcp Click Start = Settings = Control PanelInternet Explorer 5.0, 5.5, Click Tools = Internet Options Click Properties Physically connect the Soho Cabling the Soho 6 for one to four appliances Cabling the Soho 6 for more than four computers Physically connect the Soho Soho 6 is now connected to the Internet and your hub Soho 6 Basics Soho 6 Home Page-System Status Soho 6 Basics Default Factory Settings External NetworkTrusted Network Reset a Soho 6 to factory default Firewall SettingsUpgrade Options System Security Register your Soho 6 and Activate the LiveSecurity Service Base model Soho Reboot the Soho Reboot the Soho Soho 6 Basics WatchGuard Firebox Soho Configure Network Interfaces Configure Your External NetworkNetwork addressing Configure the Soho 6 External Network for dynamic addressing Configure the Soho 6 External Network for static addressing Manual ConfigurationNetwork = External Configure the Soho 6 External Network for PPPoE Click Automatically restore lost connections Configure the Trusted Network Configure Dhcp Server and Dhcp Relay Trusted Network Configuration page appears Configure additional computers on the Trusted Network Configure the Trusted Network with static addresses Network = Trusted Configure Static Routes Click Add View Network Statistics Network = Network Statistics Configure the Dynamic DNS Service Select the Enable Dynamic DNS client checkboxNetwork = DynamicDNS Configure OPT Port Upgrades Configure Dual ISP Port Configure OPT Port Upgrades Network = Dual ISP Configure VPNforce Port Network = Optional Configure OPT Port Upgrades Configure the Network Interfaces WatchGuard Firebox Soho Administrative Options System Security System management Administration = System Security Set up VPN Manager Access Soho Remote Management Administration = VPN Manager Access Select Enable VPN Manager Access Update Your Firmware Administration = Update Redeem your Soho 6 Upgrade Options Administration = Upgrade Upgrade optionsSeat Licenses LiveSecurity Service Subscription Renewals Dual ISP PortVPNforce Port IPSec Virtual Private Networking VPN View the Configuration File Administration = View Configuration File Configure Firewall Settings Firewall Settings Configure Incoming and Outgoing Services Pre-configured ServicesFirewall = Incoming or Outgoing Create a Custom Service Firewall = Custom Service Custom Service page refreshes Block External Sites Blocked Sites page appears Firewall Options Firewall = Firewall Options Denying FTP access to the Trusted Network interface Select Do not allow FTP access to Trusted NetworkPing requests received on the External Network Socks implementation for the Soho Configuring your Socks application Logging all allowed outbound traffic Disabling Socks on the Soho Enable override MAC address for the External Network Select Log All Allowed Outbound AccessSelect Enable override MAC address for the External Network Select Enable pass through address Create an Unrestricted Pass ThroughFirewall = Pass Through Create an Unrestricted Pass Through Configure the Firewall Settings WatchGuard Firebox Soho Configure Logging View Soho 6 Log Messages From the navigation bar on the left side, select Logging To have your log messages synchronize with your computer Select Enable WatchGuard Security Event Processor Logging Set up Logging to a Syslog Host Select Enable syslog outputLogging = Syslog Logging Set the System Time Select Include local time in syslog message Select Adjust for daylight savings time Select a time zone from the drop list Configure Logging WatchGuard Firebox Soho Why Create a Virtual Private Network? VPN-Virtual Private Networking What You Need IP Address Table example Enable the VPN Upgrade Frequently Asked Questions Why do I need a static external address?Special Considerations How do I get a static external IP address? Why is ping not working? How do I obtain a VPN upgrade license key?How do I enable a VPN Tunnel? How do I troubleshoot the connection? Set Up Multiple SOHO-SOHO VPN Tunnels VPN = Manual VPN Soho 6 you want to set up a VPN tunnel Enter the Name, IPSec Gateway Address, and Shared Key for Set Up Multiple SOHO-SOHO VPN Tunnels Forward Secrecy Configure Split Tunneling Muvpn Clients View the VPN Statistics Statistics Soho 6 WebBlocker How WebBlocker Works Web site not in the WebBlocker database Web site in the WebBlocker databaseWatchGuard WebBlocker database unavailable Purchase and Activate Soho 6 WebBlocker WebBlocker users and groupsBypass the Soho 6 WebBlocker Groups Configure the Soho 6 WebBlocker WebBlocker = SettingsActivate WebBlocker Select Enable WebBlocking Create WebBlocker Groups and Users Click New to create a group name and profile Click Submit To the right of the Users field, click New WebBlocker Categories Alcohol/tobaccoIllegal Gambling Militant/extremist Drug CultureSatanic/cult Intolerance Gross Depictions Violence/profanitySearch Engines Sports and Leisure Sexual Acts Full NudityPartial/artistic Nudity Troubleshooting Tips Support ResourcesGeneral How do I register my Soho 6 with the LiveSecurity Service? How do I restart my Soho 6? What is a Soho 6 Feature Key? Cant get a certain Soho 6 feature to work with a DSL modemHow does the seat limitation on the Soho 6 work? 110 Configuration Where are the Soho 6 settings stored?How do I set up Dhcp on the trusted network of the Soho 6? Select Enable Dhcp Server and then click Submit Disable Enable Dhcp Server and then click Submit How do I set up and disable Webblocker?How do I change to a static, trusted IP address? Firewall = Incoming VPN Management How do I set up my Soho 6 for VPN Manager Access? How do I set up VPN to a Soho 6s? Online Documentation and In-Depth FAQs Contact Technical support Index Numerics WAN Socks Redeeming 57 types Upgrade page 58 upgrading Processor WebBlocker 122