Pre-configured Services | WatchGuard Technologies SOHO 6.1 manual

Chapter 6: Configure the Firewall Settings

Configure Incoming and Outgoing Services

By default, the security stance of the SOHO 6 is to deny incoming packets to computers on the trusted network protected by the SOHO 6 firewall. You can selectively open your network to certain types of Internet connectivity. For example, to set up a Web server behind the SOHO 6, you add an incoming Web service.

It is important to remember that each service you add opens a small window into your trusted network and marginally reduces your security. This is the inherent trade-off between access and security.

Pre-configured Services

Each service is defined by a combination of Internet protocols and port numbers to uniquely identify the connection type to applications and servers on the Internet. The SOHO 6 configuration pages include several of the most common types.

Follow these steps to add an Incoming service:

1From the navigation bar on the left side, select

Firewall => Incoming or Outgoing.

The Filter Traffic page appears.

62	WatchGuard Firebox SOHO 6.1

Image 80

WatchGuard Technologies SOHO 6.1 manual Configure Incoming and Outgoing Services, Pre-configured Services

Contents

WatchGuard Firebox Soho User Guide Using this Guide Following conventions are used in this guide Certifications and Notices FCC CertificationCE Notice Industry Canada Vcci Notice Class a ITE Declaration of Conformity Watchguard Soho Software END-USER License Agreement User Guide Vii Viii WatchGuard Firebox Soho Copyright, Trademark, and Patent Information WatchGuard Firebox Soho User Guide Xii WatchGuard Firebox Soho Contents Configure the Network Interfaces Configure the Firewall Settings VPN-Virtual Private Networking Index 117 Xviii WatchGuard Firebox Soho Introduction Welcome Package Contents How Does a Firewall Work? Protocol How Does Information Travel on the Internet?IP addresses Services How Does the Soho 6 Process Information?Port numbers Network Address Translation Soho 6 Hardware Description Soho 6 front and rear viewsFaster Processor Ethernet ports Status Link100 Mode OPT port Reset button Power inputWAN port Numbered ports Introduction WatchGuard Firebox Soho Installation Review and record your current TCP/IP settings Click Start = Programs = Accessories = Command PromptBefore You Begin Microsoft Windows 2000 and Windows XP Microsoft Windows NT Microsoft Windows 95 or 98 or MEMacintosh Other operating systems Unix, Linux Disable the Http proxy setting of your Web browser Exit the TCP/IP configuration screen Netscape Click Edit = Preferences Enable your computer for Dhcp Click Start = Settings = Control PanelInternet Explorer 5.0, 5.5, Click Tools = Internet Options Click Properties Physically connect the Soho Cabling the Soho 6 for one to four appliances Cabling the Soho 6 for more than four computers Physically connect the Soho Soho 6 is now connected to the Internet and your hub Soho 6 Basics Soho 6 Home Page-System Status Soho 6 Basics Trusted Network Default Factory SettingsExternal Network Reset a Soho 6 to factory default Firewall SettingsUpgrade Options System Security Register your Soho 6 and Activate the LiveSecurity Service Base model Soho Reboot the Soho Reboot the Soho Soho 6 Basics WatchGuard Firebox Soho Network addressing Configure Network InterfacesConfigure Your External Network Configure the Soho 6 External Network for dynamic addressing Network = External Configure the Soho 6 External Network for static addressingManual Configuration Configure the Soho 6 External Network for PPPoE Click Automatically restore lost connections Configure the Trusted Network Configure Dhcp Server and Dhcp Relay Trusted Network Configuration page appears Configure additional computers on the Trusted Network Configure the Trusted Network with static addresses Network = Trusted Configure Static Routes Click Add View Network Statistics Network = Network Statistics Network = DynamicDNS Configure the Dynamic DNS ServiceSelect the Enable Dynamic DNS client checkbox Configure OPT Port Upgrades Configure Dual ISP Port Configure OPT Port Upgrades Network = Dual ISP Configure VPNforce Port Network = Optional Configure OPT Port Upgrades Configure the Network Interfaces WatchGuard Firebox Soho Administrative Options System Security System management Administration = System Security Set up VPN Manager Access Soho Remote Management Administration = VPN Manager Access Select Enable VPN Manager Access Update Your Firmware Administration = Update Redeem your Soho 6 Upgrade Options Seat Licenses Administration = UpgradeUpgrade options LiveSecurity Service Subscription Renewals Dual ISP PortVPNforce Port IPSec Virtual Private Networking VPN View the Configuration File Administration = View Configuration File Configure Firewall Settings Firewall Settings Firewall = Incoming or Outgoing Configure Incoming and Outgoing ServicesPre-configured Services Create a Custom Service Firewall = Custom Service Custom Service page refreshes Block External Sites Blocked Sites page appears Firewall Options Firewall = Firewall Options Denying FTP access to the Trusted Network interface Select Do not allow FTP access to Trusted NetworkPing requests received on the External Network Socks implementation for the Soho Configuring your Socks application Logging all allowed outbound traffic Disabling Socks on the Soho Select Enable override MAC address for the External Network Enable override MAC address for the External NetworkSelect Log All Allowed Outbound Access Firewall = Pass Through Select Enable pass through addressCreate an Unrestricted Pass Through Create an Unrestricted Pass Through Configure the Firewall Settings WatchGuard Firebox Soho Configure Logging View Soho 6 Log Messages From the navigation bar on the left side, select Logging To have your log messages synchronize with your computer Select Enable WatchGuard Security Event Processor Logging Logging = Syslog Logging Set up Logging to a Syslog HostSelect Enable syslog output Set the System Time Select Include local time in syslog message Select Adjust for daylight savings time Select a time zone from the drop list Configure Logging WatchGuard Firebox Soho Why Create a Virtual Private Network? VPN-Virtual Private Networking What You Need IP Address Table example Enable the VPN Upgrade Frequently Asked Questions Why do I need a static external address?Special Considerations How do I get a static external IP address? Why is ping not working? How do I obtain a VPN upgrade license key?How do I enable a VPN Tunnel? How do I troubleshoot the connection? Set Up Multiple SOHO-SOHO VPN Tunnels VPN = Manual VPN Soho 6 you want to set up a VPN tunnel Enter the Name, IPSec Gateway Address, and Shared Key for Set Up Multiple SOHO-SOHO VPN Tunnels Forward Secrecy Configure Split Tunneling Muvpn Clients View the VPN Statistics Statistics Soho 6 WebBlocker How WebBlocker Works WatchGuard WebBlocker database unavailable Web site not in the WebBlocker databaseWeb site in the WebBlocker database Purchase and Activate Soho 6 WebBlocker WebBlocker users and groupsBypass the Soho 6 WebBlocker Groups Activate WebBlocker Configure the Soho 6 WebBlockerWebBlocker = Settings Select Enable WebBlocking Create WebBlocker Groups and Users Click New to create a group name and profile Click Submit To the right of the Users field, click New Illegal Gambling WebBlocker CategoriesAlcohol/tobacco Militant/extremist Drug CultureSatanic/cult Intolerance Gross Depictions Violence/profanitySearch Engines Sports and Leisure Partial/artistic Nudity Sexual ActsFull Nudity General Troubleshooting TipsSupport Resources How do I register my Soho 6 with the LiveSecurity Service? How do I restart my Soho 6? How does the seat limitation on the Soho 6 work? What is a Soho 6 Feature Key?Cant get a certain Soho 6 feature to work with a DSL modem 110 Configuration Where are the Soho 6 settings stored?How do I set up Dhcp on the trusted network of the Soho 6? Select Enable Dhcp Server and then click Submit How do I change to a static, trusted IP address? Disable Enable Dhcp Server and then click SubmitHow do I set up and disable Webblocker? Firewall = Incoming VPN Management How do I set up my Soho 6 for VPN Manager Access? How do I set up VPN to a Soho 6s? Online Documentation and In-Depth FAQs Contact Technical support Index Numerics WAN Socks Redeeming 57 types Upgrade page 58 upgrading Processor WebBlocker 122