Disabling Socks on the Soho | WatchGuard Technologies SOHO 6

Chapter 6: Configure the Firewall Settings

•For the SOCKS proxy, enter the URL or IP address of the SOHO 6 trusted network. The default IP address is 192.168.111.1.

Disabling SOCKS on the SOHO 6

Once you use a SOCKS-compliant application through the SOHO 6, the primary SOCKS port is available to anyone on your trusted network. You can close this security gap between uses of SOCKS applications.

1Enable the checkbox labeled Disable SOCKS proxy.

This disables the SOHO 6 from acting as a SOCKS proxy.

2Click Submit.

When you need to use SOCKS again, follow this procedure:

1Disable the checkbox labeled Disable SOCKS proxy.

This enables the SOHO 6 to act as a SOCKS proxy.

2Click Submit.

The SOHO 6 is enabled again as a Proxy server and ready to pass SOCKS packets.

Logging all allowed outbound traffic

By default, the SOHO 6 logs only particular events and not all traffic passing through it. For the most part, the SOHO 6 records denied traffic. However, the SOHO 6 is able to record all allowed outbound traffic.

NOTE

This option will record an extensive amount of log entries. For this reason, WatchGuard recommends that you use it for diagnostic purposes only.

70	WatchGuard Firebox SOHO 6.1

Image 88

WatchGuard Technologies SOHO 6.1 manual Logging all allowed outbound traffic, Disabling Socks on the Soho

Contents

WatchGuard Firebox Soho User Guide Using this Guide Following conventions are used in this guide Certifications and Notices FCC CertificationCE Notice Industry Canada Vcci Notice Class a ITE Declaration of Conformity Watchguard Soho Software END-USER License Agreement User Guide Vii Viii WatchGuard Firebox Soho Copyright, Trademark, and Patent Information WatchGuard Firebox Soho User Guide Xii WatchGuard Firebox Soho Contents Configure the Network Interfaces Configure the Firewall Settings VPN-Virtual Private Networking Index 117 Xviii WatchGuard Firebox Soho Introduction Welcome Package Contents How Does a Firewall Work? IP addresses How Does Information Travel on the Internet?Protocol Services How Does the Soho 6 Process Information?Port numbers Network Address Translation Soho 6 Hardware Description Soho 6 front and rear viewsFaster Processor Ethernet ports Status Link100 Mode OPT port Reset button Power inputWAN port Numbered ports Introduction WatchGuard Firebox Soho Installation Review and record your current TCP/IP settings Click Start = Programs = Accessories = Command PromptBefore You Begin Microsoft Windows 2000 and Windows XP Microsoft Windows NT Microsoft Windows 95 or 98 or MEMacintosh Other operating systems Unix, Linux Disable the Http proxy setting of your Web browser Exit the TCP/IP configuration screen Netscape Click Edit = Preferences Enable your computer for Dhcp Click Start = Settings = Control PanelInternet Explorer 5.0, 5.5, Click Tools = Internet Options Click Properties Physically connect the Soho Cabling the Soho 6 for one to four appliances Cabling the Soho 6 for more than four computers Physically connect the Soho Soho 6 is now connected to the Internet and your hub Soho 6 Basics Soho 6 Home Page-System Status Soho 6 Basics External Network Default Factory SettingsTrusted Network Reset a Soho 6 to factory default Firewall SettingsUpgrade Options System Security Register your Soho 6 and Activate the LiveSecurity Service Base model Soho Reboot the Soho Reboot the Soho Soho 6 Basics WatchGuard Firebox Soho Configure Your External Network Configure Network InterfacesNetwork addressing Configure the Soho 6 External Network for dynamic addressing Manual Configuration Configure the Soho 6 External Network for static addressingNetwork = External Configure the Soho 6 External Network for PPPoE Click Automatically restore lost connections Configure the Trusted Network Configure Dhcp Server and Dhcp Relay Trusted Network Configuration page appears Configure additional computers on the Trusted Network Configure the Trusted Network with static addresses Network = Trusted Configure Static Routes Click Add View Network Statistics Network = Network Statistics Select the Enable Dynamic DNS client checkbox Configure the Dynamic DNS ServiceNetwork = DynamicDNS Configure OPT Port Upgrades Configure Dual ISP Port Configure OPT Port Upgrades Network = Dual ISP Configure VPNforce Port Network = Optional Configure OPT Port Upgrades Configure the Network Interfaces WatchGuard Firebox Soho Administrative Options System Security System management Administration = System Security Set up VPN Manager Access Soho Remote Management Administration = VPN Manager Access Select Enable VPN Manager Access Update Your Firmware Administration = Update Redeem your Soho 6 Upgrade Options Upgrade options Administration = UpgradeSeat Licenses LiveSecurity Service Subscription Renewals Dual ISP PortVPNforce Port IPSec Virtual Private Networking VPN View the Configuration File Administration = View Configuration File Configure Firewall Settings Firewall Settings Pre-configured Services Configure Incoming and Outgoing ServicesFirewall = Incoming or Outgoing Create a Custom Service Firewall = Custom Service Custom Service page refreshes Block External Sites Blocked Sites page appears Firewall Options Firewall = Firewall Options Denying FTP access to the Trusted Network interface Select Do not allow FTP access to Trusted NetworkPing requests received on the External Network Socks implementation for the Soho Configuring your Socks application Logging all allowed outbound traffic Disabling Socks on the Soho Select Log All Allowed Outbound Access Enable override MAC address for the External NetworkSelect Enable override MAC address for the External Network Create an Unrestricted Pass Through Select Enable pass through addressFirewall = Pass Through Create an Unrestricted Pass Through Configure the Firewall Settings WatchGuard Firebox Soho Configure Logging View Soho 6 Log Messages From the navigation bar on the left side, select Logging To have your log messages synchronize with your computer Select Enable WatchGuard Security Event Processor Logging Select Enable syslog output Set up Logging to a Syslog HostLogging = Syslog Logging Set the System Time Select Include local time in syslog message Select Adjust for daylight savings time Select a time zone from the drop list Configure Logging WatchGuard Firebox Soho Why Create a Virtual Private Network? VPN-Virtual Private Networking What You Need IP Address Table example Enable the VPN Upgrade Frequently Asked Questions Why do I need a static external address?Special Considerations How do I get a static external IP address? Why is ping not working? How do I obtain a VPN upgrade license key?How do I enable a VPN Tunnel? How do I troubleshoot the connection? Set Up Multiple SOHO-SOHO VPN Tunnels VPN = Manual VPN Soho 6 you want to set up a VPN tunnel Enter the Name, IPSec Gateway Address, and Shared Key for Set Up Multiple SOHO-SOHO VPN Tunnels Forward Secrecy Configure Split Tunneling Muvpn Clients View the VPN Statistics Statistics Soho 6 WebBlocker How WebBlocker Works Web site in the WebBlocker database Web site not in the WebBlocker databaseWatchGuard WebBlocker database unavailable Purchase and Activate Soho 6 WebBlocker WebBlocker users and groupsBypass the Soho 6 WebBlocker Groups WebBlocker = Settings Configure the Soho 6 WebBlockerActivate WebBlocker Select Enable WebBlocking Create WebBlocker Groups and Users Click New to create a group name and profile Click Submit To the right of the Users field, click New Alcohol/tobacco WebBlocker CategoriesIllegal Gambling Militant/extremist Drug CultureSatanic/cult Intolerance Gross Depictions Violence/profanitySearch Engines Sports and Leisure Full Nudity Sexual ActsPartial/artistic Nudity Support Resources Troubleshooting TipsGeneral How do I register my Soho 6 with the LiveSecurity Service? How do I restart my Soho 6? Cant get a certain Soho 6 feature to work with a DSL modem What is a Soho 6 Feature Key?How does the seat limitation on the Soho 6 work? 110 Configuration Where are the Soho 6 settings stored?How do I set up Dhcp on the trusted network of the Soho 6? Select Enable Dhcp Server and then click Submit How do I set up and disable Webblocker? Disable Enable Dhcp Server and then click SubmitHow do I change to a static, trusted IP address? Firewall = Incoming VPN Management How do I set up my Soho 6 for VPN Manager Access? How do I set up VPN to a Soho 6s? Online Documentation and In-Depth FAQs Contact Technical support Index Numerics WAN Socks Redeeming 57 types Upgrade page 58 upgrading Processor WebBlocker 122