Watchguard V60 Guía de usuario

WatchGuard®Firebox® System Reference GuideFirebox System 6.0

x WatchGuard Firebox System 6.0Configure IPSec Tunnels dialog box ... 195Configure Tunnels dialog box ...

CHAPTER 6: Common Log Messages88 WatchGuard Firebox System 6.0firewalld [xxx] proxy accept() failed (Connection reset by peer) Indicates that a Web br

Reference Guide 89fwcheck[] Killing process http-proxy (pid x) Fwcheck is the process responsible for low memory scavenging on the Firebox. If Firebox

CHAPTER 6: Common Log Messages90 WatchGuard Firebox System 6.0this file indicates that firewalld is taking a long time to create it. A possible cause

Reference Guide 91http-proxy[205]: [x.x.x.x:8921 x.x.x.x:80] Error while sending/receiving: Invalid transfer-encoding type "Identity" HTTP

CHAPTER 6: Common Log Messages92 WatchGuard Firebox System 6.0ipseccfg[] No remote gateway associated with xxx Indicates that the ipseccfg was unable

Reference Guide 93kernel Problem: block on freelist at xxxxxxxxx isn't free If you see this log message, contact WatchGuard Technical Support imm

CHAPTER 6: Common Log Messages94 WatchGuard Firebox System 6.0rbcast[] Error sending data on optional--will not use anymore: Network is unreachable Th

Reference Guide 95 - For SMTP:default.proxies.smtp.connect_timeout: <value> Note that this property is global to all SMTP services, unlike the F

CHAPTER 6: Common Log Messages96 WatchGuard Firebox System 6.0

Reference Guide 97CHAPTER 7 WebBlocker ContentWebBlocker works in conjunction with the HTTP proxy to provide content-based URL-filtering capabilities.

Reference Guide xiNetwork Configuration dialog box ... 233New MIME Type dialog box ...

CHAPTER 7: WebBlocker Content98 WatchGuard Firebox System 6.0Alcohol/TobaccoPictures or text advocating the sale, consumption, or production of alcoho

WebBlocker CategoriesReference Guide 99Gross DepictionsPictures or text describing anyone or anything that is either crudely vulgar, grossly deficient

CHAPTER 7: WebBlocker Content100 WatchGuard Firebox System 6.0Full NudityPictures exposing any or all portions of human genitalia. Topic does not incl

Reference Guide 101CHAPTER 8 ResourcesThere are many resources you can draw upon to support your efforts to improve network security. This chapter lis

CHAPTER 8: Resources102 WatchGuard Firebox System 6.0O'Reilly Publishes many books on network security. http://www.ora.com/BooksNon-FictionAmoros

White Papers & Requests for CommentsReference Guide 103Schneier, Bruce. Applied Cryptography. Second Edition. New York: John Wiley & Sons, Inc

CHAPTER 8: Resources104 WatchGuard Firebox System 6.0Web SitesWatchGuard Frequently Asked Questionshttp://www.watchguard.com (Click Support, Log into

Web SitesReference Guide 105Internet Firewalls - Frequently Asked Questionshttp://www.interhack.net/pubs/fwfaqInternet Firewalls — Resourceshttp://www

CHAPTER 8: Resources106 WatchGuard Firebox System 6.0Dictionaries of Computer Terminologyhttp://www.webopedia.com/http://www.whatis.com/http://info.as

Reference Guide 107CHAPTER 9 Out-of-Band Initialization StringsThis chapter provides a reference list of PPP and modem initialization strings used to

xii WatchGuard Firebox System 6.0

CHAPTER 9: Out-of-Band Initialization Strings108 WatchGuard Firebox System 6.0escape xx,yy,.. Specifies that certain characters should be escaped on t

PPP Initialization StringsReference Guide 109values give better compression but consume more kernel memory for compression dictionaries. Alternatively

CHAPTER 9: Out-of-Band Initialization Strings110 WatchGuard Firebox System 6.0active-filter option is given, data packets that are rejected by the spe

PPP Initialization StringsReference Guide 111lcp-max-configure nSets the maximum number of LCP configure-request transmissions to n (default 10).lcp-m

CHAPTER 9: Out-of-Band Initialization Strings112 WatchGuard Firebox System 6.0noauthDo not require the peer to authenticate itself.nobsdcompDisables B

Modem Initialization StringsReference Guide 113xonxoffUses software flow control (that is, XON/XOFF) to control the flow of data on the serial port.Mo

CHAPTER 9: Out-of-Band Initialization Strings114 WatchGuard Firebox System 6.07 Expect “OK” back.8 Send “ATS0=1” to direct the modem to answer incomin

Modem Initialization StringsReference Guide 115"" or ‘ ‘Expect or send a null string. If you send a null string, it will still send the retu

CHAPTER 9: Out-of-Band Initialization Strings116 WatchGuard Firebox System 6.0\tSend or expect a tab character\\Send or expect a backslash character\d

Reference Guide 117CHAPTER 10 Firebox Read-Only System AreaWatchGuard ships all Fireboxes with a fixed, baseline set of functionality stored on the re

Reference Guide 1CHAPTER 1 Internet Protocol ReferenceInternet Protocol (IP) specifies the format of packets and the addressing scheme for sending dat

CHAPTER 10: Firebox Read-Only System Area118 WatchGuard Firebox System 6.0With the Firebox running the read-only system area, use one of two methods t

Initializing a Firebox Using a Serial CableReference Guide 119interfaces. Turn on the Firebox. A flickering SysA light indicates that the Firebox is r

CHAPTER 10: Firebox Read-Only System Area120 WatchGuard Firebox System 6.0Booting from the system areaFrom Control Center:1 Select Tools => Advance

Initializing a Firebox Using a Serial CableReference Guide 1212 Start Policy Manager. Use it to copy a valid configuration file to the primary area of

CHAPTER 10: Firebox Read-Only System Area122 WatchGuard Firebox System 6.0Initializing a Firebox Using a ModemThe WatchGuard Firebox can accept both e

Initializing using Remote ProvisioningReference Guide 123• The Management Station is running System 4.1 or later that has IP connectivity to the netw

CHAPTER 10: Firebox Read-Only System Area124 WatchGuard Firebox System 6.05 Select an unused IP address behind the router on the same network to which

Managing Flash Disk MemoryReference Guide 1255 Select a file name for the Firebox backup.The Enter Encryption Key dialog box appears.6 Enter a key for

CHAPTER 10: Firebox Read-Only System Area126 WatchGuard Firebox System 6.0

Reference Guide 127CHAPTER 11 GlossaryThis glossary contains a list of terms, abbreviations, and acronyms frequently used when discussing networks, fi

CHAPTER 1: Internet Protocol Reference2 WatchGuard Firebox System 6.0IP header number listThe IP Protocol header contains an 8-bit field that identifi

CHAPTER 11: Glossary128 WatchGuard Firebox System 6.0Address Resolution Protocol (ARP)A TCP/IP protocol used to convert an IP address into a physical

Reference Guide 129armedA state of a Firebox in which it is actively guarding against intrusion and attack.ARPSee Address Resolution Protocol.ARP tabl

CHAPTER 11: Glossary130 WatchGuard Firebox System 6.0authorizationTo convey official access or legal power to a person or entity.backboneA term often

Reference Guide 131blocked siteAn IP address outside the Firebox explicitly blocked so it cannot connect with hosts behind the Firebox. Blocked sites

CHAPTER 11: Glossary132 WatchGuard Firebox System 6.0cascadeA command that arranges windows so that they are overlapped, with the active window in fro

Reference Guide 133checkboxA dialog box option that is not mutually exclusive with other options. Clicking a checkbox inserts or removes an X or a che

CHAPTER 11: Glossary134 WatchGuard Firebox System 6.0cold bootThe process of starting a computer by turning on the power to the system unit.collisions

Reference Guide 135personal information such as ID and password, mailing address, or credit card number.coprocessorA separate processor designed to as

CHAPTER 11: Glossary136 WatchGuard Firebox System 6.0cryptographyThe art and science of creating messages that have some combination of being private,

Reference Guide 137decryptTo decode data that has been encrypted and turn it back into plain text.dedicated serverA computer on a network that is assi

Internet Protocol HeaderReference Guide 3UCL 7 UCL EGP 8 Exterior Gateway Protocol IGP 9 Any private interior gateway BBN-RCC-MON 10 BBN RCC Mon

CHAPTER 11: Glossary138 WatchGuard Firebox System 6.0dial-up connectionA connection between a remote computer and a server using software, a modem, an

Reference Guide 139driverA software program that manipulates the computer hardware in order to transmit data to other equipment.drop-in configurationA

CHAPTER 11: Glossary140 WatchGuard Firebox System 6.0entropyA mathematical measurement of the amount of uncertainty or randomness.ESMTP (Extended Simp

Reference Guide 141failoverConfiguration that allows a secondary machine to take over in the event of a failure in the first machine, allowing normal

CHAPTER 11: Glossary142 WatchGuard Firebox System 6.0filtersSmall, fast programs in a firewall that examine the header files of incoming packets and r

Reference Guide 143graphical user interface (GUI)The visual representation on a computer screen that allows users to view, enter, or change informatio

CHAPTER 11: Glossary144 WatchGuard Firebox System 6.0any given moment, one Firebox is in active mode while the other is in standby mode, ready to take

Reference Guide 145HTTPS (Secure HTTP)A variation of HTTP enabling the secure transmission of data and HTML files. Generally used in conjunction with

CHAPTER 11: Glossary146 WatchGuard Firebox System 6.0assumes that user is the owner of the key pair and implicitly trusts himself or herself. initiali

Reference Guide 147of the Internet architecture and the smooth operation of the Internet.intranetA self-contained network that uses the same communica

CHAPTER 1: Internet Protocol Reference4 WatchGuard Firebox System 6.0XTP 36 XTP DDP 37 Datagram Delivery Protocol IDPR-CMTP 38 IDPR Control Message

CHAPTER 11: Glossary148 WatchGuard Firebox System 6.0IPSec provides several encryption and authentication options to maximize the security of the tran

Reference Guide 149KerberosA trusted third-party authentication protocol developed at Massachusetts Institute of Technology.keyA means of gaining or p

CHAPTER 11: Glossary150 WatchGuard Firebox System 6.0LAN (local area network)A computer network that spans a relatively small area generally confined

Reference Guide 151name resolutionThe allocation of an IP address to a host name. See Domain Name System.NetBIOS (Network Basic Input / Output System)

CHAPTER 11: Glossary152 WatchGuard Firebox System 6.0MD5 (Message Digest 5)An improved, more complex version of MD4, but still a 128-bit, one-way hash

Reference Guide 153network address translation (NAT)A method of hiding or masquerading network addresses from hosts on another network, protecting the

CHAPTER 11: Glossary154 WatchGuard Firebox System 6.0non-seed routerA router that waits to receive routing information (the routing maintenance table)

Reference Guide 155out-of-band (OOB)A management feature that enables the Management Station to communicate with the Firebox using a telephone line an

CHAPTER 11: Glossary156 WatchGuard Firebox System 6.0PCMCIA (Personal Computer Memory Code International Association) cardA standard compact physical

Reference Guide 157ping (packet Internet groper)A utility for determining whether a specific IP address is accessible. It works by sending a packet to

Internet Protocol HeaderReference Guide 5VISA 70 VISA Protocol IPCV 71 Internet Packet Core Utility CPNX 72 Computer Protocol Network Executive CPHB 7

CHAPTER 11: Glossary158 WatchGuard Firebox System 6.0behind the firewall based on the original destination port number. Also called static NAT.port sp

Reference Guide 159Privacy Enhanced Mail (PEM)A protocol to provide secure Internet mail (RFC 1421-1424), including services for encryption, authentic

CHAPTER 11: Glossary160 WatchGuard Firebox System 6.0proxy serverA server that stands in place of another server. In firewalling, a proxy server poses

Reference Guide 161typically derived from analog sources, and usually involve the use of special hardware.RC4 (Rivest Cipher 4)A variable key size str

CHAPTER 11: Glossary162 WatchGuard Firebox System 6.0routed configuration or networkA configuration with separate network addresses assigned to at lea

Reference Guide 163secret keyEither the private key in public key (asymmetric) algorithms or the session key in symmetric algorithms.secret sharingSee

CHAPTER 11: Glossary164 WatchGuard Firebox System 6.0serverA computer that provides shared resources to network users.server-based networkA network in

Reference Guide 165SHTTPSee HTTPS.signTo apply a signature.signatureA digital code created with a private key.single sign-onA sign-on in which one log

CHAPTER 11: Glossary166 WatchGuard Firebox System 6.0SOHOSmall Office—Home Office. Also the name of the WatchGuard firewall devices designed for this

Reference Guide 167create two additional netmasks under it that separate the first 128 and last 128 addresses into separate identifiable networks. Sub

CHAPTER 1: Internet Protocol Reference6 WatchGuard Firebox System 6.0Internet Protocol OptionsInternet Protocol options are variable-length additions

CHAPTER 11: Glossary168 WatchGuard Firebox System 6.0because most authentication occurs only at the start of the TCP session.TelnetA terminal emulatio

Reference Guide 169Transport Layer Security Protocol (TLSP)ISO 10736, draft international standard.transposition cipherA cipher in which the plain tex

CHAPTER 11: Glossary170 WatchGuard Firebox System 6.0URL (Universal Resource Locator)The user-friendly address that identifies the location of a Web s

Reference Guide 171Web browserSoftware that interprets and displays documents formatted for the Internet or an intranet.Web of TrustA distributed trus

CHAPTER 11: Glossary172 WatchGuard Firebox System 6.0XORExclusive-or operation; a mathematical way to represent differences.X.509v3An ITU-T digital ce

Reference Guide 173CHAPTER 12 Field DefinitionsControl CenterConnect to Firebox dialog boxFireboxUse the drop list or enter the IP address of the Fire

CHAPTER 12: Field Definitions174 WatchGuard Firebox System 6.0OKCloses this dialog and saves any changes.Enter Read/Write Passphrase dialog boxPassphr

Flash Disk Management ToolReference Guide 175Text ColorUse to change the log's text color.Background ColorUse to change the log's background

CHAPTER 12: Field Definitions176 WatchGuard Firebox System 6.0ContinueClick to continue with the selected Flask Disk Management option.Log UtilityCopy

LogViewerReference Guide 177LogViewerFind Keyphrase dialog boxKeyphraseEnter the keyphrase you want to find in the current log file.Use Whole WordsSel

Transfer ProtocolsReference Guide 7transmissions can involve twenty or thirty hops, rendering the record route option obsolete.Time StampThe time stam

CHAPTER 12: Field Definitions178 WatchGuard Firebox System 6.0Preferences dialog boxGeneral tab Load this file alwaysSpecify the file to load when Log

LogViewerReference Guide 179 - Click the Field column. Use the Field drop list to select a field name. - Click the Value column. Use the Value drop li

CHAPTER 12: Field Definitions180 WatchGuard Firebox System 6.0Policy Manager1-to-1 Mapping dialog box InterfaceSelect the interface from the drop list

Policy ManagerReference Guide 181Selected Members and AddressesLists the names and addresses of selected members.OKCloses this dialog box and saves an

CHAPTER 12: Field Definitions182 WatchGuard Firebox System 6.0Add External IP dialog box Add External IPA list of IP addresses available for the Fireb

Policy ManagerReference Guide 183Add Member dialog boxChoose TypeUse the drop list to select the new type: Host IP Address - Designate a single host b

CHAPTER 12: Field Definitions184 WatchGuard Firebox System 6.0Add Route dialog boxRouteSelect to add a new route to the network protected by the Fireb

Policy ManagerReference Guide 185Internal IP AddressEnter the final destination of incoming packets on the Trusted network.Set internal port to differ

CHAPTER 12: Field Definitions186 WatchGuard Firebox System 6.0RemoveClick to remove a host.Disable NAT between optional and trustedEnable this checkbo

Policy ManagerReference Guide 187Src PortEnter a port number to restrict the routing policy to a single source port.OKCloses this dialog box and saves

ii WatchGuard Firebox System 6.0Notice to UsersInformation in this guide is subject to change without notice. Companies, names, and data used in examp

CHAPTER 1: Internet Protocol Reference8 WatchGuard Firebox System 6.0• A connection is described by its source and destination ports and its source an

CHAPTER 12: Field Definitions188 WatchGuard Firebox System 6.0AddSelect to add an address to the exception entries list. The Add Exception dialog box

Policy ManagerReference Guide 189GroupsA list of Firebox user groups. Groups enable you to configure services for multiple users at the same time. Two

CHAPTER 12: Field Definitions190 WatchGuard Firebox System 6.0Find IPClick to find the host IP address.IP AddressEnter the Windows NT server IP addres

Policy ManagerReference Guide 191CRYPTOCard Server tab IP AddressEnter the IP address of the CRYPTOCard server. The server must be accessible by the F

CHAPTER 12: Field Definitions192 WatchGuard Firebox System 6.0Port (Backup)Enter the port number configured on the backup SecurID server to receive au

Policy ManagerReference Guide 193Auto-block sites that attempt to use blocked portsEnable the checkbox to ensure that attempts from a single location

CHAPTER 12: Field Definitions194 WatchGuard Firebox System 6.0notify a network administrator when someone attempts to access on blocked sites.ImportYo

Policy ManagerReference Guide 195Configure Gateways dialog box Configure GatewaysA list of all currently configured gateways. A gateway specifies a po

CHAPTER 12: Field Definitions196 WatchGuard Firebox System 6.0RemoveClick to remove a tunnel.Configure Tunnels dialog box Configure TunnelsA list of t

Policy ManagerReference Guide 197EncryptionSelect the degree of encryption from the drop list.Force key expirationSelect the checkbox to force key exp

Standard Ports and Random PortsReference Guide 9IGMP (Internet Group Multicast Protocol)A protocol primarily designed for hosts on multiaccess network

CHAPTER 12: Field Definitions198 WatchGuard Firebox System 6.0port space probes, IP options, address space probes, and SYN flood attacks.Block Spoofin

Policy ManagerReference Guide 199ArrowsUse the arrows to select your preferred value.Auto-Block source of packets not handledEnable this checkbox to a

CHAPTER 12: Field Definitions200 WatchGuard Firebox System 6.0Default Lease TimeEnter the number of hours before the DHCP relay times out.ArrowsUse th

Policy ManagerReference Guide 201DVCP Client Setup dialog box Enable this Firebox as a DVCP ClientThe Firebox can be treated as a client in an Enhance

CHAPTER 12: Field Definitions202 WatchGuard Firebox System 6.0DVCP Client WizardName and Key screen Enter Client NameEnter the name to be assigned to

Policy ManagerReference Guide 203EncryptionSelect the level of encryption from the drop list: None - No encryption DES-CBC - 56-bit encryption 3

CHAPTER 12: Field Definitions204 WatchGuard Firebox System 6.0DVCP Server Properties dialog box Enable this Firebox as a DVCP ServerThe Firebox can dy

Policy ManagerReference Guide 205Dynamic NAT dialog box Enable Dynamic NATSelect to enable dynamic NAT.TCP Idle TimeoutsEnter the time in seconds for

CHAPTER 12: Field Definitions206 WatchGuard Firebox System 6.0AdvancedClick to access the Advanced Dynamic NAT dialog box.Edit Routing Policy dialog b

Policy ManagerReference Guide 207Dst PortEnter a port number to restrict the policy to a single destination port. To enable communication to all ports

CHAPTER 1: Internet Protocol Reference10 WatchGuard Firebox System 6.0

CHAPTER 12: Field Definitions208 WatchGuard Firebox System 6.0CancelCloses this dialog box without saving any changes.Filter Authentication dialog box

Policy ManagerReference Guide 209Firebox Flash Disk dialog box Save to fireboxCheck to save the Flash Image and/or configuraiton file to the firebox,

CHAPTER 12: Field Definitions210 WatchGuard Firebox System 6.0Firebox Name dialog box NameEnter a unique Firebox name. This name is used to identify t

Policy ManagerReference Guide 211Log outgoing accounting/auditing informationEnable this checkbox to record the number of bytes transferred per outgoi

CHAPTER 12: Field Definitions212 WatchGuard Firebox System 6.0Default Heartbeat (Optional interface)Enable this checkbbox if you want to use the Optio

Policy ManagerReference Guide 213information stored on client machines and retransmitted the next time a client visits the server from which the cooki

CHAPTER 12: Field Definitions214 WatchGuard Firebox System 6.0Firebox and performs caching of Web data. It is not supplied by WatchGuard.IPEnter the I

Policy ManagerReference Guide 215WebBlocker Controls tab Activate WebBlockerEnable this checkbox to filter Web sites based on the rule set defined by

CHAPTER 12: Field Definitions216 WatchGuard Firebox System 6.0Illegal GamblingPictures or text advocating materials or activities of a dubious nature

Policy ManagerReference Guide 217includes depictions of maiming, bloody figures, and indecent depiction of bodily functions.Violence/ProfanityPictures

Reference Guide 11CHAPTER 2 MIME Content TypesA content-type header is used by applications to determine what kind of data they are receiving, thus al

CHAPTER 12: Field Definitions218 WatchGuard Firebox System 6.0museums such as the Guggenheim, the Louvre, or the Museum of Modern Art.Partial/Artistic

Policy ManagerReference Guide 219Define Exceptions dialog box Select type of exceptionYou can choose from the following three exceptions.Lookup Domain

CHAPTER 12: Field Definitions220 WatchGuard Firebox System 6.0KeyClick to create an encryption key.Use AHSelect to use an Authentication Header.SP1Sel

Policy ManagerReference Guide 221ArrowsUse the arrows to select your preferred value.Line LengthThe maximun line length of a single email.ArrowsUse th

CHAPTER 12: Field Definitions222 WatchGuard Firebox System 6.0RemoveClick to remove the selected AUTH type.Content Types tab Allow only safe content t

Policy ManagerReference Guide 223Address PatternsThe Firebox checks host names of the SMTP client and mail sender against this list of allowed and den

CHAPTER 12: Field Definitions224 WatchGuard Firebox System 6.0IPSec Configuration dialog box IPSec Routing PoliciesA list of current IPSec virtual pri

Policy ManagerReference Guide 225EditSelect a policy from the list above and click this button to modify it. The Edit Routing Policy dialog box opens.

CHAPTER 12: Field Definitions226 WatchGuard Firebox System 6.0passage of VPN traffic. It is generally only used by WatchGuard Technical Support to ass

Policy ManagerReference Guide 227ArrowsUse the arrows to select your preferred value.Repeat CountEnter the number of events to be counted before a new

CHAPTER 2: MIME Content Types12 WatchGuard Firebox System 6.0In addition, WatchGuard encourages you to email requests for inclusion of new content typ

CHAPTER 12: Field Definitions228 WatchGuard Firebox System 6.0Syslog ServerEnter the interface to set as the Syslog Server.Syslog FacilityEnter or use

Policy ManagerReference Guide 229Enter Shared KeyEnter a shared key for this user's mobile VPN account.Define Access screen Allow user access toE

CHAPTER 12: Field Definitions230 WatchGuard Firebox System 6.0External Authentication Groups screen Group NameEnter the group name for the Externally

Policy ManagerReference Guide 231RemoveClick to remove network resources for the mobile user.IPSec Connections screen IPSec Connections listLists the

CHAPTER 12: Field Definitions232 WatchGuard Firebox System 6.0OKCloses this dialog box and saves any changes.NAT Setup dialog box Enable Dynamic NATEn

Policy ManagerReference Guide 233Network Configuration dialog boxInterfaces tabExternal InterfaceThe Firebox allows dynamic IP support on the External

CHAPTER 12: Field Definitions234 WatchGuard Firebox System 6.0Configure interfaces in Drop-in modeEnable this checkbox to configure the Firebox in Dro

Policy ManagerReference Guide 235Enable DHCP dedbuggingEnable this check to allow DHCP debugging. DHCP debugging generates large amounts of data. Do n

CHAPTER 12: Field Definitions236 WatchGuard Firebox System 6.0Optional (drop down menu selection)Select to view or add the secondary networks on the O

Policy ManagerReference Guide 237Firebox IPEnter the IP address for the Firebox.PPP InitializationEnter the PPP initialization string. This is a list

Reference Guide 13 t140 [RFC2793] vnd.ms-mediapackage

CHAPTER 12: Field Definitions238 WatchGuard Firebox System 6.0DNS Servers (Primary and Secondary)Enter the primary and secondary name of the domain na

Policy ManagerReference Guide 239AddClick to access the Add Port dialog box and to configure the new service. You can configure more than one port for

CHAPTER 12: Field Definitions240 WatchGuard Firebox System 6.0RemoveClick to remove the selected item from the list above.Don't substitute for th

Policy ManagerReference Guide 241PPTP Logging dialog boxEnable Control Channel Protocol Logging (TCP 1732)Check to enable control channel protocol log

CHAPTER 12: Field Definitions242 WatchGuard Firebox System 6.0EncryptionIn the drop list, specify the type of encryption: DES or 3DES.Diffie-Hellman G

Policy ManagerReference Guide 243AddClick to add another Mobile User VPN to the list.EditSelect an item from the list and click to edit its properties

CHAPTER 12: Field Definitions244 WatchGuard Firebox System 6.0Select Firebox Time Zone dialog box Select Firebox Time ZoneSelect a Firebox time zone f

Policy ManagerReference Guide 245EditClick to edit the selected service properties. Only custom, user-filter services can be edited.RemoveClick to rem

CHAPTER 12: Field Definitions246 WatchGuard Firebox System 6.0FromRestricts the source of incoming connections by host, network, user name, or alias.

Policy ManagerReference Guide 247AddClick to add a new item to the list.RemoveSelect an item in the list and click to remove it.LoggingClick to access

CHAPTER 2: MIME Content Types14 WatchGuard Firebox System 6.0 postscript [RFC2045, RFC2046]

CHAPTER 12: Field Definitions248 WatchGuard Firebox System 6.0PasswordEnter the user password.Member OfA list of all groups to which the user named ab

Policy ManagerReference Guide 249Slash Notation dialog box CloseClick to close the slash notation box.SpamScreen dialog box RBL ServerEnter the RBL se

CHAPTER 12: Field Definitions250 WatchGuard Firebox System 6.0WatchGuard Find dialog boxFind whatEnter the information you are looking for.AddressSele

Policy ManagerReference Guide 251Encryption tab RC4 (40-bit)Click to enable 40-bit encryption between two WatchGuard Fireboxes using the WatchGuard VP

CHAPTER 12: Field Definitions252 WatchGuard Firebox System 6.0Activate Outgoing LogYou have the option of logging outgoing traffic using WatchGuard VP

Firebox MonitorsReference Guide 253Sample IntervalConfigure the interval between display updates. Use the slider control from slowest (represented by

CHAPTER 12: Field Definitions254 WatchGuard Firebox System 6.0Historical Reports Add Report Filter dialog boxFilter tabFilter NameThe name of the filt

Historical ReportsReference Guide 255AddClick to add an item to the list on the left.RemoveClick to remove the selected item from the list on the left

CHAPTER 12: Field Definitions256 WatchGuard Firebox System 6.0HelpClick to access the online Help system.ReportsA list of reports created and ready to

Historical ReportsReference Guide 257Text ExportSelect to generate report in a comma-delimited text file (.cdf). The text file fields are the followin

Reference Guide 15 x400-bp [RFC1494] sgml

CHAPTER 12: Field Definitions258 WatchGuard Firebox System 6.0RemoveClick to remove the selected item from the list on the left.Time Filters tab Time

Historical ReportsReference Guide 259Consolidated Sections tab Consolidated SectionsA list of reports available to run against multiple devices. Enabl

CHAPTER 12: Field Definitions260 WatchGuard Firebox System 6.0HostWatchFilter Properties dialog boxInside Hosts tab Display all hostsEnable this check

HostWatchReference Guide 261AddClick to add a new user to the list.RemoveSelect an item in the list and click to delete it.Displayed authentication us

CHAPTER 12: Field Definitions262 WatchGuard Firebox System 6.0Line Color tab DeniedDisplays the line color used for denied entires in the log.Dynamic

WatchGuard Security Event ProcessorReference Guide 263HelpClick to access the online Help system.WSEP: Log Files tabRoll Log Files by Time IntervalEna

CHAPTER 12: Field Definitions264 WatchGuard Firebox System 6.0stamp. It continues to write new log records to the base log file identified either by F

WatchGuard Security Event ProcessorReference Guide 265 NOTEThe email address entered in this field is not verified. Validate the address before enter

CHAPTER 12: Field Definitions266 WatchGuard Firebox System 6.0

Reference Guide 267Index1-to-1 NAT Setup dialog box 180AAC receptacle 46Add Address dialog box 180Add Displayed Service dialog box 252Add Dynamic NAT

CHAPTER 2: MIME Content Types16 WatchGuard Firebox System 6.0 vnd.japannet-registration-wakeup [Fujii] v

268 WatchGuard Firebox System 6.0Add Routing Policy 184Add Service 184Add Static NAT 184Advanced DVCP Policy Configuration 185Advanced Dynamic NAT 185

Reference Guide 269Filtered-HTTP service 57Filtered-SMTP service 58Find Keyphrase dialog box 177finger service 58Firebox Flash Disk dialog box 209Fire

270 WatchGuard Firebox System 6.0IPdescribed 1header 1header number list 2options 6IPIP 9IPSec Configuration dialog box 224IPSec Logging dialog box 22

Reference Guide 271Process Load Indicator 44Processor Load Indicator 123Properties dialog box 245, 261protocolsESP 9GGP 9GRE 9ICMP 8IGMP 9Internet 1IP

272 WatchGuard Firebox System 6.0well-known 27, 30, 51whois 75Services dialog box 244Set Log Encryption Key dialog box 265Set Policy Ordering dialog b

Reference Guide 17 vemmi [RFC2122]vnd.ms-asf [Fleischman]vnd.ecdis-update [Buettgenbach

Reference Guide iii© 1995-1998 Eric Young ([email protected]) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cr

CHAPTER 2: MIME Content Types18 WatchGuard Firebox System 6.0vnd.novadigm.EDX [Swenson]vnd.novadigm.EXT

Reference Guide 19vnd.intu.qbo [Scratchley]vnd.publishare-delta-tree [Ben-Kiki]vnd.cybank [Helmee] batch-SMTP

CHAPTER 2: MIME Content Types20 WatchGuard Firebox System 6.0vnd.wap.wbxml [Stark] vnd.motorola.flexsuite.wem [Patton]vnd.motorola.flexs

Reference Guide 21 index.response [RFC2652] index.obj

CHAPTER 2: MIME Content Types22 WatchGuard Firebox System 6.0 vnd.mcd [Gotoh]vnd.httphone [L

Reference Guide 23 isup [RFCISUP] qsig

CHAPTER 2: MIME Content Types24 WatchGuard Firebox System 6.0vnd.digital-winds [Strazds]vnd.lucent.voice [Vaudreuil]vnd.octel.sbc

Reference Guide 25 MP4V-ES [RFC3016] vnd.nokia.interleaved-multimedia [K

CHAPTER 2: MIME Content Types26 WatchGuard Firebox System 6.0

Reference Guide 27CHAPTER 3 Services and PortsWell-known services are a combination of port number and transport protocol for specific, standard appli

iv WatchGuard Firebox System 6.0The Apache Software License, Version 1.1Copyright (c) 2000 The Apache Software Foundation. All rights reserved.Redist

CHAPTER 3: Services and Ports28 WatchGuard Firebox System 6.0Ports Used by WatchGuard ProductsThe WatchGuard Firebox, Management Station, and WatchGua

Ports used by Microsoft ProductsReference Guide 29Ports used by Microsoft ProductsPort # Protocol Purpose137, 138 UDP Browsing67, 68 UDP DHCP Lease135

CHAPTER 3: Services and Ports30 WatchGuard Firebox System 6.0Well-Known Services ListIn addition to the ports used by services described above, WatchG

Well-Known Services ListReference Guide 31Service Name Port # Protocol Description tcpmux 1 TCP/UDP TCP Port Service Multiplexer compressnet 2,3 TCP/

CHAPTER 3: Services and Ports32 WatchGuard Firebox System 6.0auditd 48 TCP/UDP Digital Audit Daemon tacacs 49 TCP/UDP Login Host Protocol (TACACS) re-

Well-Known Services ListReference Guide 33mit-ml-dev 83 TCP/UDP MIT ML device ctf 84 TCP/UDP Common Trace Facility mit-ml-dev 85 TCP/UDP MIT ML device

CHAPTER 3: Services and Ports34 WatchGuard Firebox System 6.0auth(ident) 113 TCP/UDP Authentication Service audionews 114 TCP/UDP Audio News Multicast

Well-Known Services ListReference Guide 35sql-net 150 TCP/UDP SQL-NET bftp 152 TCP/UDP Background File Transfer sgmp 153 TCP/UDP SGMP sqlsrv 156 TCP/U

CHAPTER 3: Services and Ports36 WatchGuard Firebox System 6.0ipx 213 TCP/UDP IPX imap3 220 TCP/UDP Interactive Mail Access Protocol v3 fln-spx 221 TCP

Well-Known Services ListReference Guide 37cybercash 551 TCP/UDP Cybercash remotefs 556 TCP/UDP Rfs server 9pfs 564 TCP/UDP Plan 9 file service whoami

Reference Guide vContentsCHAPTER 1 Internet Protocol Reference ... 1Internet Protocol Header ...

CHAPTER 3: Services and Ports38 WatchGuard Firebox System 6.0compuserve 4144 TCP CompuServe Online rfe 5002 TCP/UDP Radio free ethernet aol 5190 TCP A

Reference Guide 39CHAPTER 4 Hardware IllustrationsWatchGuard supports several versions of Firebox hardware including the Firebox II, Firebox II Plus,

CHAPTER 4: Hardware Illustrations40 WatchGuard Firebox System 6.0to support larger installations. Its appearance is identical to the Firebox II, with

Firebox Illustrations and DescriptionsReference Guide 41Sys B Indicates that the Firebox is running from the read-only factory default system area.Sec

CHAPTER 4: Hardware Illustrations42 WatchGuard Firebox System 6.0Firebox II Plus and Firebox II FastVPN Rear ViewThe rear view of the Firebox II Plus

Firebox Illustrations and DescriptionsReference Guide 43.FIGURE 2. Firebox II Plus Ethernet PortsEthernet PortsIndicators for each network interface d

CHAPTER 4: Hardware Illustrations44 WatchGuard Firebox System 6.0DisarmRed light indicates the Firebox detected an error, shut down its interfaces, an

Firebox Illustrations and DescriptionsReference Guide 45Firebox III front view (Model 700)Firebox III Model 700 indicators are on a central back-lit i

CHAPTER 4: Hardware Illustrations46 WatchGuard Firebox System 6.0Firebox III rear view (all models except Model 700)The rear view of the Firebox III M

Firebox Illustrations and DescriptionsReference Guide 47.Ethernet Ports(Shown on the previous page) Indicators for each network interface display link

vi WatchGuard Firebox System 6.0Firebox III front view (Model 700) ... 45Firebox III rear view (all models except Mode

CHAPTER 4: Hardware Illustrations48 WatchGuard Firebox System 6.0Firebox III rear view (Model 700)The rear view of the Firebox III Model 700 contains

Firebox Illustrations and DescriptionsReference Guide 49Ethernet Jacks(Shown above) Indicators for each network interface display link status, card sp

CHAPTER 4: Hardware Illustrations50 WatchGuard Firebox System 6.0

Reference Guide 51CHAPTER 5 Types of ServicesThis chapter describes well-known services, their protocols and ports as well as special considerations f

CHAPTER 5: Types of Services52 WatchGuard Firebox System 6.0The Any service has different semantics from other services. For example, if you allow FTP

Packet Filter ServicesReference Guide 53WatchGuard to add the source IP address to the Blocked Sites List whenever an incoming archie connection is de

CHAPTER 5: Types of Services54 WatchGuard Firebox System 6.0• RFC: 1413Citrix ICA (WinFrame)Citrix ICA is a protocol used by Citrix for their applicat

Packet Filter ServicesReference Guide 55Clarent also supports the use of PCAnywhere for management. Refer to the PCAnywhere implementation notes for f

CHAPTER 5: Types of Services56 WatchGuard Firebox System 6.0Characteristics:•Protocol: UDP• Client Port: ignore• Port Numbers(s): 5001, 5002CU-SeeMeCU

Packet Filter ServicesReference Guide 57DNSDomain Name Service (DNS) maps host names to IP addresses. You will probably not need to add a DNS service

Reference Guide viiSNMP-Trap ... 67SQL*Net ...

CHAPTER 5: Types of Services58 WatchGuard Firebox System 6.0Filtered-SMTPFiltered SMTP allows SMTP traffic (e-mail) without using the SMTP proxy. One

Packet Filter ServicesReference Guide 59GopherGopher is a data-retrieval protocol developed at the University of Minnesota. As HTML has proliferated a

CHAPTER 5: Types of Services60 WatchGuard Firebox System 6.0multiple sites (such as home, work, or laptop) without the need to transfer messages and f

Packet Filter ServicesReference Guide 61NNTPNetwork News Transfer Protocol (NNTP) is used to transmit Usenet news articles. The best way to use NNTP i

CHAPTER 5: Types of Services62 WatchGuard Firebox System 6.0NTPNetwork Time Protocol (NTP) is a protocol built on TCP/IP that ensures accurate local t

Packet Filter ServicesReference Guide 63 - 5632/UDP - 5631/TCP - 65301/TCP• Client Port: ignore (all cases)pingping can be used to determine whether a

CHAPTER 5: Types of Services64 WatchGuard Firebox System 6.0Icons in the Services ArenaNo icons are needed for this scenario as the connections will n

Packet Filter ServicesReference Guide 65from one location. RADIUS prevents hackers from intercepting and responding to authentication requests by tran

CHAPTER 5: Types of Services66 WatchGuard Firebox System 6.0 NOTEAllowing SMB through the Firebox is extremely insecure, and is strongly discouraged

Packet Filter ServicesReference Guide 67 - One UDP icon for port 138. Set client port to “port” to enable the NetBIOS datagram service to transfer inf

viii WatchGuard Firebox System 6.0CHAPTER 8 Resources ... 101Publishers ...

CHAPTER 5: Types of Services68 WatchGuard Firebox System 6.0and a client port of ignore. Then set up incoming access from the allowed external hosts t

Packet Filter ServicesReference Guide 69provides strong authentication and secure (encrypted) communications. WatchGuard recommends the use of ssh in

CHAPTER 5: Types of Services70 WatchGuard Firebox System 6.0• Add the WatchGuard Logging icon to the Services Arena NOTEAttacks often focus on floodi

Packet Filter ServicesReference Guide 71telnetThe telnet service is used to log in to a remote computer, and is similar to using dial-up access except

CHAPTER 5: Types of Services72 WatchGuard Firebox System 6.0Characteristics•Protocols: UDP• Server Port(s): 69• Client Port(s): generally greater than

Packet Filter ServicesReference Guide 73a site’s Internet Service Provider. The WatchGuard traceroute service is for filtering Unix-based UDP-style tr

CHAPTER 5: Types of Services74 WatchGuard Firebox System 6.0Characteristics•Protocol: TCP • Server Port(s): 4105 • Client Port(s): client WatchGuard E

Proxied ServicesReference Guide 75whoisThe whois protocol gives information about who administers Internet sites and networks. It is often useful for

CHAPTER 5: Types of Services76 WatchGuard Firebox System 6.0aware that the standard SMB or NetBios ports may also need to be allowed so that the above

Proxied ServicesReference Guide 77DescriptionThere is a “public” FTP server on the Trusted network.Icons in the Services ArenaConfiguration is the sam

Reference Guide ix Flash Disk Management Tool ... 175Enter Encryption Key dialog box ...

CHAPTER 5: Types of Services78 WatchGuard Firebox System 6.0 NOTEThe WatchGuard service called HTTP Proxy is not to be confused with an HTTP caching

Proxied ServicesReference Guide 79Proxied-HTTP rule ensures that all outgoing HTTP traffic, regardless of port, will be proxied according to the HTTP

CHAPTER 5: Types of Services80 WatchGuard Firebox System 6.0Icons in the Services ArenaA RealNetworks service icon–The Incoming tab should be empty. T

Proxied ServicesReference Guide 81When using incoming Static NAT with SMTP, auth must be added (see “auth (ident)” on page 53) to the Services Arena.

CHAPTER 5: Types of Services82 WatchGuard Firebox System 6.0Characteristics•Protocol: UDP • Server Port(s): 1558 • Client Port(s): 1558 • RFC: No RFC,

Proxied ServicesReference Guide 83• RFC: No RFC, but see:http://www.vdo.netCommon ScenariosScenario 1DescriptionThere are VDOLive servers off the Exte

CHAPTER 5: Types of Services84 WatchGuard Firebox System 6.0

Reference Guide 85CHAPTER 6 Common Log MessagesThis chapter provides explanations for many of the log messages most commonly generated by the Firebox.

CHAPTER 6: Common Log Messages86 WatchGuard Firebox System 6.0band management. The Firebox always attempts to communicate with a PCMCIA modem and will

Reference Guide 87 - Avoid using dynamic NAT between your clients and your DNS server. - Disable the outgoing portion of the DNS proxied service and r