Watchguard Firebox X5-W Guía de usuario

User Guide iWatchGuard® Firebox® X Edge e-Series User Guide Firebox X Edge e-Series - Firmware Version 8.0 All Firebox X Edge e-Series Standard and Wi

x WatchGuard Firebox X Edge e-SeriesConfiguring Basic Wireless Settings ...67Selecting the wireless network assig

Configuring Firewall Settings84 Firebox X Edge e-SeriesConfiguring common services for outgoing trafficBy default, the Firebox X Edge allows all traff

User Guide 85Configuring Firewall Settings•UDP ports• An IP protocol that is not TCP or UDP. You identify an IP protocol that is not TCP or UDP with t

Configuring Firewall Settings86 Firebox X Edge e-Series5 In the Service Name text box, type the name for your service.6 From the Protocol drop-down li

User Guide 87Configuring Firewall SettingsHere are some examples of how you can use the optional network:• You can use the optional network for server

Configuring Firewall Settings88 Firebox X Edge e-SeriesDisabling traffic filters between trusted and optional networksTo allow network traffic from th

User Guide 89Configuring Firewall SettingsBlocking External SitesA Blocked Site is an external IP address that is always blocked from connecting to co

Configuring Firewall Settings90 Firebox X Edge e-SeriesResponding to ping requestsYou can configure the Firebox X Edge e-Series to deny ping requests.

User Guide 91Configuring Firewall SettingsLogging denied broadcast trafficIf you use the standard property settings, the Firebox X Edge e-Series recor

Configuring Firewall Settings92 Firebox X Edge e-Series3 Below the Advanced tab, select the Enable override MAC address check box.4 In the Override MA

User Guide 93Managing Network TrafficCHAPTER 8 Managing Network TrafficThe Firebox® X Edge e-Series allows many different ways to manage the traffic o

User Guide xiBlocking External Sites ...89Configuring Firewall Options ...

Managing Network Traffic94 Firebox X Edge e-SeriesTraffic CategoriesThe Firebox® X Edge e-Series allows you to limit data sent through services and Tr

User Guide 95Managing Network TrafficTraffic control and prioritization are onThis option allows you to configure filters for all traffic categories.

Managing Network Traffic96 Firebox X Edge e-Series7 Click Submit.Traffic control is enabled.Add a traffic control filterBefore you add a traffic contr

User Guide 97Managing Network TrafficEdit a traffic control filter1 Select one entry from any category, then click the Edit button adjacent to the cat

Managing Network Traffic98 Firebox X Edge e-Series1-to-1 NATYou can use 1-to-1 NAT to map a secondary external IP address to the server behind the Edg

User Guide 99Managing Network TrafficEnable 1-to-1 NAT NoteYou must add at least one 1-to-1 NAT entry before you can enable 1-to-1 NAT. For more info

Managing Network Traffic100 Firebox X Edge e-Series7 To add a custom service to the NAT entry, click Add Service.For more information, see the subsequ

User Guide 101Managing Network Traffic9 To add a host or network to the From list, select Host IP Address, Network IP Address, or Network Range from t

Managing Network Traffic102 Firebox X Edge e-Series

User Guide 103Configuring LoggingCHAPTER 9 Configuring LoggingA log file is a list of all the events that occur on the Firebox® X Edge e-Series. A lo

xii WatchGuard Firebox X Edge e-SeriesLocal User Accounts ...109About User Licenses ...

Configuring Logging104 Firebox X Edge e-Series2 From the navigation bar, click Logging.The Logging page appears with the Event Log at the bottom of th

User Guide 105Configuring Logging6 Type a passphrase in the Log Encryption Key field and confirm the passphrase in the Confirm Key field.The same pass

Configuring Logging106 Firebox X Edge e-Series

User Guide 107Managing Users and GroupsCHAPTER 10 Managing Users and GroupsThe Firebox® X Edge e-Series includes tools you can use to manage your netw

Managing Users and Groups108 Firebox X Edge e-SeriesActive SessionsA session is created when traffic goes from a computer on the trusted or optional n

User Guide 109Managing Users and Groups• The authenticated user manually stops the session. To stop the session, the user clicks the Logout button on

Managing Users and Groups110 Firebox X Edge e-SeriesAbout User LicensesThe Firebox® X Edge e-Series comes with a set number of available user licenses

User Guide 111Managing Users and Groups3 Use the definitions below to help you change your parameters. Click Submit. • Require User Authentication (En

Managing Users and Groups112 Firebox X Edge e-SeriesConfiguring MUVPN client settingsThe MUVPN client settings apply to all MUVPN connections to the F

User Guide 113Managing Users and GroupsIf you are using local authentication, you must type your name as it appears in the Firebox user list. If you u

User Guide xiiiFrequently Asked Questions ...143CHAPTER 13Configuring the MUVPN Client ...

Managing Users and Groups114 Firebox X Edge e-Series7 In the Password field, type a password with a minimum of eight characters.Mix eight letters, num

User Guide 115Managing Users and Groupsdown list. You must first create WebBlocker profiles in the WebBlocker > Profiles area of the Firebox X Edge

Managing Users and Groups116 Firebox X Edge e-SeriesUsing LDAP/Active Directory AuthenticationIf you use LDAP authentication, you do not have to keep

User Guide 117Managing Users and Groups2 From the navigation bar, select Firebox Users > Settings.The Firebox Users Settings page appears. 3 Select

Managing Users and Groups118 Firebox X Edge e-SeriesThe Group Attribute Name is the name of the group membership attribute of user entries in the LDAP

User Guide 119Managing Users and Groups2 From the navigation bar, select Firebox Users > New Group.The Firebox Users New Group page appears.3 In t

Managing Users and Groups120 Firebox X Edge e-SeriesLDAP Authentication and MUVPNBecause MUVPN settings cannot be assigned at the group level, you mus

User Guide 121Configuring WebBlockerCHAPTER 11 Configuring WebBlockerWebBlocker is an option for the Firebox® X Edge e-Series that gives you control o

Configuring WebBlocker122 Firebox X Edge e-SeriesTo configure WebBlocker:1 To connect to the System Status page, type https:// in the browser address

User Guide 123Configuring WebBlockerAdult/Sexually Explicit. This web site does not comply with our Internal Use Policy. 9 Click Submit.Creating WebBl

xiv WatchGuard Firebox X Edge e-SeriesSide panels ...168AC Power Adapter ...

Configuring WebBlocker124 Firebox X Edge e-SeriesTo remove a profile, from the WebBlocker Profiles page, select the profile from the Profile drop-down

User Guide 125Configuring WebBlockerCategory Description of ContentAdult/Sexually Explicit• Sexually oriented or erotic full or partial nudity• Depict

Configuring WebBlocker126 Firebox X Edge e-SeriesComputing and Internet• Reviews, information, computer buyer’s guides, computer parts and accessories

User Guide 127Configuring WebBlockerFood & Drink• Recipes, cooking instruction and tips, food products, and wine advisors• Restaurants, cafes, eat

Configuring WebBlocker128 Firebox X Edge e-SeriesHate Speech• Advocating or inciting degradation of or attacks on specified populations or institution

User Guide 129Configuring WebBlockerHosting Sites• Web sites that host business and individual web pages (i.e. GeoCities, earthlink.net, AOL)Job Searc

Configuring WebBlocker130 Firebox X Edge e-SeriesSex Education• Pictures or text advocating the proper use of contraceptives, including condom use, th

User Guide 131Configuring WebBlockerFor information on how to see if a web site is included in the SurfControl database, read the “How can I see a lis

Configuring WebBlocker132 Firebox X Edge e-SeriesAllowing Certain Sites to Bypass WebBlockerWebBlocker can deny a web site that is necessary for your

User Guide 133Configuring WebBlockerthe web site’s IP address or domain name to WebBlocker to make sure your employees cannot not look at this web sit

User Guide xvVCCI Notice Class A ITE ...200Taiwanese Class A Notice ...

Configuring WebBlocker134 Firebox X Edge e-Seriescate to get access to the Internet. No WebBlocker rules apply to the users on this list. For more inf

User Guide 135Configuring Virtual Private NetworksCHAPTER 12 Configuring Virtual Private NetworksA VPN (Virtual Private Network) creates secure connec

Configuring Virtual Private Networks136 Firebox X Edge e-Series• You must have an Internet connection.• The ISP for each VPN device must let IPSec go

User Guide 137Configuring Virtual Private NetworksServer, your Edge is a client of the Management Server in a client-server relationship. The Edge get

Configuring Virtual Private Networks138 Firebox X Edge e-SeriesSample VPN Address Information TableTo create Manual VPN tunnels on your Edge1 To conne

User Guide 139Configuring Virtual Private Networks2 From the navigation bar, select VPN > Manual VPN.The Manual VPN page appears.3 Click Add.The Ad

Configuring Virtual Private Networks140 Firebox X Edge e-Series - If your Firebox X Edge or remote VPN device has a static external IP address, set th

User Guide 141Configuring Virtual Private Networks - First, set the device to Bridge Mode. In Bridge Mode, the Edge gets the public IP address on its

Configuring Virtual Private Networks142 Firebox X Edge e-Series7 Click Submit.VPN Keep AliveTo keep the VPN tunnel open when there are no connections

User Guide 143Configuring Virtual Private Networks4 Click Submit.Viewing VPN StatisticsYou can monitor Firebox® X Edge e-Series VPN traffic and troubl

xvi WatchGuard Firebox X Edge e-Series

Configuring Virtual Private Networks144 Firebox X Edge e-SeriesHow do I set up more than the number of allowable VPNs on my Edge?The number of VPN tun

User Guide 145Configuring the MUVPN ClientCHAPTER 13 Configuring the MUVPN ClientMobile User VPN lets remote users connect to your internal network th

Configuring the MUVPN Client146 Firebox X Edge e-Series“Distributing the Software and the .wgx File” on page 148 for information about how to get thes

User Guide 147Configuring the MUVPN ClientRequiredThe mobile user must use a virtual adapter to connect with the MUVPN client. If the virtual adapter

Configuring the MUVPN Client148 Firebox X Edge e-SeriesConfiguring the Edge for MUVPN clients using a Pocket PCTo create a MUVPN tunnel between the Fi

User Guide 149Configuring the MUVPN Client - At the prompt, save the .wgx file to your computer.Give these two files to the remote userGive the MUVPN

Configuring the MUVPN Client150 Firebox X Edge e-Seriesers, the IP addresses of the WINS and DNS servers must be configured on the remote computer or

User Guide 151Configuring the MUVPN Client5 Click the DNS tab and click Add.6 Type the IP address of your DNS server.To add more DNS servers, repeat s

Configuring the MUVPN Client152 Firebox X Edge e-SeriesInstalling the Client for Microsoft Networks on Windows 2000From the connection window Networki

User Guide 153Configuring the MUVPN Client - Internet Protocol (TCP/IP) - File and Printer Sharing for Microsoft Networks - Client for Microsoft Netwo

User Guide 1Introduction to Network SecurityCHAPTER 1 Introduction to Network SecurityThank you for your purchase of the WatchGuard® Firebox® X Edge e

Configuring the MUVPN Client154 Firebox X Edge e-Series NoteThe DNS server on the private network of the Firebox X Edge must be the first server in t

User Guide 155Configuring the MUVPN Client10 Click Next to install the files.A command prompt window appears during the installation. The command prom

Configuring the MUVPN Client156 Firebox X Edge e-Series12 Right-click Mobile User VPN and select Delete to remove this selection from your Start menu.

User Guide 157Configuring the MUVPN ClientThe MUVPN client is connected with one or more secure MUVPN tunnels, but it is not sending data.Activated, C

Configuring the MUVPN Client158 Firebox X Edge e-Series2 Select Shutdown ZoneAlarm.The ZoneAlarm window appears.3 Click Ye s .Monitoring the MUVPN Cli

User Guide 159Configuring the MUVPN Client - for a connection to a secure gateway tunnel - when a phase 2 SA connection has not been made at this time

Configuring the MUVPN Client160 Firebox X Edge e-SeriesHere is a list of some programs that must go through the ZoneAlarm personal firewall when you u

User Guide 161Configuring the MUVPN ClientUsing MUVPN on a Firebox X Edge e-Series Wireless NetworkYou must protect your wireless network from unautho

Configuring the MUVPN Client162 Firebox X Edge e-SeriesTips for Configuring the Pocket PCWatchGuard® does not supply a Mobile User VPN software packag

User Guide 163Configuring the MUVPN ClientTroubleshooting TipsYou can get more information about the MUVPN client from the WatchGuard® web site:http:/

Introduction to Network Security2 Firebox X Edge e-SeriesConnecting to the InternetISPs (Internet service providers) are companies that give access to

Configuring the MUVPN Client164 Firebox X Edge e-SeriesMy mapped drives have a red X through them.Windows NT and 2000 examine and map network drives a

User Guide 165APPENDIX A Firebox X Edge e-Series HardwareThe WatchGuard® Firebox® X Edge e-Series is a firewall for small organizations and branch off

166 Firebox X Edge e-Series• Two antennae (wireless models only)SpecificationsThe specifications for the Firebox® X Edge e-Series and the Firebox X Ed

User Guide 167Hardware DescriptionThe Firebox® X Edge e-Series has a simple hardware architecture. All indicator lights are on the front panel and all

168 Firebox X Edge e-SeriesFirebox X Edge e-Series can connect to the external network and send traffic. The light flashes if the Firebox X Edge e-Ser

User Guide 169AC Power AdapterThe AC power adapter supplies power for the Firebox X Edge e-Series. You must use the correct plug for the AC power adap

170 Firebox X Edge e-SeriesAntenna directional gainAntenna directional gain is based on the shape of the radiation pattern around the antenna. The Fir

User Guide 171APPENDIX B Legal NotificationsCopyright, Trademark, and Patent InformationGeneral InformationCopyright© 1998 - 2006 WatchGuard Technolog

172 Firebox X Edge e-SeriesRedistribution and use in source and binary forms, with or without modification, are permitted provided that the following

User Guide 1734. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an ack

User Guide 3Introduction to Network SecurityHow Information Travels on the InternetThe data that you send through the Internet is cut into units, or p

174 Firebox X Edge e-SeriesPermission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation

User Guide 1752. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the

176 Firebox X Edge e-Seriesc) rename any non-standard executables so the names do not conflict with standard executables, which must also be provided,

User Guide 1772. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the

178 Firebox X Edge e-SerieslibexpatCopyright © 1998, 1999, 2000 Thai Open Source Software Center Ltd and Clark Cooper.Copyright © 2001, 2002, 2003 Exp

User Guide 179BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGEN

180 Firebox X Edge e-SeriesOne or more of the following may apply to any one module:1. chat, chatchat.c and sha1.[ch] are public domain2. The Gnu Publ

User Guide 181distribution of the program without specific prior permission, and notice be given in supporting documentation that copying and distribu

182 Firebox X Edge e-Seriesof California, Berkeley. The name of the University may not be used to endorse or promote products derived from this softwa

User Guide 183NO EVENT SHALL CARNEGIE MELLON UNIVERSITY BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTI

ii WatchGuard Firebox X Edge e-SeriesNotice to UsersInformation in this guide is subject to change without notice. Companies, names, and data used in

Introduction to Network Security4 Firebox X Edge e-SeriesNetwork addressingISPs (Internet service providers) assign an IP address to each device on th

184 Firebox X Edge e-SeriesTHE AUTHORS OF THIS SOFTWARE DISCLAIM ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES OF MERC

User Guide 185As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of this sof

186 Firebox X Edge e-SeriesSpecific copyright information for each of those software programs follows the text of the GPL.GNU GENERAL PUBLIC LICENSEVe

User Guide 1871. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you con

188 Firebox X Edge e-SeriesIf distribution of executable or object code is made by offering access to copy from a designated place, then offering equi

User Guide 189decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the shar

190 Firebox X Edge e-SeriesSUN MICROSYSTEMS, INC. SHALL HAVE NO LIABILITY WITH RESPECT TO THE INFRINGEMENT OF COPYRIGHTS, TRADE SECRETS OR ANY PATENTS

User Guide 191Copyright (c) 2005, Google Inc. All rights reserved.THE "BSD" LICENCERedistribution and use in source and binary forms, with o

192 Firebox X Edge e-SeriesRedbootRed Hat eCos Public License v1.11. DEFINITIONS1.1. "Contributor" means each entity that creates or contrib

User Guide 193Each Contributor hereby grants You a world-wide, royalty-free, non-exclusive license, subject to third party intellectual property claim

User Guide 5Introduction to Network Security• World Wide Web access uses Hypertext Transfer Protocol (HTTP)• E-mail uses Simple Mail Transfer Protocol

194 Firebox X Edge e-Seriespossible to put such notice in a particular Source Code file due to its structure, then you must include such notice in a l

User Guide 1956.2. Effect of New Versions.Once Covered Code has been published under a particular version of the License, You may always continue to u

196 Firebox X Edge e-Seriesone party is a citizen of, or an entity chartered or registered to do business in, the United States of America: (a) unless

User Guide 197Certifications and NoticesWEEE Statement:WEEE is a general set of requirements dictated in the EU Directive 2002/96/EC. This Directive m

198 Firebox X Edge e-Series NoteThe antennas used for this transmitter must be installed to provide a separation distance of at least 20 cm from all

User Guide 199CE NoticeThe CE symbol on your WatchGuard Technologies equipment indicates that it is in compliance with the Electromagnetic Compatibili

200 Firebox X Edge e-SeriesClass A Korean NoticeVCCI Notice Class A ITETaiwanese Class A NoticeTaiwanese Wireless Notice

User Guide 201Declaration of ConformityLimited Hardware WarrantyThis Limited Hardware Warranty (the "Warranty") applies to the enclosed Fire

202 Firebox X Edge e-Series1. LIMITED WARRANTY. WatchGuard warrants that upon delivery and for one (1) year thereafter (the "Warranty Period"

User Guide 203modified or partially enforced to the maximum extent permitted by law to effectuate the purpose of this Warranty. This is the entire agr

Introduction to Network Security6 Firebox X Edge e-SeriesFirewallsA firewall divides your internal network from the Internet to decrease risk from an

204 Firebox X Edge e-Series

User Guide 205Symbols.wgx filesdescribed 145distributing 148viewing available 26Numerics1-to-1 NAT. See NAT, 1-to-1Aabbreviations used in guide vActiv

206 WatchGuard Firebox X Edge e-SeriesCcablesconnecting computer and Edge 15included in package 10, 165channel bandwidth 170channels, setting for wir

User Guide 207DHCP serverconfiguring Firebox as 51, 55Diffie-Hellman groups 140Digital Subscriber Line (DSL) 2DNSdescribed 4dynamic DNS service 58DVCP

208 WatchGuard Firebox X Edge e-SeriesFilter Traffic page 79, 83, 87Firebox Users page 107, 108, 11 3, 115 , 117 , 119described 26subpages of 26Fireb

User Guide 209Firewall Options page 89, 91Firewall pagedescribed 27subpages of 27–28firewalls, described 6firmware, updating 41–42FTP access, denying

210 WatchGuard Firebox X Edge e-Seriesdynamic 11giving your computer static 17methods for assigning 10static 11, 46LLDAP authentication 116 –119and M

User Guide 211icon for 156–157installing 154monitoring 158–159preparing remote computers for 149–154troubleshooting 163–164uninstalling 155MUVPN Clien

212 WatchGuard Firebox X Edge e-Seriesnetworks, types of 1New User page 113numbered ports 168Ooperating region, setting for wireless 68optional inter

User Guide 213numbered 168numbering 5trusted network 168WAN 168WAN1 60WAN2 60power cable clip 10, 165power input 168PPPoEadvanced settings for 48–49de

User Guide 7Introduction to Network Securityprotected networks go through the firewall, which examines each message and denies those that do not match

214 WatchGuard Firebox X Edge e-SeriesSseat licensesdescribed 108upgrade 43serial number, viewing 24servicescreating custom 80–81, 85–86creating cust

User Guide 215green triangle on 24information on 24navigation bar 23System Time page 36system time, setting 35TTCP (Transmission Control Protocol) 2TC

216 WatchGuard Firebox X Edge e-SeriesUpdate page 42updating software 31upgrade optionsactivating 42viewing status of 24Upgrade page 43user accountsc

User Guide 217Phase 2 141special considerations for 135troubleshooting connections 143viewing statistics on 143what you need to create 135Wwall mounti

218 WatchGuard Firebox X Edge e-SeriesWebBlocker Settings page 122, 123Wide Area Network (WAN), described 1Windows 2000, preparing for MUVPN clients

Introduction to Network Security8 Firebox X Edge e-Series

User Guide 9Installing the Firebox X Edge e-SeriesCHAPTER 2 Installing the Firebox X Edge e-SeriesTo install the WatchGuard® Firebox® X Edge e-Series

Installing the Firebox X Edge e-Series10 Firebox X Edge e-Series• AC power adapter (12 V/1.2A) with international plug kit.• Power cable clipUse this

User Guide 11Installing the Firebox X Edge e-Series• Static: A static IP address is an IP address that always stays the same. If you have a Web server

Installing the Firebox X Edge e-Series12 Firebox X Edge e-SeriesTo find your TCP/IP properties, use the instructions for your computer operating syste

User Guide 13Installing the Firebox X Edge e-SeriesPPPoE Address SettingsWeb Browser HTTP Proxy SettingsMany Web browsers are configured to use an HTT

End-User License AgreementUser Guide iiiAGREEMENT. Nothing in this AGREEMENT constitutes a waiver of our rights under U.S. copyright law or any other

Installing the Firebox X Edge e-Series14 Firebox X Edge e-Series3 Click the arrow adjacent to the Advanced label and select Proxies.The Proxies prefer

User Guide 15Installing the Firebox X Edge e-SeriesConnecting the Firebox X EdgeUse this procedure to connect Ethernet and power cables to your Firebo

Installing the Firebox X Edge e-Series16 Firebox X Edge e-Seriesnetwork is limited by the number of session licenses available. See the subsequent sec

User Guide 17Installing the Firebox X Edge e-Serieshttp://www.watchguard.com/products/purchaseoptions.aspSetting Your Computer to Connect to the Edge

Installing the Firebox X Edge e-Series18 Firebox X Edge e-SeriesIf your computer has a static IP address This procedure configures a computer with the

User Guide 19Installing the Firebox X Edge e-SeriesConfigure the External Interface for PPPoEType your PPPoE information as supplied by your ISP. Conf

Installing the Firebox X Edge e-Series20 Firebox X Edge e-SeriesRegistering and Activating LiveSecurity ServiceAfter you install the Firebox® X Edge e

User Guide 21Navigating the Firebox X Edge e-Series Configuration PagesCHAPTER 3 Navigating the Firebox X Edge e-Series Configuration PagesAfter you

Navigating the Firebox X Edge e-Series Configuration Pages22 Firebox X Edge e-SeriesNavigating the Configuration PagesAll configuration procedures for

User Guide 23Navigating the Firebox X Edge e-Series Configuration PagesUsing the navigation barOn the left side of the System Status page is the navig

iv WatchGuard Firebox X Edge e-SeriesOTHERWISE, WITH RESPECT TO ANY NONCONFORMANCE OR DEFECT IN THE SOFTWARE PRODUCT (INCLUDING, BUT NOT LIMITED TO,

Navigating the Firebox X Edge e-Series Configuration Pages24 Firebox X Edge e-SeriesConfiguration OverviewYou use the Firebox® X Edge e-Series system

User Guide 25Navigating the Firebox X Edge e-Series Configuration PagesNetwork pageThe Network page shows the current configuration of each interface

Navigating the Firebox X Edge e-Series Configuration Pages26 Firebox X Edge e-SeriesFirebox Users pageThe Firebox Users page shows statistics on activ

User Guide 27Navigating the Firebox X Edge e-Series Configuration PagesUpdateUpdate the Firebox X Edge e-Series firmware.UpgradeActivate your Edge upg

Navigating the Firebox X Edge e-Series Configuration Pages28 Firebox X Edge e-SeriesFirewall OptionsCustomize your security policy.Logging pageThe Log

User Guide 29Navigating the Firebox X Edge e-Series Configuration PagesWebBlocker pageThe WebBlocker page shows the WebBlocker settings, profiles, all

Navigating the Firebox X Edge e-Series Configuration Pages30 Firebox X Edge e-SeriesThe VPN menu contains links to these pages:Manual VPNsMake a VPN t

User Guide 31Navigating the Firebox X Edge e-Series Configuration PagesWAN Failover Setup WizardSet up the failover network. For more information, see

Navigating the Firebox X Edge e-Series Configuration Pages32 Firebox X Edge e-Series

User Guide 33Configuration and Management BasicsCHAPTER 4 Configuration and Management BasicsAfter your Firebox® X Edge e-Series is installed on your

Abbreviations Used in this GuideUser Guide vFirmware Version: 8.0 Part Number: 1776-0000 Guide Version: 8.0Abbreviations Used in this Guide3DES Triple

Configuration and Management Basics34 Firebox X Edge e-Series - All incoming services are denied. - The outgoing service allows all outgoing traffic.

User Guide 35Configuration and Management BasicsThe Firebox X Edge restart cycle is approximately one minute. During the restart cycle, the mode indic

Configuration and Management Basics36 Firebox X Edge e-SeriesTo set the system time:1 To connect to the System Status page, type https:// in the brows

User Guide 37Configuration and Management Basics7 To the right of the date, set the time. - Type the hours in the first field. - Type the minutes in t

Configuration and Management Basics38 Firebox X Edge e-SeriesTo change the port that you use to connect to the Firebox X Edge, type the new value in t

User Guide 39Configuration and Management Basics NoteWSM v8.2 or later can manage Firebox X Edge (version 7.5) devices. To manage Firebox X Edge e-Se

Configuration and Management Basics40 Firebox X Edge e-Series9 Type the Client Name to give to your Firebox X Edge.This is the name used to identify t

User Guide 41Configuration and Management Basics7 Click the Enable Managed VPN check box to configure the Firebox X Edge as a client to the WatchGuard

Configuration and Management Basics42 Firebox X Edge e-SeriesMethod 2: Installing software manuallyThe second method uses the Firebox X Edge e-Series

User Guide 43Configuration and Management Basics7 From the navigation bar, select Administration > Upgrade.The Upgrade page appears. 8 Paste the fe

vi WatchGuard Firebox X Edge e-Series

Configuration and Management Basics44 Firebox X Edge e-SeriesEnabling the Model Upgrade OptionA model upgrade gives the Firebox® X Edge e-Series the s

User Guide 45Changing Your Network SettingsCHAPTER 5 Changing Your Network SettingsA primary component of the WatchGuard® Firebox® X Edge e-Series set

Changing Your Network Settings46 Firebox X Edge e-SeriesConfigure the external interface with a static IP addressIf your ISP uses static IP addresses,

User Guide 47Changing Your Network Settings2 From the navigation bar, select Network > External.The External Network Configuration page appears.3 F

Changing Your Network Settings48 Firebox X Edge e-SeriesIf your ISP uses PPPoEIf your ISP uses PPPoE, you must enter the PPPoE information into your F

User Guide 49Changing Your Network SettingsService NameUse this field to add a service name. The Firebox X Edge only starts with access concentrators

Changing Your Network Settings50 Firebox X Edge e-SeriesConfiguring the Trusted NetworkYou must configure your trusted network manually if you do not

User Guide 51Changing Your Network Settings4 If necessary, type the new subnet mask.Using DHCP on the trusted networkThe DHCP Server option sets the F

Changing Your Network Settings52 Firebox X Edge e-Series2 Click the DHCP Reservations button.The DHCP Address Reservations page appears.3 Type a stati

User Guide 53Changing Your Network SettingsUsing static IP addresses for trusted computersYou can use static IP addresses for some or all of the compu

User Guide viiContentsCHAPTER 1 Introduction to Network Security ...1Network Security ...

Changing Your Network Settings54 Firebox X Edge e-SeriesEnabling the optional network1 To connect to the System Status page, type https:// in the brow

User Guide 55Changing Your Network Settings2 From the navigation bar, select Network > Optional.The Optional Network Configuration page appears.3 I

Changing Your Network Settings56 Firebox X Edge e-SeriesSetting optional network DHCP address reservationsYou can manually assign an IP address to a s

User Guide 57Changing Your Network Settings NoteIf the Firebox X Edge cannot connect to the DHCP server in 30 seconds, it uses its DHCP server to giv

Changing Your Network Settings58 Firebox X Edge e-Series2 From the navigation bar, select Network > Routes.The Routes page appears.3 Click Add.The

User Guide 59Changing Your Network Settings NoteWatchGuard is not affiliated with DynDNS.com.Create a DynDNS.org accountTo set up your account, go to

Changing Your Network Settings60 Firebox X Edge e-SeriesOne or more options can be chained together with the ampersand character like this: &mx=ba

User Guide 61Changing Your Network SettingsUsing the WAN Failover Setup Wizard1 From the navigation bar, select Wizards.2 Adjacent to Configure the au

Changing Your Network Settings62 Firebox X Edge e-Series2 If you have a static IP address, select Manual Configuration.3 If your IP address is assigne

User Guide 63Changing Your Network SettingsConfiguring BIDSTelstra customers in Australia must use client software to connect to the BigPond network.

viii WatchGuard Firebox X Edge e-SeriesStatic addresses, DHCP, and PPPoE ...10TCP/IP properties ...

Changing Your Network Settings64 Firebox X Edge e-Series

User Guide 65Firebox X Edge e-Series Wireless SetupCHAPTER 6 Firebox X Edge e-Series Wireless SetupWireless networks use RF (radio frequency) signals

Firebox X Edge e-Series Wireless Setup66 Firebox X Edge e-SeriesUse this computer to configure the wireless network.See “Connecting the Edge to more t

User Guide 67Firebox X Edge e-Series Wireless SetupConfiguring Basic Wireless SettingsIf you do not use the Wireless Network Wizard, or if you want to

Firebox X Edge e-Series Wireless Setup68 Firebox X Edge e-Seriesenabled by default. If the wireless client has its wireless network card set with a st

User Guide 69Firebox X Edge e-Series Wireless SetupSetting the wireless modeMost wireless cards can operate only in 802.11b (up to 11 MB/second) or 80

Firebox X Edge e-Series Wireless Setup70 Firebox X Edge e-SeriesTo protect privacy, you can use these features together with other LAN security mechan

User Guide 71Firebox X Edge e-Series Wireless SetupOpen system and shared key authenticationEncryption options for open system and shared key authenti

Firebox X Edge e-Series Wireless Setup72 Firebox X Edge e-Series2 From the navigation bar, select Network > Wireless (802.11g) and click the Allowe

User Guide 73Firebox X Edge e-Series Wireless Setup• The guest user account is enabled. You can make users authenticate with a password, or without a

User Guide ixEnable remote management with WFS v7.3 or earlier ...40Updating the Firebox X Edge Software ...

Firebox X Edge e-Series Wireless Setup74 Firebox X Edge e-SeriesGuests can access VPNSelect this check box to allow guest users to access VPN tunnels

User Guide 75Firebox X Edge e-Series Wireless SetupThe Firebox X Edge e-Series Wireless is configured to protect the wired and wireless computers that

Firebox X Edge e-Series Wireless Setup76 Firebox X Edge e-Series

User Guide 77Configuring Firewall SettingsCHAPTER 7 Configuring Firewall SettingsThe Firebox® X Edge e-Series uses services and other firewall options

Configuring Firewall Settings78 Firebox X Edge e-SeriesIncoming and outgoing trafficTraffic that comes from the external network is incoming traffic.

User Guide 79Configuring Firewall SettingsConfiguring common services for incoming trafficThe Firebox X Edge e-Series includes standard services known

Configuring Firewall Settings80 Firebox X Edge e-SeriesAbout custom services for incoming trafficA custom service for incoming traffic is necessary if

User Guide 81Configuring Firewall Settings 4 Below Custom Services, click Add Service.The Custom Service page appears.5 In the Service Name text box,

Configuring Firewall Settings82 Firebox X Edge e-SeriesFilter incoming traffic for a custom serviceThese steps restrict incoming traffic for a service

User Guide 83Configuring Firewall Settings6 In the adjacent text boxes, type the host or network IP address, or type the range of IP addresses that id