Watchguard Firebox SOHO 6 Guia do Utilizador

WatchGuard®Firebox® SOHO 6User GuideSOHO 6 - firmware version 6.3

x WatchGuard Firebox SOHO 6 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "

Chapter 7: Configure Logging78 WatchGuard Firebox SOHO 6NOTESyslog traffic is not encrypted. Syslog messages that are sent through the Internet decrea

User Guide 79Setting the System Time3 Select a time zone from the drop-down list.4 Select the Adjust for daylight savings time checkbox.5 Click Submit

Chapter 7: Configure Logging80 WatchGuard Firebox SOHO 6

User Guide 81CHAPTER 8 SOHO 6 WebBlockerWebBlocker is an option for the SOHO 6 that allows the system administrator to control which Web sites the u

Chapter 8: SOHO 6 WebBlocker82 WatchGuard Firebox SOHO 6Web site not in the WebBlocker databaseIf the Web site is not in the WatchGuard WebBlocker dat

User Guide 83Purchasing and Activating the SOHO 6 WebBlockerPurchasing and Activating the SOHO 6 WebBlockerTo use WatchGuard SOHO 6 WebBlocker, you mu

Chapter 8: SOHO 6 WebBlocker84 WatchGuard Firebox SOHO 63 Select the Enable WebBlocker checkbox.4 Type a passphrase in the Full Access Password field.

User Guide 85Configuring the SOHO 6 WebBlocker3 Click New to create a group name and profile.

Chapter 8: SOHO 6 WebBlocker86 WatchGuard Firebox SOHO 64Define a Group Name and select the types of content to filter for this group.5 Click Submit.A

User Guide 87WebBlocker Categories8Use the Group drop-down list to assign the new user to a given group.9 Click Submit.NOTETo remove a user or group,

User Guide xi 2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the

Chapter 8: SOHO 6 WebBlocker88 WatchGuard Firebox SOHO 6online sports, or financial betting, including non-monetary dares. Militant/extremistPictures

User Guide 89WebBlocker CategoriesGross DepictionsPictures or text describing anyone or anything that is either crudely vulgar, grossly deficient in c

Chapter 8: SOHO 6 WebBlocker90 WatchGuard Firebox SOHO 6Sexual ActsPictures or text exposing anyone or anything involved in explicit sexual acts and/o

User Guide 91CHAPTER 9 VPN—Virtual Private NetworkingThis chapter explains how to use the Branch Office VPN upgrade option for the SOHO 6.Why Create

Chapter 9: VPN—Virtual Private Networking92 WatchGuard Firebox SOHO 6NOTEIPSec-compatible appliances include the Firebox SOHO 6, the Firebox II/III, a

User Guide 93What You NeedIP Address Table (example):Item DescriptionAssigned ByExternal IP AddressThe IP address that identifies the IPSec-compatible

Chapter 9: VPN—Virtual Private Networking94 WatchGuard Firebox SOHO 6Enabling the VPN upgradeTo activate an upgrade option, you must enter a license k

User Guide 95Setting Up Multiple SOHO 6 to SOHO 6 VPN TunnelsSetting Up Multiple SOHO 6 to SOHO 6VPN TunnelsAn administrator of a SOHO 6 can configure

Chapter 9: VPN—Virtual Private Networking96 WatchGuard Firebox SOHO 64 Type the Name and Shared Secret for the VPN tunnel.The shared secret is a passp

User Guide 97Setting Up Multiple SOHO 6 to SOHO 6 VPN Tunnelsexternal IP address is dynamic, select Aggressive Mode. If the external IP address is sta

xii WatchGuard Firebox SOHO 65. Products derived from this software may not be called "mod_ssl" nor may "mod_ssl" appear in their

Chapter 9: VPN—Virtual Private Networking98 WatchGuard Firebox SOHO 6intervals to maintain the connection. If the tunnel connection closes, the SOHO 6

User Guide 99Creating a VPN Tunnel to a SOHO 6 with an IPSec-Compliant ApplianceCreating a VPN Tunnel to a SOHO 6 with an IPSec-Compliant ApplianceIns

Chapter 9: VPN—Virtual Private Networking100 WatchGuard Firebox SOHO 6Configuring Split TunnelingThe split tunneling feature allows the system adminis

User Guide 101Viewing the VPN Statisticsallows users on the trusted network to access the networks connected by VPN tunnels to the local SOHO 6. If yo

Chapter 9: VPN—Virtual Private Networking102 WatchGuard Firebox SOHO 6How do I get a static external IP address?The external IP address for your compu

User Guide 103Frequently Asked QuestionsHow do I obtain a VPN upgrade license key?You can purchase a license key for an upgrade from the WatchGuard We

Chapter 9: VPN—Virtual Private Networking104 WatchGuard Firebox SOHO 6

User Guide 105CHAPTER 10 MUVPN ClientsThe MUVPN client is a software application that is installed on a remote computer. This application makes a se

Chapter 10: MUVPN Clients106 WatchGuard Firebox SOHO 6provides additional security for the remote users of your network by acting as a software firewa

User Guide 107Configuring the SOHO 6 for MUVPN Clients4 Type a user name and a shared key in the applicable fields.The user name is used as the e-mail

User Guide xiiiTHIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRA

Chapter 10: MUVPN Clients108 WatchGuard Firebox SOHO 6Preparing the Remote Computers to Use the MUVPN ClientThe MUVPN client is only compatible with W

User Guide 109Preparing the Remote Computers to Use the MUVPN ClientNOTEYou cannot use the MUVPN virtual adapter. Make sure this is disabled.Windows 9

Chapter 10: MUVPN Clients110 WatchGuard Firebox SOHO 68 Click OK to close the Network window.Click Cancel if you do not want to save the changes.9 Reb

User Guide 111Preparing the Remote Computers to Use the MUVPN Client3 Click the Windows Setup tab.The Windows Setup dialog box appears. The operating

Chapter 10: MUVPN Clients112 WatchGuard Firebox SOHO 6NOTEThe DNS server on the private network behind the SOHO 6 must be the first server in the list

User Guide 113Preparing the Remote Computers to Use the MUVPN Client2 Double-click the Network icon.The Network window appears.3 Click the Services ta

Chapter 10: MUVPN Clients114 WatchGuard Firebox SOHO 63 Click the Protocols tab and then select the TCP/IP protocol.4 Click Properties.The Microsoft T

User Guide 115Preparing the Remote Computers to Use the MUVPN Client - File and Printer Sharing for Microsoft Networks - Client for Microsoft Networks

Chapter 10: MUVPN Clients116 WatchGuard Firebox SOHO 6Configuring the WINS and DNS settingsThe remote computer must be able to communicate with the WI

User Guide 117Preparing the Remote Computers to Use the MUVPN Client9 Click OK to close the Advanced TCP/IP Settings window, click OK to close the Int

xiv WatchGuard Firebox SOHO 6Abbreviations Used in this Guide3DES Triple Data Encryption StandardDES Data Encryption StandardDNS Domain Name ServiceDH

Chapter 10: MUVPN Clients118 WatchGuard Firebox SOHO 63 Select the Internet Protocol (TCP/IP) network protocol and then click OK.Installing the File a

User Guide 119Preparing the Remote Computers to Use the MUVPN Client3 Click Advanced.The Advanced TCP/IP Settings window appears.4 Click the DNS tab a

Chapter 10: MUVPN Clients120 WatchGuard Firebox SOHO 6Installing and Configuring the MUVPN ClientThe MUVPN installation files are available at the Wat

User Guide 121Installing and Configuring the MUVPN Client8 Do not change the default selections. Click Next.The Start Copying Files window appears.9 C

Chapter 10: MUVPN Clients122 WatchGuard Firebox SOHO 62 Double-click the MUVPN client icon.The Security Policy Editor window appears.NOTEThe ZoneAlarm

User Guide 123Installing and Configuring the MUVPN Client8 When you set the Subnet and Mask addresses, you define whether or not an MUVPN user can acc

Chapter 10: MUVPN Clients124 WatchGuard Firebox SOHO 6Defining the My Identity settingsTo define the My Identity settings, follow these steps.1Expand

User Guide 125Installing and Configuring the MUVPN Client 6 Select Options => Global Policy Settings.The Global Policy Settings window appears.7 Se

Chapter 10: MUVPN Clients126 WatchGuard Firebox SOHO 6 8 Select None from the Select Certificate drop-down list.9 Select E-mail Address from the ID Ty

User Guide 127Installing and Configuring the MUVPN Client 15 Type the exact text of the MUVPN client passphrase entered on the SOHO 6 and then click O

User Guide xvContentsCHAPTER 1 Introduction ...1Package Contents ...

Chapter 10: MUVPN Clients128 WatchGuard Firebox SOHO 64 Select Pre-Shared Key from the Authentication Method drop-down list.NOTEPhase 1 values must be

User Guide 129Installing and Configuring the MUVPN Client 10 Select Both from the SA Life drop-down list.11 Type 86400 in the Seconds field and 8192 i

Chapter 10: MUVPN Clients130 WatchGuard Firebox SOHO 6Uninstalling the MUVPN clientFollow these directions to uninstall the MUVPN client. WatchGuard r

User Guide 131Configuring the SOHO 6 for MUVPN Clients Using Pocket PCNOTEThe ZoneAlarm personal firewall settings are stored in the following directo

Chapter 10: MUVPN Clients132 WatchGuard Firebox SOHO 65 Type the virtual IP address in the applicable field.The virual IP address is the same as the I

User Guide 133Connecting and Disconnecting the MUVPN Client2 If the MUVPN client is not active, right-click the icon and select Activate Security Poli

Chapter 10: MUVPN Clients134 WatchGuard Firebox SOHO 6The MUVPN client is ready to establish a secure, MUVPN tunnel connection. The red bar on the rig

User Guide 135Connecting and Disconnecting the MUVPN ClientActivated and ConnectedThe MUVPN client has established at least one secure, MUVPN tunnel c

Chapter 10: MUVPN Clients136 WatchGuard Firebox SOHO 6Allowing the MUVPN client through the personal firewallThe following programs are associated wit

User Guide 137Connecting and Disconnecting the MUVPN ClientFrom the New Program alert window:1 Select the Remember this answer the next time I use thi

xvi WatchGuard Firebox SOHO 6Examining and recording the current TCP/IP settings...12Dis

Chapter 10: MUVPN Clients138 WatchGuard Firebox SOHO 6Monitoring the MUVPN Client ConnectionThe Log Viewer and the Connection Monitor are installed wi

User Guide 139The ZoneAlarm Personal Firewall - when a phase 2 SA connection has not yet been made - when a phase 2 SA connection cannot be made• A ke

Chapter 10: MUVPN Clients140 WatchGuard Firebox SOHO 6This alert appears whenever one of your programs attempts to access the Internet or your local n

User Guide 141The ZoneAlarm Personal FirewallIn the example above, the Internet Explorer Web browser application has been launched. The application at

Chapter 10: MUVPN Clients142 WatchGuard Firebox SOHO 6Shutting down ZoneAlarmFrom the Windows desktop system tray:1 Right-click the ZoneAlarm icon sho

User Guide 143Troubleshooting Tips3 Click Yes.The Select Uninstall Method window appears.4Make sure Automatic is selected and then click Next.5 Click

Chapter 10: MUVPN Clients144 WatchGuard Firebox SOHO 6When the MUVPN client is not in use, both ZoneAlarm and the MUVPN client should be deactivated.F

User Guide 145Troubleshooting Tipstransmission of the login information. Make sure you deactivate ZoneAlarm each time you disconnect the MUVPN connect

Chapter 10: MUVPN Clients146 WatchGuard Firebox SOHO 6The mapped drive appears in the My Computer window. Even if you select the Reconnect at Logon ch

User Guide 147CHAPTER 11 Using VPNforceThe VPNforcetm upgrade activates the SOHO 6 optional interface. The optional interface is labeled OPT on the

User Guide xviiConfiguring additional computers on the trusted network...38Configuring the tr

Chapter 11: Using VPNforce148 WatchGuard Firebox SOHO 6NOTETo use this upgrade option, you must access your corporate network through a VPN tunnel fro

User Guide 149Using VPNforce to Connect to your Corporate Network3 Select the Enable Optional Network checkbox.4 Type the IP address and the subnet ma

Chapter 11: Using VPNforce150 WatchGuard Firebox SOHO 68 To configure the DHCP relay server, select the Enable DHCP Relay checkbox.9 Type the IP addre

User Guide 151Using VPNforce and the MUVPN Client Upgrades to Enforce Your CorporateUsing VPNforce and the MUVPN Client Upgrades to Enforce Your Corpo

Chapter 11: Using VPNforce152 WatchGuard Firebox SOHO 63 Click the Add button.The Edit MUVPN Client page appears.4 Type a user name and a passphrase i

User Guide 153Using VPNforce and the MUVPN Client Upgrades to Enforce Your Corporate5 Type an unused IP address from the trusted network, which will b

Chapter 11: Using VPNforce154 WatchGuard Firebox SOHO 63 Type a unique name for the new connection.If this will be a unique policy for a specific user

User Guide 155Using VPNforce and the MUVPN Client Upgrades to Enforce Your Corporate10 Select IP Address from the ID Type drop list and then type the

Chapter 11: Using VPNforce156 WatchGuard Firebox SOHO 62 Select My Identity.The My Identity and Internet Interface settings appear to the right. 3 Sel

User Guide 157Using VPNforce and the MUVPN Client Upgrades to Enforce Your Corporate4 Select the Allow to Specify Internal Network Address checkbox an

xviii WatchGuard Firebox SOHO 6Denying FTP access to the trusted network interface...68SOCKS i

Chapter 11: Using VPNforce158 WatchGuard Firebox SOHO 6 12 Type the exact text of the MUVPN client passphrase entered on the Firebox SOHO 6 appliance

User Guide 159Using VPNforce and the MUVPN Client Upgrades to Enforce Your Corporate4 Select Pre-Shared Key from the Authentication Method drop list.N

Chapter 11: Using VPNforce160 WatchGuard Firebox SOHO 6 10 Select Both from the SA Life drop list and then type 86400 in the Seconds field and 8192 in

User Guide 161Using the MUVPN client to Secure a Wireless NetworkUsing the MUVPN client to Secure a Wireless NetworkThe VPNforce upgrade and the MUVPN

Chapter 11: Using VPNforce162 WatchGuard Firebox SOHO 6

User Guide 163CHAPTER 12 Support ResourcesTroubleshooting TipsIf you have problems during the installation and the configuration of your SOHO 6, ref

Chapter 12: Support Resources164 WatchGuard Firebox SOHO 6If the Mode light is blinks:The SOHO 6 cannot connect to the external network. Possible caus

User Guide 165Troubleshooting TipsI can't get a certain SOHO 6 feature to work with a DSL modem.Some DSL routers implement NAT firewalls. An exte

Chapter 12: Support Resources166 WatchGuard Firebox SOHO 6I can connect to the System Status page; why can’t I browse the Internet?If you can access t

User Guide 167Troubleshooting Tips2 Type the IP address of the trusted network in your browser window to connect to the System Status page of the SOHO

User Guide xixCreating a VPN Tunnel to a SOHO 6 with an IPSec-Compliant Appliance ...99Special considerations ...

Chapter 12: Support Resources168 WatchGuard Firebox SOHO 66 Click Submit.How do I set up and disable WebBlocker?1 Type the IP address of the trusted n

User Guide 169Troubleshooting TipsHow do I allow incoming IP, or uncommon TCP and UDP protocols?Record the IP address of the computer that is to recei

Chapter 12: Support Resources170 WatchGuard Firebox SOHO 6SOHO 6 configuration file. These steps apply to using a command prompt with Windows 2000 or

User Guide 171Troubleshooting TipsMake sure that the two appliances use the same encryption and authentication method.How do I set up my SOHO 6 for VP

Chapter 12: Support Resources172 WatchGuard Firebox SOHO 6Contacting Technical SupportOnline documentation and FAQsDocumentation in PDF format, tutori

User Guide 173Index100 indicator 8AAdd Gateway page 95, 100Add MUVPN Client page 106Add Route page 40Automatically restore lost connections checkbox35

174 WatchGuard Firebox SOHO 6 FFAQs 172File and Printer Sharing for Microsoft Networksand Windows XP118File and Printer Sharing for Microsoft Networks

User Guide 175MMAC address of SOHO 6 166MAC address override 70Macintosh operating system 165Manual VPN page 95, 100Mode indicator 8MODE light 163MUVP

176 WatchGuard Firebox SOHO 6 Optional Network Configuration148Routes 40, 46SOHO 6 Administration 49Syslog Logging 77System Security 49, 50System Stat

User Guide 177configuring access to 49configuring for dynamic addresses32configuring for PPPoE 34configuring for static addressing32configuring VPN tu

ii WatchGuard Firebox SOHO 6Certifications and NoticesFCC CertificationThis appliance has been tested and found to comply with limits for a Class A di

xx WatchGuard Firebox SOHO 6Connecting and Disconnecting the MUVPN Client ...132Connecting the MUVPN client ...132The MUVP

178 WatchGuard Firebox SOHO 6 purchasing 171setting up access to 53–54setting up SOHO 6 for 171VPN Manager Accessviewing status of24VPN Manager Access

User Guide xxiCHAPTER 11 Using VPNforce ...147Using VPNforce to Connect to your Corporate Network ...

xxii WatchGuard Firebox SOHO 6

User Guide 1CHAPTER 1 IntroductionThe purpose of this guide is to help users of the WatchGuard® Firebox® SOHO 6 and Firebox® SOHO 6tc set up and con

Chapter 1: Introduction2 WatchGuard Firebox SOHO 6In this guide, the name SOHO 6 refers to both the SOHO 6 as well as the SOHO 6tc. The only differenc

User Guide 3Package ContentsPackage ContentsMake sure that the package contains all of these items:• SOHO 6 QuickStart Guide•User Guide• LiveSecurity

Chapter 1: Introduction4 WatchGuard Firebox SOHO 6The SOHO 6 controls all traffic between the external network (the Internet) and the trusted network

User Guide 5How Information Travels on the Internetand reassembles the data; for example, data that may consist of an email message or a program file.

Chapter 1: Introduction6 WatchGuard Firebox SOHO 6How the SOHO 6 Processes InformationServicesA service is the group of protocols and port numbers for

User Guide 7SOHO 6 Hardware DescriptionFaster ProcessorThe SOHO 6 has a new network processor that runs at a speed of 150 MHz. Ethernet and encryption

User Guide iiiVCCI Notice Class A ITE

Chapter 1: Introduction8 WatchGuard Firebox SOHO 6100The 100 indicator is lit when a port is in use at 100 Mb. The 100 indicator is not lit when a por

User Guide 9SOHO 6 Hardware DescriptionRESET buttonPush the reset button to reset the SOHO 6 to the factory default configuration. See “Resetting the

Chapter 1: Introduction10 WatchGuard Firebox SOHO 6

User Guide 11CHAPTER 2 InstallationThe SOHO 6 protects computers that are connected to it by Ethernet cable. Follow the procedures in this chapter t

Chapter 2: Installation12 WatchGuard Firebox SOHO 6Before you BeginBefore you install the SOHO 6, you must have the following:• A computer with a 10/1

User Guide 13Before you BeginMicrosoft Windows 2000 and Windows XP1 Select Start => Programs => Accessories => Command Prompt.2 At the prompt

Chapter 2: Installation14 WatchGuard Firebox SOHO 62 Record the TCP/IP settings in the table provided.3 Exit the TCP/IP configuration screen.NOTEIf yo

User Guide 15Before you BeginThe following instructions show how to disable the HTTP proxy setting in three browser applications. If a different brows

Chapter 2: Installation16 WatchGuard Firebox SOHO 6Internet Explorer 5.0, 5.5, and 6.01 Open Internet Explorer.2 Select Tools => Internet Options.

User Guide 17Before you Begin4 Click Properties.The network connection properties dialog box appears.5 Double-click the Internet Protocol (TCP/IP) com

iv WatchGuard Firebox SOHO 6Declaration of Conformity

Chapter 2: Installation18 WatchGuard Firebox SOHO 66 Select the Obtain an IP address automatically and the Obtain DNS server address automatically che

User Guide 19Physically Connecting to the SOHO 6Cabling the SOHO 6 for one to four appliancesA maximum of four computers, printers, scanners, or other

Chapter 2: Installation20 WatchGuard Firebox SOHO 65 If you connect to the Internet through a DSL modem or cable modem, reconnect the power supply to

User Guide 21Physically Connecting to the SOHO 6The base model SOHO 6 includes a ten-seat license. This license allows a maximum of ten appliances on

Chapter 2: Installation22 WatchGuard Firebox SOHO 64 Connect an Ethernet cable between each of the computers and an uplink port on the Ethernet hub.5

User Guide 23CHAPTER 3 SOHO 6 BasicsThe configuration of the SOHO 6 is made through Web pages contained in the software of the SOHO 6. You can conne

Chapter 3: SOHO 6 Basics24 WatchGuard Firebox SOHO 6The System Status page is the main configuration page of the SOHO 6. A display of information abou

User Guide 25Factory Default Settings• The status of the upgrade options• Configuration information for the trusted network and the external network•

Chapter 3: SOHO 6 Basics26 WatchGuard Firebox SOHO 6System SecurityThe System Security is disabled. The system administrator name and system administr

User Guide 27Registering Your SOHO 6 and Activating the LiveSecurity Service6 Connect the power supply.The PWR indicator is on and the reset is comple

User Guide vWATCHGUARD SOHO SOFTWARE END-USER LICENSE AGREEMENTWATCHGUARD SOHO SOFTWAREEND-USER LICENSE AGREEMENTIMPORTANT - READ CAREFULLY BEFORE ACC

Chapter 3: SOHO 6 Basics28 WatchGuard Firebox SOHO 6NOTETo activate the LiveSecurity Service, your browser must have JavaScript enabled.If you have a

User Guide 29Rebootting the SOHO 62 Click Reboot.OR1 Disconnect and reconnect the power supply.To reboot a SOHO 6 located on a remote system, use one

Chapter 3: SOHO 6 Basics30 WatchGuard Firebox SOHO 6

User Guide 31CHAPTER 4 Configure the Network InterfacesExternal Network ConfigurationWhen you configure the external network, you select the method

Chapter 4: Configure the Network Interfaces32 WatchGuard Firebox SOHO 6• If the assignment is static, all computers on the network have a permanently

User Guide 33External Network Configurationconfiguration causes the ISP to communicate with the SOHO 6 and not your computer.1 Type the IP address of

Chapter 4: Configure the Network Interfaces34 WatchGuard Firebox SOHO 6Configuring the SOHO 6 external network for PPPoEIf your ISP assigns IP address

User Guide 35External Network Configuration5 Type the PPPoE login name and domain as well as the PPPoE password supplied by your ISP in the applicable

Chapter 4: Configure the Network Interfaces36 WatchGuard Firebox SOHO 6To set the external network link speed:1 Type the IP address of the trusted net

User Guide 37Configuring the Trusted Network3 Type the IP address and the subnet mask in the applicable fields.4 Select the Enable DHCP Server on the

vi WatchGuard Firebox SOHO 6If you are accessing the SOFTWARE PRODUCT via a Web based installer program, you are granted the following additional righ

Chapter 4: Configure the Network Interfaces38 WatchGuard Firebox SOHO 610 Reboot the SOHO 6.The SOHO 6 will send all DHCP requests to the specified, r

User Guide 39Configuring Static RoutesConfiguring the trusted network with static addressesTo disable the SOHO 6 DHCP server and make static address a

Chapter 4: Configure the Network Interfaces40 WatchGuard Firebox SOHO 62 From the navigation bar at left, selectNetwork => Routes.The Routes page o

User Guide 41Viewing Network Statistics6 Click Submit.To remove a route, select the route and click Remove.Viewing Network StatisticsThe Network Stati

Chapter 4: Configure the Network Interfaces42 WatchGuard Firebox SOHO 6Configuring the Dynamic DNS ServiceThis feature allows you to register the exte

User Guide 43Configuring the OPT Port UpgradesNOTEThe SOHO 6 receives the IP address of members.dyndns.org when it connects to the time server.5 Click

Chapter 4: Configure the Network Interfaces44 WatchGuard Firebox SOHO 6The SOHO 6 uses two methods to determine if the external interface connection i

User Guide 45Configuring the OPT Port UpgradesAfter you upgrade the SOHO 6 to activate this upgrade option, follow these instructions to complete the

Chapter 4: Configure the Network Interfaces46 WatchGuard Firebox SOHO 68 Click Submit.Configuring the VPNforce™ PortThe VPNforce Port upgrade activate

User Guide 47Configuring the OPT Port Upgrades3 To enable VPNforce, select the Enable Optional Network checkbox.4 Type the IP address, DHCP Server, an

User Guide vii election.Disclaimer and Release. THE WARRANTIES, OBLIGATIONS AND LIABILITIES OF WATCHGUARD, AND YOUR REMEDIES, SET FORTH IN PARAGRAPH

Chapter 4: Configure the Network Interfaces48 WatchGuard Firebox SOHO 67 Click Submit.

User Guide 49CHAPTER 5 Administrative OptionsUse the SOHO 6 Administration page to configure access to the SOHO 6. The System Security, SOHO 6 Remot

Chapter 5: Administrative Options50 WatchGuard Firebox SOHO 6System securityA passphrase prevents access to the configuration of the SOHO 6 by an unau

User Guide 51The System Security Page3Verify that the HTTP Server Port is set to 80.4 Select the Enable System Security checkbox.5 Type a system admin

Chapter 5: Administrative Options52 WatchGuard Firebox SOHO 6Here is an example of how the Remote Management feature can be used. First, the remote co

User Guide 53Setting up VPN Manager Access9 After you have installed and configured the MUVPN client, connect to the Internet using Dial-Up Networking

Chapter 5: Administrative Options54 WatchGuard Firebox SOHO 62 From the navigation bar at left, selectAdministration => VPN Manager Access.The VPN

User Guide 55Updating the FirmwareUpdating the Firmware Check regularly for SOHO 6 firmware updates on the WatchGuard Web site:http://www.watchguard.c

Chapter 5: Administrative Options56 WatchGuard Firebox SOHO 64 Type the location of the firmware files on your computer or click Browse and locate the

User Guide 57Activating the SOHO 6 Upgrade Options7 From the navigation bar at left, selectAdministration => Upgrade.The Upgrade page opens.8 Paste

viii WatchGuard Firebox SOHO 6Restricted Rights. Use, duplication or disclosure by the U.S Government or any agency or instrumentality thereof is sub

Chapter 5: Administrative Options58 WatchGuard Firebox SOHO 6firewall to include a telecommuter or a network in a remote office.IPSec Virtual Private

User Guide 59Viewing the Configuration File2 From the navigation bar at left, selectAdministration => View Configuration File.The View Configuratio

Chapter 5: Administrative Options60 WatchGuard Firebox SOHO 6

User Guide 61CHAPTER 6 Configure the Firewall SettingsFirewall SettingsThe configuration settings of the SOHO 6 control the flow of traffic between

Chapter 6: Configure the Firewall Settings62 WatchGuard Firebox SOHO 6Configuring Incoming and Outgoing ServicesThe default configuration of the SOHO

User Guide 63Configuring Incoming and Outgoing Services3 Locate a pre-configured service, such as FTP, Web, or Telnet. Then select either Allow or Den

Chapter 6: Configure the Firewall Settings64 WatchGuard Firebox SOHO 6Follow these steps to configure a custom service:1 Type the IP address of the tr

User Guide 65Blocking External SitesNOTEFor a TCP port or a UDP port, specify a port number. For a protocol, specify a protocol number. You cannot spe

Chapter 6: Configure the Firewall Settings66 WatchGuard Firebox SOHO 6You can change the configuration to prevent access to specified Internet sites.

User Guide 67Firewall OptionsFirewall OptionsThe previous sections described how to allow or deny complete classes of services. The Firewall Options p

User Guide ixtransmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard

Chapter 6: Configure the Firewall Settings68 WatchGuard Firebox SOHO 62 Click Submit.Denying FTP access to the trusted network interfaceYou can config

User Guide 69Firewall OptionsNOTEWhen a computer in the trusted network uses a SOCKS-compatible application, other users on the trusted network have f

Chapter 6: Configure the Firewall Settings70 WatchGuard Firebox SOHO 6When the SOCKS-compatible application is not in use:1 Select the Disable SOCKS p

User Guide 71Creating an Unrestricted Pass ThroughFollow these steps to enable this option:1 Select the Enable override MAC address for the External N

Chapter 6: Configure the Firewall Settings72 WatchGuard Firebox SOHO 63 Select the Enable pass through address checkbox.4 Type the IP address of the c

User Guide 73CHAPTER 7 Configure LoggingThe SOHO 6 logging feature records a log of the events related to the security of the trusted, external, and

Chapter 7: Configure Logging74 WatchGuard Firebox SOHO 6Viewing SOHO 6 Log MessagesThe SOHO 6 event log records a maximum of 150 log messages. If a ne

User Guide 75Setting up Logging to a WatchGuard Security Event Processor Log HostThis option synchronizes the clock of the SOHO 6 to your computer:• C

Chapter 7: Configure Logging76 WatchGuard Firebox SOHO 63 Select the Enable WatchGuard Security Event Processor Logging checkbox.4 Type the IP address

User Guide 77Setting up Logging to a Syslog HostSetting up Logging to a Syslog HostThis option sends the SOHO 6 log entries to a Syslog host.Follow th