Watchguard Wireless Router Betriebsanweisung

WatchGuard® Firebox® X Edge User GuideFirebox X Edge - Firmware Version 7.2 All Firebox X Edge Standard and Wireless Models

x WatchGuard Firebox X EdgeConfiguring Incoming Services ...89Configuring common services for incoming tr

Firebox X Edge Wireless Setup86 WatchGuard Firebox X Edge

User Guide 87CHAPTER 6 Configuring Firewall SettingsThe Firebox® X Edge uses services and other firewall options to control the traffic between the tr

Configuring Firewall Settings88 WatchGuard Firebox X EdgeIncoming and outgoing trafficTraffic that does not start in your trusted or optional network

Configuring Incoming ServicesUser Guide 89the trusted network. This section also has examples of how to use the optional network.Other sections show h

Configuring Firewall Settings90 WatchGuard Firebox X EdgeConfiguring common services for incoming trafficThe Firebox X Edge includes standard service

Configuring Incoming ServicesUser Guide 91drop-down list adjacent to the service name, select Allow or Deny.In its default configuration, the Firebox

Configuring Firewall Settings92 WatchGuard Firebox X EdgeWelcomeThe first screen tells you about the wizard and the information you must have to comp

Configuring Incoming ServicesUser Guide 935 In the Service Name text box, type the name for your service.6 From the Protocol drop-down list, click TCP

Configuring Firewall Settings94 WatchGuard Firebox X Edge8 Click Add.Repeat the last three steps until you have a list of all the ports and protocols

Configuring Outgoing ServicesUser Guide 95Configuring Outgoing ServicesYou control traffic that starts in the trusted or optional network and goes to

User Guide xiManaged VPN: With a Firebox III or Firebox X and WatchGuard System Manager 8.0 ...131S

Configuring Firewall Settings96 WatchGuard Firebox X Edge2 From the navigation bar, select Firewall > Outgoing.The Filter Outgoing Traffic page ap

Configuring Outgoing ServicesUser Guide 97• To allow only specified traffic from the trusted and optional network to get to the external network: - Se

Configuring Firewall Settings98 WatchGuard Firebox X EdgeProtocols and PortsSet the protocol and ports to assign to this traffic rule.Traffic Directi

Configuring Outgoing ServicesUser Guide 995 In the Service Name text box, type the name for your service.6 From the Protocol drop-down list, click TCP

Configuring Firewall Settings100 WatchGuard Firebox X Edge9 Repeat the last three steps until you have a list of all the ports and protocols that thi

Services for the Optional NetworkUser Guide 1018 Click Add. The To box shows the IP addresses you added.Repeat the last three steps until all of the a

Configuring Firewall Settings102 WatchGuard Firebox X EdgeControlling traffic from the trusted to optional networkYou can restrict the traffic that s

Services for the Optional NetworkUser Guide 103Disabling traffic filtersTo allow traffic to flow from the optional network to the trusted network, you

Configuring Firewall Settings104 WatchGuard Firebox X EdgeBlocking External SitesThe Blocked Sites feature helps prevent traffic from hostile sites f

Configuring Firewall OptionsUser Guide 105Configuring Firewall OptionsYou can use the Firewall Options page to configure rules that increase your netw

xii WatchGuard Firebox X EdgeAllowing traffic through ZoneAlarm ...174Shutting down ZoneAlarm ...

Configuring Firewall Settings106 WatchGuard Firebox X EdgeDenying FTP access to the trusted network interfaceYou can configure the Firebox X Edge to

Configuring Firewall OptionsUser Guide 107Configuring your SOCKS applicationConfigure the software using SOCKS on trusted network computers to connect

Configuring Firewall Settings108 WatchGuard Firebox X EdgeLogging all allowed outgoing trafficIf you use the standard property settings, the Firebox

Configuring Firewall OptionsUser Guide 109To change the MAC address of the external interface:1 Select the Enable override MAC address for the Externa

Configuring Firewall Settings110 WatchGuard Firebox X Edge

User Guide 111CHAPTER 7 Configuring Logging and System TimeA log file is a list of all the events that occur on the Firebox® X Edge. An event is one a

Configuring Logging and System Time112 WatchGuard Firebox X EdgeCategoryThe type of message. For example, if the message came from an IP address or f

Logging to a Syslog HostUser Guide 1132 From the navigation bar, click Logging > WSEP Logging.The WatchGuard Security Event Processor Logging page

Configuring Logging and System Time114 WatchGuard Firebox X EdgeConfigure a Syslog host:1 To connect to the System Status page, type https:// in the

Setting the System TimeUser Guide 115Setting the System TimeFor each log message, the Firebox® X Edge records the time from its system clock. The Edge

User Guide xiiiSide panels ...211About IEEE 802.11g/b Wireless ...

Configuring Logging and System Time116 WatchGuard Firebox X Edge

User Guide 117CHAPTER 8 Configuring WebBlockerWebBlocker is an option for the Firebox X Edge that gives you control of the Web sites that are availabl

Configuring WebBlocker118 WatchGuard Firebox X EdgeConfiguring Global WebBlocker SettingsThe first WebBlocker page in the Firebox® X Edge Web pages i

Configuring Global WebBlocker SettingsUser Guide 119To configure WebBlocker:1 To connect to the System Status page, type https:// in the browser addre

Configuring WebBlocker120 WatchGuard Firebox X Edge7 To make users authenticate for WebBlocker, select Require Web users to authenticate.If you use o

Creating WebBlocker ProfilesUser Guide 121Creating WebBlocker ProfilesA WebBlocker profile is a set of restrictions you apply to groups of users on yo

Configuring WebBlocker122 WatchGuard Firebox X Edge4 In the Profile Name field, type a familiar name.You use this name to identify the profile during

WebBlocker CategoriesUser Guide 123Drug CulturePictures or text advocating the illegal use of drugs for entertainment. This category includes substanc

Configuring WebBlocker124 WatchGuard Firebox X Edgedevoted to conversations with partners about sexually transmitted diseases, pregnancy, and sexual

Allowing Certain Sites to Bypass WebBlockerUser Guide 125Allowing Certain Sites to Bypass WebBlockerWebBlocker can deny a Web site that is necessary f

xiv WatchGuard Firebox X Edge

Configuring WebBlocker126 WatchGuard Firebox X Edge4 Do step 3 again for other Web sites. When you have no more Web sites to add, click Submit.To rem

Allowing Internal Hosts to Bypass WebBlockerUser Guide 127Allowing Internal Hosts to Bypass WebBlockerYou can make a list of internal hosts that bypas

Configuring WebBlocker128 WatchGuard Firebox X Edge

User Guide 129CHAPTER 9 Configuring Virtual Private NetworksYou use a virtual private network (VPN) to create secure connections between computers or

Configuring Virtual Private Networks130 WatchGuard Firebox X EdgeThe last part of this chapter includes Frequently Asked Questions and information on

Managed VPN: With a Firebox III or Firebox X and WatchGuard System Manager 8.0User Guide 131your Edge to make more VPN tunnels, as described in “Enabl

Configuring Virtual Private Networks132 WatchGuard Firebox X Edgeuses DVCP to keep the VPN tunnel configuration. You use the name Managed VPN because

Managed VPN: With a Firebox III or Firebox X and WatchGuard System Manager 8.0User Guide 1333 Select the Enable VPN Manager Access check box.4 Type an

Configuring Virtual Private Networks134 WatchGuard Firebox X Edge10 Type the Shared Key.This is the shared key used to encrypt the connection between

Managed VPN: With a Firebox III or Firebox X and WatchGuard System Manager 7.3User Guide 1355 Click Submit.Managed VPN: With a Firebox III or Firebox

User Guide 1CHAPTER 1 Introduction to Network SecurityThank you for your purchase of the WatchGuard® Firebox® X Edge. This security device helps prote

Configuring Virtual Private Networks136 WatchGuard Firebox X EdgeGetting information about the DVCP ServerYou must get this information from the admi

Managed VPN: With a Firebox III or Firebox X and WatchGuard System Manager 7.3User Guide 137Setting up the Edge for Basic DVCPUse this procedure to ma

Configuring Virtual Private Networks138 WatchGuard Firebox X EdgeSetting up VPN Manager on an Edge with dynamic external IP addressIf the IP address

Managed VPN: With a Firebox III or Firebox X and WatchGuard System Manager 7.3User Guide 1397 From the navigation bar select VPN > Managed VPN.The

Configuring Virtual Private Networks140 WatchGuard Firebox X Edge3 Select the Enable VPN Manager Access check box.4 Type the status passphrase and ty

Manual VPN: Setting Up Manual VPN TunnelsUser Guide 141• You must know the shared key (passphrase) for the tunnel. The same shared key must be used by

Configuring Virtual Private Networks142 WatchGuard Firebox X EdgeSample VPN Address Information TableItem Description AssignExternal IP AddressThe IP

Manual VPN: Setting Up Manual VPN TunnelsUser Guide 143To create Manual VPN tunnels on your Firebox X Edge1 To connect to the System Status page, type

Configuring Virtual Private Networks144 WatchGuard Firebox X Edge1 authenticates the two sides and creates a key management security association to p

Manual VPN: Setting Up Manual VPN TunnelsUser Guide 145NOTE NOTEIf your Edge’s external interface has a private IP address instead of a public IP

Introduction to Network Security2 WatchGuard Firebox X EdgeAbout NetworksA network is a group of computers and other devices that are con-nected to e

Configuring Virtual Private Networks146 WatchGuard Firebox X Edgehave a public IP address. If that is not possible, use this section for more informa

Manual VPN: Setting Up Manual VPN TunnelsUser Guide 147name, and it must use this same public IP address as the domain name in its Phase 1 setup.Phase

Configuring Virtual Private Networks148 WatchGuard Firebox X Edge7 Click Submit.VPN Keep AliveTo keep the VPN tunnel open when there are no connectio

Viewing VPN StatisticsUser Guide 1492 From the navigation bar, select VPN > Keep Alive.The VPN Keep Alive page appears. 3 Type the IP address of an

Configuring Virtual Private Networks150 WatchGuard Firebox X Edgethe devices cannot be made unless the two devices know how to find each other. You c

Frequently Asked QuestionsUser Guide 151Is the Firebox X Edge compatible with WatchGuard System Manager?Yes. The default Firebox X Edge configuration

Configuring Virtual Private Networks152 WatchGuard Firebox X Edge

User Guide 153CHAPTER 10 Configuring the MUVPN ClientMobile User VPN lets remote users connect to your Firebox® X Edge’s private network through a sec

Configuring the MUVPN Client154 WatchGuard Firebox X Edgeinclude ZoneAlarm. The use of ZoneAlarm is optional. Other than ZoneAlarm, the two packages

Enabling MUVPN for Edge UsersUser Guide 155Wireless Network” on page 176 for information about how to make the wireless computers use MUVPN on the Edg

ProtocolsUser Guide 3Digital Subscriber Line (DSL) Internet connectivity, unlike cable modem-based service, gives the user dedicated bandwidth. Howeve

Configuring the MUVPN Client156 WatchGuard Firebox X EdgePreferredIf the virtual adapter is in use or it is not available, the mobile user does not u

Enabling MUVPN for Edge UsersUser Guide 1578 Set MUVPN key expiration in kilobytes or hours. The default values are 8192 KB and 24 hours.9 Select Mobi

Configuring the MUVPN Client158 WatchGuard Firebox X EdgeConfiguring the Firebox for MUVPN clients using a Pocket PCTo create a MUVPN tunnel between

Preparing Remote Computers for MUVPNUser Guide 159 - At the prompt, save the .wgx file to your computer.Give these two files to the remote userGive th

Configuring the MUVPN Client160 WatchGuard Firebox X Edge• No other IPSec VPN client software can be on the computer. Remove any other software from

Preparing Remote Computers for MUVPNUser Guide 1613 Click the Services tab and click Add.4 Select Remote Access Services and click OK.5 Type the path

Configuring the MUVPN Client162 WatchGuard Firebox X Edge7 Click the WINS Address tab, type the IP address of your WINS server in the applicable fiel

Preparing Remote Computers for MUVPNUser Guide 1634 Make sure these components are installed and enabled: - Internet Protocol (TCP/IP) - File and Prin

Configuring the MUVPN Client164 WatchGuard Firebox X EdgeFrom the connection window Networking tab:1 Select the Internet Protocol (TCP/IP) component

Preparing Remote Computers for MUVPNUser Guide 1653 Double-click the connection you use to get Internet access.The connection window appears.4 Click P

Introduction to Network Security4 WatchGuard Firebox X EdgeHow Information Travels on the InternetThe data that you send through the Internet is cut

Configuring the MUVPN Client166 WatchGuard Firebox X EdgeConfiguring the WINS and DNS settingsThe remote computer must be able to connect to the WINS

Installing and Configuring the MUVPN ClientUser Guide 167Installing and Configuring the MUVPN Client NOTETo install and configure the MUVPN client, y

Configuring the MUVPN Client168 WatchGuard Firebox X Edge12 The InstallShield wizard looks for a user profile. Use the Browse button to find and sele

Connecting and Disconnecting the MUVPN ClientUser Guide 1699 Click Yes to delete the security policy.The InstallShield Wizard window appears.10 Select

Configuring the MUVPN Client170 WatchGuard Firebox X EdgeThe MUVPN Security Policy is not active. This icon can appear if the Windows operating syste

Connecting and Disconnecting the MUVPN ClientUser Guide 171The MUVPN client started one or more secure MUVPN tunnels. The green bar on the right of th

Configuring the MUVPN Client172 WatchGuard Firebox X Edge3 Right-click the ZoneAlarm icon shown at right.4 Select Shutdown ZoneAlarm.The ZoneAlarm wi

The ZoneAlarm Personal FirewallUser Guide 173tion. The monitor records the information that appears in this win-dow during the phase 1 IKE negotiation

Configuring the MUVPN Client174 WatchGuard Firebox X EdgeAllowing traffic through ZoneAlarmWhen a software application tries to get access through th

The ZoneAlarm Personal FirewallUser Guide 175Here is a list of some programs that must go through the ZoneAlarm personal firewall when you use their a

IP AddressesUser Guide 5IP AddressesTo send mail to a person, you must first know the person’s street address. When a computer connects to the Interne

Configuring the MUVPN Client176 WatchGuard Firebox X Edge NOTEThe Remove Shared Component window can appear. During the initial installation of Zone

Tips for Configuring the Pocket PCUser Guide 177The wireless MUVPN client cannot connect to the Internet, the computers on the optional network, or an

Configuring the MUVPN Client178 WatchGuard Firebox X EdgeHere are some configuration tips for the Pocket PC.Phase 1 configuration of the Pocket PC’s

Troubleshooting TipsUser Guide 179• The remote user’s virtual IP address is configured in the Firebox User account settings, on the MUVPN tab. The vir

Configuring the MUVPN Client180 WatchGuard Firebox X Edge4 Select Shutdown ZoneAlarm.The ZoneAlarm dialog box appears.5 Click Yes.I must enter my net

Troubleshooting TipsUser Guide 181How do I map a network drive?Because of a Windows operating system limitation, mapped network drives must be mapped

Configuring the MUVPN Client182 WatchGuard Firebox X Edge

User Guide 183CHAPTER 11 Managing the Firebox and User AccountsThe Firebox® X Edge includes tools you can use to manage your net-work and your users.

Managing the Firebox and User Accounts184 WatchGuard Firebox X Edge NOTEOnly sessions from computers on the Edge’s trusted or optional network to co

Seeing Current Sessions and UsersUser Guide 185• The time between the last packet and the session expiration is known as the idle time. If you set the

ii WatchGuard Firebox X EdgeNotice to UsersInformation in this guide is subject to change without notice. Companies, names, and data used in examples

Introduction to Network Security6 WatchGuard Firebox X EdgeAbout PPPoESome ISPs assign their IP addresses through Point-to-Point Protocol over Ethern

Managing the Firebox and User Accounts186 WatchGuard Firebox X Edge• Admin Level -- You can set the user permissions to Full, None, or Read-only. For

About User AuthenticationUser Guide 187About User AuthenticationThe Firebox® X Edge uses advanced authentication options to increase network security.

Managing the Firebox and User Accounts188 WatchGuard Firebox X EdgeThis includes dialog boxes used by wizards, and the dialog box used to log in to t

About User AuthenticationUser Guide 189• Require User Authentication – You must select this check box to use the authentication options.• External Net

Managing the Firebox and User Accounts190 WatchGuard Firebox X EdgeConfiguring MUVPN client settingsThe MUVPN client settings apply to all MUVPN conn

Adding or Editing a User AccountUser Guide 191time limits on this access. You can also apply a WebBlocker profile to the user account and configure th

Managing the Firebox and User Accounts192 WatchGuard Firebox X Edge7 In the Password field, type a password with a minimum of eight characters.Mix ei

Adding or Editing a User AccountUser Guide 193Creating a read-only administrative accountYou can create a local user account with access to view Fireb

Managing the Firebox and User Accounts194 WatchGuard Firebox X EdgeMake sure you keep the administrator name and password in a safe location. You mus

Adding or Editing a User AccountUser Guide 1953 Find the session in Active Sessions list. Click the Close button. To end all sessions, click the Close

PortsUser Guide 7Some services are necessary, but each service you add to your secu-rity policy can also add a security risk. To send and receive data

Managing the Firebox and User Accounts196 WatchGuard Firebox X EdgeAbout Seat LicensesThe Firebox® X Edge is enabled with a specified number, or “poo

Selecting HTTP or HTTPS for ManagementUser Guide 197puter tries to connect to the external network without authenticating, the Edge does not allow the

Managing the Firebox and User Accounts198 WatchGuard Firebox X EdgeIf you select this check box, you must use http:// in the browser's address b

Updating the FirmwareUser Guide 1992 From the navigation bar, select Administration > VPN Manager Access.The VPN Manager Access page appears.3 Sele

Managing the Firebox and User Accounts200 WatchGuard Firebox X Edgeupdate on the Firebox X Edge automatically when you start it on a Windows computer

Activating Upgrade OptionsUser Guide 201You must first download the Software Update file, which is a small Zip file.1 Extract the “wgrd” file from the

Managing the Firebox and User Accounts202 WatchGuard Firebox X Edge2 Type your LiveSecurity Service user name and password in the fields provided.3 C

Enabling the Model Upgrade OptionUser Guide 203Upgrade optionsUser licensesA seat license upgrade allows more connections between the trusted network

Managing the Firebox and User Accounts204 WatchGuard Firebox X EdgeConfiguring Additional OptionsSome Firebox® X Edge options are included with your

Viewing the Configuration FileUser Guide 205

Introduction to Network Security8 WatchGuard Firebox X EdgeFirewallsA firewall divides your internal network from the Internet to decrease risk from

Managing the Firebox and User Accounts206 WatchGuard Firebox X Edge

User Guide 207APPENDIX A Firebox X Edge HardwareThe WatchGuard® Firebox® X Edge is a firewall for small organizations and branch offices. The WatchGua

208 WatchGuard Firebox X Edge• LiveSecurity® Service activation card• Hardware Warranty Card• AC adapter (12 V)• Power cable clip, to attach to the c

Hardware DescriptionUser Guide 209Hardware DescriptionThe Firebox® X Edge has a simple hardware architecture. All indicator lights appear on the front

210 WatchGuard Firebox X EdgeF/OShows a WAN failover. The indicator light is green when there is a WAN failover from WAN1 to WAN2. The indicator ligh

Hardware DescriptionUser Guide 211Rear viewSerial port (DB9)Use the serial port to connect an external modem to the Edge.Ethernet interfaces 0 through

212 WatchGuard Firebox X EdgeAbout IEEE 802.11g/b WirelessIn general, RF power and signal bandwidth create a maximum limit on the rate that data can

About IEEE 802.11g/b WirelessUser Guide 213Signal strength (Watts)The signal strength is set by these factors:• Power of the RF signal that is sent an

214 WatchGuard Firebox X EdgeThe signal attenuation caused by multi-path reflections is the result of how you adjust the antenna. When the receiver i

About IEEE 802.11g/b WirelessUser Guide 215cent. When a different modulation scheme is selected, the data rate changes.

Firebox® X Edge and Your NetworkUser Guide 9 Firewalls can be in the form of hardware or software. They can prevent unauthorized Internet users from a

216 WatchGuard Firebox X Edge

User Guide 217APPENDIX B Legal NotificationsCopyright, Trademark, and Patent InformationCopyright© 1998 - 2005 WatchGuard Technologies, Inc. All right

218 WatchGuard Firebox X Edge 3. All advertising materials mentioning features or use of this software must display the following acknowledgment: &qu

Copyright, Trademark, and Patent InformationUser Guide 2194. If you include any Windows specific code (or a derivative thereof) from the apps director

220 WatchGuard Firebox X EdgeCertifications and NoticesFCC CertificationThis appliance has been tested and found to comply with limits for a Class A

Certifications and NoticesUser Guide 221CANADA RSS-210The term “IC:” before the radio certification number only signifies that Industry of Canada tech

222 WatchGuard Firebox X EdgeTaiwanese Notices

Declaration of ConformityUser Guide 223Declaration of Conformity

224 WatchGuard Firebox X EdgeLimited Hardware WarrantyThis Limited Hardware Warranty (the "Warranty") applies to the enclosed Firebox hardw

Limited Hardware WarrantyUser Guide 225THE USE OF OR INABILITY TO USE THE PRODUCT, EVEN IF WATCHGUARD HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMA

Introduction to Network Security10 WatchGuard Firebox X Edgework. The Edge connects to a cable modem, DSL modem, or ISDN router. The Web-based user i

226 WatchGuard Firebox X Edge

User Guide 227Symbols.wgx filesdescribed 154distributing 158viewing available 33AAdd Gateway page 143Add Route page 64Administration pagedescribed 34s

228 WatchGuard Firebox X EdgeCIDR notation 64, 94, 100, 147Classless Inter Domain Routing 64, 94, 100, 147Client for Microsoft Networks, installing 1

User Guide 229DVCP Server, getting information on 136DVCP, described 131, 135Dynamic DNS client page 67dynamic DNS service, registering with 66–67Dyna

230 WatchGuard Firebox X Edgeadministrator account 193and SOCKS 106authenticating to 187back panel 211cabling 19configuring as DHCP server 54describe

User Guide 231Iincoming service, creating custom 91, 92, 97indicator lights 209installationdetermining TCP/IP settings 13disabling TCP/IP proxy settin

232 WatchGuard Firebox X Edgeviewing status of 36Logging page 11 2described 36subpages of 36–37MManaged VPN page 133, 137, 139Managed VPNsand VPN Man

User Guide 233WINS and DNS servers 160Nnavigation bar 29netmask 14Network Address Translation (NAT), and the Edge 14, 145network addressing, described

234 WatchGuard Firebox X EdgePpackage contents 11packets, described 4pagesAdd Gateway 143Add Route 64Administration 34Allowed Sites 125Blocked Sites

User Guide 235passphrases, described 191, 195path-loss 213Perfect Forward Secrecy 147Phase 1 settings 143, 144Phase 2 settings 147Pocket PCscreating M

User Guide 11CHAPTER 2 Installing the Firebox X EdgeTo install the WatchGuard® Firebox® X Edge in your network, you must complete these steps:• Ident

236 WatchGuard Firebox X Edgeresetting to factory default 41Restrict Access by Hardware Address check box 84routesconfiguring static 63viewing 31Rout

User Guide 237and VPNs 149described 13obtaining 150static routesmaking 63removing 64subnet mask 14SurfControl 117Syslog host, logging to 113Syslog Log

238 WatchGuard Firebox X EdgeUUDP (User Datagram Protocol) 3Uniform Resource Locator (URL) 6updating firmware 199updating software 39upgrade options,

User Guide 239Keep Alive feature 148special considerations for 130troubleshooting connections 150viewing statistics 149what you need to create 130Wwal

240 WatchGuard Firebox X EdgeWindows XPinstalling File and Printer Sharing for Microsoft Networks on 165installing Internet Protocol (TCP/IP) Network

Installing the Firebox X Edge12 WatchGuard Firebox X Edge• A power cable clipUse this clip to attach the cable to the side of the Edge. It decreases

Identifying Your Network SettingsUser Guide 13• An Internet connection.The external network connection can be a cable or DSL modem with a 10/100BaseT

Installing the Firebox X Edge14 WatchGuard Firebox X Edge•DHCP: A dynamic IP address is an IP address that an ISP lets you use (lease). With DHCP, y

Identifying Your Network SettingsUser Guide 15Your TCP/IP Properties TableTCP/IP Property ValueIP Address . . .Subnet Mask .

End-User License AgreementUser Guide iiiAGREEMENT. Nothing in this AGREEMENT constitutes a waiver of our rights under U.S. copyright law or any other

Installing the Firebox X Edge16 WatchGuard Firebox X EdgeTo find your TCP/IP properties, use the instructions for your com-puter operating system.Mic

Disabling the HTTP Proxy SettingUser Guide 17Macintosh OS 101 Click the Apple menu > System Preferences > Network > TCP/IP.2 Record the valu

Installing the Firebox X Edge18 WatchGuard Firebox X EdgeDisable the HTTP proxy in Netscape or Mozilla1 Open the browser software.2 Click Edit > P

Connecting the Firebox X EdgeUser Guide 19Connecting the Firebox X EdgeUse this procedure to connect your Firebox® X Edge Ethernet and power cables:1

Installing the Firebox X Edge20 WatchGuard Firebox X Edge6 Find the AC adapter supplied with your Edge. Connect the AC adapter to the Edge and to a p

Connecting the Firebox X EdgeUser Guide 21For more information, see the FAQ:www.watchguard.com/support/AdvancedFaqs/edge_seatlicense.aspLicense upgrad

Installing the Firebox X Edge22 WatchGuard Firebox X EdgeSetting Your Computer to Connect to the Edge Before you can use the Quick Setup Wizard, conf

Setting Your Computer to Connect to the EdgeUser Guide 23If your computer has a static IP address This procedure configures a computer with the Window

Installing the Firebox X Edge24 WatchGuard Firebox X EdgeRunning the Quick Setup WizardAfter you start your computer and type https://192.168.111.1 i

Registering and Activating LiveSecurity ServiceUser Guide 25The Quick Setup Wizard is completeThe Quick Setup Wizard supplies a link to the WatchGuard

iv WatchGuard Firebox X EdgeOTHERWISE, WITH RESPECT TO ANY NONCONFORMANCE OR DEFECT IN THE SOFTWARE PRODUCT (INCLUDING, BUT NOT LIMITED TO, ANY IMPLI

Installing the Firebox X Edge26 WatchGuard Firebox X EdgeYou must have a subscription to the LiveSecurity service before you can get license keys for

User Guide 27CHAPTER 3 Configuration and Management BasicsWhen you configure a WatchGuard® Firebox® X Edge, you create fire-wall rules to apply the se

Configuration and Management Basics28 WatchGuard Firebox X EdgeNavigating the Configuration PagesYou use the configuration pages for all procedures t

Navigating the Configuration PagesUser Guide 29For example, if you use Internet Explorer to configure your Firebox:1 Start Internet Explorer.2 Click F

Configuration and Management Basics30 WatchGuard Firebox X EdgeConfiguration OverviewYou use the Firebox® X Edge system configuration pages to set up

Configuration OverviewUser Guide 31Network PageThe Network page shows the configuration of each network inter-face. It also shows any configured route

Configuration and Management Basics32 WatchGuard Firebox X Edge• Optional: Use this page to configure the Edge optional network interface. Select the

Configuration OverviewUser Guide 33Firebox Users PageThe Firebox Users page shows statistics on the active sessions and local user accounts. It also h

Configuration and Management Basics34 WatchGuard Firebox X EdgeThe Firebox Users page contains these links to other configuration pages:• Settings: U

Configuration OverviewUser Guide 35• View Configuration: Shows the Edge configuration file in a text format.Firewall PageThe Firewall page shows the i

Abbreviations Used in this GuideUser Guide vFirmware Version: 7.2 Part Number: 1776-0000 Guide Version: 7.2Abbreviations Used in this Guide3DES Triple

Configuration and Management Basics36 WatchGuard Firebox X Edge• Outgoing: Make one or more security services for outgoing traffic to the external ne

Configuration OverviewUser Guide 37• WSEP Log: Configure the WatchGuard Log Server to accept the log messages from your Edge.• Syslog Log: Configure t

Configuration and Management Basics38 WatchGuard Firebox X Edge• Allowed Sites: Make a list of Web sites that you can browse to when WebBlocker prope

Updating Firebox X Edge SoftwareUser Guide 39Wizards PageThe Wizards page shows the wizards you can use to help you set up Firebox X Edge features:• S

Configuration and Management Basics40 WatchGuard Firebox X Edgedownload completes, use the procedure below to update your Fire-box software:1 To conn

Factory Default SettingsUser Guide 41give static addresses to computers in the trusted network with IP addresses in the 192.168.111.2–192.168.111.254

Configuration and Management Basics42 WatchGuard Firebox X EdgeFollow these steps to set the Firebox to the factory default settings:1 Disconnect the

Restarting the FireboxUser Guide 432 Click Reboot.Disconnecting the power supplyDisconnect the Firebox power supply. After a minimum of 10 sec-onds, c

Configuration and Management Basics44 WatchGuard Firebox X Edge

User Guide 45CHAPTER 4 Changing Your Network SettingsA primary component of WatchGuard® Firebox® X Edge setup is the configuration of the network inte

vi WatchGuard Firebox X EdgeADDRESS:505 Fifth Avenue SouthSuite 500Seattle, WA 98104SUPPORT: www.watchguard.com/[email protected]. and

Changing Your Network Settings46 WatchGuard Firebox X Edge4 Follow the instructions on the screens. The Network Setup Wizard has these steps:WelcomeT

Configuring the External NetworkUser Guide 47Firebox receives an external IP address each time it connects to the ISP network. It can be the same IP a

Changing Your Network Settings48 WatchGuard Firebox X EdgeIf your ISP uses static IP addressesIf your ISP uses static IP addresses, you must enter th

Configuring the External NetworkUser Guide 492 From the Configuration Mode drop-down list, select Manual Configuration.3 Type the IP address, subnet m

Changing Your Network Settings50 WatchGuard Firebox X Edge2 From the Configuration Mode drop-down list, select PPPoE Client.3 Type the name and pass

Configuring the External NetworkUser Guide 515 Select the Link Speed to set automatically, or select to assign the link speed statically at 10 Mbps Ha

Changing Your Network Settings52 WatchGuard Firebox X EdgeUse LCP echo request to detect lost PPPoE linkWhen you enable this check box, the Edge send

Configuring the Trusted NetworkUser Guide 53Configuring the Trusted NetworkYou must configure your trusted network manually if you do not use the Netw

Changing Your Network Settings54 WatchGuard Firebox X EdgeThen, you must use https://10.0.0.1 in your browser address bar to connect to the Edge’s Sy

Configuring the Trusted NetworkUser Guide 55the computer an IP address. A factory default Firebox has the DHCP Server option for the trusted interface

User Guide viiContentsCHAPTER 1 Introduction to Network Security ...1Network Security ...

Changing Your Network Settings56 WatchGuard Firebox X Edge2 Click the DHCP Reservations button.The DHCP Address Reservations page appears.3 Type a st

Configuring the Trusted NetworkUser Guide 57To configure the Firebox as a DHCP Relay Agent for the trusted interface:1 Use your browser to connect to

Changing Your Network Settings58 WatchGuard Firebox X EdgeEthernet hubs or switches with RJ-45 connectors to connect more than seven computers. It is

Configuring the Optional NetworkUser Guide 59Enabling the optional network1 To connect to the System Status page, type https:// in the browser address

Changing Your Network Settings60 WatchGuard Firebox X Edge2 From the navigation bar, select Network > Optional.The Optional Network Configuration

Configuring the Optional NetworkUser Guide 612 Click the DHCP Reservations button.The DHCP Address Reservations page appears.3 Type a static IP addres

Changing Your Network Settings62 WatchGuard Firebox X EdgeTo configure the Firebox as a DHCP Relay Agent for the optional interface:1 Use your browse

Making Static RoutesUser Guide 63than one computer to the optional interface, use a 10/100 BaseT Ethernet hub or switch with RJ-45 connectors. It is n

Changing Your Network Settings64 WatchGuard Firebox X Edge3 Click Add.The Add Route page appears.4 From the Type drop-down list, select Host or Netwo

Viewing Network StatisticsUser Guide 65Viewing Network StatisticsThe Firebox® X Edge Network Statistics page shows information about performance. Netw

viii WatchGuard Firebox X EdgeStatic addresses, DHCP, and PPPoE ...13Finding your TCP/IP properties ...

Changing Your Network Settings66 WatchGuard Firebox X EdgeRegistering with the Dynamic DNS ServiceYou can register the external IP address of the Fir

Registering with the Dynamic DNS ServiceUser Guide 672 From the navigation bar, select Network > Dynamic DNS.The Dynamic DNS client page appears.3

Changing Your Network Settings68 WatchGuard Firebox X EdgeNOTE NOTEThe Firebox gets the IP address of members.dyndns.org when it connects to a ti

Enabling the WAN Failover OptionUser Guide 69• If the WAN1 interface and the WAN2 interface stop, the Firebox tries the two interfaces until it makes

Changing Your Network Settings70 WatchGuard Firebox X EdgeIdentify the computers to connectType the IP addresses of computers to which the Edge can c

Enabling the WAN Failover OptionUser Guide 716 Type the maximum number of pings before time-out in the related field. If you are using a broadband con

Changing Your Network Settings72 WatchGuard Firebox X EdgeIf you selected PPPoESee “If your ISP uses PPPoE” on page 49 for information on PPPoE setti

Enabling the WAN Failover OptionUser Guide 737 To enable modem and PPP debug trace, select the related check box. DNS settingsIf your dialup ISP does

Changing Your Network Settings74 WatchGuard Firebox X EdgeDialup settings1 In the Dial up time-out field, type the number of seconds before time-out

User Guide 75CHAPTER 5 Firebox X Edge Wireless SetupThe Firebox® X Edge Wireless protects the computers that are con-nected to your network and it pr

User Guide ixSetting trusted network DHCP address reservations ...55Configuring the trusted network for DHCP relay ...56

Firebox X Edge Wireless Setup76 WatchGuard Firebox X Edge• Configure the Wireless Access Point (WAP)• Configure the wireless card on your computerHow

Using the Wireless Network WizardUser Guide 772 Double-click Wireless Network Connection.The Wireless Network Connection dialog box appears.3 Click th

Firebox X Edge Wireless Setup78 WatchGuard Firebox X EdgeArea Network (WLAN) a level of security and privacy that compares well to a wired Local Area

Setting up the Wireless Access PointUser Guide 79Setting up the Wireless Access PointTo make sure that your network is secure, WatchGuard disables the

Firebox X Edge Wireless Setup80 WatchGuard Firebox X EdgeNOTE NOTEWhen you complete the wireless configuration, restart your Firebox X Edge Wirel

Setting up the Wireless Access PointUser Guide 81requirements of wireless clients. The firewall properties control the traffic between these two netwo

Firebox X Edge Wireless Setup82 WatchGuard Firebox X Edgethe default authentication method for some versions of Microsoft windows, it is not recommen

Setting up the Wireless Access PointUser Guide 832 If you typed more than one key, click the key to use as the default key from the Key Index drop-dow

Firebox X Edge Wireless Setup84 WatchGuard Firebox X EdgeConfiguring advanced settingsYou can configure how the Firebox X Edge Wireless transmits dat

Setting up the Wireless Access PointUser Guide 85802.11g onlyThis is the default mode, which allows you to deny access to 802.11b clients so that you