Manuel d'utilisation / d'entretien du produit SOHO 6 du fabricant WatchGuard Technologies
Aller à la page of 140
W atchGuar d ® Fir ebox ® SOHO 6 User Guide SOHO 6.1.
ii W atchGuard Firebox SOHO 6.1 Using this Guide T o use this guide you n eed to be familiar with your computer’s operating system. If you have ques tions about navigating in your computer’s environment, please r e fer to your system user manual. The following conventions are used in this guide.
User Guide iii Certifications and Notices FCC Certification This appliance has been tested and found to comply with limits for a Class A digital appliance, pursuant to P art 15 of the FCC Rules. Operation is subject to the following two conditions: • This appliance may not cause harmful interference.
iv W atchGuard Firebox SOHO 6.1 VCCI Notice Class A ITE.
User Guide v Declaration of Conformity.
vi W atchGuard Firebox SOHO 6.1 WA TCHGUARD SOHO SOF TWARE END-USER LICENSE AGREEMENT WA TCHGUARD SOHO SOFTWARE END-USER LICENSE AGREEMENT IMPOR TANT - READ CAREF ULL Y BEFORE ACCES SING WA TCHGUARD S.
User Guide vii archiva l purposes only . 3. Prohibited Use s. Y ou may not, w ithout express writ ten permiss ion from WA TCHG UARD: (A) R everse engineer , disassemble or de compile t he SOF TWARE PR.
viii W atchGuard Fir ebox SOHO 6.1 Limitation of Liability . WA TCHGUARD'S LIABIL ITY (WHETH ER IN CONTRACT , TO R T , OR OTHERW ISE; AND NOTWITHSTANDING ANY F AUL T , NEGLIGENCE, STRICT LIABILITY OR PRODUCT LIAB ILITY) WITH REGARD TO THE SOFTWARE PRODUCT WILL IN NO EVENT EX CEED THE PURCHASE PRICE P AID BY Y OU FOR SUCH PRODUCT .
User Guide ix No change or m odification of this EUL A will be valid unless i t is in writing, and is signed by WA TCHGUARD. Notice to Users Informati on in this guide i s subject to change wi thout notice. Companies, names, and data used in examples herein are fictitious unless o ther wise no te d.
x W atchG uard Firebox SOHO 6.1 5. Products derived f rom this sof tware may not be called "OpenSSL" nor may "OpenSSL" appear i n their names without prior written permissi on of the OpenSS L Projec t.
User Guide xi The mod_ssl packag e falls under the Open-Source Sof tware l abel because it's distributed u nder a BSD -style license. The de tailed licens e infor mation follow s. Copyright (c) 1998-2001 R alf S. Engelschall. All ri ghts reserved.
xii W atchGuard Fir ebox SOHO 6.1 5. Products derived from thi s sof tware may not be called "A pache", n or may "Apache" app ear in their name, without prior wri tten permiss ion of the Apache Sof tware Foundation.
User Guide xiii Contents CHAPTER 1 Introduction ................. ............ ........... .......... 1 The Package Contents . ................. ................ ............ 2 How Does a Firewall W o rk? ..... ............ ........... .......... 3 How Does Information T ravel on the Inter net? .
xiv W atchGuard Fir ebox SOHO 6.1 Disable the HTTP proxy setting of your W eb browser ............... ................ ................. ............ 14 Enable your computer for DHCP ................. ............ 16 Physically connect the SOHO 6 . ..
User Guide xv Configur e the Dynamic DNS Se rvice ............ .......... 43 Configur e OPT Port Upgrades ... ................. ............ 44 Configure Dual ISP Port ............... ................ .......... 44 Configure VPNfor ce™ Port ........
xvi W atchGuard Fir ebox SOHO 6.1 CHAPTER 7 Configure Logging ............................ ........ 75 View SOHO 6 Log Messa ges .................................. 76 Set up Logging to a W atc hGuard Security Event Pr ocessor Log Host .. .............
User Guide xvii WebBlocker Categories ........... ................ ............. 103 CHAPTER 10 Support Resources .............. ............ ........ 107 T roubleshooting Tips ............. ........... ............ ........ 107 General ..............
xviii W atchGuard Firebox SOHO 6.1.
User Guide 1 CHAPTER 1 Intr oduction We l c o m e Congratulations on purchasing th e ideal solution for pr oviding secure access to the Internet–the W atchGuard ® Firebox ® SOHO 6 or SOHO 6tc security appliance.
Chapter 1: Int roduction 2 W atchG uard Firebox SOHO 6.1 This User Guide is for both the SOHO 6 and the SOHO 6tc–the name SOHO 6 re fers to both these appliances thr oughout this guide. The only differ ence between the m is the ability to create and use a Vi rtual Private Network (VPN).
User Guide 3 How Does a Firewall W ork? How Does a Fir ewall W ork? Fun damentally , a fir ewall is a way of dist inguishing betwe en, as well as protecting, “us” and “them”. On the external side of your SOHO 6 firewall is the entire Internet.
Chapter 1: Int roduction 4 W atchG uard Firebox SOHO 6.1 and the trusted network (you r computer) and blocks any suspicious activ ity. How Does Information T r avel on the Inter net? All information transported over the Internet is packaged in a special man ner to ensu re that it travels from one compu ter to the next.
User Guide 5 How Does the SOHO 6 Process Information? Port numbers The port numbers are used by co mputers at both the sending and receiving end to determine the pa rticular program or application for each connection.
Chapter 1: Int roduction 6 W atchG uard Firebox SOHO 6.1 the exter nal addres s of the SOHO 6. W hen a hacker tries to violate the computer , they are stopped at the SOHO 6, never learning the true address of y our computer .
User Guide 7 The SOHO 6 Har dware Des cription Status When illuminated, this light indicates that a management connection has been made. Link The link indicator illuminates when there is a good physical connection to any of the number ed (0-3) interfaces of the trusted network.
Chapter 1: Int roduction 8 W atchG uard Firebox SOHO 6.1 The SOHO 6 has six Eth ernet ports, a reset button, and a power input located on the rear of the appliance. The following photograph shows the entir e rear view . OPT port This Ethernet port corresponds to the Optional interface.
User Guide 9 The SOHO 6 Har dware Des cription N OTE The OPT port is only avail able if you purchase the Dual ISP P ort or VPNforce P ort upgrades. Y ou can not use the OPT port as another Ether net port on the T r usted network. RESET button Using the reset button, you can r eturn to the SOHO 6 to the factory defaults.
Chapter 1: Int roduction 10 W atchGuard Firebox SOHO 6.1.
User Guide 11 CHAPTER 2 Installation This chapter explains how to install the SOHO 6 into your network. Y ou must complete the followin g steps: • Review and recor d your current TCP/IP settings •.
Chapter 2: Ins tallation 12 W atchGuard Firebox SOHO 6.1 Before Y ou Begin Before installing your new SOHO 6, be certain that you have the following items:. • A 10/100BaseT Ethe rnet I/O network card installed in your computer . • A cable or DSL modem with a 10/100BaseT port or an ISDN router .
User Guide 13 Before Y ou Begin 2 At the default prompt, type ipconfig/all , then press Enter . 3 Enter the TCP/IP settings in the chart provided be low . 4 Click Cancel . Microsoft Windows NT 1 Click Start => Progr ams => Comman d Prompt . 2 At the default prompt, type ipconfig/all , then press Enter .
Chapter 2: Ins tallation 14 W atchGuard Firebox SOHO 6.1 3 Exit the TCP/IP configur ation screen . N OTE If you are connecting more than one computer to the tr usted network behind the SOHO 6, determ ine the TCP/IP settings for each com puter .
User Guide 15 Before Y ou Begin T o disable the HTTP pr oxy in three common ly used browsers , see the instructions below . If your browser is not listed, see your browser Help menus to learn how to disable the HTTP pr oxy settings. Netscape 4.7 1 Open Netscape.
Chapter 2: Ins tallation 16 W atchGuard Firebox SOHO 6.1 Internet Explorer 5.0, 5.5, and 6.0 1 Open Inter net Explorer . 2 Click To o l s => Internet Options . The Internet Option s window appears. 3 Click the Advanced tab. 4 Scroll down the page to HTTP 1 .
User Guide 17 Before Y ou Begin 4 Click Properties . The network connection Properties dialog box ap pears. 5 Double click the Inter net Protocol (T CP/IP) component.
Chapter 2: Ins tallation 18 W atchGuard Firebox SOHO 6.1 6 Select Obtain an IP address automatically . Select Obtain DNS server address automatically . 7 Click OK to close the Internet Prot ocol (TCP/IP) Properties dialog box. Click OK again to close the network connection Properties dialog box.
User Guide 19 Physically connect the SOHO 6 Cabling the SOHO 6 for on e to four appliances Each of the T rusted Network port s (numbered 0-3) is able to connect to a variety of appliances. These include computers, printers, scanners, or other netw ork peripherals.
Chapter 2: Ins tallation 20 W atchGuard Firebox SOHO 6.1 numbered, Ethernet ports (labeled 0-3) on the SOHO 6. Connect the other end into t he Ethernet port of your computer . The SOHO 6 is now connected to the Inter net and your computer . 4 If you connect to the Internet using a DSL/cable modem, restore the power to this device .
User Guide 21 Physically connect the SOHO 6 The SOHO 6 ships with a “10-seat” license. In other wor ds, the SOHO 6 allows up to ten computers on a network behind the SOHO 6 to access the Internet.
Chapter 2: Ins tallation 22 W atchGuard Firebox SOHO 6.1 2 Disconnect the Ether net cable th at runs fr om your DSL/cable modem or other Internet connec tion to your computer and connect it to the W AN port on the SOHO 6. The SOHO 6 is now connected directly to the modem or other Inter net connection.
User Guide 23 CHAPTER 3 SOHO 6 Basics Once you have physically instal led the SOHO 6, you can connect to it using your W eb browser . The SOHO 6 includes a W eb serv er that provid es a configurat ion, W eb page interface.
Chapter 3: SOHO 6 Basics 24 W atchGuard Firebox SOHO 6.1 The System St atus page appears. The System Status page is effectively t he home page of the SOHO 6. A varie ty of information is revealed in an effort to provide a compr ehensive displa y of the SOHO 6 configur ation.
User Guide 25 Default Factory Settings -P a s s T h r o u g h • Upgrade options and their status • Configuration information for both the T rusted and External networks N OTE When the External net.
Chapter 3: SOHO 6 Basics 26 W atchGuard Firebox SOHO 6.1 F irewall Settings All incoming ser vices are blocked. An outgoing service allowing all outbound traffic.
User Guide 27 Register your SOHO 6 and Act ivate the LiveSecurity Service Finally , the PWR indicator light sh ould remain illuminated. Y our SOHO 6 is now reset to factory defaults. The base model SOHO 6 The base model SOHO 6 comes with a ten-seat licens e; that is, ten computers have access to the I nternet through the SOHO 6.
Chapter 3: SOHO 6 Basics 28 W atchGuard Firebox SOHO 6.1 N OTE Yo u must have JavaScript enabled on your browser to be a ble to activate LiveSecurity Ser vice. If you are a re turning customer , log in with your user name and password then choose your product and cont inue by following the instructions on screen.
User Guide 29 Reboot the SOHO 6 the default IP addr ess, go to: http: //192.168.111 .1 . Click Reboot . • Unplug the SOHO 6 and reconnect it to a power sour ce. T o reboot a SOHO 6 located on a r emote system, you must set the SOHO 6 to allow either incomi ng HTTP (W eb) or F TP traffic to the trusted address of the SOHO 6.
Chapter 3: SOHO 6 Basics 30 W atchGuard Firebox SOHO 6.1.
User Guide 31 CHAPTER 4 Configur e the Network Interfaces Configur e Y our Exter nal Network When you configure the external network, you establish how the SOHO 6 communicates with your ISP . This configuration depends upon how your ISP distributes n etwork addre sses–using DHCP or PPP oE.
Chapter 4: Configu re the Network Interfaces 32 W atchGuard Firebox SOHO 6.1 The most common method to distribute IP addresses is dynamically using DHCP (Dynamic Host Configuration Pr otocol). When your computer is connected to the network, a DHCP server at your ISP automatically assigns it a network IP address.
User Guide 33 Configure Y our External Network Configure the SOHO 6 Extern al Network for static addressing If you are assigned a static address, then you must tr ansfer the permanent addres s assignment fr om your computer to the SOHO 6. Instead of communicating directly to your computer , the ISP now communicates thr ough the SOHO 6.
Chapter 4: Configu re the Network Interfaces 34 W atchGuard Firebox SOHO 6.1 4 Enter the TCP/IP settings you r ecorded from your computer during the installation process. Refer to the table in, “Review and recor d your current T CP/IP settings” on page 12.
User Guide 35 Configure Y our External Network 4 From th e Configur ation Mode dr op list, select PPP oE Client . The page refreshes. 5 Enter the PPP oE login name and domain supplied by your ISP . 6 Enter the PPP oE password supplied by your ISP . 7 Enter how long you want the system to wait before it disables an inactive TCP connections.
Chapter 4: Configu re the Network Interfaces 36 W atchGuard Firebox SOHO 6.1 Configur e the T rusted Network By default, the SOHO 6 use s DHCP to assign addresses to computers on your trusted network.
User Guide 37 Configure the T rusted Network The T r usted Network Configu ration page appears. 3 Enter the IP address and the Subnet Mask in the appropriat e fields. 4 Enable the checkbox labeled Enable DHCP Server on the T rusted Network . 5 Enter the first IP address the DHCP server will hand out to computers connect to the T rusted network.
Chapter 4: Configu re the Network Interfaces 38 W atchGuard Firebox SOHO 6.1 2 Enter the IP address of the DHCP relay server . 3 Click Submit and reboot the SOHO 6 as necess ary.
User Guide 39 Configure the T rusted Network Configure the T rus ted Network with static addresses T o disable the SOHO 6 D HCP server and assign addresses statically , follow these steps: 1W i t h y o u r W e b b r o w s e r , g o t o t h e System Status page using the T rusted IP address of the SOHO 6.
Chapter 4: Configu re the Network Interfaces 40 W atchGuard Firebox SOHO 6.1 4 Disabl e the checkbox labeled Enable DHCP Server on the T rusted Network . 5 Click Submit and reboot the SOHO 6 as necess ary. 6 Configure your computers and other devices on the trusted network with static addr esses.
User Guide 41 Configur e Static Routes The R outes page app ears. 3 Click Add . The Add R oute page ap pears. 4 From the T ype drop list, select either Host or Ne twork .
Chapter 4: Configu re the Network Interfaces 42 W atchGuard Firebox SOHO 6.1 5 Enter the IP address and the Gateway of the r oute in the appropriate field. The gateway of the route is the local inter face of the router . 6 Click Submit . T o remove a route, select the appropriate entr y and click Remove .
User Guide 43 Configure the Dynamic DNS Service Configur e the Dynamic DNS Service This feature allows you to register the external, IP address of t he SOHO 6 with a dynamic DNS (Domain Name Server) service (www .
Chapter 4: Configu re the Network Interfaces 44 W atchGuard Firebox SOHO 6.1 N OTE The SOHO 6 receives the IP of member s.dyndns.org when it connects to the time ser ver .
User Guide 45 Configur e OP T Port Upgrade s The SOHO 6 uses tw o methods to determine if the exter nal port connection is down: • The link to the ne arest r outer • A ping to a specified loca tion. The SOHO pings the default gatewa y or other location designated by the admini strator .
Chapter 4: Configu re the Network Interfaces 46 W atchGuard Firebox SOHO 6.1 Once you have upg raded to t he SO HO 6 to activate this features, follow these instructions to configure Dual ISP P ort: 1.
User Guide 47 Configur e OP T Port Upgrade s 9 Enter the number of times the system will ping the Interface before timeout. 10 Click Submit . Configure VPNfor ce™ Port The VPNforce port upgr ade activates the SOHO 6 optional port for use on the truste d side.
Chapter 4: Configu re the Network Interfaces 48 W atchGuard Firebox SOHO 6.1 2 From the navigation bar on the left side, select Network => Optional . The Optional Network Configuration page app ears. 3 T o enable VPNforce, select the Enable Optional Network checkbox.
User Guide 49 Configur e OP T Port Upgrade s 6 T o require encrypted MUVPN connections on th is interface, enable the Require Encrypted MUVP N connections on this interface checkbox.
Chapter 4: Configu re the Network Interfaces 50 W atchGuard Firebox SOHO 6.1.
User Guide 51 CHAPTER 5 Administrative Options The SOH O 6 Administ ration page is wh ere you configure access to the SOHO 6–using System Security , enabling SOHO 6 Remote Management, or providing VPN Manager Access .
Chapter 5: Administrative Options 52 W atchGuard Firebox SOHO 6.1 The System Security Page The System Securit y configuration page allows you to create secure settings to pr otect the configuration of the SOHO 6. Setting a system administr ator name and system passphr ase allows you to protect the SO HO 6 by using a simple authentication method.
User Guide 53 The System Security Page recommends that the passphr ase contain at least one special character , number , and a mixture of upper an d lower case letters for increased security.
Chapter 5: Administrative Options 54 W atchGuard Firebox SOHO 6.1 5 Enter the System Administrator Name. 6 Enter the System P assphrase and confirm it.
User Guide 55 Set up VPN Manager Access 2 From the navigation bar on the left side, select Administration => VPN Manager Access . The VPN Manager Access page appears. 3 Select Enable VPN Manager Access . 4 Enter the status passphrase and confirm it.
Chapter 5: Administrative Options 56 W atchGuard Firebox SOHO 6.1 Update Y our Firmware As new firmware is released, you should update the version running on your SOHO 6. New updates are located on the Wa t c h G u a r d We b s i t e a t : http://support.
User Guide 57 Redeem your SOHO 6 Upgrade Options 4 E nter the locati on of the firmware files located on your computer . 5 If you do not know the location of the firmware files, click Browse to browse y our computer’s directorie s and select them . 6 Click Update .
Chapter 5: Administrative Options 58 W atchGuard Firebox SOHO 6.1 3 Follow the instructions provided on the sit e to redeem your upgrade license k ey. 4 Copy the Feature K ey displayed at the LiveSecurity Ser vice We b s i t e . 5W i t h y o u r W e b b r o w s e r , g o t o t h e System Status page using the T rusted IP address of the SOHO 6.
User Guide 59 Redeem your SOHO 6 Upgrade Options Dual ISP P ort This upgrade to the SOHO 6 activates the Optional port as a fail-over support for the exte rnal i nterface.
Chapter 5: Administrative Options 60 W atchGuard Firebox SOHO 6.1 http://www .watchguar d.com/renew/ F ollow the instructions at the site to activate or pur chase the renewal. View the Configuration File Fr om this configuration page, the SOHO 6 configuration file appears in text format.
User Guide 61 CHAPTER 6 Configur e the Fir ewall Settings Firewall Settings The flow of incom ing and outgoing tr affic is controlled by the configuration setting you mak e. These decisions a re made in accordance with a sound security policy that defines the kinds of risks that are acceptable to you or your firm.
Chapter 6: Configu re the Firewall Settings 62 W atchGuard Firebox SOHO 6.1 Configur e Incoming and Outgoing Services By default, the security stance of the SOHO 6 is to deny incoming packets t o computers on the tr usted ne twork protected by the SOHO 6 firewall.
User Guide 63 Configure Incoming an d Outgoing Services 2 Locate a pre-configured service, such as FTP , W eb, or T elnet, then select eithe r Allow or Deny fr om the drop list. In our example, the HT TP ser vice is set to Al low enabling Web traffic incoming.
Chapter 6: Configu re the Firewall Settings 64 W atchGuard Firebox SOHO 6.1 2 From the navigation bar on the left side, select Firew all => Custom Service . The Custom Ser vice p age appears. 3 Define a name for the service in the appropriate field.
User Guide 65 Block External Sites 5 Enter the por t number (or number s if creating a range of ports) or enter the IP protocol number to allow in the appr opriate fields and click Add . After creating a custom service, you need to specify a filter rule as well as define the incoming and outgoing pr operties.
Chapter 6: Configu re the Firewall Settings 66 W atchGuard Firebox SOHO 6.1 The Blocked Sites page appears. 2 Select either Host IP Address, Network IP Address, or Host Range from the dr op list.
User Guide 67 Firewall Options Firewall Options The SOHO 6 firewall feature includes a few rule settings that are less specific then the ser vice sett ings discussed previously and are used to provide further security for your private network. Thes e options are found on the F irewall Options page.
Chapter 6: Configu re the Firewall Settings 68 W atchGuard Firebox SOHO 6.1 Ping re quests received on the External Network Y ou can configure the SOHO 6 to de ny all ping packets t hat it receives on th e exter nal in terfac e. 1 Select Do not respond to PING requests r eceived on External Network .
User Guide 69 Firewall Options • SOHO 6 supports SOCKS version 5 only. • It is a limited version of SOCKS and does not support authentication. N OTE Configure the particular ap pl ication so that it does not attempt to make DNS look-ups with SOCKS.
Chapter 6: Configu re the Firewall Settings 70 W atchGuard Firebox SOHO 6.1 • F or the SOCKS proxy , enter the URL or IP address of the SOHO 6 trusted network.
User Guide 71 Firewall Options F ollow these steps: 1 Select Log All Allowed Outbound Access . 2 Click Submit . Enable override MAC address for the External Network A SOHO administra tor is able to assign a second MA C address to the SOHO 6 External Network making it easier to register with an ISP that requires a separate MA C for registration.
Chapter 6: Configu re the Firewall Settings 72 W atchGuard Firebox SOHO 6.1 Create an Unr estricted Pass Through The SOHO 6 is able to allow traffic to be passed through to a dedicated machine with a public IP address separ ated from the rest of the T rusted network.
User Guide 73 Creat e an Unr estricted Pa ss Thr ough and T r u sted network computers are not protected from potential threats, do not use the P ass Through fea ture.
Chapter 6: Configu re the Firewall Settings 74 W atchGuard Firebox SOHO 6.1.
User Guide 75 CHAPTER 7 Configur e Logging What is logging? Logging is the act of recording “e vents” that occur at the SOHO 6 interfaces. A n event is any single activity , such as communication with the W atchGuard W ebBlocker database or incoming traffic passing through the SOHO 6.
Chapter 7: Configure Logging 76 W atchGuard Firebox SOHO 6.1 View SOHO 6 Log Messages The W atchGuard SOHO 6 generates an ongoing activity log stored on the SOHO 6: the Event Log. Th is log stor es a maximum of 150 messages. When it reaches this lim it, the oldest message is deleted.
User Guide 77 Set up Logging to a W atchGuard Security Event Processor Log Host T o have your log messages synchr onize with your compute r: • Click Sync Time with Browser now .
Chapter 7: Configure Logging 78 W atchGuard Firebox SOHO 6.1 The WatchGuard Security Event Processor page appears. 3 Select Enable W atchGuard Security Event P rocessor Logging . 4 Enter the IP address of the WSEP server that is your log host in the appropriate field.
User Guide 79 Set up L ogging to a Sy slog Host Set up Logging to a Syslog Host The SOHO 6 also sends log e ntries to a Syslog host. F ollow these steps to se tup a Syslog Host: 1W i t h y o u r W e b b r o w s e r , g o t o t h e System Status page using the T rusted IP address of the SOHO 6.
Chapter 7: Configure Logging 80 W atchGuard Firebox SOHO 6.1 T o a djust your syslog me ssages to your browsers local time: • Select Include local time in syslog message . N OTE Syslog traffic is not encr ypted and use of thi s option creates a potential security risk when the information is sent over the Inter net.
User Guide 81 Set the Syst em Time The System Time page appears. If you have decided to use the W atchGuard Time Server: 3 Select Get Time F rom W atchGuard Time Server . Or , to use a TCP P ort 37 Time Ser ver: 4 Select Get Time Fr om TCP P ort 37 Time Server at .
Chapter 7: Configure Logging 82 W atchGuard Firebox SOHO 6.1.
User Guide 83 CHAPTER 8 VPN—Virtual Private Networking This chapter describes an optional feature of the W atchGuard SOHO 6, Vi rtual Private Networking (VPN) with IPSec.
Chapter 8: VPN —Virtua l Private Networking 84 W atchGuard Firebox SOHO 6.1 What Y ou Need • One W atchGuard SOHO 6 with VPN and an IPSec- compliant appliance. N OTE While you can create a SOHO 6 to SOHO 6 V PN, you can also create a VPN with a WatchGuard Firebox II/III, Firebox Vclass, or other IPSec- compliant appliances.
User Guide 85 What Y ou Need IP Addr ess T able (example): Item Description Assigned By External IP Address The IP address that identifies the SOHO 6 to the Internet. ISP Site A : 207.168 .55.2 Site B: 68.130.44.15 External Subnet Mask The overlay of bits that dete rmines which part of the IP address identifies your netw ork.
Chapter 8: VPN —Virtua l Private Networking 86 W atchGuard Firebox SOHO 6.1 Enable the VPN Upgrade Y ou must first redeem the VPN upgrade license k ey before configuring VPN.
User Guide 87 Frequently Asked Questions Special Considerations Consider the following before configuring your W atchGuard SOHO 6 VPN network: • Y ou can connect up to six SOHO 6 appliances together . T o set up more VPN tunnels, you need at least one W atchGuard Firebox II/III configure d with the W atchGu ard VPN Manager .
Chapter 8: VPN —Virtua l Private Networking 88 W atchGuard Firebox SOHO 6.1 this feature to discour age users from creating W eb servers. These providers usually offer a static IP address option. How do I troubleshoot the connection? If you are able to ping the remote SOHO 6 and computers behin d it, your VPN tunnel is up and running.
User Guide 89 Set Up Multiple SOHO-SOHO VPN T unne ls Set Up Multiple SO HO-SOHO VPN T unnels W ith this rele ase, a SOHO adminis trator has t he ability to manually define up to six VP N tunnels to othe r SOHO 6 devices. VPN Manager’s ability to se t up a larger number of SOHO 6 to SOHO 6 tunnels remains.
Chapter 8: VPN —Virtua l Private Networking 90 W atchGuard Firebox SOHO 6.1 The Add Gateway page app ears. 4E n t e r t h e Name , IPSec Gateway Address , and Shared K ey for SOHO 6 you want to set up a VPN tunnel. The shared key is used by the local and remote SOHO to encr ypt and decr ypt the data going across the tunnel.
User Guide 91 Set Up Multiple SOHO-SOHO VPN T unne ls steps. Make sure that the P hase 1 settings on this device are the same as on the peer device. 6 Select the type of negotiation for P hase 1 . The two Mode Types are Main and Aggr essive. If your external IP address is dynamic, you must use Aggr essive Mode, otherwise you may use either option.
Chapter 8: VPN —Virtua l Private Networking 92 W atchGuard Firebox SOHO 6.1 13 In the Diffie-Hellma n Group dr op list, specify the group. W atchGuard supports 1 & 2. Diffie-Hellman refers to a mathematical technique for securely negotiating secret keys over a public medium.
User Guide 93 Configure Split T unneling Configur e Split T unneling Another new feature in this releas e is split tunneling that allows the administra tor to specify all Inte rnet traffic originating from the T rusted interface of the SOHO 6 to go thro ugh the VPN tunnel.
Chapter 8: VPN —Virtua l Private Networking 94 W atchGuard Firebox SOHO 6.1 terminating at the loca l SOHO 6. The SOHO 6 also allows users on the T rusted networ k to access ne tworks on Branch Office VPN tunnels terminating at the local SOHO 6. If you purchase the VPNforce P ort, you receive on e MUVPN connection to the Optional network as well.
User Guide 95 CHAPTER 9 SOHO 6 W ebBlocker W ebBlocker is an optional feat ure of the SOHO 6 that provides W eb site filtering capa bilities. It give s you precise con trol over the types of W eb si tes users on your trusted network are all owed to view .
Chapter 9: SOHO 6 W ebBlocke r 96 W atchGuard Firebox SOHO 6.1 SOHO 6 queries the W atchGuard database and determines whether or not to block the site.
User Guide 97 Purcha se and Activat e SOHO 6 W ebBlocker W ebBlocker users and groups Groups A group is a collection of individuals or users of the system.
Chapter 9: SOHO 6 W ebBlocke r 98 W atchGuard Firebox SOHO 6.1 Configur e the SOHO 6 W ebBlocker Use the W atchGuard SOHO 6 Configuration pages to activate W ebBlocker , create a full acce ss passwor .
User Guide 99 Configur e the SOHO 6 W ebBlocker 3 Select Enable W ebBlocking . 4 Enter the full access password. The full access password allows a user a to bypasses other wise blocked sites.
Chapter 9: SOHO 6 W ebBlocke r 100 W atchGuard Firebox SOHO 6.1 The WebBlocker Groups page appears. 3 Click New to create a group name and profile..
User Guide 101 Configur e the SOHO 6 W ebBlocker 4 Define a Group Name and select the blocked categories for this group. 5 Click Submit. A new Groups page appear s indicati ng the configuration chang es were accepted and are providing access.
Chapter 9: SOHO 6 W ebBlocke r 102 W atchGuard Firebox SOHO 6.1 6 T o the right of the Users field, click New . The New User page appears. 7 Enter a unique user name and passphrase (remember to confirm the passphr ase). Use the Group drop list to assign the new user to a given group.
User Guide 103 W ebBlocker Categories 8 Click Submit . N OTE Y ou can delete users or groups at any tim e by selecting them a nd clicking Delete . W ebBlocker Categories W ebBlock er relies on a URL databa se, which is a service of SurfControl. The W ebBlocker database contains thousa nds of IP addresses and directories.
Chapter 9: SOHO 6 W ebBlocke r 104 W atchGuard Firebox SOHO 6.1 (using someone’s phone line s without permission), and software piracy. Also includes text advocating gambling relating to lotteries, casino s, betting , numbers games, online sports, or financial betting, including n on-monetary dares.
User Guide 105 W ebBlocker Categories or handicap, gender , or sexual orientation. Any picture or text that elevates one gr oup over another . Also includes intolerant jokes or slurs.
Chapter 9: SOHO 6 W ebBlocke r 106 W atchGuard Firebox SOHO 6.1 Sexual Acts Pictures or text exposing anyone or an ything involved in explicit sexual acts and/or lewd and lascivious behavior .
User Guide 107 CHAPTER 10 Support Resour ces T roubleshooting Tips The following information is offered to help overcome any difficulties that might occur when installing and setting up your SOHO 6. General What do the PWR, Status, and Mode lights signify on the SOHO 6? When the PWR light is lit, the SOHO 6 has power .
Chapter 10: Support Resources 108 W atchGuard Firebox SOHO 6.1 four , numbered, Ethernet ports (labeled 0-3) and reload the configuration. If the Mode light is blinking : The SOHO 6 requires a DHCP a ssigned IP address for the external interface, but did not receive it.
User Guide 109 T roubleshooting Tips N OTE Y ou can also reboot by removing the power source for ten second s, and then restoring power . How do I reset my System Security passwor d, if I forgot or lost it? If you forgot your passwor d, you must reset the SOHO 6 to its factory default.
Chapter 10: Support Resources 110 W atchGuard Firebox SOHO 6.1 a DSL router , set the NA T feature of the DSL router to bridge-only mode. How do I install and configure the SO HO 6 using a Macintosh (.
User Guide 111 T roubleshooting Tips How can I see the MAC address of my SOHO 6? A MA C (Media Access Control) address is a unique number used to identify the actual physical hardware of an Ethernet appliance. 1 With your W eb browser , go to the SOHO 6 Configuration Settings page using the T rusted IP address of the SOHO 6.
Chapter 10: Support Resources 112 W atchGuard Firebox SOHO 6.1 How do I change to a static, trusted IP addr ess? Before you can use a static IP address , you must have a base T rusted IP address and subnet mask. The following IP address ra nges an d subnet masks are set aside for private networks in compliance wi th RFC 1918.
User Guide 113 T roubleshooting Tips T o disable W ebBlocker , deselect Enable W ebBlocker . How do I allow incoming services such as POP3, T elnet, and W eb (HTTP)? 1 With your W eb browser , go to the System Status page using the T rusted IP address of the SOHO 6.
Chapter 10: Support Resources 114 W atchGuard Firebox SOHO 6.1 5 Enter the protocol number to allow in the Protocol field. 6 Click Submit . 7 From the navigation bar on the left side, select Firew all => Incoming . The Firewall Incoming T raffic page ap pears.
User Guide 115 T roubleshooting Tips How do I set up my SOHO 6 for VPN Manager Access? This requires the add-on product, W atchGuard VPN Manager software, whic h is purchased separately and used with the W at chGu ard Fire box S yste m sof tw are. T o purc hase VPN Mana ger , use your W eb browser to go to: https://www .
Chapter 10: Support Resources 116 W atchGuard Firebox SOHO 6.1 Contact T echnical support Online Documentatio n and In-Depth F AQs W atchGuard maintains an extensiv e knowledge base consisting of product documentation in the form of printer friendly .
User Guide 117 Index Numerics 100 indicator 7 A Add R oute page 41 B blocked sites configuring 65 Blocked Sites page 66 browsers, supported 12 button, RESET 8 C cables correct setup 110 included in pa.
Index 118 W atchGuard Firebox SOHO 6.1 H hardware description 6 HT TP proxy settings, disabling 14 I incoming ser vice, creating custom 63 indicators 100 7 link 7 Mode 7 WAN 7 installation cabling 19 .
User Guide 119 Blocked Sites 66 Custom Ser vice 64, 113 Dynamic DNS client 43 Filter T raffic 62 Firewall Incoming T raffic 114 Firewall Options 67 Groups 101 Logging 76 Network Statistics 42 New User.
Index 120 W atchGuard Firebox SOHO 6.1 configuring for PPPoE 34 configuring for static addressing 33 configuring VPN tunnel with 86 connecting to 23 default factor y settings 25 described 2 firewall f.
User Guide 121 VPNforce™ P ort 47 VPNs and SOHO 6, SOHO 6 tc 2 and static IP addresses 87 between two SOHO 6s 115 configuring with SOHO 6 86–88 described 83 enabling tunnels 88 encr yption for 87 .
Index 122 W atchGuard Firebox SOHO 6.1.
Un point important après l'achat de l'appareil (ou même avant l'achat) est de lire le manuel d'utilisation. Nous devons le faire pour quelques raisons simples:
Si vous n'avez pas encore acheté WatchGuard Technologies SOHO 6 c'est un bon moment pour vous familiariser avec les données de base sur le produit. Consulter d'abord les pages initiales du manuel d'utilisation, que vous trouverez ci-dessus. Vous devriez y trouver les données techniques les plus importants du WatchGuard Technologies SOHO 6 - de cette manière, vous pouvez vérifier si l'équipement répond à vos besoins. Explorant les pages suivantes du manuel d'utilisation WatchGuard Technologies SOHO 6, vous apprendrez toutes les caractéristiques du produit et des informations sur son fonctionnement. Les informations sur le WatchGuard Technologies SOHO 6 va certainement vous aider à prendre une décision concernant l'achat.
Dans une situation où vous avez déjà le WatchGuard Technologies SOHO 6, mais vous avez pas encore lu le manuel d'utilisation, vous devez le faire pour les raisons décrites ci-dessus,. Vous saurez alors si vous avez correctement utilisé les fonctions disponibles, et si vous avez commis des erreurs qui peuvent réduire la durée de vie du WatchGuard Technologies SOHO 6.
Cependant, l'un des rôles les plus importants pour l'utilisateur joués par les manuels d'utilisateur est d'aider à résoudre les problèmes concernant le WatchGuard Technologies SOHO 6. Presque toujours, vous y trouverez Troubleshooting, soit les pannes et les défaillances les plus fréquentes de l'apparei WatchGuard Technologies SOHO 6 ainsi que les instructions sur la façon de les résoudre. Même si vous ne parvenez pas à résoudre le problème, le manuel d‘utilisation va vous montrer le chemin d'une nouvelle procédure – le contact avec le centre de service à la clientèle ou le service le plus proche.