xtm firewall basics v11.8
DESCRIPTION
watchguard firewall basic 11.8TRANSCRIPT
![Page 1: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/1.jpg)
©2013 WatchGuard Technologies, Inc.
WatchGuard Training
Firewall Basicswith Fireware XTM 11.8
![Page 2: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/2.jpg)
Course Introduction:Firewall Basics with Fireware XTM
WatchGuard Training 2
![Page 3: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/3.jpg)
Training Objectives
Use the basic management and monitoring components of WatchGuard System Manager (WSM)
Configure a WatchGuard XTM or XTMv device that runs Fireware XTM OS v11.8 or later for your network
Create basic security policies for your XTM device to enforce Use security services to expand XTM device functionality
3WatchGuard Training
![Page 4: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/4.jpg)
Requirements
Necessary equipment and software:• Management computer
• WatchGuard System Manager and Fireware XTM OS
• Firewall configuration file
• XTM or XTMv devices running Fireware XTM OS v11.8 or later (optional) Prerequisites:
• Basic knowledge of TCP/IP network functions and structure It is helpful, but not necessary, to have:
• WatchGuard System Manager installed on your computer
• Access to a WatchGuard XTM device
• A printed copy of the instructor’s notes of this presentation, or a copy of the Fireware XTM Basics Student Guide
4WatchGuard Training
![Page 5: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/5.jpg)
Outline
Getting Started Work with XTM Device Configuration Files Configure XTM Device Interfaces Configure Logging Generate Reports of Network Activity Use FSM to Monitor XTM Device Activity Use NAT (Network Address Translation) Define Basic Network Security Policies Work with Proxy Policies Work with SMTP and POP3 Proxies Verify Users’ Identities
5WatchGuard Training
![Page 6: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/6.jpg)
Outline
Block Unwanted Email with spamBlocker Manage Web Traffic Defend Your Network From Intruders Use Gateway AntiVirus Use Data Loss Prevention Use Intrusion Prevention Service Use Application Control Use Reputation Enabled Defense Explore the Fireware XTM Web UI and FireWatch
6WatchGuard Training
![Page 7: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/7.jpg)
Training Scenario
Fictional organization named the Successful Company Training partners may use different examples for exercises Try the exercises to implement your security policy
7WatchGuard Training
![Page 8: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/8.jpg)
Getting Started:Set Up Your Management Computer
and XTM Device
WatchGuard Training 8
![Page 9: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/9.jpg)
Learning Objectives
Use the Quick Setup Wizard to make a configuration file Start WatchGuard System Manager Connect to XTM devices and WatchGuard servers Launch other WSM applications
WatchGuard Training 9
![Page 10: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/10.jpg)
Management Computer
Select a computer with Windows 8, Windows 7, Windows Vista, Windows XP SP2, or Windows Server 2003, 2008, or 2012
Install WatchGuard System Manager (WSM) to configure, manage, and monitor your devices
Install Fireware XTM OS, then use WSM to install updatesand make configurationchanges on the device
WatchGuard Training 10
![Page 11: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/11.jpg)
11
Server Software
When you install WSM, you have the option to install any or all of these WatchGuard servers:• Management Server
• Log Server
• Report Server
• WebBlocker Server
• Quarantine Server Servers can be installed on separate computers
• Each server must use a supported version of Windows.
• There are access requirements between the management computer, the XTM device, and some servers.
WatchGuard Training
![Page 12: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/12.jpg)
12
Activate your XTM Device
You must have or create a WatchGuard account You must activate the XTM device before you can fully configure it Have your device serial number ready
WatchGuard Training
![Page 13: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/13.jpg)
Setup Wizards
There are two setup wizards you can use to create an initial functional configuration file for your XTM device. • Web Setup Wizard — To start the Web Setup Wizard, in a web
browser, type: https://10.0.1.1:8080
• Quick Setup Wizard — To start the Quick Setup Wizard, in WatchGuard System Manager, select Tools > Quick Setup Wizard.
To use either setup wizard, you must connect the management computer to the trusted interface (eth1) of the XTM device.
The Web Setup Wizard can activate your XTM device and download the feature key from the WatchGuard web site, if you connect the external interface (eth0) to a network with Internet access.
13WatchGuard Training
![Page 14: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/14.jpg)
Quick Setup Wizard
Installs Fireware XTM OS on the XTM device Creates and uploads a basic configuration file Assigns passphrases to control access to the XTM device
WatchGuard Training 14
![Page 15: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/15.jpg)
Prepare to Use the Quick Setup Wizard
Before you start, you must have:• WSM and Fireware XTM OS installed on the management computer
• Network information It is a good idea to have the feature key for your device before you
start the wizard. You can copy it from the LiveSecurity web site during registration.
WatchGuard Training 15
![Page 16: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/16.jpg)
16
Launch the Quick Setup Wizard
For the Quick Setup Wizard to operate correctly, you must:• Prepare the device to be discovered by the Quick Setup Wizard (QSW).
The QSW shows you how to prepare each device.
• Assign a static IP address to your management computer from the same subnet that you plan to assign to the Trusted interface of the XTM device. Alternatively, you can get a DHCP address from the device when it is in Safe Mode.
• Connect the Ethernet interface of your computer to interface #1 of the device.
• Launch WatchGuard System Manager (WSM) and launch the Quick Setup Wizard from the WSM Tools menu.
WatchGuard Training
![Page 17: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/17.jpg)
Quick Setup Wizard — Select Your Device
Choose which model of XTM device to configure.
WatchGuard Training 17
![Page 18: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/18.jpg)
18
Quick Setup Wizard — Verify the Device Details
Verify that the model and serial number are correct.
WatchGuard Training
![Page 19: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/19.jpg)
19
Quick Setup Wizard — Name Your XTM Device
The name you assign to the device in the wizard is used to:• Identify the device in WSM
• Identify the device in log files
• Identify the device in Log Manager and Report Manager
WatchGuard Training
![Page 20: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/20.jpg)
20
Quick Setup Wizard — Device Feedback
The Quick Setup Wizard enables the device to send feedback to WatchGuard by default.• When device feedback is enabled, the XTM device sends this
information to WatchGuard once each day: XTM device serial number Fireware XTM OS version and
build number XTM device model XTM device uptime since the
last restart
To disable device feedback:• Clear the Send device feedback
to WatchGuard check box.
• You can also change this settingin Global Settings.
WatchGuard Training
![Page 21: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/21.jpg)
Quick Setup Wizard — Configure the External Interface The IP address you give to the external interface can be:
• A static IP address
• An IP address assigned with DHCP
• An IP address assigned with PPPoE You must also add an
IP address for the device default gateway. This is the IP address of your gateway router.
WatchGuard Training 21
![Page 22: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/22.jpg)
22
Quick Setup Wizard — Configure Interfaces
Configure the Trusted and Optional interfaces. Select one of these configuration options:
• Mixed Routing Mode (Use these IP addresses) Each interface is configured with an IP address on a different subnet.
• Drop-in Mode (Use the same IP address as the external interface) All XTM device interfaces have
the same IP address. Use drop-inmode when devices from thesame publicly addressednetwork are located on morethan one device interface.
WatchGuard Training
![Page 23: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/23.jpg)
Understand Routed Configurations
In mixed routing mode (routed configuration):• Configure each interface with an IP address on a different subnet.
• Assign secondary networks on any interface.
WatchGuard Training 23
![Page 24: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/24.jpg)
Understand Drop-in Configurations
In drop-in mode:• Assign the same primary IP address to all interfaces on your device.
• Assign secondary networks on any interface.
• You can keep the same IP addresses and default gateways for devices on your trusted and optional networks, and add a secondary network address to the XTM device interface so the device can correctly send traffic to those devices.
WatchGuard Training 24
![Page 25: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/25.jpg)
Quick Setup Wizard — Add a Feature Key
When you purchase additional options for your device, you must get a new feature key to activate the new options. You can add feature keys in the Quick Setup Wizard or later in Policy Manager.
WatchGuard Training 25
![Page 26: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/26.jpg)
26
Quick Setup Wizard — Set Passphrases
You define two passphrases for connections to the device• Status passphrase — Read-only connections
• Configuration passphrase — Read-write connections Both passphrases must be at least 8 characters long and different
from each other
WatchGuard Training
![Page 27: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/27.jpg)
Quick Setup Wizard — Final Steps
Save a basic configuration to the device. You are now ready to put your device in place on your network. Remember to reset your management computer IP address.
WatchGuard Training 27
![Page 28: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/28.jpg)
WatchGuard System Manager
Start WSM Connect to an XTM device or the Management Server Display device status
WatchGuard Training 28
![Page 29: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/29.jpg)
Components of WSM
WSM includes a set of management and monitoring tools:• Policy Manager
• Firebox System Manager
• HostWatch
• Log Manager
• Report Manager
• CA Manager
• Quarantine Server Client To launch a tool, select it from the WSM Tools menu or click the
tool icon
WatchGuard Training 29
![Page 30: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/30.jpg)
Administration:Work with Device Configuration Files
WatchGuard Training 30
![Page 31: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/31.jpg)
Learning Objectives
Start Policy Manager Open and save configuration files Configure the XTM device for remote administration Reset XTM device passphrases Back up and restore the XTM device configuration Add XTM device identification information
WatchGuard Training 31
![Page 32: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/32.jpg)
What is Policy Manager?
A configuration tool that you can use to modify the settings of your XTM device
Changes made in Policy Manager do not take effect until you save them to the device
Launch Policy Manager from WSM• Select a connected or managed device
• Click the Policy Manager icon on the toolbar
WatchGuard Training 32
![Page 33: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/33.jpg)
33
Navigate Policy Manager
From the View menu, select how policies are displayed
WatchGuard Training
Details View Large Icons View
![Page 34: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/34.jpg)
Navigate Policy Manager
Use the menu bar to configure many device features.
WatchGuard Training 34
![Page 35: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/35.jpg)
Navigate Policy Manager
Security policies that control traffic through the device are represented by policies.
To edit a security policy, double-click the policy name.
WatchGuard Training 35
![Page 36: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/36.jpg)
36
Open and Save Configuration Files
Open a file from your local drive or from an XTM device Save configuration files to your local drive or to the XTM device Create new configuration files in Policy Manager
• New configuration files include a basic set of policies.
• You can add more policies.
WatchGuard Training
![Page 37: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/37.jpg)
Configure Your Device for Remote Administration
Connect from home to monitor device status Change policies remotely to respond to new threats Make the policy as restrictive as possible for security Edit the WatchGuard policy to enable access from an external
IP address You can also
use Fireware XTM Web UI to configure a device(over TCP port 8080)
WatchGuard Training 37
![Page 38: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/38.jpg)
38
Change XTM Device Passphrases
Minimum of eight characters Change frequently Restrict their use
WatchGuard Training
![Page 39: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/39.jpg)
Back Up the XTM Device Images
Create and restore an encrypted backup image Backup includes feature key and certificate information Encryption key is required to restore an image
WatchGuard Training 39
![Page 40: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/40.jpg)
40
Add XTM Device Identification Information
XTM device name and model Contact information Time zone for log files and reports
WatchGuard Training
![Page 41: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/41.jpg)
Upgrade Your XTM Device
1. Back up your existing device image.2. Download and install the new version of Fireware XTM OS on your
management computer.3. From Policy Manager, select File > Upgrade.
WatchGuard Training 41
![Page 42: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/42.jpg)
42
Upgrade Your XTM Device
4. Browse to the location of the OS upgrade file: C:\Program Files\Common Files\WatchGuard\Resources\Fireware XTM
5. Select the correct .sysa-dl file for your device:• XTM 2500 Series: xtm800_1500_2500.sysa-dl
• XTM 2050: xtm2050_bc.sysa-dl
• XTM 1500 Series: xtm800_1500_2500.sysa-dl
• XTM 1050: xtm1050_bb.sysa-dl
• XTM 800 Series: xtm800_1500_2500.sysa-dl
• XTM 8 Series: xtm8_b5.sysa-dl
• XTM 5 Series: xtm5_b0.sysa-dl
• XTM 330: xtm330_bd.sysa-dl
• XTM 33: xtm3_aa.sysa-dl
• XTM 25, 26: xtm2_a6.sysa.dl
• XTMv: xtmv_c5.sysa-dl
WatchGuard Training
![Page 43: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/43.jpg)
43
Network Settings:Configure XTM Device Interfaces
WatchGuard Training
![Page 44: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/44.jpg)
44
Learning Objectives
Configure external network interfaces with a static IP address, DHCP and PPPoE
Configure a trusted and optional network interface Use the XTM device as a DHCP server Add WINS/DNS server locations to the device configuration Add Dynamic DNS settings to the device configuration Set up a secondary network or address Understand Drop-In Mode and Bridge Mode
WatchGuard Training
![Page 45: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/45.jpg)
45
Add a Firewall to Your Network
Interfaces on separate networks Most users have at least one external and one trusted
WatchGuard Training
External203.0.113.2/24
Trusted Network10.0.1.1/24
Optional Network10.0.2.1/24
![Page 46: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/46.jpg)
Beyond the Quick Setup Wizard
The Quick Setup Wizard configures the device with External, Trusted, and Optional networks by default:
eth0 = external eth1 = trusted eth2 = optional (only if you
provide an optional interface IP address in the wizard)
You can change theinterface assignments. In Policy Manager, select Network > Configuration.
WatchGuard Training 46
![Page 47: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/47.jpg)
47
Network Configuration Options
Modify the properties of an interface• Change the interface type (from trusted to optional, etc.)
• Add secondary networks and addresses
• Enable the DHCP server Configure additional interfaces Configure WINS/DNS settings for the device Add network or host routes Configure NAT
WatchGuard Training
![Page 48: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/48.jpg)
Interface Independence
You can change the interface type of any interface configured with the Quick Setup Wizard.
You can also choose the interface type of any additional interface you enable.
WatchGuard Training 48
![Page 49: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/49.jpg)
49
Use a Dynamic IP Address for the External Interface
The XTM device can get a dynamic IP address for an external interface with DHCP or PPPoE.
WatchGuard Training
![Page 50: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/50.jpg)
Use Dynamic DNS
Register the external IP address of the XTM device with the supported dynamic DNS service, DynDNS.
WatchGuard Training 50
![Page 51: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/51.jpg)
51
Use a Static IP Address for the External Interface
The XTM device can use a static IP address given to you by your Internet Service Provider.
WatchGuard Training
![Page 52: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/52.jpg)
52
Enable the Device DHCP Server
Can be used on a trusted or optional interface Type the first and last IP addresses of the range for DHCP Configure up to 6 IP address ranges Reserve some
IP addresses for specified MAC addresses
WatchGuard Training
![Page 53: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/53.jpg)
Configure Trusted and Optional Interfaces
WatchGuard Training
Trusted-Main10.0.1.1/24
Public Servers10.0.2.1/24
1. Start with a trusted network.
2. Add an optional network for public servers.
Conference10.0.5.1/24
Optional
3. As your business grows, add more trusted and optional networks.
Finance10.0.3.1/24
Trusted
Sales Force10.0.4.1/24
Optional
53
![Page 54: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/54.jpg)
Add WINS/DNS Servers
All devices on the trusted and optional networks can use this server
Use an internal server or an external server Used by the XTM device for DHCP, Mobile VPN, NTP time updates,
and Subscription Service updates
WatchGuard Training 54
![Page 55: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/55.jpg)
Secondary Networks
Share one of the same physical networks as one of the device interfaces.
Add an IP alias to the interface, which is the default gateway for computers on the secondary network.
Trusted-Main10.0.1.1/24
Secondary
172.16.100.1
172.16.100.0/24
WatchGuard Training 55
![Page 56: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/56.jpg)
Network or Host Routes
Create static routes to send traffic from a device interface to a routerThe router can then send the traffic to the correct destination from the specified route.
If you do not specify a route to a remote network or host, all traffic to that network or host is sent to the device default gateway.
WatchGuard Training 56
![Page 57: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/57.jpg)
Drop-In Mode and Bridge Mode
Use Drop-In Mode if you want to have the same logical network (subnet) spread across all device interfaces.• Computers in this subnet can be on any device interface
• You can add a secondary address to any device interface to use an additional network on the interface
Use Bridge Mode when you want the device to be invisible.• You assign one IP address to the device for management connections
• Bridge Mode turns the device into a transparent Layer 2 bridge
WatchGuard Training
To set the interface configuration mode, select Network > Configuration.
57
![Page 58: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/58.jpg)
Logging:Set Up Logging and Notification
WatchGuard Training 58
![Page 59: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/59.jpg)
59
Learning Objectives
Set up a Log Server Configure the XTM device to send messages to a Log Server Configure logging and notification preferences Set the Diagnostic Log Level View log messages
WatchGuard Training
![Page 60: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/60.jpg)
Introduction to the Log Server
WatchGuard Training 60
![Page 61: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/61.jpg)
Log Message Types
Traffic — Allowed and denied packets Alarm — An event you configure as important that requires a log
message or alert Event — A device restart, or a VPN tunnel creation or failure Debug — Additional messages with diagnostic information to help
you troubleshoot network or configuration problems Statistic — Information about the performance of the XTM device
WatchGuard Training 61
![Page 62: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/62.jpg)
Configure Logging
For log messages to be correctly stored, you must:• Install the Log Server software
• Configure the Log Server
• Configure the XTM device to send log messages to the Log Server
WatchGuard Training 62
![Page 63: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/63.jpg)
63
Install the Log Server
In the WSM installer, select to install the Log Server component The Log Server does not have to be installed on the same
computer that you use as your management computer
The Log Server should be on a computer with a static IP address
WatchGuard Training
![Page 64: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/64.jpg)
Configure the Log Server
Right-click the WatchGuard Server Center icon in your Windows system tray to open WatchGuard Server Center.The Server Center Setup Wizard starts.
Set the administrator passphrase. Set the log encryption key.
WatchGuard Training 64
![Page 65: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/65.jpg)
65
Configure Log Server Settings
Open WatchGuard Server Center to configure Log Server properties.
Type the administrator passphrase. Select Log Server to configure Log Server settings.
WatchGuard Training
![Page 66: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/66.jpg)
66
Configure Log Server Settings
Server Settings — Database size and encryption key settings. Database Maintenance — Specify database back up file settings,
and select to use the Built-in database or an External PostgreSQL database.
Notification — Configure settings for event notification and the SMTP Server.
Logging — Firebox Status (which devices are currently connected to the Log Server) and where to send log messages.
WatchGuard Training
![Page 67: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/67.jpg)
Configure the XTM Device to Send Log Messages
Use Policy Manager Set the same log encryption
key that is used for the Log Server
Backup Log Servers can be used when the primary fails
Specify the port to connectto a syslog server
WatchGuard Training 67
![Page 68: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/68.jpg)
Default Logging Policy
When you create a policy that allows traffic, logging is not enabled by default
When you create a policy that denies traffic, logging is enabled by default
If denied traffic does not match a specific policy, it is logged by default
WatchGuard Training 68
![Page 69: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/69.jpg)
Set the Diagnostic Log Level
You can also configure the device to send detailed diagnostic log messages to help you troubleshoot a specific problem.
From Policy Manager, select Setup > Logging, and click Diagnostic Log Level.
WatchGuard Training 69
![Page 70: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/70.jpg)
You can see log messages with two different tools:• Traffic Monitor — Real-time monitoring in FSM from any computer
with WSM
View Log Messages
WatchGuard Training 70
![Page 71: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/71.jpg)
• Log Manager — From WatchGuard WebCenter, you can use Log Manager to see any log messages stored on the Log Server. Use the search feature to locate specific information in your log files.
View Log Messages
WatchGuard Training 71
![Page 72: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/72.jpg)
Reports:Generate Reports of Network Activity
WatchGuard Training 72
![Page 73: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/73.jpg)
Learning Objectives
Set up and configure a Report Server Generate and save reports at regular intervals Generate and view reports Change report settings Save, print, and share reports
WatchGuard Training 73
![Page 74: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/74.jpg)
WSM Reporting Architecture
WatchGuard Training 74
![Page 75: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/75.jpg)
Configure the Report Server
Install on a Microsoft Windows computer
Can be the same computer as the Log Server
Configure the Report Server from WatchGuard Server Center
Select to use the Built-in database or an External PostgreSQL database
Add one or more Log Server IP addresses
Set report interval, report type, and notification preferences
WatchGuard Training 75
![Page 76: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/76.jpg)
View Reports with Report Manager
Report Manager is available in WatchGuard WebCenter, which is installed with the Report Server
Add users in WatchGuard Server Center to enable them to use Report Manager
WatchGuard Training 76
![Page 77: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/77.jpg)
77
View Reports with Report Manager
Connect to WatchGuard WebCenter over port 4130, and select Report Manager to view and generate reports
View Available Reports (scheduled reports)
Create On-Demand Reports and Per Client Reports
Launch Report Manager from WSM
Save reports in PDF format
WatchGuard Training
![Page 78: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/78.jpg)
Monitor Your Firewall:Monitor Activity Through
the XTM Device
WatchGuard Training 78
![Page 79: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/79.jpg)
Learning Objectives
Interpret the information in the WSM display Use Firebox System Manager to monitor device status Change Traffic Monitor settings Use Performance Console to visualize device performance Use HostWatch to view network activity and block a site Add and remove sites from the Blocked Sites list
WatchGuard Training 79
![Page 80: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/80.jpg)
80
WatchGuard System Manager Display
WatchGuard Training
![Page 81: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/81.jpg)
Firebox System Manager
Front Panel Traffic Monitor Bandwidth Meter Service Watch Status Report Authentication List Blocked Sites Subscription
Services Gateway Wireless
Controller
WatchGuard Training 81
![Page 82: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/82.jpg)
Traffic Monitor
View log messages as they occur
Set custom colors and fields
Start traceroute or Ping to source and destination IP addresses
Copy information to another application
WatchGuard Training 82
![Page 83: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/83.jpg)
Performance Console
Monitor and graph XTM device activity Launch from Firebox System Manager System Information — Firebox statistics,
such as the number of total active connections and CPU usage
Interfaces — Total number of packets sent and received through the XTM device interfaces
Policies — Total connections, current connections, and discarded packets
VPN Peers — Inbound and outbound SAs and packets Tunnels — Inbound and outbound packets, authentication errors,
and replay errors
WatchGuard Training 83
![Page 84: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/84.jpg)
Use HostWatch to View Connections
Graphical display of live connections
One-click access to more details on any connection
Temporarily block sites
WatchGuard Training 84
![Page 85: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/85.jpg)
Use the Blocked Sites List
View sites added temporarily by the device as it blocks the source of denied packets
Change expiration settings for temporarily blocked sites
WatchGuard Training 85
![Page 86: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/86.jpg)
Examine and Update Feature Keys
View the feature keys currently on your XTM device
Add a new feature key to your XTM device
WatchGuard Training 86
![Page 87: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/87.jpg)
NAT:Use Network Address Translation
WatchGuard Training 87
![Page 88: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/88.jpg)
Learning Objectives
Understand network address translation types Add dynamic NAT entries Use static NAT for public servers
WatchGuard Training 88
![Page 89: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/89.jpg)
What is Network Address Translation?
Changes one public IP address into many Protect the map of your network
WatchGuard Training
Your Network
Devices and users with private IP addresses
NAT Enabled
Internet sees only one public address (an External XTM device IP address)
89
![Page 90: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/90.jpg)
Add Firewall Dynamic NAT Entries
Most frequently used form of NAT Changes the outgoing source IP address to the external IP address
of the XTM device Enabled by default for standard
private network IP addresses, such as 192.168.0.0/16
WatchGuard Training 90
![Page 91: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/91.jpg)
Static NAT for Public Servers
Your Network
Port 80 TCP
Web server
Port 21 TCP
FTP server
Port 25 TCP
Email server Web traffic — One external IP to private static IP
FTP traffic — Same external IP to second, private static IP
SMTP traffic — Same external IP to third, private static IP
203.0.113.2
10.0.2.80
10.0.2.21
10.0.2.25
WatchGuard Training 91
![Page 92: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/92.jpg)
1-to-1 NAT for Public Servers
Your Network NetMeeting traffic — Dedicated IP address on the external
IKE traffic — Second dedicated public IP address
Intel Phone (H.323) — Another external IP address
Ports 1720, 389, dynamic10.0.2.11
NetMeeting
Without NAT-T10.0.2.12
IKE
Ports 1720, 52210.0.2.13
Intel-Video-Phone
203.0.113.11
203.0.113.12
203.0.113.13
WatchGuard Training 92
![Page 93: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/93.jpg)
Configure Policies
You can customize 1-to1 NAT and Dynamic NAT settings in each policy
Select Network > NAT to configure the settings
The settings you specify apply unless you modify the NAT settings in a policy
Select the Set Source IP option when you want any traffic that uses this policyto show a specified address from your public or external IP address range as the source IP address.
WatchGuard Training 93
![Page 94: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/94.jpg)
94
Configure Policies
To configure a policy to use static NAT, click Add in the To section of the policy, then select Add SNAT.
To add, edit, or delete SNAT actions, you can also select Setup > Actions > SNAT.
To add an SNAT member, click Add.
WatchGuard Training
![Page 95: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/95.jpg)
Policies:Convert Network Policy to Device
Configuration
WatchGuard Training 95
![Page 96: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/96.jpg)
96
Learning Objectives
Understand the difference between a packet filter policy and a proxy policy
Add a policy to Policy Manager and configure its access rules Create a custom packet filter policy Set up logging and notification rules for a policy Use advanced policy properties Understand the function of the Outgoing policy Understand the function of the TCP-UDP proxy Understand the function of the WatchGuard policy Understand how the XTM device determines policy precedence
WatchGuard Training
![Page 97: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/97.jpg)
What is a Policy?
A rule to limit access through the XTM device Can be configured to allow traffic or deny traffic Can be enabled or disabled Applies to specific port(s) and protocols Applies to traffic that matches From and To fields:
• From — Specific source hosts, subnets or users/groups
• To — Specific destination hosts, subnets, or users/groups
WatchGuard Training 97
![Page 98: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/98.jpg)
Packet Filters, Proxies, and ALGs
Two types of policies:• Packet Filter — Examines the IP header of each packet, and operates at
the network and transport protocol packet layers.
• Proxy & ALG (Application Layer Gateway) Proxy — Examines the IP header and the content of a packet at the
application layer. If the content does not match the criteria you set in your proxy policies, you can set the proxy to deny the packet. Some proxy policies allow you to remove the disallowed content.
ALG — Completes the same functions as a proxy, but also provides transparent connection management.
Proxy policies and ALGs examine the commands used in the connection to make sure they are in the correct syntax and order, and use deep packet inspection to make sure that connections are secure.
WatchGuard Training 98
![Page 99: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/99.jpg)
Packet Filters, Proxies, and ALGs
Proxies & ALGs:• Remove all the network data
• Examine the contents
• Add the network data again
• Send the packet to its destination
WatchGuard Training 99
![Page 100: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/100.jpg)
What are Packet Filters, Proxies, and ALGs?
Packet Filter Proxy & ALG
Source Destination Port(s)/Protocols Packet body Attachments RFC Compliance Commands
WatchGuard Training 100
![Page 101: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/101.jpg)
Add a Policy in Policy Manager
WatchGuard Training 101
2. Decide if the policy allows or denies traffic.
3. Configure the source (From) and destination (To).
1. Select a policy from a pre-defined list.
![Page 102: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/102.jpg)
102
Modify Policies
To edit a policy, double-click the policy By default, a new policy:
• Is enabled and allowed
• Allows traffic on the port(s) specified by the policy
• Allows traffic from any trusted network to any external destination
WatchGuard Training
![Page 103: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/103.jpg)
103
Change Policy Sources and Destinations
You can:• Select a pre-defined alias, then click Add.
• Click Add User to select an authentication user or group.
• Click Add Other to add a host IP address, network IP address, or host range.
WatchGuard Training
![Page 104: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/104.jpg)
104
When do I use a custom policy?
A custom policy can be either a packet filter or proxy policy. Use a custom policy if:
• None of the pre-defined policies include the specific combination of ports that you want.
• You need to create a policy that uses a protocol other than TCP or UDP.
WatchGuard Training
![Page 105: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/105.jpg)
Logging and Notification for Policies
When you enable logging in a policy, you can also select whether the XTM device sends a notification message or triggers an SNMP trap. Notification options include:• Send email to a specified address
• A pop-up notification on the Log Server
WatchGuard Training 105
![Page 106: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/106.jpg)
Set Logging Rules for a Policy
The XTM device generates log messages for many different types of activities
You enable logging for policies to specifywhen log messages are generated and sent to the Log Server
WatchGuard Training 106
![Page 107: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/107.jpg)
What is Precedence?
Precedence is used to decide which policy controls a connection when more than one policy could control that connection
In Details view, the higher the policy appears in the list, the greater its precedence.
If two policies could apply to a connection, the policy higher in the list controls that connection
WatchGuard Training 107
![Page 108: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/108.jpg)
What is Precedence?
Policies can be moved up or down in Manual Order mode to set precedence, or restored to the order assigned by Policy Manager with Auto-Order Mode.
WatchGuard Training 108
![Page 109: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/109.jpg)
Advanced Policy Properties
Schedules Connection rate limits Override NAT settings QoS settings ICMP error handling Override Multi-WAN sticky connection
setting
WatchGuard Training 109
![Page 110: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/110.jpg)
Schedule Policies
Set the times of day when the policy is enabled
WatchGuard Training 110
![Page 111: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/111.jpg)
Understand the Outgoing policy
The Outgoing packet filter policy is added in the default configuration
Allows all outgoing TCP and UDP connections from trusted and optional networks to external networks
Enables the XTM device to “work out of the box” but could have security problems
If you remove the Outgoing policy, you must add policies to allow outgoing traffic
WatchGuard Training 111
![Page 112: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/112.jpg)
Understand the TCP-UDP-Proxy
Enables TCP and UDP protocols for outgoing traffic Applies proxy rules to traffic for the HTTP, HTTPS, SIP, and FTP
protocols, regardless of the port numbers Blocks selected IM and P2P
applications, regardless of port
WatchGuard Training 112
![Page 113: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/113.jpg)
The WatchGuard Policy
Controls management connections to the XTM device
By default, this policy allows only local administration of the device; edit the configuration to allow remote administration
WatchGuard Training 113
![Page 114: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/114.jpg)
Find Policy Tool
Fireware XTM includes a utility to find policies that match the search criteria you specify
With the Find Policies tool, you can quickly locate policies that match user or group names, IP addresses, port numbers, and protocols.
WatchGuard Training 114
![Page 115: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/115.jpg)
Policy Tags and Filters
Assign policy tags to policies to create policy groups Sort the policy list by policy tag to see the policy list by policy
group Create and save policy filters to specify which policies appear in
the policy list
WatchGuard Training 115
![Page 116: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/116.jpg)
Proxy Policies:Use Proxy Policies and ALGs to Protect
Your Network
WatchGuard Training 116
![Page 117: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/117.jpg)
117
Learning Objectives
Understand the purpose and configuration of proxy policies and ALGs
Configure the DNS-proxy to protect DNS server Configure an FTP-Server proxy action Configure an FTP-Client proxy action Enable logging for proxy actions
WatchGuard Training
![Page 118: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/118.jpg)
What are Proxies and ALGs?
Proxy policies and ALGs (Application Layer Gateway) are powerful and highly customizable application inspection engines and content filters.
A packet filter looks at IP header information only. A proxy or ALG looks at the content of the network data. ALGs also
provide transparent connection management.
WatchGuard Training 118
![Page 119: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/119.jpg)
What is the DNS Proxy?
Domain Name System Validates all DNS traffic Blocks badly formed DNS packets Fireware XTM includes two methods to control DNS traffic:
• DNS packet filter — IP headers only
• DNS-Proxy filter — content
WatchGuard Training 119
![Page 120: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/120.jpg)
120
Control Incoming Connections
Use the DNS-Incoming action as a template You own the server You decide who gets to
connect to the server
WatchGuard Training
DNS server
DNS Proxy
Your network
![Page 121: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/121.jpg)
121
Configuring DNS-Incoming
General OpCodes Query Types Query Name Proxy Alarm
WatchGuard Training
![Page 122: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/122.jpg)
122
Control Outgoing Connections
Use the DNS-Outgoing action as a template Operates with Intrusion Prevention Service Deny queries for specified
domain names
WatchGuard Training
DNS server
DNS Proxy
Your Network
![Page 123: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/123.jpg)
123
Use DNS-Outgoing
Use DNS-Outgoing to block DNS requests for services, such as queries for:• POP3 servers
• Advertising networks
• IM applications
• P2P applications
WatchGuard Training
![Page 124: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/124.jpg)
124
Fireware XTM Proxies
DNS FTP H323 and SIP (Application Layer Gateways) HTTP and HTTPS SMTP and POP3 TCP-UDP
• Applies the proxies to traffic on all TCP ports
WatchGuard Training
![Page 125: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/125.jpg)
125
What is a Proxy Action?
A set of rules that tell the XTM device how to apply one of the proxies to traffic of a specific type
You can apply a proxy action to more than one policy
WatchGuard Training
![Page 126: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/126.jpg)
126
Import & Export Proxy Actions
You can import and export:• Entire user-created proxy actions (not predefined proxy actions)
• Rulesets
• WebBlocker exceptions
• spamBlocker exceptions
WatchGuard Training
![Page 127: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/127.jpg)
127
What is FTP?
File Transfer Protocol Often used to move files between two locations Client and server architecture Fireware XTM includes two methods to control:
• FTP packet filter — IP headers only
• FTP-proxy — Content and commands
WatchGuard Training
![Page 128: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/128.jpg)
128
FTP-Proxy
Restricts the types of commands and files that can be sent through FTP
Works with the Gateway AV Service
Works with the
WatchGuard Training
![Page 129: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/129.jpg)
129
FTP-Proxy
Restricts the types of commands and files that can be sent through FTP
Works with the Gateway AV Service
Works with the DataLoss PreventionService
WatchGuard Training
![Page 130: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/130.jpg)
130
FTP-Client Action Rulesets
General Commands Download Upload AntiVirus Data Loss Prevention Proxy and
AV alarms
WatchGuard Training
![Page 131: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/131.jpg)
131
Control Incoming Connections
Use the FTP-Server proxy action as a template The FTP server must be protected by the XTM device You decide who can connect to the FTP server
WatchGuard Training
AnybodyYour FTP server
FTP Proxy
![Page 132: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/132.jpg)
132
Define FTP-Server Action Rulesets
General Commands Download Upload AntiVirus Data Loss Prevention Proxy alarms Options available in the
FTP-Client proxy action are also available in the FTP-Server proxy action
Smart defaults are used in each ruleset to protect clients (FTP-Client) and servers (FTP-Server)
WatchGuard Training
![Page 133: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/133.jpg)
133
Logging and Proxies
Proxy policies contain many more advancedoptions for logging than packet filter policies
Each proxy category hasits own check box to enable logging
To generate detailed reports with information on packets handled by proxy policies, you must select the Enable logging for reports check box ineach proxy action
WatchGuard Training
![Page 134: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/134.jpg)
Email Proxies:Work with the SMTP and POP3 Proxies
WatchGuard Training 134
![Page 135: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/135.jpg)
135
Learning Objectives
Understand the SMTP and POP3 proxies Understand the available actions for email Control incoming email Control outgoing email
WatchGuard Training
![Page 136: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/136.jpg)
136
SMTP and POP3 Proxies
Used to restrict the types and size of files sent and received in email
Operate with Gateway AV and spamBlocker
Operate with Data Loss Prevention(SMTP-proxy only)
WatchGuard Training
![Page 137: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/137.jpg)
137
Proxy Actions Available for Email
Default actions available:• Allow — Email is allowed through your device
• Lock — Email is allowed through your device; the attachment is encoded so only the XTM device administrator can open it
• AV Scan —Gateway AntiVirus is used to scan the attachment
• Strip — Email is allowed through your device, but the file attachment(s) are deleted
• Drop — The SMTP connection is closed
• Block — The SMTP connection is closed and the sender is added to the blocked sites list
Also available with Gateway AntiVirus, spamBlocker, and Data Loss Prevention:• Quarantine — Email is stored on the Quarantine Server (only with
SMTP) and is not sent to the recipient
WatchGuard Training
![Page 138: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/138.jpg)
138
Control Incoming Email
Use SMTP-Incoming and POP3-Server actions as a template You decide what email you want to allow
WatchGuard Training
Anybody Your SMTP server
Your users
SMTP Proxy
![Page 139: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/139.jpg)
139
Control Outgoing Email
Use SMTP-Outgoing or POP3-Client action as a template You know the users You decide what they can send
WatchGuard Training
SMTP Proxy
Your usersTheir email server
Anybody
![Page 140: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/140.jpg)
Authentication:Verify a User’s Identity
WatchGuard Training 140
![Page 141: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/141.jpg)
Learning Objectives
Understand authentication and how it works with the XTM device List the types of third-party authentication servers you can use
with Fireware XTM Use Firebox authentication users and groups Add a Firebox authentication group to a policy definition Modify authentication timeout values Use the XTM device to create a custom web server certificate
WatchGuard Training 141
![Page 142: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/142.jpg)
142
What is User Authentication?
Identify each user as they connect to network resources Restrict policies by user name
WatchGuard Training
![Page 143: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/143.jpg)
143
WatchGuard Authentication
The user browses to the XTM device interface IP address on TCP port 4100
The XTM device presents an authentication page The XTM device verifies that the credentials entered are correct,
and allowed for the type of connection The XTM device allows access to resources valid for that
authenticated user or group
WatchGuard Training
![Page 144: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/144.jpg)
144
Supported Authentication Servers
Firebox RADIUS VASCO SecurID LDAP Active Directory
• Single Sign-On options
WatchGuard Training
![Page 145: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/145.jpg)
145
Use Firebox Authentication
To use the XTM device as an authentication server:• Make groups
• Define users
• Edit policies
WatchGuard Training
![Page 146: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/146.jpg)
146
Edit Policies for Authentication
Create users and groups
Use the user and group names in policy properties
Define From or To information
WatchGuard Training
![Page 147: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/147.jpg)
147
Use Third-Party Servers
Set up a third-party authentication server
Get configuration information,such as secrets and IP addresses
Make sure the authentication server can contact the XTM device
WatchGuard Training
![Page 148: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/148.jpg)
148
Set Global Authentication Values
Session and idle timeout values Number of concurrent connections Enable Single Sign-On with
Active Directory authentication Enable redirect to the
authentication page if the user is not yet authenticated• After users authenticate, they are
redirected to the site theyoriginally selected.
Specify the authentication server that appears at the top of the Domain list in the Authentication Portal
Configure Terminal Services
WatchGuard Training
![Page 149: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/149.jpg)
149
Enable Single Sign-On
Transparent authentication, no need to open a web page Available with Windows Active Directory Install the SSO Agent on a Windows server with a static IP address Install the SSO Client on all workstations (Optional) Install the Event Log Monitor on one computer in the domain
(Clientless SSO) SSO Agent passes user
credentials to the XTM device
Use SSO exceptions for IP addresses that cannot authenticate (computers that are not domain members, or non-Windows PCs)
WatchGuard Training
![Page 150: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/150.jpg)
150
Enable Terminal Services
Enables users to authenticate to your XTM device over a Terminal Server or Citrix server
Enables your XTM device to report the actual IP address of each user logged in to the device
Can be used with any configured authentication method (e.g. Firebox authentication, Active Directory, RADIUS, etc.)
WatchGuard Training
![Page 151: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/151.jpg)
151
Fireware XTM Web Server Certificate
Why does the user get warnings from the browser?• Name on the certificate does not match
the URL
• Fix this problem with a custom certificate that has all of the XTM device IP addresses as possible name matches
• User must still import this certificate to trusted root stores
WatchGuard Training
![Page 152: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/152.jpg)
Blocking Spam:Stop Unwanted Email with spamBlocker
WatchGuard Training 152
![Page 153: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/153.jpg)
153
Learning Objectives
Activate and configure spamBlocker Specify the actions to take when suspected spam email is
detected Block or allow email messages from specified sources Monitor spamBlocker activity Install and configure Quarantine Server
WatchGuard Training
![Page 154: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/154.jpg)
154
What is spamBlocker?
Technology licensed from Commtouch™ to identify spam, bulk, or suspect email
No local server to installYou can install Quarantine Server, but it is not necessary for spamBlocker to work correctly.
XTM device sends information to external servers to classify email and caches the results
Operates with the SMTP and POP3 proxies You must have an SMTP or POP3 proxy action configured to use
spamBlocker
WatchGuard Training
![Page 155: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/155.jpg)
155
Activate spamBlocker
A feature key is required to enable spamBlocker• Use Policy Manager or FSM to add the feature key
• Save the configuration to the XTM device Run the Activate spamBlocker Wizard
WatchGuard Training
![Page 156: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/156.jpg)
156
Configure a Policy for spamBlocker
Use the SMTP-proxy or POP3-proxy
Choose the proxy response to spam categorization
Add exceptions
WatchGuard Training
![Page 157: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/157.jpg)
157
spamBlocker Actions
Spam is classified into three categories:• Spam
• Bulk
• Suspect For each category, you can configure the action taken:
• Allow
• Add Subject Tag
• Quarantine (SMTP only)
• Deny (SMTP only)
• Drop (SMTP only)
WatchGuard Training
![Page 158: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/158.jpg)
158
spamBlocker Exceptions
You can configure exceptions for specific senders or recipients by:• Email address
• Domain by pattern match (*@xyz.com)
WatchGuard Training
![Page 159: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/159.jpg)
159
Customize spamBlocker
Use multiple SMTP or POP3 proxies
WatchGuard Training
![Page 160: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/160.jpg)
160
Monitor spamBlocker Activity
Status visible in Firebox System Manager
Select the Subscription Services tab
WatchGuard Training
![Page 161: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/161.jpg)
161
Quarantine Spam
Quarantine Server operates with spamBlocker for the SMTP-proxy only (not the POP3-proxy)
Install with server components during WSM install, or from WatchGuard Server Center
WatchGuard Training
![Page 162: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/162.jpg)
162
Quarantine Server Configuration
You can configure:• Database size and administrator notifications
• Server settings
• Length of time to keep messages
• The domains for which the Quarantine Server keeps mail
• Rules to automatically remove messages: From specific senders From specific domains That contain specific text in the Subject field
WatchGuard Training
![Page 163: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/163.jpg)
Web Traffic:Manage Web Traffic Through Your
Firewall
WatchGuard Training 163
![Page 164: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/164.jpg)
164
Learning Objectives
Control outgoing HTTP traffic Protect your web server Use the HTTPS-proxy Set up WebBlocker Select categories of web sites to block Override WebBlocker rules for specified sites
WatchGuard Training
![Page 165: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/165.jpg)
165
What is the HTTP-Proxy?
Fully configurable HTTP requests and responses Use URL paths to block complete URLs, or match a pattern you
specify Select header fields, protocol settings, and request/response
methods Allow or deny based on content types Block the transfer of all or some attachments over port 80 Allow or deny cookies from specified domains Enforce search engine Safe Search rules
WatchGuard Training
![Page 166: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/166.jpg)
166
Control Outgoing HTTP Traffic
Use the HTTP-Client proxy action as a template You know the users You decide where they go and what they can get access to Enforce Safe Search rules
WatchGuard Training
Your Network
HTTP Proxy
![Page 167: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/167.jpg)
167
Settings for the HTTP-Client Proxy Action
HTTP Request HTTP Response Use Web Cache Server HTTP Proxy Exceptions Data Loss Prevention WebBlocker AntiVirus Reputation Enabled
Defense Deny Message Proxy and AV Alarms
WatchGuard Training
![Page 168: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/168.jpg)
168
Protect Your Web Server
Use the HTTP-Server proxy action template Block malformed packets Prevent attacks on your server Enforce Safe Search rules
WatchGuard Training
Your Network
Web ServerHTTP Proxy
![Page 169: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/169.jpg)
169
Settings for the HTTP-Server Proxy Action
HTTP Request HTTP Response HTTP Proxy Exceptions Data Loss Prevention WebBlocker AntiVirus Reputation Enabled
Defense Deny Message Proxy and AV Alarms
WatchGuard Training
![Page 170: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/170.jpg)
170
When to Use the HTTPS-Proxy
HTTP on a secure, encrypted channel (SSL) Can use Deep Packet Inspection (DPI) to examine content and re-
sign the original HTTPS site certificate OCSP can confirm the validity of the original HTTPS site certificate Use a certificate that all clients on your network automatically
trust for this purpose when possible Can use WebBlocker to block categories of web sites When DPI is not enabled, checks the certificate and blocks by
domain name
WatchGuard Training
![Page 171: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/171.jpg)
171
What is WebBlocker?
Reduces malicious web content that enters the network Blocks URLs and IP addresses that you specify Reduces unproductive web surfing and potential liability Blocks access to IM/P2P download sites Blocks access to spyware sites Helps schools to attain CIPA compliance Two database options Global URL database — English, German, Spanish, French, Italian,
Dutch, Japanese, traditional Chinese, and simplified Chinese sites
WatchGuard Training
![Page 172: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/172.jpg)
172
WebBlocker Server Options
Websense cloud • Uses a cloud-based URL categorization database with over 100 content
categories, provided by Websense
• Does not use a locally installed WebBlocker Server
• URL categorization queries are sent over HTTP WebBlocker Server
• Uses a WatchGuard WebBlocker Server with 54 categories, provided by SurfControl
• Usually requires a locally installed WebBlocker Server XTM 2 Series and XTM 33 can use a WebBlocker Server hosted by
WatchGuard
• URL categorization queries are sent over UDP 5003
WatchGuard Training
![Page 173: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/173.jpg)
173
The WebBlocker Database
Database updates keep the filtering rules up-to-date
Use multiple categories to allow or deny different groups of users at different times of the day
WatchGuard Training
![Page 174: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/174.jpg)
174
WebBlocker Content Categories
The available categories depend on which type of server you choose.
WatchGuard Training
Websense cloud — 100+ categories WebBlocker Server — 54 categories
![Page 175: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/175.jpg)
175
WebBlocker Server with Websense Cloud
WatchGuard Training
Your Network
1. When a user browses, the XTM device checks the Websense cloud
2. If the site is not in a blocked category, the device allows the connection
WebSite
WebSite
Websense Cloud
![Page 176: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/176.jpg)
WebBlocker Server with Local WebBlocker Server
WatchGuard Training 176
WebBlockerServer
Your Network WatchGuard
WebBlockerUpdates
1. WebBlocker Server gets WebBlocker database from WatchGuard.
2. When a user browses, the XTM device checks the WebBlocker Server.
3. If the site is not in a blocked category, the device allows the connection.
WebSite
![Page 177: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/177.jpg)
177
Keep the WebBlocker Database Updated
The locally installed WebBlocker Server automatically downloads an incremental update to the local WebBlocker database update at midnight.
To update the database at other times, you can:• Manually trigger an incremental update in WatchGuard Server Center.
• Use Windows Task Scheduler to run the “updatedb.bat” process, which is installed in the C:\Program Files\WatchGuard\wsm11\bin directory.
WatchGuard Training
![Page 178: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/178.jpg)
178
Advanced WebBlocker Settings
On the WebBlocker Configuration Advanced tab, you can control what happens if the device cannot contact the WebBlocker Server.
You can:• Allow access to all web sites
• Deny access to all web sites You can also set a password
to use override WebBlocker when entered on individual computers.
WatchGuard Training
![Page 179: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/179.jpg)
179
WebBlocker Exceptions
Add exceptions for web sites that WebBlocker denies and you want to allow (white list).
Add web sites that WebBlocker allows and you want to deny (black list).
WatchGuard Training
![Page 180: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/180.jpg)
Threat Protection:Defend Your Network From Intruders
WatchGuard Training 180
![Page 181: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/181.jpg)
181
Learning Objectives
Understand the different types of intrusion protection Configure default packet handling to stop common attacks Block IP addresses and ports used by hackers Automatically block the sources of suspicious traffic
WatchGuard Training
![Page 182: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/182.jpg)
182
Intrusion Detection and Prevention
WatchGuard Training
IT admininstallspatch
Attack signature
developedand
distributed
Proactively blocks many threats
Ongoing protection at higher performance
Hacker builds attack
that uses vulnerability
Attack launched
Vendorbuildspatch
Vendordistributes
patch
Firewall-based IPS supplies zero-day
protection
IT admin queues patch update based on severity
Vulnerabilityfound and
exposed
![Page 183: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/183.jpg)
183
Default Packet Handling
Spoofing attacks Port and address
space probes Flood attacks Denial of service Options for logging
and automatic blocking
WatchGuard Training
![Page 184: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/184.jpg)
184
Block the Source of Attacks
WatchGuard Training
Your Network
LogServer
WebServer
1. Remote users use valid packets to browse your web site.
2. Attacker runs a port space probe on your network.
3. XTM device blocks the probe and adds the IP address of the source (the attacker) to the temporary list of blocked sites.
4. Now, even valid traffic from the attacker’s IP address is blocked by the XTM device.
![Page 185: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/185.jpg)
185
Auto-Block Sites
Each policy configured to deny traffic has a check box you can select to auto-block the source of the denied traffic.
If you select it, the source IP address of any packet denied by the policy is automatically added to the Blocked Sites List.
WatchGuard Training
![Page 186: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/186.jpg)
186
Use a Proxy Action to Block Sites
When you select the Block action, the IP address denied by the proxy action is automatically added to the Blocked Sites List.
WatchGuard Training
![Page 187: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/187.jpg)
187
Block Known Attack Vectors
Protect sensitive services on your network• Get log messages
• Close traffic for unwanted services Static configuration
• Add specific ports to block
• Add specific IP addresses or subnets to be permanently blocked
Dynamic configuration• This feature can be enabled from many
different places in Policy Manager: Proxy actions Default packet handling settings Policy configuration
WatchGuard Training
![Page 188: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/188.jpg)
Signature Services:Gateway AntiVirus, Data Loss
Prevention, Intrusion Prevention, and Application Control
WatchGuard Training 188
![Page 189: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/189.jpg)
Learning Objectives
Understand how signature-based security subscriptions work Set up and configure Gateway AntiVirus Configure proxies to use Gateway AntiVirus Set up and configure Data Loss Prevention Set up and configure the Intrusion Prevention Service Set up and configure Application Control Enable IPS and Application Control in policies
WatchGuard Training 189
![Page 190: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/190.jpg)
What is Gateway AV?
Signature-based antivirus subscription The XTM device downloads signature database updates at regular,
frequent intervals Gateway AV operates with the SMTP, HTTP, FTP, POP3, and
TCP-UDP proxies
WatchGuard Training 190
![Page 191: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/191.jpg)
Set Up Gateway AntiVirus
WatchGuard Training 191
Gateway AntiVirusdatabase updates
1. XTM device downloads the initial signature file
2. Device gets new signatures and updates at a regular interval
3. Gateway AV strips viruses and allows valid email or web pages to load
Your NetworkWatchGuard
![Page 192: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/192.jpg)
Gateway AV Wizard
Gateway AntiVirus can be enabled and configured with the wizard that you launch from the Subscription Services menu
In the wizard, you select the proxy policies to include in the Gateway AV configuration
WatchGuard Training 192
![Page 193: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/193.jpg)
Configure the Proxy with Gateway AntiVirus
Use the HTTP-proxy and SMTP-proxy to enable Gateway AV
Define actions Define content
types to scan Monitor Gateway
AV status
WatchGuard Training 193
![Page 194: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/194.jpg)
194
Gateway AV and the SMTP-Proxy
When an email attachment contains a known virus signature, the XTM device can take one of these actions:• Allow — Attachment passes through with no change
• Lock — Attachment can only be opened by an administrator
• Remove — Attachment is stripped from the email
• Quarantine — Message is sent to the Quarantine Server
• Drop — The connection is denied
• Block — The connection is denied, and the server is added to the Blocked Sites List
WatchGuard Training
![Page 195: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/195.jpg)
Gateway AV and the HTTP-Proxy
When Gateway AV finds a known virus signature in an HTTP session, the XTM device can:• Allow — The file is
allowed to pass through without changes
• Drop — The HTTP connection is denied
• Block — The HTTP connection is denied,and the web server is added to the Blocked Sites List
WatchGuard Training 195
![Page 196: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/196.jpg)
196
Gateway AV and the FTP-Proxy
The FTP-proxy applies Gateway AV settings to:• Downloaded files
allowed in your configuration
• Uploaded files allowed in your configuration
WatchGuard Training
![Page 197: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/197.jpg)
Gateway AV Settings
Select this option if you want Gateway AV to decompress file formats such as .zip or .tar
The number of levels to scan is the depth for which Gateway AV scans archive files inside archive files
WatchGuard Training 197
![Page 198: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/198.jpg)
What is Data Loss Prevention?
Data Loss Prevention (DLP) is a signature-based security service that can help you control the loss of confidential data from your network.
DLP uses content control rules to identify sensitive data, such as • Bank routing numbers
• Credit card numbers
• Confidential document markers
• National identity numbers
• Driver’s license numbers
• Medical records
• Postal addresses and telephone numbers
• Email addresses DLP scans outbound traffic over proxied SMTP, FTP, HTTP, and
HTTPS connections.
WatchGuard Training 198
![Page 199: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/199.jpg)
199
DLP Sensors
To configure DLP, you define a DLP sensor. For each DLP sensor, you configure:
• Rules — enable one or more of the predefined content rules
• Actions — define the action to take if data matches the selected rules By default, a sensor has two types of actions:
– Action for email traffic– Action for non-email traffic
• Settings — scan limit, and actions for items that cannot be scanned Scan limit controls how much of a file or object to scan Actions control what happens when:
– Content is larger than the scan limit– A scan error occurs– Content is password protected
WatchGuard Training
![Page 200: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/200.jpg)
200
DLP Actions
Actions you can configure in a DLP sensor are:• Allow — Allows the connection or email
• Drop — Denies the request and drops the connection. No information is sent to the source of the content.
• Block — Denies the request, drops the connection, and adds the IP address of the content source or sender to the Blocked Sites list.
• Lock — (email content only) Locks the email attachment. A file that is locked cannot be opened easily by the user. Only the administrator can unlock the file.
• Remove — (email content only) Removes the attachment and allows the message to be sent to the recipient.
• Quarantine — (email content only) Send the email message to the Quarantine Server.
WatchGuard Training
![Page 201: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/201.jpg)
201
DLP Text Extraction
DLP can extract and scan text from these file types:• Adobe PDF, RTF
• Microsoft PowerPoint 2000, 2003, 2007, 2010
• Microsoft Excel 2000, 2003, 2007, 2010
• Microsoft Word 2000, 2003, 2007, 2010
• Microsoft Project 2000, 2003, 2007, 2010
• Microsoft Visio 2000, 2003, 2007, 2010
• Microsoft Outlook .MSG
• Microsoft Outlook Express .EML
• OpenOffice Calc, Impress, Writer
• LibreOffice Calc, Impress, Writer
• HTML
WatchGuard Training
![Page 202: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/202.jpg)
202
Enable DLP
Enable Data Loss Prevention Add a DLP Sensor using the wizard
• Apply sensor to proxy policies
• Select content control rules
• Select actions to take when content is detected in email and non-email traffic
WatchGuard Training
![Page 203: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/203.jpg)
203
Edit a DLP Sensor
Enable/disable rules Configure sensor actions
by source and destination• Action for email traffic
• Action for non-email Configure sensor settings
• Set actions for items that cannot be scanned due to:
Size exceeds scan limit Scan error File is password protected
• Set the file scan limit
WatchGuard Training
![Page 204: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/204.jpg)
204
Assign DLP Sensors to Policies
When you add a DLP sensor, you select which proxy policies it applies to.
You can also configure this on the Policies tab in the Data Loss Prevention configuration.
And when you edit an FTP, HTTP, or SMTP proxy action.
WatchGuard Training
![Page 205: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/205.jpg)
Use Signature-Based IPS
Configure IPS to Allow, Drop, or Block connections from sources that match an IPS signature
Action is set based on the threat level of the matching signature
WatchGuard Training 205
![Page 206: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/206.jpg)
Use Signature-Based IPS
Configure settings globally Enable or disable per-policy Can scan traffic for all policies Blocks malicious threats before
they enter your network
WatchGuard Training 206
![Page 207: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/207.jpg)
Use Application Control
Application Control is a Subscription Service Monitor and control hundreds of applications based on signatures Block or allow traffic for application categories, applications, and
application behaviors When Application
Control blocks HTTP content, a deny message appears in the browser• The deny message
is not configurable
• For HTTPS or other content types, the deny message does not appear
WatchGuard Training 207
![Page 208: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/208.jpg)
208
Use Application Control
To configure actions by application category, click Select by Category
WatchGuard Training
![Page 209: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/209.jpg)
Apply Application Control to Policies
First configure Application Control actions On the Policies tab, select one or more policies, then select the
action to apply
WatchGuard Training 209
![Page 210: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/210.jpg)
Enable Application Control and IPS in Policies
Application Control• Application Control is not automatically
enabled for policies
• For each policy, you select which Application Control action to use
• To monitor the use of applications, enable logging of allowed packets in the policies that have Application Control enabled
IPS• When you enable IPS it is enabled
for all policies by default
• You can enable or disable IPS for each policy
WatchGuard Training 210
![Page 211: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/211.jpg)
211
Application Control, IPS, and DLP in HTTPS-Proxy Policies If you enable Application Control, IPS, or DLP for an HTTPS-proxy
policy, you must also enable deep inspection of HTTPS content in the HTTPS-proxy action• Required for IPS to scan the HTTPS content
• Required for Application Control to detect applications over an HTTPS connection
• Required for DLP to scan content
WatchGuard Training
![Page 212: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/212.jpg)
212
Enable Automatic Signature Updates
To protect against the latest viruses and exploits, and to identify the latest applications, make sure your device is configured to get automatic updates to Gateway AntiVirus, Intrusion Prevention, and Application Control signatures at regular intervals
Update requests can be routed through a proxy server
WatchGuard Training
![Page 213: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/213.jpg)
Monitor Signature Update Status
In Firebox System Manager, select the Subscription Services tab to see the status of Gateway AV, IPS, DLP, and Application Control signatures, or to manually get signature updates
WatchGuard Training 213
![Page 214: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/214.jpg)
214
Reputation Enabled Defense:Improve the Performance and Security
of Web Access
WatchGuard Training
![Page 215: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/215.jpg)
215
Learning Objectives
Understand how Reputation Enabled Defense works Configure Reputation Enabled Defense Monitor Reputation Enabled Defense
WatchGuard Training
![Page 216: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/216.jpg)
What is Reputation Enabled Defense (RED)?
Reputation-based HTTP anti-virus and anti-spyware prevention subscription, available for WatchGuard XTM device models only
RED operates with the HTTP-proxy RED uses a cloud-based reputation server that assigns a
reputation score between 1 and 100 to every URL• The reputation score for a URL is based on AV scanning feedback and
other URL reputation data collected from sources around the world. When a user browses to a web site, RED looks up the score for the
URL• For URLs with a good reputation score, local scanning is bypassed
• For URLs with a bad reputation score, the HTTP-proxy denies access without local scanning by Gateway AV
• For URLs with an inconclusive reputation score, local Gateway AV scanning is performed as configured
Eliminates the need to locally scan the content of web sites that have a known good or bad reputation and improves XTM device performance
WatchGuard TrainingWatchGuard Training 216
![Page 217: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/217.jpg)
RED Reputation Scores
Reputation Scores:• High scores indicate a bad reputation
• Low scores indicate a good reputation
• If RED has no knowledge of a URL, it assigns a score of 50
• The reputation score assigned to a URL increases based on: Negative scan results for that URL Negative scan results for a referring link Negative information from other sources of malware data
• The reputation score assigned to a URL decreases based on: Multiple clean scans Recent clean scans
RED continually updates the reputation scores for URLs based on:• Scan results from devices around the world by two leading anti-
malware engines: Kaspersky and AVG
• Data from other leading sources of malware intelligence for the web
WatchGuard Training 217
![Page 218: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/218.jpg)
RED Reputation Thresholds and Actions
The action performed by the HTTP-proxy depends on:• The reputation score of a
requested URL
• The locally configured reputation thresholds
RED Actions:• If score is higher than the
Bad reputation threshold, Deny access
• If score is lower than the Good reputation threshold, Bypass local scanning
• Otherwise, perform local Gateway AV scanning as configured
WatchGuard Training 218
![Page 219: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/219.jpg)
219
Enable Reputation Enabled Defense
Before you enable RED:• Your device must a have Reputation Enabled Defense feature key
• You must have configured at least one HTTP-proxy policy
WatchGuard TrainingWatchGuard Training
![Page 220: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/220.jpg)
Configure Reputation Enabled Defense
Enable RED for the HTTP-proxy Define thresholds Monitor RED status
WatchGuard TrainingWatchGuard Training 220
![Page 221: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/221.jpg)
Reputation Enabled Defense and the HTTP-Proxy
Based on the reputation score for a URL, the HTTP-Proxy can:• Immediately block the URL if it has a bad reputation
• Bypass any configured local virus scanning for a URL that has a good reputation
If neither of these RED actions occur, then any locally configured virus scanning proceeds as configured
WatchGuard TrainingWatchGuard Training 221
![Page 222: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/222.jpg)
Reputation Enabled Defense and the HTTP-Proxy
Default reputation thresholds are set to balance security with performance
Change bad and good reputation thresholds in the Advanced Settings dialog box
WatchGuard recommends that you use the default reputation thresholds
WatchGuard TrainingWatchGuard Training 222
![Page 223: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/223.jpg)
223
Monitor Reputation Enabled Defense
RED status is visible in Firebox System Manager on the Subscription Services tab
WatchGuard TrainingWatchGuard Training
![Page 224: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/224.jpg)
224
Web UI:Explore Fireware XTM Web UI
WatchGuard Training
![Page 225: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/225.jpg)
225
Learning Objectives
Log in to Fireware XTM Web UI Change the port that the XTM device uses for the Web UI Discuss limitations of the Web UI Manage timeouts for the Web UI management sessions
WatchGuard Training
![Page 226: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/226.jpg)
Introduction to Fireware XTM Web UI
Monitor and manage any device running Fireware XTM without installing extra software
Real-time management tool Easily find what you need and understand how the configuration
options work
WatchGuard Training 226
![Page 227: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/227.jpg)
Limitations of the Web UI
Things you can do with Policy Manager, but not with the Web UI:• View or change the configuration of a device that is a member of a
FireCluster
• Add or remove static ARP entries from the device’s ARP table
• Change the name of a policy
• Change the logging of default packet handling options
• Enable or disable the notification of BOVPN events
• Add a custom address to a policy
• Use Host Name (DNS lookup) to add an IP address to the From or To section of a policy
• Create a .wgx file for Mobile VPN with IPSec client configuration(You can get only the equivalent, but unencrypted, .ini file)
• Export certificates stored on the device, or see their details(You can only import certificates)
• Some of the logging and reporting functions provided by HostWatch, Log Manger, Report Manager, and WSM are also not available
WatchGuard Training 227
![Page 228: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/228.jpg)
Log in to the Web UI
You need only a browser Real-time configuration tool, no option to store configuration
changes locally and save to device later https://<XTM.device.IP.address>:8080
• Uses a self-signed certificate, so you must accept certificate warnings or replace the certificate with a trusted certificate
• You can change the port for the Web UI Log in with one of two accounts
• status — For read-only permission; uses the status passphrase
• admin — For read-write permission; uses the configuration passphrase
WatchGuard Training 228
![Page 229: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/229.jpg)
229
Log in to the Web UI
The Username must be status or admin. It is case sensitive. Multiple concurrent logins are allowed with the status account Only one admin account can be logged in at a time The last user to log in with the admin account is the only user that
can make changes• Includes changes
from Policy Managerand WSM
WatchGuard Training
![Page 230: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/230.jpg)
230
Log in to the Web UI
The user account name appears at the top of the screen Navigation menu links are at the left side
WatchGuard Training
![Page 231: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/231.jpg)
231
Web UI Dashboards
The dashboards appear at the top of the Web UI navigation bar• Front Panel — Summary of current system status and activity
• Subscription Services — Summary of activity for all subscription services
• FireWatch — Treemap visualization of current traffic through the XTM device
• Interfaces — Status of network interfaces
• Traffic Monitor — Log messages from the XTM device
• Gateway Wireless Controller — Shows WatchGuard AP device activity and clients
WatchGuard Training
![Page 232: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/232.jpg)
232
FireWatch
FireWatch provides a treemap view to help you visualize your network traffic• Blocks in each tab
are proportionately sized to represent the data in that tab
• Place your cursorover an item in thetreemap to see moredetails about it
• Select the data typefrom the drop-downlist at the top rightof the page
Rate Bytes Connections Duration
WatchGuard Training
![Page 233: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/233.jpg)
233
FireWatch
You can use FireWatch to see:• Who uses the most bandwidth on your network
• Which is the most popular site that users visit
• Which sites use the most bandwidth
• Which applications use the most bandwidth
• Which sites has a particular user visited
• Which applications are most used by a particular user
WatchGuard Training
![Page 234: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/234.jpg)
234
Conclusion
This presentation provides an overview of basic Fireware XTM features
For more information, see these training, documentation, and support resources available in the Support section of the WatchGuard web site:• WatchGuard System Manager Help
• Fireware XTM Web UI Help
• WatchGuard Knowledge Base
• Fireware XTM Training courseware
WatchGuard Training
![Page 235: XTM Firewall Basics v11.8](https://reader038.vdocument.in/reader038/viewer/2022102619/5695d0251a28ab9b02912cec/html5/thumbnails/235.jpg)
235
Thank You!
WatchGuard Training