Académique Documents
Professionnel Documents
Culture Documents
WatchGuard
Training
Course Introduction:
Firewall Basics with Fireware XTM
WatchGuard
Training
Training Objectives
Use the basic management and monitoring components of
WatchGuard System Manager (WSM)
Configure a WatchGuard XTM or XTMv device that runs Fireware
XTM OS v11.8 or later for your network
Create basic security policies for your XTM device to enforce
Use security services to expand XTM device functionality
WatchGuard
Training
Requirements
Necessary equipment and software:
Management computer
WatchGuard System Manager and Fireware XTM OS
Firewall configuration file
XTM or XTMv devices running Fireware XTM OS v11.8 or later (optional)
Prerequisites:
WatchGuard
Training
Outline
Getting Started
Work with XTM Device Configuration Files
Configure XTM Device Interfaces
Configure Logging
Generate Reports of Network Activity
Use FSM to Monitor XTM Device Activity
Use NAT (Network Address Translation)
Define Basic Network Security Policies
Work with Proxy Policies
Work with SMTP and POP3 Proxies
Verify Users Identities
WatchGuard
Training
Outline
WatchGuard
Training
Training Scenario
Fictional organization named the Successful Company
Training partners may use different examples for exercises
Try the exercises to implement your security policy
WatchGuard
Training
Getting Started:
Set Up Your Management Computer
and XTM Device
WatchGuard
Training
Learning Objectives
WatchGuard
Training
Management Computer
Select a computer with Windows 8, Windows 7,
Windows Vista, Windows XP SP2, or
Windows Server 2003, 2008, or 2012
Install WatchGuard System Manager (WSM)
to configure, manage, and monitor
your devices
Install Fireware XTM OS,
then use WSM to install updates
and make configuration
changes on the device
WatchGuard
Training
10
Server Software
When you install WSM, you have the option to install any or all of
these WatchGuard servers:
Management Server
Log Server
Report Server
WebBlocker Server
Quarantine Server
WatchGuard
Training
11
WatchGuard
Training
12
Setup Wizards
There are two setup wizards you can use to create an initial
functional configuration file for your XTM device.
WatchGuard
Training
13
WatchGuard
Training
14
It is a good idea to have the feature key for your device before you
start the wizard. You can copy it from the LiveSecurity web site
during registration.
WatchGuard
Training
15
WatchGuard
Training
16
WatchGuard
Training
17
WatchGuard
Training
18
WatchGuard
Training
19
WatchGuard
Training
20
A static IP address
An IP address assigned with DHCP
An IP address assigned with PPPoE
WatchGuard
Training
21
WatchGuard
Training
22
WatchGuard
Training
23
WatchGuard
Training
24
WatchGuard
Training
25
WatchGuard
Training
26
WatchGuard
Training
27
WatchGuard
Training
28
Components of WSM
WSM includes a set of management and monitoring tools:
Policy Manager
Firebox System Manager
HostWatch
Log Manager
Report Manager
CA Manager
Quarantine Server Client
To launch a tool, select it from the WSM Tools menu or click the
tool icon
WatchGuard
Training
29
Administration:
Work with Device Configuration Files
WatchGuard
Training
30
Learning Objectives
WatchGuard
Training
31
WatchGuard
Training
32
Details View
WatchGuard
Training
33
WatchGuard
Training
34
WatchGuard
Training
35
WatchGuard
Training
36
WatchGuard
Training
37
WatchGuard
Training
38
WatchGuard
Training
39
WatchGuard
Training
40
WatchGuard
Training
41
WatchGuard
Training
42
Network Settings:
Configure XTM Device Interfaces
WatchGuard
Training
43
Learning Objectives
Configure external network interfaces with a static IP address,
DHCP and PPPoE
Configure a trusted and optional network interface
Use the XTM device as a DHCP server
Add WINS/DNS server locations to the device configuration
Add Dynamic DNS settings to the device configuration
Set up a secondary network or address
Understand Drop-In Mode and Bridge Mode
WatchGuard
Training
44
External
Trusted Network
Optional Network
203.0.113.2/24
10.0.1.1/24
10.0.2.1/24
WatchGuard
Training
45
WatchGuard
Training
46
WatchGuard
Training
47
Interface Independence
You can change the interface type of any interface configured with
the Quick Setup Wizard.
You can also choose the interface type of any additional interface
you enable.
WatchGuard
Training
48
WatchGuard
Training
49
WatchGuard
Training
50
WatchGuard
Training
51
WatchGuard
Training
52
Trusted
Finance
Optiona
l
Trusted-Main
10.0.1.1/24
1. Start with a
trusted
network.
WatchGuard
Training
Public Servers
Conference
10.0.2.1/24
10.0.5.1/24
2. Add an optional
network for public
servers.
10.0.3.1/24
WatchGuard
Training
54
Secondary Networks
Share one of the same physical networks as one of the device
interfaces.
Add an IP alias to the interface, which is the default gateway for
computers on the secondary network.
Secondary
172.16.100.0/2
4
2
17
.1
00
1
.
6
.1
Trusted-Main
10.0.1.1/24
WatchGuard
Training
55
WatchGuard
Training
56
WatchGuard
Training
57
Logging:
Set Up Logging and Notification
WatchGuard
Training
58
Learning Objectives
WatchGuard
Training
59
WatchGuard
Training
60
WatchGuard
Training
61
Configure Logging
For log messages to be correctly stored, you must:
WatchGuard
Training
62
WatchGuard
Training
63
WatchGuard
Training
64
WatchGuard
Training
65
66
WatchGuard
Training
67
WatchGuard
Training
68
WatchGuard
Training
69
WatchGuard
Training
70
WatchGuard
Training
71
Reports:
Generate Reports of Network Activity
WatchGuard
Training
72
Learning Objectives
WatchGuard
Training
73
WatchGuard
Training
74
75
WatchGuard
Training
76
WatchGuard
Training
77
WatchGuard
Training
78
Learning Objectives
WatchGuard
Training
79
WatchGuard
Training
80
WatchGuard
Training
81
Traffic Monitor
View log messages
as they occur
Set custom colors
and fields
Start traceroute or
Ping to source
and destination
IP addresses
Copy information
to another
application
WatchGuard
Training
82
Performance Console
Monitor and graph XTM device activity
Launch from Firebox System Manager
System Information Firebox statistics,
such as the number of total active
connections and CPU usage
Interfaces Total number of packets sent and received through
the XTM device interfaces
Policies Total connections, current connections, and discarded
packets
VPN Peers Inbound and outbound SAs and packets
Tunnels Inbound and outbound packets, authentication errors,
and replay errors
WatchGuard
Training
83
WatchGuard
Training
84
WatchGuard
Training
85
WatchGuard
Training
86
NAT:
Use Network Address Translation
WatchGuard
Training
87
Learning Objectives
Understand network address translation types
Add dynamic NAT entries
Use static NAT for public servers
WatchGuard
Training
88
NAT Enabled
Your Network
WatchGuard
Training
WatchGuard
Training
90
FTP server
Port 21 TCP
203.0.113.2
10.0.2.21
Email server
Port 25 TCP
10.0.2.25
Your Network
WatchGuard
Training
NetMeeting
Ports 1720, 389, dynamic
10.0.2.11
203
.0.1
13.
11
203.0.113.12
IKE
Without NAT-T
10.0.2.12
Intel-Video-Phone
Ports 1720, 522
10.0.2.13
Your Network
WatchGuard
Training
Intel Phone
(H.323) Another
3
1
3. external IP address
11
.
.0
3
20
Configure Policies
You can customize 1-to1 NAT and
Dynamic NAT settings in each policy
Select Network > NAT to configure
the settings
The settings you specify apply unless
you modify the NAT settings
in a policy
Select the Set Source IP option when
you want any traffic that uses this policy
to show a specified address from your
public or external IP address range
as the source IP address.
WatchGuard
Training
93
Configure Policies
To configure a policy to use static NAT,
click Add in the To section of the policy,
then select Add SNAT.
To add, edit, or delete SNAT actions,
you can also select
Setup > Actions > SNAT.
To add an SNAT member, click Add.
WatchGuard
Training
94
Policies:
Convert Network Policy to Device
Configuration
WatchGuard
Training
95
Learning Objectives
Understand the difference between a packet filter policy and a
proxy policy
Add a policy to Policy Manager and configure its access rules
Create a custom packet filter policy
Set up logging and notification rules for a policy
Use advanced policy properties
Understand the function of the Outgoing policy
Understand the function of the TCP-UDP proxy
Understand the function of the WatchGuard policy
Understand how the XTM device determines policy precedence
WatchGuard
Training
96
What is a Policy?
WatchGuard
Training
97
WatchGuard
Training
98
WatchGuard
Training
99
Source
Destination
Port(s)/Protocols
Packet body
Attachments
RFC Compliance
Commands
WatchGuard
Training
Packet Filter
100
1. Select a policy
from a pre-defined
list.
WatchGuard
Training
2. Decide if the
policy allows or
denies traffic.
3. Configure the
source (From)
and destination
(To).
101
Modify Policies
To edit a policy, double-click the policy
By default, a new policy:
WatchGuard
Training
102
WatchGuard
Training
103
WatchGuard
Training
104
WatchGuard
Training
105
WatchGuard
Training
106
What is Precedence?
Precedence is used to decide which policy controls a connection
when more than one policy could control that connection
In Details view, the higher the policy appears in the list, the
greater its precedence.
If two policies could apply to a connection, the policy higher in the
list controls that connection
WatchGuard
Training
107
What is Precedence?
Policies can be moved up or down in Manual Order mode to set
precedence, or restored to the order assigned by Policy Manager
with Auto-Order Mode.
WatchGuard
Training
108
Schedules
Connection rate limits
Override NAT settings
QoS settings
ICMP error handling
Override Multi-WAN sticky connection
setting
WatchGuard
Training
109
Schedule Policies
Set the times of day when the policy is enabled
WatchGuard
Training
110
WatchGuard
Training
111
WatchGuard
Training
112
WatchGuard
Training
113
WatchGuard
Training
114
WatchGuard
Training
115
Proxy Policies:
Use Proxy Policies and ALGs to Protect
Your Network
WatchGuard
Training
116
Learning Objectives
Understand the purpose and configuration of proxy policies and
ALGs
Configure the DNS-proxy to protect DNS server
Configure an FTP-Server proxy action
Configure an FTP-Client proxy action
Enable logging for proxy actions
WatchGuard
Training
117
WatchGuard
Training
118
WatchGuard
Training
119
DNS server
Your network
WatchGuard
Training
120
Configuring DNS-Incoming
General
OpCodes
Query Types
Query Name
Proxy Alarm
WatchGuard
Training
121
DNS Proxy
Your Network
DNS server
WatchGuard
Training
122
Use DNS-Outgoing
Use DNS-Outgoing to block DNS requests for services, such as
queries for:
WatchGuard
Training
POP3 servers
Advertising networks
IM applications
P2P applications
123
DNS
FTP
H323 and SIP (Application Layer Gateways)
HTTP and HTTPS
SMTP and POP3
TCP-UDP
WatchGuard
Training
124
WatchGuard
Training
125
WatchGuard
Training
126
What is FTP?
WatchGuard
Training
127
FTP-Proxy
Restricts the types
of commands and
files that can be
sent through FTP
Works with the
Gateway AV Service
Works with the
WatchGuard
Training
128
FTP-Proxy
Restricts the types
of commands and
files that can be
sent through FTP
Works with the
Gateway AV Service
Works with the Data
Loss Prevention
Service
WatchGuard
Training
129
General
Commands
Download
Upload
AntiVirus
Data Loss Prevention
Proxy and
AV alarms
WatchGuard
Training
130
FTP Proxy
Anybody
WatchGuard
Training
131
WatchGuard
Training
132
WatchGuard
Training
133
Email Proxies:
Work with the SMTP and POP3 Proxies
WatchGuard
Training
134
Learning Objectives
WatchGuard
Training
135
WatchGuard
Training
136
WatchGuard
Training
137
SMTP Proxy
Your users
Anybody
WatchGuard
Training
138
Anybody
Your users
Their email server
WatchGuard
Training
139
Authentication:
Verify a Users Identity
WatchGuard
Training
140
Learning Objectives
Understand authentication and how it works with the XTM device
List the types of third-party authentication servers you can use
with Fireware XTM
Use Firebox authentication users and groups
Add a Firebox authentication group to a policy definition
Modify authentication timeout values
Use the XTM device to create a custom web server certificate
WatchGuard
Training
141
WatchGuard
Training
142
WatchGuard Authentication
The user browses to the XTM device interface IP address on
TCP port 4100
The XTM device presents an authentication page
The XTM device verifies that the credentials entered are correct,
and allowed for the type of connection
The XTM device allows access to resources valid for that
authenticated user or group
WatchGuard
Training
143
Firebox
RADIUS
VASCO
SecurID
LDAP
Active Directory
WatchGuard
Training
144
WatchGuard
Training
Make groups
Define users
Edit policies
145
WatchGuard
Training
146
WatchGuard
Training
147
148
WatchGuard
Training
149
WatchGuard
Training
150
WatchGuard
Training
151
Blocking Spam:
Stop Unwanted Email with spamBlocker
WatchGuard
Training
152
Learning Objectives
Activate and configure spamBlocker
Specify the actions to take when suspected spam email is
detected
Block or allow email messages from specified sources
Monitor spamBlocker activity
Install and configure Quarantine Server
WatchGuard
Training
153
What is spamBlocker?
Technology licensed from Commtouch to identify spam, bulk, or
suspect email
No local server to install
You can install Quarantine Server, but it is not necessary for spamBlocker
to work correctly.
WatchGuard
Training
154
Activate spamBlocker
A feature key is required to enable spamBlocker
WatchGuard
Training
155
WatchGuard
Training
156
spamBlocker Actions
Spam is classified into three categories:
Spam
Bulk
Suspect
WatchGuard
Training
Allow
Add Subject Tag
Quarantine (SMTP only)
Deny (SMTP only)
Drop (SMTP only)
157
spamBlocker Exceptions
You can configure
exceptions for specific
senders or recipients by:
WatchGuard
Training
Email address
Domain by pattern
match (*@xyz.com)
158
Customize spamBlocker
Use multiple SMTP or POP3 proxies
WatchGuard
Training
159
WatchGuard
Training
160
Quarantine Spam
Quarantine Server operates with spamBlocker for the SMTP-proxy
only
(not the POP3-proxy)
Install with server components during WSM install, or from
WatchGuard Server Center
WatchGuard
Training
161
WatchGuard
Training
162
Web Traffic:
Manage Web Traffic Through Your
Firewall
WatchGuard
Training
163
Learning Objectives
WatchGuard
Training
164
WatchGuard
Training
165
HTTP Proxy
Your Network
WatchGuard
Training
166
WatchGuard
Training
167
Web Server
WatchGuard
Training
HTTP Proxy
Your Network
168
WatchGuard
Training
169
WatchGuard
Training
170
What is WebBlocker?
WatchGuard
Training
171
WebBlocker Server
WatchGuard
Training
172
WatchGuard
Training
173
Web
Site
Web
Site
Websense Cloud
Your Network
WatchGuard
Training
175
gets WebBlocker
database from
WatchGuard.
Web
Site
WebBlocker
Updates
Your Network
WatchGuard
Training
WatchGuard
176
WatchGuard
Training
177
WatchGuard
Training
178
WebBlocker Exceptions
Add exceptions for web sites that
WebBlocker denies and you want
to allow (white list).
Add web sites that WebBlocker
allows and you want to deny
(black list).
WatchGuard
Training
179
Threat Protection:
Defend Your Network From Intruders
WatchGuard
Training
180
Learning Objectives
WatchGuard
Training
181
Vulnerabilit
y
found and
exposed
Hacker
builds
attack
that uses
vulnerabilit
y
Proactively
blocks many
threats
Attack
launche
d
Firewallbased
IPS
supplies
zero-day
protecti
on
Vendo
r
builds
patch
Vendor
distribute
s
patch
IT admin
queues
patch
update
based
on severity
IT
admin
install
s
patch
Attack
signature
develope
d
and
distribute
d
Ongoing
protection at higher
performance
WatchGuard
Training
182
WatchGuard
Training
183
Web
Server
2. Attacker runs a
Log
Server
Your Network
WatchGuard
Training
184
Auto-Block Sites
Each policy configured to deny traffic has a check box you can
select to auto-block the source of the denied traffic.
If you select it, the source IP address of
any packet denied
by the policy is
automatically
added to the
Blocked Sites List.
WatchGuard
Training
185
WatchGuard
Training
186
Static configuration
Dynamic configuration
WatchGuard
Training
Proxy actions
Default packet handling settings
Policy configuration
187
Signature Services:
Gateway AntiVirus, Data Loss
Prevention, Intrusion Prevention, and
Application Control
WatchGuard
Training
188
Learning Objectives
WatchGuard
Training
189
WatchGuard
Training
190
Gateway AntiVirus
database updates
WatchGuard
Your Network
WatchGuard
Training
191
Gateway AV Wizard
Gateway AntiVirus can be enabled and configured with the wizard
that you launch from the Subscription Services menu
In the wizard, you select the proxy policies to include in the
Gateway AV configuration
WatchGuard
Training
192
WatchGuard
Training
193
WatchGuard
Training
194
WatchGuard
Training
195
WatchGuard
Training
Downloaded files
allowed in your
configuration
Uploaded files
allowed in your
configuration
196
Gateway AV Settings
Select this option if you want Gateway AV to decompress file
formats such as .zip or .tar
The number of levels
to scan is the depth for
which Gateway AV
scans archive files
inside archive files
WatchGuard
Training
197
DLP scans outbound traffic over proxied SMTP, FTP, HTTP, and
HTTPS connections.
WatchGuard
Training
198
DLP Sensors
To configure DLP, you define a DLP sensor.
For each DLP sensor, you configure:
Settings scan limit, and actions for items that cannot be scanned
Scan limit controls how much of a file or object to scan
Actions control what happens when:
Content is larger than the scan limit
A scan error occurs
Content is password protected
WatchGuard
Training
199
DLP Actions
Actions you can configure in a DLP sensor are:
WatchGuard
Training
200
WatchGuard
Training
201
Enable DLP
Enable Data Loss Prevention
Add a DLP Sensor using the wizard
WatchGuard
Training
202
WatchGuard
Training
203
WatchGuard
Training
204
WatchGuard
Training
205
WatchGuard
Training
206
WatchGuard
Training
207
WatchGuard
Training
208
WatchGuard
Training
209
IPS
WatchGuard
Training
210
WatchGuard
Training
211
WatchGuard
Training
212
WatchGuard
Training
213
WatchGuard
Training
214
Learning Objectives
Understand how Reputation Enabled Defense works
Configure Reputation Enabled Defense
Monitor Reputation Enabled Defense
WatchGuard
Training
215
When a user browses to a web site, RED looks up the score for the
URL
Eliminates the need to locally scan the content of web sites that
have a known good or bad reputation and improves XTM device
performance
WatchGuard
Training
WatchGuard Training
216
RED continually updates the reputation scores for URLs based on:
WatchGuard
Training
Scan results from devices around the world by two leading antimalware engines: Kaspersky and AVG
Data from other leading sources of malware intelligence for the web
217
RED Actions:
WatchGuard
Training
218
WatchGuard
Training
WatchGuard Training
219
WatchGuard
Training
WatchGuard Training
220
WatchGuard
Training
WatchGuard Training
221
WatchGuard
Training
WatchGuard Training
222
WatchGuard
Training
WatchGuard Training
223
Web UI:
Explore Fireware XTM Web UI
WatchGuard
Training
224
Learning Objectives
WatchGuard
Training
225
WatchGuard
Training
226
WatchGuard
Training
WatchGuard
Training
228
WatchGuard
Training
Includes changes
from Policy Manager
and WSM
229
WatchGuard
Training
230
Web UI Dashboards
The dashboards appear at the top of the Web UI navigation bar
WatchGuard
Training
231
FireWatch
FireWatch provides a treemap view to help you visualize your
network traffic
WatchGuard
Training
Rate
Bytes
Connections
Duration
232
FireWatch
You can use FireWatch to see:
WatchGuard
Training
233
Conclusion
This presentation provides an overview of basic Fireware XTM
features
For more information, see these training, documentation, and
support resources available in the Support section of the
WatchGuard web site:
WatchGuard
Training
234
Thank You!
WatchGuard
Training
235