Each new Firebox uses factory-default settings. You can also reset a Firebox to factory-default settings. When a Firebox uses factory-default settings, only two interfaces are active:
Interface 0 (Eth0)
Interface 0 is configured as an External interface, and is configured to use DHCP to request an IP address. If you use the Web Setup Wizard to configure a device, we recommend that you connect Interface 0 to a network that has a DHCP server and Internet access, so the Firebox can connect to WatchGuard to download the Firebox feature key.
To use RapidDeploy to configure your Firebox, you must connect Interface 0 to a network with Internet access. For more information about RapidDeploy, see Fireware Help.
Interface 1 (Eth1)
Interface 1 is configured as a Trusted interface, with the IP address 10.0.1.1. It has a DHCP Server enabled, and is configured to assign IP addresses on the 10.0.1.0/24 subnet. You must connect your computer to interface 1 or to a network connected to Interface 1 when you run the Web Setup Wizard or Quick Setup Wizard.
To connect to the device when you use either setup wizard, your computer must have an IP address on the 10.0.1.0/24 subnet. If your computer uses DHCP, it will get a new IP address automatically after you connect to interface 1. If your computer does not use DHCP, you must change the IP address to an IP address on the same subnet as the IP address of Interface 1. For example, 10.0.1.2.
Exercise 1 — Create a Configuration File with the Quick Setup Wizard
You can use either the Web Setup Wizard or the Quick Setup Wizard to create a basic configuration file for a new Firebox, or a Firebox that has been reset to factory-default settings. The Quick Start Guide that ships with your Firebox describes how to use the Web Setup Wizard. In this exercise you use the Quick Setup Wizard, which is part of Firebox System Manager.
Your instructor will provide you with the information and files you need to configure your Firebox for the training environment.
For this exercise you need:
n A feature key — You receive the feature key when you activate your Firebox on the WatchGuard website. Each feature key is unique to the serial number of the Firebox. Save a copy of the feature key to the management computer before you start the Quick Setup Wizard. You can finish the wizard without the feature key, but the feature key is required to enable all device functionality.
If the Firebox does not have a feature key, it allows only one connection to the Internet.
n WSM and Fireware OS on the management computer — WSM is the software installed on the management computer and WatchGuard servers. Fireware is the operating system (OS) installed with a configuration file on the Firebox. Download the latest versions the software and Fireware OS from the WatchGuard Portal. WSM and Fireware are separate software downloads. You must download and install both packages on your management computer. The management computer must be on the same network subnet as the device.
n Your network information — At a minimum, you must know the IP address of your gateway router and the IP addresses to give to the external and trusted interfaces of the Firebox. For the training environment, use 203.0.113.1 as the default gateway.
n A Firebox — You need a Firebox that has factory-default settings. This can be a new Firebox, or a Firebox that has been reset to factory-default settings.
Your instructor may use the presentation files to show these steps instead of having you do them yourself.
To use the Quick Setup Wizard:
1. Connect your computer to interface 1 of the Firebox.
2. From the Windows desktop, select Start > All Programs > WatchGuard System Manager > Quick Setup Wizard.
You can also click the Quick Setup Wizard icon on the WatchGuard System Manager toolbar.
The Quick Setup Wizard starts and attempts to detect a Firebox on the same network as your computer.
3. From the list of devices, select the Firebox that you are using for this training session.
4. Configure the device name, location, and contact person.
5. Configure the external interface, Eth0, with these settings. ReplaceXwith your student number.
IP address: 203.0.113.X/24 Default Gateway: 203.0.113.1
6. Configure the trusted interface, Eth1, with these settings: ReplaceXwith your student number.
IP address: 10.0.X.1/24
DHCP enabled, address pool: 10.0.X.2 - 10.0.X.254
7. In the Activate the software step, browse to the feature key file saved on your computer.
8. Set the Status and Configuration passphrases for your device.
You use the Status passphrase to connect to the device with the default Device Monitor user account, status.
You use the Configuration passphrase to connect to the device with the default Device Management user account, admin.
When you are finished with the wizard, you will have a Firebox which allows all traffic from the trusted and optional networks to the external network but blocks everything from the external network to the protected networks.
Because you changed the IP address of the trusted interface, the DHCP server on the device will assign your computer a new IP address in the DHCP address pool you configured. It may take a few minutes for your computer to get a new IP address.
Exercise 2 — Open WSM and Connect to Devices and Servers
When you open WatchGuard System Manager (WSM), you are not automatically connected to a Firebox. You must manually connect to a Firebox or to a Management Server to use many WSM features. You can connect to many devices and Management Servers at the same time.