You use Policy Manager to add a feature key to your Firebox.
Complete this exercise in class only if your instructor requests that you do so and provides you with an updated feature key.
To add a feature key to your Firebox:
1. Open the configuration file you are editing for these exercises.
2. Select Setup > Feature Keys.
The Firebox Feature Keys dialog box appears.
3. Click Import.
The Import Firebox Feature Key dialog box appears.
4. Click Browse and select your feature key file.
Or, open your feature key file, copy the contents, and in the Import Firebox Feature Key dialog box, click Paste.
You can purchase this key from WatchGuard. If you attend a WatchGuard Certified Training course, you will receive this key from your instructor.
5. Click OK to close the Import Firebox Feature key dialog box.
6. Click OK to close the Firebox Feature Key dialog box.
7. Save the configuration file to the Firebox.
You cannot use an optional feature until you add the feature key to the configuration file and save it to your Firebox.
Exercise 5 — Create a Device Backup Image
A Firebox backup image is a saved copy of the working image from the Firebox flash disk. The backup image includes the Firebox OS, configuration file, feature keys, passphrases, DHCP leases, and certificates. The backup image also includes any event notification settings that you configured in Traffic Monitor. You can use Policy Manager to save an encrypted backup image to your management computer or to a directory on your network or other connected storage device.
We recommend that you create a backup image of the Firebox before you make significant changes to your device configuration file, or upgrade your Firebox OS. It is especially important to save a device backup image before you upgrade the version of Fireware OS on the Firebox. The backup image is the easiest way to downgrade the Firebox, if you ever need to.
You can also use Firebox System Manager to create and restore a device backup image to a USB drive connected to the Firebox. For more information, see Fireware Help.
To create a device backup:
1. Select File > Backup.
The Backup dialog box appears. Because you connected to your Firebox with the example-co_admin user account, the Administrator User Name that appears in the Backup dialog box is example-co_admin. If you connect with a Device Monitor user account, the default Device Administrator user account, admin, appears in the Administrator User Name text box.
n Windows 8 and Windows 7 — C:\Users\Public\Shared WatchGuard\backups\<Firebox IP
address>-<date>.<wsm_version>.fxi.
n Windows XP — C:\Documents and Settings\All Users\Shared WatchGuard\backups\<Firebox IP
address>-<date>.<wsm_version>.fxi.
When you restore the backup image, you must specify a name and passphrase for a user with administrative privileges, and you must type the encryption key you specified when you created the backup image. For this exercise, do not restore the backup image to the Firebox.
Restoring a saved backup image is the only method to downgrade a Firebox without first resetting the Firebox to factory-default settings.
Exercise 6 — Add Firebox Identification Information
You can save information about the Firebox in the configuration file, which helps you to identify the Firebox in reports, log messages, and WatchGuard management tools. The Firebox model is particularly important because some software features only function on certain models.
You can use Policy Manager to give the Firebox a descriptive name to use in your log files and reports. You can use a Fully Qualified Domain Name if you register it with your authoritative DNS server. A descriptive Firebox name is also helpful if you use the Management Server to configure VPN tunnels and certificates for the Firebox. Though the external IP address of the Firebox appears in WSM tools, log messages, and reports for the Firebox, a descriptive name for the Firebox makes it easier to quickly identify each Firebox.
The Firebox time zone controls the date and time that appears in the log messages and in management tools, including Log Manager, Report Manager, WatchGuard Dimension, and WebBlocker. Set the Firebox time zone to match the time zone for the physical location of the Firebox. This time zone setting ensures the time appears correctly in the log messages. A default configuration file sets the Firebox system time to Greenwich Mean Time (GMT).
In this exercise, you set the Firebox device identification information for your student Firebox. If you are working alone, you can use the example of our fictional organization: Successful Company. In other training modules, you see this information in reports and WatchGuard System Manager.
From Policy Manager:
1. Select Setup > System.
The Device Configuration dialog box appears.
2. In the Name text box, type SuccessfulMain.
Your instructor might give you another name for your student Firebox.
3. In the Location text box, type Seattle.
This identifies the physical location of the Firebox.
4. In the Contact text box, type your name.
This is the name of the person in your organization who is responsible for the management of the Firebox.
5. From the Time zone drop-down list, select your local time zone.
Select the time zone of the Firebox itself. This enables you to synchronize reports from Firebox devices in multiple timezones.
Test Your Knowledge
Use these questions to practice what you have learned and exercise new skills.
1. True or false? You can add only one Device Administrator user account to your Firebox.
2. Circle the correct answer: To save a device configuration file to your Firebox, you must use an account with the [Device Monitor | Device Administrator] role.
3. Select the correct answer: Corporate headquarters is in Detroit. The branch office Firebox is located in Tokyo.
You should set the branch office Firebox time zone to:
o A) (GM-05:00) Eastern Time (US & Canada) o B) (GMT+09:00) Osaka, Sapporo, Tokyo
4. True or false? You can save the Firebox configuration file to a USB flash drive.
5. How frequently should you make a backup image of your Firebox?