When a network administrator at Successful Company moves to London to take a job with another company, the remaining staff recognize that they need to change all the firewall passwords. In this exercise, we use WatchGuard Server Center to change their Log Server encryption key, and update the encryption key for each Firebox logging to the WatchGuard Log Server.
1. In the Servers tree, select Log Server.
The Log Server pages appear, with the Server Settings tab selected.
2. In the Encryption Key Setting section, click Modify.
The Log Server Encryption Key dialog box appears.
3. In the New key text box, type myencryptionkey. Click OK.
The Log Server Encryption Key dialog box closes and the encryption key is changed.
4. Open Policy Manager for your Firebox.
5. Select Setup > Logging.
The Logging Setup dialog box appears.
6. In the WatchGuard Log Server section, click Configure.
The Configure Log Servers dialog box appears.
7. Select the Log Server IP address in the list, and click Edit.
The Edit Event Processor dialog box appears.
8. In the Encryption Key and Confirm Key text boxes, type myencryptionkey.
9. Click OK to close the Edit Event Processor dialog box.
10. Click OK to close the Configure Log Servers dialog box.
11. Click OK to close the Logging Setup dialog box.
12. Save the configuration file to the Firebox.
13. Repeat Steps 4–12 for each device that sends log messages to this Log Server.
Exercise 4 — Configure Where the Firebox Sends Log Messages
The Successful Company administrator must tell each Firebox in the network to send log messages to a WatchGuard Log Server. Because the Firebox can simultaneously send log messages to two WatchGuard Log Servers at the same time, he configures the Firebox to send log messages to both a Dimension Log Server and a WSM Log Server. When he configures the logging settings for the Firebox, he adds the IP address for each Log Server where the Firebox will send log messages and the Log Server Encryption Key, and saves the configuration file to the Firebox. Then, after he sets up each Log Server, the log Encryption Key on the Firebox matches the log Encryption Key on each Log Server, and the Log Server and Firebox can communicate. The Firebox waits until it sends its first log message to establish a connection with the Log Server.
If the Firebox and Log Server do not connect, add the encryption keys in the Firebox configuration again. The most common cause of connection problems is encryption keys that do not match.
Because the Firebox can send the same log messages to two Log Servers at the same time, the Successful Company administrator configures two different sets of Log Servers. For each set, he must configure a primary Log Server, but backup servers are optional. The administrator has both a WSM Log Server and an instance of Dimension, so he configures his Firebox to send log messages to both servers simultaneously.
In this exercise, we use Policy Manager to configure the Firebox to send log messages to both a Dimension Log Server and a WSM Log Server.
1. Open the configuration file for your Firebox.
2. Select Setup > Logging.
The Logging Setup dialog box appears.
6. In the Encryption Key text box, type mylogserverkey.
7. In the Confirm Key text box, type mylogserverkey again.
8. Click OK to close the Add Event Processor dialog box.
The IP address for the Log Server appears in the Configure Log Servers dialog box on the Log Servers 1 tab.
9. Select the Log Servers 2 tab.
10. Click Add.
The Add Event Processor dialog box appears.
11. In the Log Server Address text box, type the IP address for your instance of Dimension.
For this exercise, we put the Dimension on the Successful Company trusted network at 10.0.1.27.
12. In the Encryption Key text box, type mydimensionlogserverkey.
13. In the Confirm Key text box, type mydimensionlogserverkey again.
14. Click OK to close the Add Event Processor dialog box.
The IP address for the instance of Dimension appears in the Configure Log Servers dialog box on the Log Servers 2 tab.
15. Click OK again to close the Configure Log Servers dialog box.
The Logging Setup dialog box appears.
16. Click OK to close the Logging Setup dialog box.
The Firebox does not establish a connection with the Log Servers until you save the configuration file to the Firebox and it tries to send the first log message.
17. If you have access to a Firebox for this lesson, save the configuration file to the Firebox.
Exercise 5 — Configure a WSM Report Server
Successful Company network administrators decide that, for performance reasons, they are going to install the WSM Report Server on a different computer than the management computer. In this exercise, we configure their Report Server. Before you configure the Report Server, you must run the WatchGuard Server Center Setup Wizard, which sets up the Report Server. After the Report Server is set up, you can finish your Report Server configuration in the
WatchGuard Server Center.