Welcome to WatchGuard
®In the past, a connected enterprise needed a complex set of tools, systems, and personnel for access control, authentication, virtual private networking, network management, and security analysis. These costly systems were difficult to integrate and not easy to update. Today, WatchGuard System Manager deliv-ers a complete network security solution to meet these modern security challenges:
• Keeping network defenses current
• Protecting every office connected to the Internet
• Encrypting communications to remote offices and traveling users
• Managing the security system from a single site
WatchGuard System Manager is a reliable, flexible, scalable, and inexpensive network security solution. Its setup and main-tenance costs are small, and it supports a rich feature set.
When properly configured and administered, WatchGuard Sys-tem Manager reliably defends any network against external threats.
WatchGuard System Manager Components
WatchGuard System Manager has all of the components needed to conduct electronic business safely. It is made up of the fol-lowing:
• Firebox—an integrated security appliance
• Firebox System Manager—a suite of management and monitoring tools
• A collection of advanced security applications
• LiveSecurity® Service—a security-related broadcast service
WatchGuard Firebox
The Firebox family of products is specially designed and opti-mized. These machines are small, efficient, and reliable. The Firebox X has an indicator display and physical interfaces on its front panel. The Firebox III has an indicator display panel in front and physical interfaces in back.
Firebox System Manager
Firebox System Manager is a toolkit of applications run from a single location, enabling you to configure, manage, and moni-tor your network security policy. In addition to management and monitoring tools, System Manager includes:
Policy Manager
Allows you to design, configure, and manage a network security policy.
LogViewer
Displays a static view of the log data, which you can filter by type, search for keywords and fields, and print and save to a separate file.
HostWatch
Displays active connections occurring on a Firebox in real time or represents the connections listed in a log file.
Historical Reports
Creates HTML reports that display session types, most active hosts, most used services, URLs, and other data useful in monitoring and troubleshooting your network.
WatchGuard security applications
In addition to basic security policy configuration, WatchGuard System Manager includes a suite of advanced software features.
These include:
• User authentication
• Network address translation
• Remote user virtual private networking
• Branch office virtual private networking
• Selective Web site blocking
WatchGuard LiveSecurity
®Service
The innovative LiveSecurity Service makes it easy to maintain the security of an organization’s network. WatchGuard’s team of security experts publish alerts and software updates, which are broadcast to your email client.
Minimum Requirements
This section describes the minimum hardware and software requirements necessary to successfully install, run, and adminis-ter WatchGuard System Manager.
Software requirements
WatchGuard System Manager software can run on Microsoft Windows NT 4.0, Windows 2000, or Windows XP as specified below:
Windows NT requirements
• Microsoft Windows NT 4.0
• Microsoft Service Pack 4, Service Pack 5, or Service Pack 6a for Windows NT 4.0
Windows 2000 requirements
• Microsoft Windows 2000 Professional or Windows 2000 Server
Windows XP requirements
• Microsoft Windows XP
Web browser requirements
You must have Microsoft Internet Explorer 4.0 or later to run the installation from the CD. The following HTML-based brows-ers are recommended to view WatchGuard Online Help:
• Netscape Communicator 4.7 or later
• Microsoft Internet Explorer 5.01 or later
Hardware requirements
Minimum and recommended hardware requirements are listed on the following table.
.
WatchGuard Options
WatchGuard System Manager is enhanced by optional features designed to accommodate the needs of different customer envi-ronments and security requirements.
The following options are currently available for WatchGuard System Manager.
Firebox X 3-Port Upgrade
Purchase this option to activate three additional network ports on your Firebox X. You can use the additional ports to create DMZs for public servers, or you can protect additional internal segments of your network with your Firebox. Enhancing your Firebox X with this upgrade adds new functionality using the same configuration tools and methods as described for your optional port.
Firebox X Model Upgrade
If you have a Firebox X500, you can purchase an upgrade to make your Firebox function as a Firebox 700, 1000, or 2500.
VPN Manager
WatchGuard VPN Manager is a centralized module for creating and managing the network security of an organization that uses
Hardware feature Minimum Recommended
Memory 128 MB 256 MB
Processor 700 MHz 1.4 GHz
Hard disk space 100 MB 1 GB
the Internet to conduct business. It turns the complex task of setting up multi-site virtual private networks (VPNs) into a sim-ple three-step process. VPN Manager sets a new standard for Internet security by automating the setup, management, and monitoring of multi-site IPSec VPN tunnels between an organi-zation’s headquarters, branch offices, telecommuters, and remote users.
High Availability
WatchGuard High Availability software lets you install a second, standby Firebox on your network. If your primary Firebox fails, the second Firebox automatically takes over to give your cus-tomers, business partners, and employees virtually uninterrupted access to your protected network.
Mobile User VPN
Mobile User VPN is the WatchGuard IPSec implementation of remote user virtual private networking. Mobile User VPN con-nects an employee on the road or working from home to net-works behind a Firebox using a standard Internet connection, without compromising security. WatchGuard Mobile User VPN software easily integrates into WatchGuard System Manager, allowing your mobile users to securely connect to your network.
VPN traffic is encrypted using DES or 3DES-CBC, and authenti-cated through MD5 or SHA-1.
SpamScreen
SpamScreen helps to control “spam”—email sent to you or your end users without permission. Spam consumes valuable band-width on your Internet connection and on the hard disk space and CPU time of your mail server. If allowed to enter your net-work unchecked, spam consumes net-workers’ time to read and remove. WatchGuard SpamScreen identifies spam as it comes through the Firebox. You can choose to either block the spam at the Firebox or tag it for easy identification and sorting.
BOVPN Upgrade
The factory default Firebox III 500 or Firebox X500 does not support branch office VPN. However, you can purchase the BOVPN Upgrade option to enable BOVPN support on a Firebox 500.
BOVPN is supported on the Firebox X700, Firebox X1000, and Firebox X2500, but you must register the device with LiveSecu-rity Service to obtain the BOVPN feature key. BOVPN is available by default on other models.
Obtaining WatchGuard Options
WatchGuard options are available from your local reseller. For more information about purchasing WatchGuard products, go to:
http://www.watchguard.com/sales/
Managing and Enabling License Keys
To enable any WatchGuard option, you must add it to the Licensed Features dialog box. You can also use this dialog box to view or delete license keys.
1 From Policy Manager, select Setup => Licensed Features.
The Licensed Features dialog box appears.
2 Click Add.
3 In the Add/Import License Keys dialog box, either type your license key or click Browse and find it on your network.
Click OK.
The new license now appears on the Licensed Features dialog box.
4 To view a license key, select the license key and click Properties.
To delete a license key, select the license key and click Remove.
About this Guide
The purpose of this guide is to help users of WatchGuard Sys-tem Manager set up and configure a basic network security sys-tem and maintain, administer, and enhance the configuration of their network security.
The audience for this guide represents a wide range of experi-ence and expertise in network management and security. The end user of WatchGuard System Manager is generally a network administrator for a company that can range from a small branch office to a large enterprise with multiple offices around the world.
References to FAQs, on the online support pages, are included throughout this guide. To access the FAQs, you must have a current subscription to the LiveSecurity Service.
The following conventions are used in this guide:
• The term “Firebox” refers to either the Firebox III or the Firebox X unless specifically stated. Illustrations of Fireboxes are interchangeable unless specifically stated.
• Within procedures, visual elements of the user interface, such as buttons, menu items, dialog boxes, fields, and tabs, appear in boldface.
• Menu items separated by arrows (=> ) are selected in sequence from subsequent menus. For example, File =>
Open => Configuration File means to select Open from the File menu, and then Configuration File from the Open menu.
• Code, messages, and file names appear in monospace font;
for example: .wgl and .idx files
• In command syntax, variables appear in italics; for example:
fbidsmate import_passphrase
• Optional command parameters appear in square brackets.