Use the Quick ck Setu Setup Wiza p Wizard: rd:
1. Connect your computer to interface 1 of the Firebox.
2. From the Windows desktop, select Start Start> All Programs All Programs > WatchGuard System Manager WatchGuard System Manager > Quick Setup Quick Setup Wizard
Wizard.
You can also click the Quick Setup WizardQuick Setup Wizard icon on the WatchGuard System Manager toolbar.
The Quick Setup Wizard start s and attempts to detect a Firebox on the same network as your computer.
3. From the list of devices, select the Firebox that you are using for this training session.
4. Configure the device name, location, and contact person.
5. Configure the external interface, Eth0, with these settings. Replace X with your student number.
IP address: 203.0.113. X /24 Default Gateway: 203.0.113.1
6. Configure the trusted interface, Eth1, with these settings: Replace X with your student number.
IP address: 10.0. X .1/24
DHCP enabled, address pool: 10.0. X .2 - 10.0. X .254
7. Inth e Activate the softwareActivate the softwarestep, browse to the feature key file saved on your computer.
8. The Security Services page shows the security services in the feature key that the wizard will configure.
9. On the WebBlocker Settings page, select the WebBlocker categories to block.
10. Set the Status and Configurationpassphrases for your Firebox.
You use the Status passphraseto connect to the device with the default Device Monitor user account, status.
You use the Configuration passphrase to connect to the device with the default Device Management user account, admin.
When you are finished with the wizard, you will have a Firebox which allows all traffic from the trusted and optional networks to the external network but blocks ever ything from the external network to the protected networks.
Getting Started
Getting Started
Exercise 3 — Open WSM and Connect to Devices and Exercise 3 — Open WSM and Connect to Devices and Servers
Servers
When you open WatchGuard System Manager (WSM), you are not automatically connected to a Firebox. You must manually connect to a Firebox or to a Management Server to use many WSM features. You can connect to many Fireboxes and Management Servers at the same time.
Before you start this exercise use the steps in Exercise 1 or Exercise 2 to configure your Firebox To connect to a Firebox in WSM:
1. From the Windows desktop, select Start > All Programs > WatchGuard System Manager > WatchGuard Start > All Programs > WatchGuard System Manager > WatchGuard System
System ManageManager r .
WatchGuard System Manager a ppears.
2. On the main toolbar, click .
Or, you can select File > Connect To Device File > Connect To Device.
3. Inth e IP Address or NameIP Address or Name text box, type the trusted IP address of the Firebox.
Use your Firebox IP address, or get the IP address from your instructor.
To connect to a Firebox with read-only privileges, you use a Device Monitor user account. You can use the default status Device Monitor user account for this purpose. If you save the configuration file or add the Firebox to the Management Server as a managed device, you are prompted to type the credentials for a user account with Device Administrator privileges. The default Device Administrator user account for your device is the admin user account.
4. Inth e User NameUser Name and PassphrasePassphrasetext boxes, type the credentials for a Device Management user account with a Device Monitor (read-only) role on your Firebox. The default status account is specified by default.
5. From the AuthenticaAuthentication tion Server Server drop-down list, select the authentication server for the user you specified.
If you select an Active Directory server, you must also specify the DomainDomain for the server you selected.
6. If necessary, change the value in the TimeoutTimeout text box.
This value sets t he amount of time (in seconds) t hat WSM waits for an answer fr om the Firebox befor e WSM shows a message that it cannot connect.
If you have a slow network or I nternet connection to th e device, you can increas e the timeout value. If you decreas e the value, you decr ease the time you mus t wait for a time out message if you try to connect to a device that is not available.
7. Click Login Login.
WSM connects to the Fir ebox and shows the stat us of the Firebox on the Device Status t ab.
8. On the Device StatusDevice Statustab, click the plus sign (+) to expand the Firebox entry.
Information about the Firebox appears.
Getting Started
Getting Started
Exercise 3 — Start Policy Manager Exercise 3 — Start Policy Manager
Policy Manager is the WSM tool you use to build the security rules your Firebox uses to protect your network. You use Policy Manager to configure policies, set up VPNs, change Device Management user account passphrases, and configure logging and notification options.
A policy is a set of rules that defines how the device manages packets that come to its interfaces. The policy identifies the source and destination of the packets. It also specifies the protocol and ports of the traffic that the policy controls. It includes instructions for the device about how to identify the packet and whether to allow, deny, drop, or block the connection. Policy Manager displays each policy as a group of rules, or a ruleset . You can view these policies in a list with detailed information about each policy, or as icons.
You can have more than one version of WSM installed on your computer. However, you can have only one version of the server components (Management Server, Log Server, Report Server, Quarantine Server, and WebBlocker Server) installed.
In WatchGuard System Manager:
1. On the Device StatusDevice Statustab, select your Firebox.
If there is no device visible in WSM, select File > Connect To Device File > Connect To Device, and then connect to your device.
2. Click .
Or, select Tools > Policy Manager Tools > Policy Manager .
WSM checks the model and the OS (operat ing system) ver sion used by the device. If you have multiple versions of WSM software installed , WSM automatically opens the correct version of Policy Manager. If you launch Policy Manager f or a device that uses an older vers ion of Fireware OS , WSM might ask if you want to upgrade t he OS on th at device.
Policy Manager opens in Details view by default.
3. Select Setup > OS Compatibility Setup > OS Compatibility.
The OS Compatibility dialog box appears.
4. Make sure that the selected version is 11.9 or higher. 11.9 or higher.
If you open the configuration file from a device, the OS Compatibility version is automatically set to match the OS version on the device. If you use Policy Manager to create a new configuration file, you must configure this setting before you can configure features that require a specific OS version.
5. Click OK OK.
Getting Started
Getting Started