Date: 2011/8/1. 1. N etwo r k Ne twork Config uration



Similar documents
Fireware Essentials Exam Study Guide

Configuration Example

DriveLock Websecurity

Chapter 4 Firewall Protection and Content Filtering

Barracuda Link Balancer

Web Filtering For Branch SRX Series and J Series

Komplettschutz für den Mittelstand

WEB FILTERING FOR BRANCH SRX SERIES AND J SERIES

WatchGuard System Manager User Guide. WatchGuard System Manager v8.0

Release Notes for XTM 2, 5, and 8 Series, XTM 1050, and Firebox X Peak, Core and Edge e-series Appliances

What s New in Fireware XTM v11.5.1

Firewall Defaults and Some Basic Rules

VPN Tracker for Mac OS X

NETASQ MIGRATING FROM V8 TO V9

WatchGuard System Manager and Fireware

Firewall. FortiOS Handbook v3 for FortiOS 4.0 MR3

WatchGuard Training. Introduction to WatchGuard Dimension

Multi-Homing Gateway. User s Manual

Funkwerk UTM Release Notes (english)

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Configuration Example

Gigabit SSL VPN Security Router

Steps for Basic Configuration

Configuring an IPSec Tunnel between a Firebox & a Check Point FireWall-1

Chapter 4 Security and Firewall Protection

Release Notes for XTM 2, 5, and 8 Series, XTM 1050, and Firebox X Peak, Core and Edge e-series Appliances

Configuration Example

Chapter 4 Firewall Protection and Content Filtering

FortiGate Multi-Threat Security Systems I Administration, Content Inspection and SSL VPN Course #201

For extra services running behind your router. What to do after IP change

Load Balance Router R258V

About Firewall Protection

BR Load Balancing Router. Manual

WatchGuard Firebox X Edge e-series

DOWNTIME CAN SPELL DISASTER

Configuring SSL VPN on the Cisco ISA500 Security Appliance

Preparing for Version 10

IREBOX X. Firebox X Family of Security Products. Comprehensive Unified Threat Management Solutions That Scale With Your Business

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

Deploying F5 with Microsoft Active Directory Federation Services

BorderWare Firewall Server 7.1. Release Notes

SonicOS 5.9 / / 6.2 Log Events Reference Guide with Enhanced Logging

BASIC FIREWALL SERVICES

Chapter 9 Monitoring System Performance

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

FBR Multi-WAN VPN Router. User Manual

Broadband Bandwidth Controller

SonicOS 5.9 One Touch Configuration Guide

Securing Networks with PIX and ASA

Move over, TMG! Replacing TMG with Sophos UTM

Chapter 8 Router and Network Management

Firewall Log Format. Log ID is a Unique 12 characters code (c1c2c3c4c5c6c7c8c9c10c11c12) e.g ,

Networking for Caribbean Development

Create a VPN on your ipad, iphone or ipod Touch and SonicWALL NSA UTM firewall - Part 1: SonicWALL NSA Appliance

Firewall Defaults, Public Server Rule, and Secondary WAN IP Address

UIP1868P User Interface Guide

Innominate mguard Version 6

VMware vcloud Air Networking Guide

SonicWALL PCI 1.1 Implementation Guide

Internet Protocol: IP packet headers. vendredi 18 octobre 13

Feature Brief. FortiGate TM Multi-Threat Security System v3.00 MR5 Rev. 1.1 July 20, 2007

Chapter 3 LAN Configuration

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

login timeout 30 access list ALL line 20 extended permit ip any any port 9053 interval 15 passdetect interval 30

Configuration Example

Internet Content Filter Exemption Request Form

IPCOM S Series Functions Overview

How To Use A Cisco Wvvvdns4400N Wireless-N Gigabit Security Router For Small Businesses

How To Manage Outgoing Traffic On Fireware Xtm

Configuration Example

NR50. Niveo Professional Multi WAN load balancing VPN router

Integration Guide. LogicNow MAXfocus

A host-based firewall can be used in addition to a network-based firewall to provide multiple layers of protection.

Fireware XTM Traffic Management

Virtual private network. Network security protocols VPN VPN. Instead of a dedicated data link Packets securely sent over a shared network Internet VPN

Gigabit Content Security Router

Chapter 4 Customizing Your Network Settings

How To Authenticate On An Xtma On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Password Protected (For An Ipad) On An Ipa Or Ipa (For Mac) With A Log

Gigabit Multi-Homing VPN Security Router

Network Security. Protective and Dependable. 52 Network Security. UTM Content Security Gateway CS-2000

High Availability Branch Office VPN

Barracuda Link Balancer Administrator s Guide

XTM 3, 5, 8, 800, 1500, and 2500 Series XTM 25, XTM 26, XTM 1050, XTM 2050 Firebox T10, XTMv, WatchGuard AP

Multi-Homing Security Gateway

LifeSize Video Communications Systems Administrator Guide

WatchGuard Technologies WatchGuard Technologies

Guidance Regarding Skype and Other P2P VoIP Solutions

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

WatchGuard Gateway AntiVirus

GB-OS Version 6.2. Configuring IPv6. Tel: Fax Web:

WatchGuard Firebox X Edge e-series User Guide

Load Balancing Router. User s Guide

Cisco RV082 Dual WAN VPN Router Cisco Small Business Routers

NETASQ & PCI DSS. Is NETASQ compatible with PCI DSS? NG Firewall version 9

How do I configure multi-wan in Routing Table mode?

Firewalls und IPv6 worauf Sie achten müssen!

Branch Office VPN Tunnels and Mobile VPN

Fireware How To Authentication

ANS Monitoring as a Service. Customer requirements

Transcription:

WatchGuard XTMd oc XT M Configurat ion Document Date: 2011/8/1 Contents 1 Network 1-1 Network Configuration 1-2 Bridge 1-3 VLAN 1-4 WINS/DNS 1-5 Dynamic DNS 1-6 Multi-Wan 1-7 1-8 1-1 Nat 1-9 ARP Entries 1-10 Route 2 Setup 2-1 System 2-2 Feature Key 2-3 Alias 2-4 Logging 2-5 NTP 2-6 SNMP 2-7 Global Settings 3 Firewall Policy 3-1 Policy Settings 3-2 Policy Details 3-3 Proxy Action 4 VPN 4-1 Branch Office Gateway 4-2 Branch Office Tunnel 4-3 Mobile VPN IPsec 4-4 Mobile VPN PPTP 4-5 Mobile VPN SSL 4-6 VPN Settings 5 Security 5-1 spamblocker 5-2 Gateway AntiVirus 5-3 Intrusive Prevention Service 5-4 WebBlocker 5-5 Quarantine Server Configurat ion 1. N etwo r k 1-1 Network Configuration Ne twork Config uration

Ne twork Config uration Configure Interface in Mix Routing Mode. Inte rface No. Zone Alias IP Address Netmask 0 External External 0.0.0.0 255.255.255.0 Description 1 Trusted LaboNet 172.16.2.201 255.255.255.0 Labo Network 2 Trusted SupportOnly 172.16.1.11 255.255.255.0 Support Network 3 Trusted OfficeNet 172.16.10.1 255.255.255.0 Office Network 4 Bridge Client-1 0.0.0.0 255.255.255.0 5 Bridge Client-2 0.0.0.0 255.255.255.0 6 Optional ServerNet 10.0.6.1 255.255.255.0 Server Network Segment 1-2 Bridge Bridg e Alias Zone IP Address DHCP Address Pool Bridge-Client Trusted 192.168.150.1 /24 192.168.150.50-192.168.150.200 4, 5 1-3 VLAN VLAN Interface ID Alias Zone IP Address DHCP Address Pool Interface 1-4 WINS/DNS DNS Domain Name DNS Server 8.8.8.8 8.8.4.4 WINS WINS Server 1-5 Dynamic DNS. 1-6 Multi-Wan Multi- WAN Multi-Wan Algorithm

- 1-7 FROM TO 192.168.0.0 Any-External Any-Trusted Any-External 172.16.0.0 Any-External 10.0.0.0 Any-External Any-External Any-External 1-8 1-1 Nat 1-to-1 NAT Interface Type # of Hosts NAT Base Real Base 1-9 ARP Entries ARP Entrie s There is no ARP Entries. 1-10 Route Route s Route Gateway Metric 172.16.1.0 /24 172.16.1.201 1 2. Setu p 2-1 System De vice Config uration Firebox Model XTM510 Name Location Contact Time zone 2-2 Feature Key XTM_BOX_01 Information System Dept. jpnsales@watchguard.co.jp Osaka, Sapporo, kyo (GMT+09:00) Fe ature Ke ys Feature Value

Expiration Status 2-3 Alias Alias Alias Name Any Firebox All traffic Description All local traffic associated with the Firebox Any-External All traffic associated with external interfaces Any-Trusted All traffic associated with trusted interfaces Any-Optional All traffic associated with optional interfaces Any-BOVPN All traffic associated with BOVPN Any-MUVPN All traffic associated with MUVPN PPTP External LaboNet SupportOnly OfficeNet ServerNet Built-in alias Built-in alias Built-in alias Built-in alias Built-in alias Built-in alias Bridge-Client Built-in alias 2-4 Logging WatchGuard Log Se rve r Using Log Server IP Address 192.168.150.15 Port 4115 Sys log Se rve r Using Syslog Server IP Address 172.16.1.110 Fire box Inte rnal Strag e Using internal strage 2-5 NTP NTP Se tting NTP Server Names/IPs 0.pool.ntp.org

1.pool.ntp.org 2.pool.ntp.org 2-6 SNMP SNMP v2c Community String SNMP v3 User Name Authentication Protocol Privacy Protocol SNMP Traps Version Version 0 Management Station 2-7 Global Settings Global Se tting Web UI Port 8080 Traffic Management and QoS Fragmentation Req Host Unreachable Port Unreachable Network Unreachable Protocol Unreachable Automatic Re boot Schedule time for reboot Week Time 0:0 3. Fi r ewa l l Po l i c y 3-1 Policy Settings Everyday Fire wall Policy

Order Action Policy Name Log Alarm 1 FTP Any-Trusted Any-Optional Port Any-External 21 2 HTTP-proxy Any-Trusted Any-External 80 3 WatchGuard Web UI Any-Trusted Any-Optional 4 Ping Any-Trusted Any-Optional Any 5 WatchGuard Any-Trusted Any-Optional Firebox 8080 Firebox 4105 6 Outgoing Any-Trusted Any-Optional Any-External 0 3-2 Policy Details FTP Action Allow Any-Trusted Any-Optional Any-External Properties ICMP NAT QoS Fixed Connection Protocol FTP Port 21 Proxy Action Logging Auto-block Specify Custom Idle Schedule Traffic Control Connection Rate (per second) 07T11:58:37+09:00. Always On 0 1-1 NAT Override per-interface Using Global Sticky Setting HTTP- proxy Action Proxy Any-Trusted Any-External Protocol Port 80 HTTP-proxy

Properties ICMP NAT QoS Fixed Connection Proxy Action Logging Auto-block Specify Custom Idle Schedule Traffic Control Connection Rate (per second) 25T14:51:54+09:00. HTTP-Client.1 Always On 0 1-1 NAT Override per-interface Using Global Sticky Setting WatchGuard We b UI Action Allow Any-Trusted Any-Optional Firebox Properties ICMP NAT QoS Fixed Connection Protocol Port 8080 Proxy Action Logging Auto-block Specify Custom Idle Schedule Traffic Control Connection Rate (per second) WG-Fireware-XTM-WebUI 07T11:58:37+09:00. Always On 0 1-1 NAT Override per-interface Using Global Sticky Setting Ping

Action Allow Any-Trusted Any-Optional Any Properties ICMP NAT QoS Fixed Connection Protocol Port Proxy Action Logging Auto-block Specify Custom Idle Schedule Traffic Control Connection Rate (per second) Ping 07T11:58:37+09:00. Always On 0 1-1 NAT Override per-interface Using Global Sticky Setting WatchGuard Action Allow Any-Trusted Any-Optional Firebox Properties ICMP NAT QoS Protocol Port 4105 Proxy Action Logging Auto-block Specify Custom Idle Schedule Traffic Control Connection Rate (per second) WG-Firebox-Mgmt 07T11:58:37+09:00. Always On 0 1-1 NAT Override per-interface

Fixed Connection Using Global Sticky Setting O utg oing Action Allow Any-Trusted Any-Optional Any-External Properties ICMP NAT QoS Fixed Connection 3-3 Proxy Action HTTP- Clie nt.1 Protocol Port 0 Proxy Action Logging Auto-block Specify Custom Idle Schedule Traffic Control Connection Rate (per second) TCP-UDP 07T11:58:37+09:00. Always On 0 1-1 NAT Override per-interface Using Global Sticky Setting Proxy Name HTTP-Client.1 Proxy Type 1 Attribute 4. VPN Created by Policy Manager client 4-1 Branch Office Gateway 4-2 Branch Office Tunnel 4-3 Mobile VPN IPsec Policy

Order Action Policy Name Log Alarm Port 4-4 Mobile VPN PPTP Mobile VPN with PPTP Mobile VPN with PPTP Encryption Settings MTU 1400 MRU 1400 4-5 Mobile VPN SSL 4-6 VPN Settings VPN Config uration Upper 128bit IPSec Settings LDAP Server Settings for CRL BOVPN Notification 5. Sec u r i ty 5-1 spamblocker s pamblocke r Enable IPSec Pass-through Enable TOS for IPSec Enable LDAP server for certificate verification Server Port 389 Send SNMP Trap Send notification General Settings HTTP Proxy Server Enable VOD VOD maximum file size to scan 60 KB Maximum number of connections 16 Maximum file size to scan 60 KB Cache size 10000 Enable proactive patterns connection string override Contact the spamblocker server using an HTTP proxy server Server address Server port 8080 Server authentication User domain User name Trusted Email Forwarders resolver%d.wguard.ctmail.com NoAuth

5-2 Gateway AntiVirus Update Se rve r Automatic Update Interval 60 Intrusion Prevention Signatures Gateway AntiVirus Signatures De compre s s ion Enable Scan Level false Gate way AntiVirus Policy Policy Name Service Type GAV 5-3 Intrusive Prevention Service Intrus ive Pre ve ntion S e rvice Policy Policy Name Type Proxy Type IPS HTTP-proxy HTTP-proxy Firewall 5-4 WebBlocker We bblocke r.1 Se tting s Policy Name Proxy WebBlocker Server Deny Categories HTTP-proxy-00 HTTP-Client.1 Real Estate Shopping Advertisements Food & Drink Motor Vehicles Infrastructure Proxies & Translators Phishing & Fraud Business Spam URLs Intimate Apparel & Swimwear Spyware Tasteless & Offensive Fashion & Beauty Politics Criminal Activity Search Engines News Adult/Sexually Explicit Health & Medicine Hosting Sites

Allow Categories Blogs & Forums Government Society & Culture Finance & Investment Job Search & Career Development Alcohol & bacco Uncategorized Streaming Media Weapons Peer-to-Peer Travel Reference Ringtones/Mobile Phone Downloads Downloads Photo Searches Philanthropic & Professional Orgs. Sports Illegal Drugs Hobbies & Recreation Computing & Internet Religion Entertainment Kids Sites Sex Education Chat Personals & Dating Arts Intolerance & Hate Games Gambling Violence Education Hacking Web-based Email 5-5 Quarantine Server Q uarantine Se rve r IP Address Port 4120 WatchGuard XTMdoc Copyright 2011 WatchGuard Technology All Rights Reserved.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information