WatchguardメーカーFirebox SOHO 6.1の使用説明書/サービス説明書
ページ先へ移動 of 140
W atchGuar d ® Fir ebox ® SOHO 6 User Guide SOHO 6.1.
ii W atchGuard Fir ebox SOHO 6.1 Using this Guide T o use this guide you need to be familiar with your computer’s operatin g system. If you have ques tions about navigating in your computer’s environme nt, please re fer to your system user manual.
User Guide iii Certifications and Notices FCC Certification This appliance has been tested and found to compl y with limits for a Class A digital appliance, pursuant to P art 15 of the FCC Rules. Operation is subject to the following two condition s: • This appliance may not cause harmful interference.
iv W atchGuard Fir ebox SOHO 6.1 VCCI Notice Class A ITE.
User Guide v Declaration of Conformity.
vi W atchGuard Fir ebox SOHO 6.1 W A TCHGUARD SOHO SOF TW ARE END-USER LICENSE AGREEMENT WA TCHGU ARD SOHO SOFTWARE END-USER LICENSE AGREEMENT IMPOR TANT - READ CAREFULL Y BEFOR E ACCESSING WA TCHGU A.
User Guide vii archi val pu rposes on ly . 3. Prohibited Uses. Y ou may not, without expres s written permiss ion from WA TCHGUARD: (A) R everse engineer , disassemble o r decom pile the SO F TWARE PR.
viii W atchGuard Fir ebox SOHO 6.1 Limitation of Liabili ty . WA TCHGUARD'S LIAB ILITY (WHETHER IN CONTRACT , T OR T , OR OT HERWISE; AND NOTWITHSTANDING ANY F AUL T , NEGLIGENCE, STRICT LI ABILITY OR PRODUCT LI ABILIT Y) WITH RE GARD TO THE SOF TWARE PRODU CT WILL IN NO EVENT EX CEED THE PUR CHASE PRICE P AID B Y YOU F OR SUCH PRODUCT .
User Guide ix No change or modificatio n of this EUL A will be valid unless i t is in writing, and is sig ned by WA TCHGUARD. Notice to Users Infor mation in this guide is s ubject to change without notice. Companies, na mes, and da ta used in examples herein are fictitious unl ess other w ise no te d.
x W atchGuard Fir ebox SOHO 6.1 5. Products deriv ed from this so f tware m ay not be cal led "OpenSSL" nor may "OpenSSL" appear i n their names without prior written permissi on of the OpenS SL Pr oject.
User Guide xi The mod_ssl package falls u nder the Open-Source Sof tware label beca use it's distributed u nder a BSD -style license. The detaile d licens e infor mation fo llows. Copyright (c) 1998- 2001 R alf S. Engelsc hall. All rights res er ved.
xii W atchGuard Fir ebox SOHO 6.1 5. Products derived from this sof tware may no t be called "A pache" , nor may "A pache" appea r in their name, without prior w ritten per mission o f the Apache Sof tware Foundation.
User Guide xiii Contents CHAPTER 1 Intr oduction ................. ............ ........... .......... 1 The Package Contents . ................. ................ ............ 2 How Does a Firewall W ork? ..... ............ ........... .......... 3 How Does Infor mation T ravel on the Int er net? .
xiv W atchGuard Fir ebox SOHO 6.1 Disable the HTTP pr oxy setting of your Web br owser ............... ................ ................. ............ 14 Enable your computer for DHCP ................. ............ 16 Physically connect the SOHO 6 . .
User Guide xv Configur e the Dynamic DNS Se rvice ............ .......... 43 Configur e OPT Port Upgrades ... ................. ............ 44 Configur e Dual ISP Port ............... ................ .......... 44 Configur e VPNforce™ Por t ......
xvi W atchGuard Fir ebox SOHO 6.1 CHAPTER 7 Configur e Logging ............................ ........ 75 View SOHO 6 Log Messa ges .................................. 76 Set up Logging to a W a tc hGuar d Security Event Pr ocessor Log Host .. ..........
User Guide xvii W ebBlocker Categories ........... ................ ............. 103 CHAPTER 10 Support Resour ces .............. ............ ........ 107 T r oubleshooting Tips ............. ........... ............ ........ 107 General ...........
xviii W atchGuard Fir ebox SOHO 6.1.
User Guide 1 CHAPTER 1 Intr oduction We l c o m e Congratulations on pur chasing th e ideal solution for providing secure acce ss to the Internet–the W atchGuard ® Fire bo x ® SOHO 6 or SOHO 6tc security appliance.
Chapter 1: Introduction 2 W atchGuard Fir ebox SOHO 6.1 This User Guide is for both the SOHO 6 and the SOHO 6tc–the name SOHO 6 r efers to both these appliances throughout this guide. The only diffe rence betwe en them is the ability to cr eate and use a V irtual Private Network (VPN).
User Guide 3 How Does a Fir ewall W ork? How Does a Fir ewall W ork? F undamentally , a firew all is a way of distin guishing betwe en, as well as protecting, “us” and “them”. On the extern al side of your SOHO 6 firewall is the ent ire Internet.
Chapter 1: Introduction 4 W atchGuard Fir ebox SOHO 6.1 and the trusted network (you r computer) and blocks any suspicious a ctivity. How Does Information T r avel on the Inter net? All information transported over the Internet is pack aged in a specia l manner to ensure th at it travels from one compu ter to the next.
User Guide 5 How Does the SOHO 6 Process Information? Port numbers The port numbers are used by co mputers at both the sending and receiving end to determine the pa rticular program or application for each connection.
Chapter 1: Introduction 6 W atchGuard Fir ebox SOHO 6.1 the exte r nal address of th e SOHO 6. W hen a ha cker tries to viola te the computer , they are stopped at the SOHO 6, never learning the true addres s of your computer .
User Guide 7 The SOHO 6 Har dwar e Description Status When illuminated, this light indicates that a management connection has been made. Link The link indicator illumi nates when there is a good physical connection to any of the numbered (0-3) interfaces of the trusted network.
Chapter 1: Introduction 8 W atchGuard Fir ebox SOHO 6.1 The SOHO 6 has six Ethernet ports, a reset button, and a po wer input located on the rear of the appliance. The following photograph shows the entir e rear view . OPT port This Ethernet port corresponds to the Optional interface.
User Guide 9 The SOHO 6 Har dwar e Description N OTE The OPT port is only available if you purchase the Dual ISP Port or VPNforce P ort upgrades. Y ou can not use the OPT port as another Ether net port on the T r us ted network. RESET button Using the reset button, you can return to the SOHO 6 to t he factor y defaults.
Chapter 1: Introduction 10 W atchGuard Fir ebox SOHO 6.1.
User Guide 11 CHAPTER 2 Installation This chapter explai ns how to install the SOHO 6 into your network. Y ou must complete the follow ing steps: • Review and re cord your curr ent T CP/IP settings .
Chapter 2: Installation 12 W atchGuard Fir ebox SOHO 6.1 Befor e Y ou Begin Before installing your new SOHO 6, be certain that you have the following items:. • A 10/100BaseT E thernet I/O network card in stalled in your computer . • A cable or DSL modem with a 10/100Ba seT port or an ISDN router .
User Guide 13 Befor e Y ou Begin 2 At the default prompt, type ipconfig/all , then pr ess Enter . 3 Enter the TCP/IP settings in the chart provided below . 4 Click Cancel . Micr osoft Windows NT 1 Click Start => Progr ams => Comman d Prompt . 2 At the default prompt, type ipconfig/all , then pr ess Enter .
Chapter 2: Installation 14 W atchGuard Fir ebox SOHO 6.1 3 Exit the T CP/IP configur ation scree n . N OTE If you are connecting more than one computer to the tr usted network behind the SOHO 6, deter mine the TCP/IP settin gs for each computer .
User Guide 15 Befor e Y ou Begin T o disable the HTTP proxy in thr ee commonly used br owsers, se e the instructions below . If your browser is not listed, see your browser Help me nus to learn how to disable the HTTP proxy settings. Netscape 4.7 1 Open Netscape.
Chapter 2: Installation 16 W atchGuard Fir ebox SOHO 6.1 Inter net Explorer 5. 0, 5.5, and 6.0 1 Open Inter net Explorer . 2 Click To o l s => Internet Options . The Intern et Options window appears. 3 Click the Advanced tab. 4 Scroll down the page to HTTP 1 .
User Guide 17 Befor e Y ou Begin 4 Click Properties . The network connection Properties dialog box appears. 5 Double click the Inter net Pr otocol (TCP /IP) componen t.
Chapter 2: Installation 18 W atchGuard Fir ebox SOHO 6.1 6 Select Obtain an IP address automatically . Select Obtain DNS server address automatically . 7 Click OK to close the Internet Prot ocol (T CP/IP) Properties dialog box. Click OK again to close the network connection Properties dialog box.
User Guide 19 Physically connect the SOHO 6 Cabling the SOHO 6 for on e to four appliances Each of the T rusted Network port s (numbered 0 -3) is able to connect to a variety of appliance s. These include computers, printers, scanners, or other netw ork peripherals.
Chapter 2: Installation 20 W atchGuard Fir ebox SOHO 6.1 numbered, Et hernet por ts (labeled 0-3) on the SOHO 6. Connect the other end into the Ethernet port of your computer . The SOHO 6 is now connected to the Inter net and your computer . 4 If you connect to the Internet using a DSL/cable modem, restore the power to this device .
User Guide 21 Physically connect the SOHO 6 The SOHO 6 ships with a “10-seat” license. In other wo rds, the SOHO 6 allows up to ten computers on a network behind the SOHO 6 to access the Internet.
Chapter 2: Installation 22 W atchGuard Fir ebox SOHO 6.1 2 Disconnect the Ether net cable th at runs from your DSL/cable modem or other Internet connec tion to your computer and connect it to the W AN port on the SOHO 6. The SOHO 6 is now connected directly to the modem or other Inter net connection.
User Guide 23 CHAPTER 3 SOHO 6 Basics Once you have physically instal led the SOHO 6, you can connect to it using your W eb browser . T he SOHO 6 includes a W eb ser ver that pr ovides a configur ation, W eb page in terface.
Chapter 3: SOHO 6 Basics 24 W atchGuard Fir ebox SOHO 6.1 The System Status page appears. The System Status page is effect ively the home page of the SOHO 6. A v ariety of informat ion is revealed in an effort to provide a comprehensive display of the SOHO 6 configuration.
User Guide 25 Default Factory Settings -P a s s T h r o u g h • Upgrade options and their status • Configuration information for both the T rusted and Exter nal networks N OTE When the Exter nal n.
Chapter 3: SOHO 6 Basics 26 W atchGuard Fir ebox SOHO 6.1 F ir ewall Settings All incoming ser v ices are blocke d. An outgoing serv ice allowing all outbound traffic.
User Guide 27 Register your S OHO 6 an d Act ivate the LiveSecurity Service Finally , the PWR indicator light sh ould remain illuminated. Y our SOHO 6 is now reset to factory defaults. The base model SOHO 6 The base model SOHO 6 comes with a ten-seat license; tha t is, ten computers have access to the Internet through the SOHO 6.
Chapter 3: SOHO 6 Basics 28 W atchGuard Fir ebox SOHO 6.1 N OTE Yo u must have JavaScript enabled on your browser to be able to activate LiveSecurity Ser vice. If you are a r eturning customer , log in with your user name and password then choose your product and continue by following the instructions on screen.
User Guide 29 Reboot the SOHO 6 the default IP ad dress, go to: h ttp://192.168. 111 .1 . Click Reboot . • Unplug the SOHO 6 and reconnect it t o a power source . T o reboot a SOHO 6 located on a remote system, you must set t he SOHO 6 to allow either inco ming HTTP (W eb) or F TP traffic to the trusted address of the SOHO 6.
Chapter 3: SOHO 6 Basics 30 W atchGuard Fir ebox SOHO 6.1.
User Guide 31 CHAPTER 4 Configur e the Network Interfaces Configur e Y our Exter nal Network When you configur e the external network, you establish how the SOHO 6 communicates with your ISP . This configuration depends upon how your ISP distribute s network addr esses–usin g DHCP or PPP oE.
Chapter 4: C onfigure the Networ k Interfaces 32 W atchGuard Fir ebox SOHO 6.1 The most common method to distribute IP addresses is dynamically using DHCP (Dynamic Host Configur ation Protocol). When your computer is connected to the net work, a DHCP server at your ISP automatically assigns it a network IP addr ess.
User Guide 33 Configure Y our External Network Configur e the SOHO 6 Exter nal Network for static addressing If you are assigned a static address, then you must transfer the permanent addr ess assignment fr om your computer to the SOHO 6. Instead of communicating directly to your computer , the ISP now communicates t hrough the SOHO 6.
Chapter 4: C onfigure the Networ k Interfaces 34 W atchGuard Fir ebox SOHO 6.1 4 Enter the TCP/IP settings you recor ded from your comput er during the installation process. Refer to the table in, “Review and recor d your current T CP/IP settings” on page 12.
User Guide 35 Configure Y our External Network 4 Fr om the Configur ation Mode drop list, select PPP oE Client . The page refreshes. 5 Enter the PPP oE login name and domain supplied by your ISP . 6 Enter the PPP oE password supplied by your ISP . 7 Enter how long you want the system to wait before it disables an inactive TCP connections.
Chapter 4: C onfigure the Networ k Interfaces 36 W atchGuard Fir ebox SOHO 6.1 Configur e the T rusted Network By default, the SOHO 6 uses DHCP to assign addresses to computers on your trusted network.
User Guide 37 Configure the T rust ed Network The T r usted Network Configurati on page appears. 3 Enter the IP address and the Subnet Mask in t he appropriate fields. 4 Enable the checkbox labeled Enable DHCP Server on the T r usted Network . 5 Enter the first IP addre ss the DHCP server will hand out to computers connect to the T rusted network .
Chapter 4: C onfigure the Networ k Interfaces 38 W atchGuard Fir ebox SOHO 6.1 2 Enter the IP address of the DHCP relay server . 3 Click Submit and reboot the SOHO 6 as necessary.
User Guide 39 Configure the T rust ed Network Configur e the T rusted Network with static addr esses T o disable the SOHO 6 DHCP server and assign addresses statically , follow these steps: 1W i t h y o u r W e b b r o w s e r , g o t o t h e System Status page using the T r usted IP address of the SOHO 6.
Chapter 4: C onfigure the Networ k Interfaces 40 W atchGuard Fir ebox SOHO 6.1 4 Disabl e the checkbox labeled Enable DHCP Server on the T r usted Network . 5 Click Submit and reboot the SOHO 6 as necessary. 6 Configure your computers and other devices on the trusted network with static addr esses.
User Guide 41 Configur e Stat ic Routes The R outes page appears. 3 Click Add . The Add R oute pa ge appears. 4 Fr om the T ype dr op list, select either Host or Ne twork .
Chapter 4: C onfigure the Networ k Interfaces 42 W atchGuard Fir ebox SOHO 6.1 5 Enter the IP address and the Gateway of the route in the appropriate field. The gateway of the route is the local inter face of the router . 6 Click Submit . T o rem ove a route, select the appropriate entr y and click Remove .
User Guide 43 Configure the Dynamic DNS Service Configur e the Dynamic DNS Service This feature allows you to r egister the external, IP address of the SOHO 6 with a dyna mic DNS (Domain Nam e Ser ver) service (www .
Chapter 4: C onfigure the Networ k Interfaces 44 W atchGuard Fir ebox SOHO 6.1 N OTE The SOHO 6 receives the IP of member s.dyndns.org when it connects to the time ser ver .
User Guide 45 Configur e OP T Port U pgrades The SOHO 6 us es two methods to de termine if th e exter nal por t connection is down: • The link to the neares t rout er • A ping to a specifie d location. The SOHO pings the default gatewa y or other location designated by the adm inistrator .
Chapter 4: C onfigure the Networ k Interfaces 46 W atchGuard Fir ebox SOHO 6.1 Once you have upgr aded to the SO HO 6 to activate this features, follow these instructions to configure Dual ISP P ort: .
User Guide 47 Configur e OP T Port U pgrades 9 Enter the number of times the system will ping the Interface before timeout. 10 Click Submit . Configur e VPNfor ce™ Port The VPNfor ce port upgrade activates the SOHO 6 optional por t for use on the tru sted side.
Chapter 4: C onfigure the Networ k Interfaces 48 W atchGuard Fir ebox SOHO 6.1 2 Fr om the navigation bar on the left side, select Network => Optional . The Optional Network Configuration page appears. 3 T o enable VPNforce, select the Enable Optional Network checkbox.
User Guide 49 Configur e OP T Port U pgrades 6 T o require e ncr ypted MUVPN connections on this interface, enable the Require Encrypted MUVP N connections on this interface checkbox.
Chapter 4: C onfigure the Networ k Interfaces 50 W atchGuard Fir ebox SOHO 6.1.
User Guide 51 CHAPTER 5 Administrative Options The S OHO 6 Adminis tration page i s where you configure access t o the SOHO 6–using System Security , enabling SOHO 6 Remote Management, or providing VPN Manager Acc ess.
Chapter 5: Administrative Options 52 W atchGuard Fir ebox SOHO 6.1 The System Security Page The System Se curity configurat ion page allows you to cr eate secure settings to pr otect the configuration of the SOHO 6.
User Guide 53 The System Security Page recommends that the passphr ase contain at least one special char acter , number , and a mixture of upper and lower case letters for increased security.
Chapter 5: Administrative Options 54 W atchGuard Fir ebox SOHO 6.1 5 Enter the System Administrator Name. 6 Enter the System P assphr ase and confirm it.
User Guide 55 Set up VP N Manager Acc ess 2 Fr om the navigation bar on the left side, select Administration => VPN Manager Access . The VPN Manag er Access page app ears. 3 Select Enable VPN Manager Access . 4 Enter the status passphrase and confirm it.
Chapter 5: Administrative Options 56 W atchGuard Fir ebox SOHO 6.1 Update Y our Firmwar e As new firmware is released, you should update the version running on your SOHO 6. New updates are located on the Wa t c h G u a r d We b s i t e a t : http://support.
User Guide 57 Redeem your SOHO 6 Upgrade Options 4 E nter the loca tion of the firmware files l ocated on your computer . 5 If you do not know the location of the firmware files, click Browse to bro wse your computer’s dir ectories and se lect them.
Chapter 5: Administrative Options 58 W atchGuard Fir ebox SOHO 6.1 3 Follow the instructions pr ovided on the site to r edeem your upgrad e license key. 4 Copy the F eature K ey displayed at the LiveSecurity Service We b s i t e . 5W i t h y o u r W e b b r o w s e r , g o t o t h e System Status page using the T r usted IP address of the SOHO 6.
User Guide 59 Redeem your SOHO 6 Upgrade Options Dual ISP P ort This upgr ade to the SOHO 6 activates the Optional port as a fail-over support for the exte rn al interface.
Chapter 5: Administrative Options 60 W atchGuard Fir ebox SOHO 6.1 http://w ww .watchguard.com /renew/ F ollow the instructions at the site to activate or purchase the renewal. View the Configuration File F rom this configur ation page, the SOHO 6 configuration file appears in text format.
User Guide 61 CHAPTER 6 Configur e the Fir ewall Settings Fir ewall Settings The flow of in coming and outg oing tr affic is contr olled by the configurat ion setting you mak e. These decisions are m ade in accordan ce with a sound security policy that defines the kin ds of risks that are acceptable to you or your firm.
Chapte r 6: Configure the Firewall Settings 62 W atchGuard Fir ebox SOHO 6.1 Configur e Incoming and Outgoing Services By default, the security stance of the SOHO 6 is to deny incoming packet s to computers on the tr usted network pr otected by the SOHO 6 firewall.
User Guide 63 Configure Incoming an d Outgoing Services 2 Locate a pre-configured service, such as FTP , W eb, or T elnet, then select either Allow or Deny from the dr op list. In our example, th e HT TP ser vice is set to Allow en abling Web traffic incoming.
Chapte r 6: Configure the Firewall Settings 64 W atchGuard Fir ebox SOHO 6.1 2 Fr om the navigation bar on the left side, select Firew a ll => Custom Ser vice . The Custom Ser vice page appears. 3 Define a name for the service in the appropriate field.
User Guide 65 Block External Sites 5 Enter the por t number (or number s if cr eating a r ange of ports) or enter the IP pr otocol number to allow in t he appropriate fields and click Add . After creating a custom service, you need to specify a filter rule as well as define the incoming and outgoing pr operties.
Chapte r 6: Configure the Firewall Settings 66 W atchGuard Fir ebox SOHO 6.1 The Blocked Sites page ap pears. 2 Select either Host IP Address, Network IP Address, or Host Range from t he drop list.
User Guide 67 Fir ewall Options Fir ewall Options The SOHO 6 firewall feature includes a few rule settings that are less specific then the ser vice sett ings discussed previously and ar e used to pr ovide further security for your private network. These options are found on the F irewall Options page.
Chapte r 6: Configure the Firewall Settings 68 W atchGuard Fir ebox SOHO 6.1 Ping r equests r eceived on the Exter nal Network Y ou can configure the SOHO 6 to de ny all ping pack ets that it receives on the ex ter nal in terf ace. 1 Select Do not respond to PING r equests received on External Network .
User Guide 69 Fir ewall Options • SOHO 6 supports SOCKS vers ion 5 only. • It is a limited version of SOCKS and does not support authentication. N OTE Configure the particul ar appl icati on so that it does not attempt to make DNS look-ups w ith SOCKS.
Chapte r 6: Configure the Firewall Settings 70 W atchGuard Fir ebox SOHO 6.1 • F or the SOCKS pr oxy , enter the URL or IP addr ess of the SOHO 6 trusted network.
User Guide 71 Fir ewall Options F ollow these steps: 1 Select Log All Allowed Outbound Access . 2 Click Submit . Enable override MAC addr ess for the Exter nal Network A SOHO administr ator is able to.
Chapte r 6: Configure the Firewall Settings 72 W atchGuard Fir ebox SOHO 6.1 Cr eate an Unr estricted Pass Thr ough The SOHO 6 is able to allow traffic to be passed thr ough to a dedicated machine with a public IP address separ ated fr om the rest of the T rusted net work.
User Guide 73 Cr eate an Un rest ricted Pass Th rough and T r usted network computers are not protected from potential threats, do not use th e P ass Through feature.
Chapte r 6: Configure the Firewall Settings 74 W atchGuard Fir ebox SOHO 6.1.
User Guide 75 CHAPTER 7 Configur e Logging What is logging? Logging is the act of recor ding “events” t hat occur at the SOHO 6 interfa ces. An event is any single activity , such as communication wi th th e W a tchGu ard W e bBlocker database or incoming traffic passing through the SOHO 6.
Chapter 7: Configure Logging 76 W atchGuard Fir ebox SOHO 6.1 View SOHO 6 Log Messages The W atchGuard SOHO 6 gener ates an on going activity log s tored on the SOHO 6: the Event Log. Th is log stores a maximum of 150 messages. When it reaches this lim it, the oldest message is deleted.
User Guide 77 Set up Logging to a W a tchGuard Security Event Processor Log Host T o have your log messages s ynchronize with your computer: • Click Sync Time with Browser now .
Chapter 7: Configure Logging 78 W atchGuard Fir ebox SOHO 6.1 The WatchGuard Security Event P rocessor page appears. 3 Select Enable W atchGuar d Security Event Pr ocessor Logging . 4 Enter the IP address of the WSEP server that is your log host in the appropriate fie ld.
User Guide 79 Set up Logging to a Syslog Host Set up Logging to a Syslog Host The SOHO 6 also sends log entries to a Syslog host. F ollow these st eps to setup a Syslog Host: 1W i t h y o u r W e b b r o w s e r , g o t o t h e System Status page using the T r usted IP address of the SOHO 6.
Chapter 7: Configure Logging 80 W atchGuard Fir ebox SOHO 6.1 T o a djust your sysl og messages to your browsers loca l time: • Select Include local time in syslog message . N OTE Syslog traffic is not encr ypted and use of this opti on creates a potential security risk when the infor mation is sent over the Internet.
User Guide 81 Set the S ystem Time The System Time page appears. If you have decided to use the W atchGuard Time Server: 3 Select Get Time F r om W atchGuard Ti me Ser ver . Or , to use a TCP P ort 37 Time Ser v er: 4 Select Get Time F rom T CP P ort 37 Time Server at .
Chapter 7: Configure Logging 82 W atchGuard Fir ebox SOHO 6.1.
User Guide 83 CHAPTER 8 VPN—V irtual Private Networking This chapter describ es an optional feature of the W atc hGuard SOHO 6, V irtual Private Networking (VPN) with IPSec.
Chapte r 8: VPN—Virtua l Private Networking 84 W atchGuard Fir ebox SOHO 6.1 What Y ou Need • One W atchGua rd SOHO 6 with VPN and an IPSec- compliant appliance. N OTE While you can create a SOHO 6 to SOHO 6 VPN, you can also create a VPN with a WatchGuar d Firebox II/III, Firebox Vclass, or other IPSec- compliant applian ces.
User Guide 85 What Y ou Need IP Addr ess T able (example): Item Description Assigned By External IP Address The IP address that identifies the SOHO 6 to the Inter net. ISP Site A : 207.168.55.2 Site B: 68.130.44.1 5 External Subnet Mask The overlay of bits that dete rmines which part of the IP address identifies your netw ork.
Chapte r 8: VPN—Virtua l Private Networking 86 W atchGuard Fir ebox SOHO 6.1 Enable the VPN Upgrade Y ou must first redeem the VPN upgr ade license k ey before configuring VPN.
User Guide 87 Fr equently Asked Ques tions Special Considerations Consider the following before configuring your W atchGuard SOHO 6 VPN network: • Y ou can connect up to six SOHO 6 appliances together . T o set up more VPN tunn els, you need at leas t one W atchGuard Firebox II/III con figured wi th the W atchGuard VPN Manager .
Chapte r 8: VPN—Virtua l Private Networking 88 W atchGuard Fir ebox SOHO 6.1 this feature t o discourage users from creat ing W eb servers. These providers usually offer a static IP addr ess option. How do I tr oubleshoot the connection? If you are able to ping the r emote SOHO 6 a nd computers behind it, your VPN tunnel is up and running.
User Guide 89 Set Up Multiple SOHO-S OHO VPN T u nnels Set Up Multiple SO HO-SOHO VPN T unnels W ith this r elease, a SOHO administr ator has the ability to manually define up to six VPN tunnels to other SOHO 6 device s. VPN Manager’s ability t o set up a lar ger number of SOHO 6 to SOHO 6 tunnels remains.
Chapte r 8: VPN—Virtua l Private Networking 90 W atchGuard Fir ebox SOHO 6.1 The Add Gateway page appears. 4E n t e r t h e Name , IPSec Gateway Addr ess , and Shared K ey for SOHO 6 you want to set up a VPN tunnel. The shared key is used by the local and remote SOHO to encr ypt and decr ypt the data going across the tunnel.
User Guide 91 Set Up Multiple SOHO-S OHO VPN T u nnels steps. Mak e sure that the P hase 1 se ttings on this device are the same as on the peer device.
Chapte r 8: VPN—Virtua l Private Networking 92 W atchGuard Fir ebox SOHO 6.1 13 In the Diffie-He llman Gr oup drop list, specify the gr oup. W atchGuard s upports 1 & 2. Diffie-Hellman refers to a mathematical technique for securely negotiating secret keys over a public medium.
User Guide 93 Configure Split T unneling Configur e Split T unneling Another new featur e in this r eleas e is split tunneling that allows the administr ator to specify all Inte rnet traffic originating from the T r usted interface of the SOHO 6 to go thr ough the VPN tunnel.
Chapte r 8: VPN—Virtua l Private Networking 94 W atchGuard Fir ebox SOHO 6.1 terminatin g at the local SOHO 6. The SOHO 6 also allows users on the T rusted net work to ac cess ne tworks on Branch Office VPN tunnels terminating at the local SO HO 6.
User Guide 95 CHAPTER 9 SOHO 6 W ebBlocker W ebBlocker is an optional feat ure of t he SOHO 6 that pr ovides W eb site filter ing capabil ities. It give s you prec ise control over th e types of W e b sites us ers on your tr usted netw ork are allowed to view .
Chapte r 9: SOHO 6 W ebBlocker 96 W atchGuard Fir ebox SOHO 6.1 SOHO 6 queries the W atchGuard database and determines whether or not to block the sit e.
User Guide 97 Pur chase and Activate SOHO 6 W ebBlocker W ebBlocker users and groups Gr oups A group is a collection of individuals or users of the system.
Chapte r 9: SOHO 6 W ebBlocker 98 W atchGuard Fir ebox SOHO 6.1 Configur e the SOHO 6 W ebBlocker Use the W atchGuard SOHO 6 Configur ation pages t o activate W ebBlock er , cr eate a full access pass.
User Guide 99 Configur e the SOHO 6 W eb Blocker 3 Select Enable W ebBlocking . 4 Enter the full access password. The full access password allows a user a to bypasses other w ise blocked sites.
Chapte r 9: SOHO 6 W ebBlocker 100 W atchGuard Fir ebox SOHO 6.1 The WebBlocker Groups page appears. 3 Click New to create a group name and pr ofile..
User Guide 101 Configur e the SOHO 6 W eb Blocker 4 Define a Group Name and se lect the blocke d categories for this group. 5 Click Submit. A new Groups page appears ind icati ng the configuration changes were accepted and are providing access.
Chapte r 9: SOHO 6 W ebBlocker 102 W atchGuard Fir ebox SOHO 6.1 6 T o the right of the Users field, click New . The New User page appears. 7 Enter a unique user name and passphrase (remember to confirm the pass phrase). Use the Gr oup drop list to a ssign the new user to a given group.
User Guide 103 W ebBlocker Categories 8 Click Submit . N OTE Y ou can del ete users or group s at any time by selecting them a nd clicking Delete . W ebBlocker Categories W ebBlock er rel ies on a URL da tabase, wh ich is a service of SurfControl. Th e W e bBlocker database contains thousands of IP addresses and directories.
Chapte r 9: SOHO 6 W ebBlocker 104 W atchGuard Fir ebox SOHO 6.1 (using someone’s pho ne lines without permission), and software piracy. Also includes text advocat ing gambling relating to lotteries, casino s, betting, numbers games, online sports, or financial betting, including non-monetary dares.
User Guide 105 W ebBlocker Categories or handicap, gen der , or sex ual orientation. Any picture or text that elevates one group over another . Also includes intolerant jokes or slurs.
Chapte r 9: SOHO 6 W ebBlocker 106 W atchGuard Fir ebox SOHO 6.1 Sexual Acts Pictures or text exposing an yone or anything involved in explicit sexual acts and/or lewd and lascivious behavior .
User Guide 107 CHAPTER 10 Support Resour ces T roubleshooting Tips The following inform ation is offered to help over come any difficulties that might occur when installing and setting up your SOHO 6. General What do the PWR, Status, and Mode lights signify on the SOHO 6? When the PWR light is lit, the SOHO 6 has power .
Chapter 10: Support Res ources 108 W atchGuard Fir ebox SOHO 6.1 four , numbered, Ethernet por ts (labeled 0-3) and r eload the configurat ion. If the Mode light is blinking : The SOHO 6 requires a DHCP assigned I P address for the external interface, but did not receive it.
User Guide 109 T roubleshooting Tips N OTE Y ou can also reboot by rem oving the power source for te n seconds, and then restoring power . How do I re set my System Security password, if I forgot or lost it? If you forgot your passwor d, you must r eset the SOHO 6 to its factor y default.
Chapter 10: Support Res ources 110 W atchGuard Fir ebox SOHO 6.1 a DSL router , set the NA T feature of the DSL router to bridge-only mode. How do I install and configur e the SOHO 6 using a Macintosh.
User Guide 111 T roubleshooting Tips How can I see the MAC addr ess of my SOHO 6? A MA C (Media Access Control) address is a unique number used to identify the actual physical har dware of an Ethernet applianc e. 1 Wit h your W eb browser , go to the SOHO 6 Configur ation Settings page using the T rusted IP address of the SOHO 6.
Chapter 10: Support Res ources 112 W atchGuard Fir ebox SOHO 6.1 How do I change to a static, trusted IP addr ess? Before you can use a static IP addr ess, you must have a ba se T r usted IP address an d subnet mask. The following IP address r anges an d subnet masks a re set aside for private networks in compliance wi th RFC 1918.
User Guide 113 T roubleshooting Tips T o disable W ebBlocker , deselect Enable W ebBlocker . How do I allow incoming services such as POP3, T elnet, and W eb (HTTP)? 1 Wit h your W eb browser , go to the System Status page using the T rusted IP addre ss of the SOH O 6.
Chapter 10: Support Res ources 114 W atchGuard Fir ebox SOHO 6.1 5 Enter the protocol number to allow in the Pr otocol field. 6 Click Submit . 7 Fr om the navigation bar on the left side, select Firew a ll => Incoming . The Firewall Incomi ng T raffic page appears.
User Guide 115 T roubleshooting Tips How do I set up my SOHO 6 for VPN Manager Access? This requires the add-on prod uct, W atchGuard VPN Manager softw are, which is purchased separately and used with the W a tch Gua rd Fire box Sy ste m sof t wa re. T o purc has e V PN M ana ger , use your W eb browser to go to: https://www .
Chapter 10: Support Res ources 116 W atchGuard Fir ebox SOHO 6.1 Contact T echnical support Online Documentatio n and In-Depth F AQs W atchGuard maintains an extensiv e knowledge base consisting of product documentation in the form of printer friendly .
User Guide 117 Index Numerics 100 indicator 7 A Add R oute page 41 B blocked sites configuring 65 Blocked Sites page 66 browsers, supported 12 button, RESET 8 C cables cor rect setup 110 included in p.
Index 118 W atchGuar d Fir ebox SOHO 6.1 H hardware description 6 HT TP proxy settings, disabling 14 I incoming ser v ice, creating custom 63 indicators 100 7 link 7 Mode 7 WAN 7 installation cabling .
User Guide 119 Blocked Sites 66 Custom Ser vice 64, 113 Dynamic DNS client 43 Filter T raffic 62 Firewall Incoming T raffi c 114 Firewall Options 67 Groups 101 Logging 76 Network Statistics 42 New Use.
Index 120 W atchGuar d Fir ebox SOHO 6.1 configuring for PPP oE 34 configuring for static addressing 33 configuring VPN tunnel with 86 connecting to 23 default factor y settings 25 described 2 firewal.
User Guide 121 VPNforce™ P ort 47 VPNs and SOHO 6, SOHO 6 tc 2 and static IP addresses 87 between two SOHO 6s 115 configuring with SOHO 6 86–88 described 83 enabling tunnels 88 encr yption for 87 .
Index 122 W atchGuar d Fir ebox SOHO 6.1.
デバイスWatchguard Firebox SOHO 6.1の購入後に(又は購入する前であっても)重要なポイントは、説明書をよく読むことです。その単純な理由はいくつかあります:
Watchguard Firebox SOHO 6.1をまだ購入していないなら、この製品の基本情報を理解する良い機会です。まずは上にある説明書の最初のページをご覧ください。そこにはWatchguard Firebox SOHO 6.1の技術情報の概要が記載されているはずです。デバイスがあなたのニーズを満たすかどうかは、ここで確認しましょう。Watchguard Firebox SOHO 6.1の取扱説明書の次のページをよく読むことにより、製品の全機能やその取り扱いに関する情報を知ることができます。Watchguard Firebox SOHO 6.1で得られた情報は、きっとあなたの購入の決断を手助けしてくれることでしょう。
Watchguard Firebox SOHO 6.1を既にお持ちだが、まだ読んでいない場合は、上記の理由によりそれを行うべきです。そうすることにより機能を適切に使用しているか、又はWatchguard Firebox SOHO 6.1の不適切な取り扱いによりその寿命を短くする危険を犯していないかどうかを知ることができます。
ですが、ユーザガイドが果たす重要な役割の一つは、Watchguard Firebox SOHO 6.1に関する問題の解決を支援することです。そこにはほとんどの場合、トラブルシューティング、すなわちWatchguard Firebox SOHO 6.1デバイスで最もよく起こりうる故障・不良とそれらの対処法についてのアドバイスを見つけることができるはずです。たとえ問題を解決できなかった場合でも、説明書にはカスタマー・サービスセンター又は最寄りのサービスセンターへの問い合わせ先等、次の対処法についての指示があるはずです。