Watchguard Firebox III 500, Firebox III 1000, Firebox III 2500, Firebox III 450, Firebox III 700 Hardware Manual
Page 1
Firebox III
Hardware Guide
Firebox 500, Firebox 700, Firebox 1000, Firebox 2500,
Firebox 4500
Page 2
Copyright and Patent Information
Copyright© 1998 - 2003 WatchGuard Technologies, Inc. All rights
reserved.
AppLock, AppLock/Web, Designing peace of mind, Firebox, Firebox 1000,
Firebox 2500, Firebox 4500, Firebox II, Firebox II Plus, Firebox II
FastVPN, Firebox III, Firebox SOHO, Firebox SOHO 6, Firebox SOHO 6tc,
Firebox SOHO|tc, Firebox V100, Firebox V80, Firebox V60, Firebox V10,
LiveSecurity, LockSolid, RapidStream, RapidCore, ServerLock,
WatchGuard, WatchGuard Technologies, Inc., DVCP technology, Enforcer/
MUVPN, FireChip, HackAdmin, HostWatch, Make Security Your Strength,
RapidCare, SchoolMate, ServiceWatch, Smart Security. Simply Done.,
Vcontroller, VPNforce, The W-G logo are either registered trademarks or
trademarks of WatchGuard Technologies, Inc. in the United States and/or
other courtries.
Printed in the United States of America.
Part No: 1200188
Notice to Users
Information in this guide is subject to change without notice. Companies,
names, and data used in examples herein are fictitious unless otherwise
noted. No part of this guide may be reproduced or transmitted in any form or
by any means, electronic or mechanical, for any purpose, without the express
written permission of WatchGuard Technologies, Inc.
Limited Hardware Warranty
This Limited Hardware Warranty (the “Warranty”) applies to the enclosed
WatchGuard hardware product (the “Product”). BY USING THE
PRODUCT, YOU AGREE TO THE TERMS HEREOF. If you do not agree to
these terms, please return this package, along with proof of purchase, to the
authorized dealer from which you purchased it for a full refund. WatchGuard
Technologies, Inc. (”WatchGuard”) and you agree as follows:
1. Limited Warranty. WatchGuard warrants that upon delivery and for one
(1) year thereafter (the “Warranty Period”): (a) the Product will be free
from material defects in materials and workmanship, and (b) the Product,
when properly installed and used for its intended purpose and in its intended
operating environment, will perform substantially in accordance with
WatchGuard applicable specifications.
This warranty does not apply to any Product that has been: (i) altered,
repaired or modified by any party other than WatchGuard; or (ii) damaged
ii
Page 3
Limited Hardware Warranty
or destroyed by accidents, power spikes or similar events or by any
intentional, reckless or negligent acts or omissions of any party. You may
have additional warranties with respect to the Product from the
manufacturers of Product components. However, you agree not to look to
WatchGuard for, and hereby release WatchGuard from any liability for,
performance of, enforcement of, or damages or other relief on account of,
any such warranties or any breach thereof.
2. Remedies. If any Product does not comply with the WatchGuard
warranties set forth in Section 1 above, WatchGuard will, at its option,
either (a) repair the Product, or (b) replace the Product; provided, that you
will be responsible for returning the Product to the place of purchase and for
all costs of shipping and handling. Repair or replacement of the Product
shall not extend the Warranty Period. Any Product, component, part or
other item replaced by WatchGuard becomes the property of WatchGuard .
WatchGuard shall not be responsible for return of or damage to any
software, firmware, information or data contained in, stored on, or
integrated with any returned Products.
3. Disclaimer and Release. THE WARRANTIES, OBLIGATIONS AND
LIABILITIES OF WATCHGUARD, AND YOUR REMEDIES, SET FORTH
IN PARAGRAPHS 1 AND 2 ABOVE ARE EXCLUSIVE AND IN
SUBSTITUTION FOR, AND YOU HEREBY WAIVE, DISCLAIM AND
RELEASE ANY AND ALL OTHER WARRANTIES, OBLIGATIONS AND
LIABILITIES OF WATCHGUARD AND ALL OTHER RIGHTS, CLAIMS
AND REMEDIES YOU MAY HAVE AGAINST WATCHGUARD,
EXPRESS OR IMPLIED, ARISING BY LAW OR OTHERWISE, WITH
RESPECT TO ANY NONCONFORMANCE OR DEFECT IN THE PRODUCT
(INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY OF
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE,
ANY IMPLIED WARRANTY ARISING FROM COURSE OF
PERFORMANCE, COURSE OF DEALING, OR USAGE OF TRADE, ANY
WARRANTY OF NONINFRINGEMENT, ANY WARRANTY OF
UNINTERRUPTED OR ERROR-FREE OPERATION, ANY OBLIGATION,
LIABILITY, RIGHT, CLAIM OR REMEDY IN TORT, WHETHER OR NOT
ARISING FROM THE NEGLIGENCE (WHETHER ACTIVE, PASSIVE OR
IMPUTED) OR FAULT OF WATCHGUARD OR FROM PRODUCT
LIABILITY, STRICT LIABILITY OR OTHER THEORY, AND ANY
OBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY FOR LOSS OR
DAMAGE TO, OR CAUSED BY OR CONTRIBUTED TO BY,THE
PRODUCT).
4. Limitation of Liability. WATCHGUARD TECHNOLOGIES’ LIABILITY
(WHETHER ARISING IN CONTRACT (INCLUDING WARRANTY), TORT
(INCLUDING ACTIVE, PASSIVE OR IMPUTED NEGLIGENCE AND
STRICT LIABILITY AND FAULT) OR OTHER THEORY) WITH REGARD
TO ANY PRODUCT WILL IN NO EVENT EXCEED THE PURCHASE
PRICE PAID BY YOU FOR SUCH PRODUCT. THIS SHALL BE TRUE
EVEN IN THE EVENT OF THE FAILURE OF ANY AGREED REMEDY.
Hardware Guide iii
Page 4
IN NO EVENT WILL WATCHGUARD TECHNOLOGIES BE LIABLE TO
YOU OR ANY THIRD PARTY (WHETHER ARISING IN CONTRACT
(INCLUDING WARRANTY), TORT (INCLUDING ACTIVE, PASSIVE OR
IMPUTED NEGLIGENCE AND STRICT LIABILITY AND FAULT) OR
OTHER THEORY) FOR COST OF COVER OR FOR ANY INDIRECT,
SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES
(INCLUDING WITHOUT LIMITATION LOSS OF PROFITS, BUSINESS,
OR DATA) ARISING OUT OF OR IN CONNECTION WITH THIS
WARRANTY OR THE USE OF OR INABILITY TO USE THE PRODUCT,
EVEN IF WATCHGUARD TECHNOLOGIES HAS BEEN ADVISED OF
THE POSSIBILITY OF SUCH DAMAGES. THIS SHALL BE TRUE EVEN
IN THE EVENT OF THE FAILURE OF ANY AGREED REMEDY.
5. Miscellaneous Provisions. This Warranty will be governed by the laws of
the state of Washington, U.S.A., without reference to its choice of law rules.
The provisions of the 1980 United Nations Convention on Contracts for the
International Sales of Goods, as amended, shall not apply. You agree not to
directly or indirectly transfer the Product or associated documentation to
any country to which such transfer would be prohibited by the U.S. Export
laws and regulations. If any provision of this Warranty is found to be invalid
or unenforceable, then the remainder shall have full force and effect and the
invalid provision shall be modified or partially enforced to the maximum
extent permitted by law to effectuate the purpose of this Warranty. This is
the entire agreement between WatchGuard and you relating to the Product,
and supersedes any prior purchase order, communications, advertising or
representations concerning the Product AND BY USING THE PRODUCT
YOU AGREE TO THESE TERMS. No change or modification of this
Agreement will be valid unless it is in writing, and is
signed by WatchGuard.
iv
Page 5
FCC Certification
FCC Certification
This device has been tested and found to comply with
limits for a Class A digital device, pursuant to Part 15
of the FCC Rules. Operation is subject to the following
two conditions:
Hardware Guide v
Page 6
CE Notice
• This device may not cause harmful interference.
• This device must accept any interference received,
including interference that may cause undesired
operation.
The CE symbol on your WatchGuard Technologies
equipment indicates that it is in compliance with the
Electromagnetic Compatibility (EMC) directive and
the Low Voltage Directive (LVD) of the European
Union (EU).
Industry Canada
This Class A digital apparatus meets all requirements
of the Canadian Interference-Causing Equipment
Regulations.
Cet appareil numerique de la classe A respecte toutes
les exigences du Reglement sur le materiel broulleur
du Canada.
vi
Page 7
Taiwanese Notice
VCCI Notice Class A ITE
Taiwanese Notice
Hardware Guide vii
Page 8
viii
Page 9
Contents
Limited Hardware Warranty ............................................... ii
FCC Certification ............................................................. v
CE Notice ....................................................................... vi
Industry Canada .............................................................. vi
Taiwanese Notice ........................................................... vii
VCCI Notice Class A ITE ................................................. vii
Hardware Requirements ...................................................1
Hardware Description .......................................................2
Firebox III front view (all models except Model 500 and 700) .3
Firebox III front view (Model 500 and 700) ..........................5
Firebox III rear view (all models except Model 500 and 700) ...6
Firebox III rear view (Model 500 and 700) ...........................8
Physical specifications (All models except
Model 500 and 700)
Physical specifications (Model 500 and 700) ........................9
Cross-over cabling .......................................................10
Hardware Guide ix
...............................................9
Page 10
x
Page 11
Hardware Guide
The WatchGuard Firebox III is a specially designed
and optimized security appliance. Solid-state architecture removes the risk of hard-drive failure and disk
crashes. Three independent network interfaces allow
you to separate your protected office network from
the Internet while providing you an optional public
interface for hosting Web, email, or FTP servers. Each
network interface is independently monitored and
visually displayed on the front of the Firebox.
Easily installed into your network, the rack-mountable
Firebox plugs in at the Internet connection of your
offices to implement security policies and protection.
For information on installing the Firebox, see the Firebox QuickStart Poster or the “Getting Started” chapter
in the WatchGuard Firebox System User Guide.
Hardware Requirements
WatchGuard recommends physically installing a Firebox III under the following conditions:
Hardware Guide 1
Page 12
• Securely rack-mounted
• Placed in a dry, temperature-controlled environment
from —10 to +70 degrees Celsius (14 to +158 degrees
Fahrenheit).
• Placed in a secured environment, such as a locked LAN
room, or similar space, to prevent physical
compromise by unprivileged personnel
• Connected to conditioned power to prevent damage
caused by power spikes and other power fluctuations
The following minimum hardware requirements pertain to
the management station–the computer that administers
the Firebox. This computer runs the Firebox System Manager software, which provides access to WatchGuard Firebox System applications.
Hardware feature Minimum requirements (management station)
CPU Pentium II
Memory Same as for operating system.
Recommended:
64 MB for Windows NT 4.0
64 MB for Windows 2000 Professional
256 MB for Windows 2000 Server
Hard disk space 25 MB to install all WatchGuard modules
15 MB minimum for log file
Additional space as required for log files
Additional space as required for multiple
configuration files
CD-ROM drive One CD-ROM drive to install WatchGuard from its
CD-ROM distribution disk
Hardware Description
The Firebox III has indicator lights on the front and connections on the back.
2
Page 13
Hardware Description
Firebox III front view (all models except
Model 500 and 700)
Indicators for the Firebox III Model 1000, Model 2500, and
Model 4500 are on a central back-lit indicator panel. The
following photograph shows the entire front view.
The photograph below shows a close-up of the indicator
panel. From the left, the indicators are as described on the
next page.
Disarm
Red light indicates the Firebox detected an error,
shut down its interfaces, and will not forward any
packets. Reboot the Firebox.
Hardware Guide 3
Page 14
Armed
Green light indicates the Firebox has been booted
and is running.
Sys A
Indicates that the Firebox is running from its
primary user-defined configuration.
Sys B
Indicates that the Firebox is running from the readonly factory default system area.
Power
Indicates that the Firebox is currently powered up.
Security Triangle Display
Indicates traffic between Firebox interfaces. Green
arrows briefly light to indicate allowed traffic
between two interfaces in the direction of the
arrows. A red light at a triangle corner indicates
that the Firebox is denying packets at that interface.
Traffic
A stack of lights that functions as a meter to
indicate levels of traffic volume through the
Firebox. Low volume indicators are green, while
high volume indicators are yellow. The display
updates three times per second. The scale is
exponential: the first light represents 64 packets/
second, the second light represents 128 packets/
second, increasing to the eighth light which
represents 8,192 packets/second.
Load
A stack of lights that functions as a meter to
indicate the system load average. The system load
average is the average number of processes
running (not including those in wait states) during
the last minute. Low average indicators are green,
while high average indicators are yellow. The
display updates three times per second. The scale is
exponential with each successive light representing
a doubling of the load average. The first light
4
Page 15
Hardware Description
represents a load average of 0.15. The most
significant load factor on a Firebox is the number of
proxies running.
Firebox III front view (Model 500 and 700)
Firebox III Model 500 and 700 indicators are on a central
back-lit indicator panel. The following photograph shows
the entire front view.
The following photograph shows a close-up of the indicator panel. From the left, the indicators are as described
below.
Hardware Guide 5
Page 16
Disarm
Red light indicates the Firebox detected an error,
shut down its interfaces, and will not forward any
packets.
Armed
Green light indicates the Firebox has been booted
and is running.
Sys A
Indicates that the Firebox is running from its
primary user-defined configuration.
Sys B
Indicates that the Firebox is running from the readonly factory default system area.
Power
Indicates that the Firebox is currently powered up.
Security Triangle Display
Indicates traffic between Firebox interfaces. Green
arrows briefly light to indicate allowed traffic
between two interfaces in the direction of the
arrows. A red light at a triangle corner indicates
that the Firebox is denying packets at that interface.
Firebox III rear view (all models except
Model 500 and 700)
The rear view of the Firebox III Model 1000, Model 2500,
and Model 4500 contains ports and jacks for connectivity
as well as a power switch. From the left, rear panel features
are as described on the next page:
6
Page 17
Hardware Description
AC Receptacle
Accepts the detachable AC power cord supplied
with the Firebox.
Power Switch
Turns the Firebox on or off.
PCI Expansion Slot
Reserved for future use.
Factory Default
This button is active only during the boot process.
To boot the Firebox to SYS B, press this button and
hold it down for 20-60 seconds (or until you see the
Sys B light come on).
Console Port
Connects to the management station or modem
through a serial cable supplied with the Firebox
using PPP.
.
Ethernet Ports
(Shown on the previous page) Indicators for each
network interface display link status, card speed,
and activity. The network interface cards (NICs)
are auto-sensing and adapt to wire speed
automatically. The speed indicator lights when
Hardware Guide 7
Page 18
there is a good physical connection to the Firebox.
When the card runs at 10Mbit, the speed indicator
is yellow. When the card runs at 100 Mbit, the
speed indicator is green. The amber traffic
indicator blinks when traffic is passing through the
Firebox.
Firebox III rear view (Model 500 and 700)
The rear view of the Firebox III Model 500 and 700 contains
ports and jacks for connectivity as well as a power switch.
From the left, rear panel features are as described below:
AC Receptacle
Accepts the detachable AC power cord supplied
with the Firebox.
Power Switch
Turns the Firebox on or off.
Factory Default
This button is active only during the boot process.
To boot the Firebox to SYS B, press this button and
hold it down for 20-60 seconds (or until you see the
Sys B light come on).
8
Page 19
Hardware Description
Console Port
Connects to the management station or modem
through a serial cable supplied with the Firebox
using PPP.
Ethernet Jacks
Indicators for each network interface display link
status, card speed, and activity. The network
interface connections (NICs) are auto-sensing and
adapt to wire speed automatically. The speed
indicator lights when there is a good physical
connection to the Firebox. When the card runs at
10Mbit, the speed indicator is yellow. When the
card runs at 100 Mbit, the speed indicator is green.
The amber traffic indicator blinks when traffic is
passing through the Firebox.
Physical specifications (All models except
Model 500 and 700)
• Three RJ-45 10/100Tx Ethernet interfaces
• 1 DB-9 serial port
• PCI expansion option
• 500 MHz AMD K6-III processor
300 MHz AMD K6-II processor (model 1000 only)
• 64-MB SDRAM (model 1000)
128-MB SDRAM (model 2500)
264-MB SDRAM (model 4500)
• 8-MB flash disk
• 100-240 VAC Autosensing, 50/60 Hz
• Height: 2.85”; Width: 15.5 “; Depth: 10.5”
Physical specifications (Model 500 and 700)
• Three RJ-45 10/100Tx Ethernet interfaces
• 1 DB-9 serial port
Hardware Guide 9
Page 20
• 233 MHz AMD K6-II processor
•64-MB SDRAM
• 8-MB flash disk
• 100-240 VAC Autosensing, 50/60 Hz
• Height: 2.85”; Width: 15.5 “; Depth: 10.5”
Cross-over cabling
To connect a Firebox to a hub or switch, use a standard,
straight-through cable. However, if you plan to connect a
Firebox directly to a router, either purchase or build a
cross-over cable for RJ-45 (Cat5) wire.
The tables below provide pin-out descriptions for both a
straight-through and a RJ-45 (Cat5) cross-over cable.
Pin Number Pin Number
1 (Transmit Plus) 1 (Transmit Plus)
2 (Transmit -) 2 (Transmit -)
3 (Receive Plus) 3 (Receive Plus)
6 (Receive -) 6 (Receive -)
4,5,7,8 Not Used
Pin Number Pin Number
1 (Transmit Plus) 3 (Receive Plus)
2 (Transmit -) 6 (Receive -)
3 (Receive Plus) 1 (Transmit Plus)
6 (Receive -) 2 (Transmit -)
4,5,7,8 Not Used
10
Loading...