Watchguard Firebox X15-W, Firebox X20E, Firebox X55E, Firebox X20E-W, Firebox X55E-W User Manual

WatchGuard
Firebox X Edge e-Series
User Guide

Firebox X Edge e-Series version 10
All Firebox X Edge e-Series Standard and Wireless Models

Notice to Users

Information in this guide is subject to change without notice. Companies, names, and data used in examples
herein are fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any form
or by any means, electronic or mechanical, for any purpose, without the express written permission of
WatchGuard Technologies, Inc.

Guide Revision: 02/12/2008

Copyright, Trademark, and Patent Information

Copyright © 1998 - 2008 WatchGuard Technologies, Inc. All rights reserved. All trademarks or trade names mentioned
herein, if any, are the property of their respective owners.

Complete copyright, trademark, patent, and licensing information can be found in the Reference Guide, available online:

http://www.watchguard.com/help/documentation/.

This product is for indoor use only.

Abbreviations Used in this Guide

3DES Triple Data Encryption

Standard

BOVPN Branch Office Virtual

Private Network

DES Data Encryption

IPSec Internet Protocol

Security

ISP Internet Service

Provider

MAC Media Access Control UDP User Datagram

Standard

DNS Domain Name Service NAT Network Address

Translation

DHCP Dynamic Host

Configuration Protocol

PPP Point-to-Point

Protocol

DSL Digital Subscriber Line PPTP Point-to-Point

Tunneling Protocol

IP Internet Protocol PPPoE Point-to-Point

Protocol over
Ethernet

ABOUT WATCHGUARD

Since 1996, WatchGuard Technologies has provided reliable, easy to manage security
appliances to hundreds of thousands of businesses worldwide. Our Firebox X family of
unified threat management (UTM) solutions provides the best combination of strong,
reliable, multi-layered security with the best ease of use in its class. All products are
backed by LiveSecurity® Service, a ground-breaking support and maintenance
program. WatchGuard is a privately owned company, headquartered in Seattle,
Washington, with offices throughout North America, Europe, Asia Pacific, and Latin
America. For more information, please call 206.613.6600 or visit www.watchguard.com

SSL Secure Sockets Layer

TCP Transfer Control

Protocol

Protocol

URL Uniform Resource

Locator

VPN Virtual Private

Network

WAN Wide Area Network

WSM WatchGuard System

Manager

ADDRESS

505 Fifth Avenue South
Suite 500
Seattle, WA 98104

SUPPORT

www.watchguard.com/support

U.S. and Canada +877.232.3531

.

All Other Countries +1.206.521.3575

SALES

U.S. and Canada +1.800.734.9905
All Other Countries +1.206.613.0895

ii Firebox X Edge e-Series

Table of Contents

Chapter 1 Introduction to Network Security ........................................................................................... 1

About networks and network security .......................................................................................................... 1

About Internet Connections ......................................................................................................................... 1

About protocols................................................................................................................................................. 2

How Information Travels on the Internet................................................................................................. 2

About IP addresses................................................................................................................................................ 3

Private addresses and gateways............................................................................................................. 3

About subnet masks ................................................................................................................................... 4

About slash notation ....................................................................................................................................... 4

About entering IP addresses......................................................................................................................... 4

About DHCP........................................................................................................................................................ 5

About PPPoE ....................................................................................................................................................... 5

About Domain Name Service (DNS) ............................................................................................................... 5

About services and policies ............................................................................................................................... 5

About ports .................................................................................................................................................... 6

About Firewalls....................................................................................................................................................... 7

The Firebox X Edge and your Network .......................................................................................................... 8

Chapter 2 Installation ................................................................................................................................ 9

Before you begin.................................................................................................................................................... 9

Verify basic requirements .............................................................................................................................. 9

Network Addressing Requirements.................................................................................................... 11

Find your TCP/IP Properties ................................................................................................................... 11

Finding your TCP/IP properties on Microsoft Windows Vista.................................................... 11

Finding your TCP/IP properties on Microsoft Windows NT ........................................................ 12

Finding your TCP/IP properties on Macintosh OS 9 ...................................................................... 12

Finding your TCP/IP properties on Macintosh OS X 10.5 ............................................................ 12

Finding your TCP/IP properties on other operating systems (Unix, Linux)........................... 12

Find PPPoE settings................................................................................................................................... 12

Disable the HTTP proxy ..................................................................................................................................... 13

Disable the HTTP proxy in Internet Explorer 6.x or 7.x ................................................................. 13

Disable the HTTP proxy in Firefox 2.x ................................................................................................. 14

Disable the HTTP proxy in Safari 2.0.................................................................................................... 14

User Guide iii

Disable pop-up blocking................................................................................................................................... 14

Disable the pop-up blocker in Internet Explorer 6.x or 7.x ......................................................... 14

Disable the pop-up blocker in Firefox 2.x ......................................................................................... 14

Disable the pop-up blocker in Safari 2.0............................................................................................ 14

Connect the Firebox X Edge ............................................................................................................................ 15

Connect the Edge to more than four devices....................................................................................... 16

Use DHCP ........................................................................................................................................................... 18

Chapter 3 Configuration Pages Overview ............................................................................................. 21

About Edge Configuration Pages .................................................................................................................. 21

Connect to the Firebox X Edge ....................................................................................................................... 21

Navigating the Firebox X Edge User Interface .......................................................................................... 23

System Status page ........................................................................................................................................ 23

Firebox Users page ......................................................................................................................................... 25

Administration page ...................................................................................................................................... 26

Firewall page .................................................................................................................................................... 27

Logging page ................................................................................................................................................... 28

WebBlocker page ............................................................................................................................................ 29

spamBlocker page .......................................................................................................................................... 30

Gateway AV/IPS page .................................................................................................................................... 31

VPN page............................................................................................................................................................ 32

Wizards page .................................................................................................................................................... 32

Monitoring the Firebox X Edge ...................................................................................................................... 33

ARP table............................................................................................................................................................ 33

Authentications ............................................................................................................................................... 33

Connections ...................................................................................................................................................... 34

Proxy filter connections ........................................................................................................................... 34

Packet filter connections......................................................................................................................... 34

DHCP leases ...................................................................................................................................................... 35

Disk usage.......................................................................................................................................................... 35

Dynamic DNS.................................................................................................................................................... 36

Hostile sites ....................................................................................................................................................... 36

Interfaces............................................................................................................................................................ 36

License ................................................................................................................................................................ 37

LiveSecurity ....................................................................................................................................................... 37

Memory .............................................................................................................................................................. 37

Processes............................................................................................................................................................ 37

Protocols ............................................................................................................................................................ 38

Routes ................................................................................................................................................................. 38

Security Services.............................................................................................................................................. 38

Syslog .................................................................................................................................................................. 38

VPN statistics..................................................................................................................................................... 39

Wireless statistics ............................................................................................................................................ 39

Chapter 4 Configuration and Management Basics ............................................................................... 41

About basic configuration and management tasks................................................................................ 41

About the Edge backup configuration file................................................................................................. 41

Before You Begin........................................................................................................................................ 42

See the Configuration File ........................................................................................................................... 42

Create a backup configuration file ...................................................................................................... 43

Restore your Edge configuration .............................................................................................................. 43

Restore your configuration from a backup file ............................................................................... 43

iv Firebox X Edge e-Series

About feature keys .............................................................................................................................................. 45

Restart the Firebox locally............................................................................................................................ 47

Using the web browser ............................................................................................................................ 47

Disconnecting the power supply ......................................................................................................... 47

To set the system time .................................................................................................................................. 50

SNMP polls.................................................................................................................................................... 52

Enable SNMP polling ..................................................................................................................................... 52

Use HTTP instead of HTTPS ......................................................................................................................... 54

Change the HTTP server port...................................................................................................................... 55

About WatchGuard System Manager access............................................................................................. 55

Rename the Firebox X Edge e-series in WSM ....................................................................................... 55

Enable centralized management with WSM......................................................................................... 56

Enable remote management with WFS v7.3 or earlier...................................................................... 58

Allow traffic from a management server................................................................................................ 59

About updating the Firebox X Edge software .......................................................................................... 59

Method 1: Install software automatically ............................................................................................... 59

Method 2: Install software manually ........................................................................................................ 60

Available upgrade options .......................................................................................................................... 61

Upgrade your Firebox X Edge model ...................................................................................................... 63

Chapter 5 Network Settings .................................................................................................................... 65

About network interface setup....................................................................................................................... 65

If your ISP uses DHCP..................................................................................................................................... 67

Advanced PPPoE settings ....................................................................................................................... 70

Configure your external interface as a wireless interface ................................................................ 71

Using an Edge with a wireless external interface to extend network connectivity........... 71

About advanced external network settings.......................................................................................... 72

About changing the IP address of the trusted network ................................................................... 74

Change the IP address of the trusted network................................................................................ 75

Make the Firebox a DHCP relay agent................................................................................................ 78

Use static IP addresses for trusted computers ..................................................................................... 79

Allow wireless connections to the trusted interface.......................................................................... 79

About restricting access to an interface by MAC address................................................................ 79

Restrict access to the trusted interface by MAC address............................................................. 80

About configuring the optional network ................................................................................................... 82

Enable the optional network...................................................................................................................... 83

Set optional network DHCP address reservations .............................................................................. 85

Make the Firebox a DHCP relay agent................................................................................................ 86

Use static IP addresses for optional computers ................................................................................... 86

Add computers to the optional network ............................................................................................... 86

Allow wireless connections to the optional interface ....................................................................... 87

About restricting access to an interface by MAC address................................................................ 87

Restrict access to the optional interface by MAC address .......................................................... 87

Add a static route............................................................................................................................................ 88

Create a DynDNS account............................................................................................................................ 90

Set up the Firebox X Edge for Dynamic DNS ........................................................................................ 90

Multiple WAN configuration options....................................................................................................... 93

WAN Failover ............................................................................................................................................... 93

Multi-WAN .................................................................................................................................................... 93

About multi-WAN and DNS......................................................................................................................... 94

Configure a second external interface for a broadband connection........................................... 94

Configure advanced WAN2 settings................................................................................................... 95

User Guide v

Configure WAN failover ................................................................................................................................ 97

Enable WAN failover with the Setup Wizard.................................................................................... 97

Configure the Edge for serial modem failover ................................................................................ 98

Configure your modem for WAN failover ......................................................................................... 99

Dial-up account settings ......................................................................................................................... 99

DNS settings.............................................................................................................................................. 100

Dial-up settings........................................................................................................................................ 100

About virtual local area networks (VLANs) .............................................................................................. 101

Add a VLAN tag to the External Interface............................................................................................ 101

Add a VLAN tag to the Trusted or Optional Interface..................................................................... 102

Chapter 6 Wireless Setup ...................................................................................................................... 103

About wireless setup ....................................................................................................................................... 103

Before you begin............................................................................................................................................... 103

About wireless configuration settings ...................................................................................................... 104

Change the SSID........................................................................................................................................... 104

Enable/disable SSID broadcasts ............................................................................................................. 104

Log authentication events........................................................................................................................ 105

Change the fragmentation threshold .................................................................................................. 105

Change the RTS threshold........................................................................................................................ 105

About wireless security settings.................................................................................................................. 105

Set the encryption level............................................................................................................................. 106

Open system and shared key authentication............................................................................... 106

WPA and WPA2 PSK authentication................................................................................................. 106

About wireless connections to the trusted interface .......................................................................... 107

Allow wireless connections to the trusted interface....................................................................... 107

Allow wireless connections to the optional interface......................................................................... 109

Enable a wireless guest network manually ............................................................................................. 111

Set the operating region and channel ................................................................................................. 113

Set the wireless mode of operation ...................................................................................................... 113

Configure the wireless card on your computer..................................................................................... 114

Chapter 7 Firewall Policies .................................................................................................................... 115

About policies .................................................................................................................................................... 115

About using policies in your network.............................................................................................. 115

Policy rules...................................................................................................................................................... 116

Incoming and outgoing traffic................................................................................................................ 116

Editing common packet filter policies ...................................................................................................... 119

Set access control options (incoming)................................................................................................. 119

Set access control options (outgoing).................................................................................................. 120

About custom policies .................................................................................................................................... 121

Add a custom policy using a wizard ..................................................................................................... 121

Filter incoming traffic for a custom policy.......................................................................................... 122

Filter outgoing traffic for a custom policy .......................................................................................... 123

Control traffic from the trusted to optional network...................................................................... 124

Disable traffic filters between trusted and optional networks.................................................... 125

Chapter 8 Proxy Settings ...................................................................................................................... 127

About proxy policies........................................................................................................................................ 127

Enable a common proxy policy .............................................................................................................. 128

Add or Edit a Proxy Policy ......................................................................................................................... 128

Set access control options ........................................................................................................................ 129

Use a policy to manage manual VPN network traffic ..................................................................... 129

vi Firebox X Edge e-Series

About the HTTP proxy..................................................................................................................................... 130

HTTP proxy: Proxy Limits........................................................................................................................... 130

HTTP requests: General settings............................................................................................................. 130

HTTP proxy: Deny message ...................................................................................................................... 131

Define exceptions ................................................................................................................................... 133

HTTP responses: Content types.............................................................................................................. 133

HTTP requests: URL paths......................................................................................................................... 134

HTTP responses: Cookies........................................................................................................................... 134

Block cookies from a site ...................................................................................................................... 134

About the FTP proxy ........................................................................................................................................ 135

Edit the FTP proxy........................................................................................................................................ 135

Set access control options ........................................................................................................................ 135

FTP proxy: Proxy limits............................................................................................................................... 136

Edit the POP3 proxy .................................................................................................................................... 138

Set access control options ........................................................................................................................ 138

POP3 proxy: Proxy limits............................................................................................................................ 139

POP3 proxy: Content types ...................................................................................................................... 141

POP 3 proxy: Deny unsafe file name patterns .............................................................................. 142

Edit the SMTP proxy .................................................................................................................................... 143

SMTP proxy: Deny message ..................................................................................................................... 146

SMTP Proxy: Filter email by address pattern...................................................................................... 146

SMTP proxy: Email content....................................................................................................................... 147

Allow only safe content types ............................................................................................................ 147

Add or remove file name patterns.................................................................................................... 148

Deny unsafe file name patterns ......................................................................................................... 148

About the HTTPS proxy .................................................................................................................................. 148

About the Outgoing Proxy ............................................................................................................................ 151

Settings tab ............................................................................................................................................... 151

Content tab ............................................................................................................................................... 151

About additional security subscriptions for proxies............................................................................ 151

Chapter 9 Default Threat Protection .................................................................................................... 153

About intrusion prevention .......................................................................................................................... 153

About Blocked Sites ......................................................................................................................................... 154

Permanently blocked sites................................................................................................................... 154

Auto-blocked sites/Temporary Blocked Sites list........................................................................ 154

Block a site permanently ........................................................................................................................... 155

Block sites temporarily ............................................................................................................................... 156

About blocked ports........................................................................................................................................ 157

Default blocked ports ............................................................................................................................ 157

Block a port .................................................................................................................................................... 158

Drop DoS flood attacks .............................................................................................................................. 159

Distributed denial-of-service prevention............................................................................................ 161

Configure firewall options............................................................................................................................. 162

Chapter 10 Traffic Management ............................................................................................................. 165

About Traffic Management........................................................................................................................... 165

About network traffic ................................................................................................................................. 165

Causes for slow network traffic .......................................................................................................... 165

Traffic Categories .............................................................................................................................................. 166

Interactive traffic ..................................................................................................................................... 166

High priority .............................................................................................................................................. 166

Medium priority....................................................................................................................................... 166

Low priority ...................................................................................................................

............................ 166

User Guide vii

Traffic Marking ................................................................................................................................................... 167

Types of NAT .................................................................................................................................................. 172

NAT behavior ............................................................................................................................................ 172

About dynamic NAT.................................................................................................................................... 173

About static NAT .......................................................................................................................................... 173

Add a secondary external IP address............................................................................................... 175

Remove a secondary external IP address pair .............................................................................. 175

Enable secondary addresses............................................................................................................... 175

Add or edit a policy for 1-to-1 NAT................................................................................................... 176

Chapter 11 Logging ................................................................................................................................. 177

About logging and log files .......................................................................................................................... 177

Log Servers ................................................................................................................................................ 177

Event Log and System Status Syslog ............................................................................................... 177

Logging and notification in applications and servers ............................................................... 178

About log messages............................................................................................................................... 178

See the event log file ....................................................................................................................................... 178

To see the event log file............................................................................................................................. 178

About logging to a WatchGuard Log Server .......................................................................................... 179

Send your event logs to the Log Server............................................................................................... 179

Send logs to a Syslog host ........................................................................................................................ 181

Chapter 12 Certificates ............................................................................................................................ 183

About certificates.............................................................................................................................................. 183

Certificate authorities and signing requests................................................................................. 183

About certificates and the Firebox X Edge .................................................................................... 183

Use OpenSSL to generate a CSR .................................................................................................................. 184

Use Microsoft CA to create a certificate.................................................................................................... 184

Send the certificate request..................................................................................................................... 184

Issue the certificate...................................................................................................................................... 185

Download the certificate........................................................................................................................... 185

About using certificates on the Firebox X Edge .................................................................................... 185

Import a certificate ...................................................................................................................................... 185

Use a local certificate ............................................................................................................................. 185

Remove a certificate.................................................................................................................................... 186

Examine a certificate................................................................................................................................... 186

Chapter 13 User and Group Management ............................................................................................. 187

About user licenses .......................................................................................................................................... 187

User licensing when authentication is required............................................................................... 187

User licensing when authentication is not required....................................................................... 188

About user authentication ............................................................................................................................ 188

Set authentication options for all users............................................................................................... 189

Configure an individual user account .................................................................................................. 190

Require users to authenticate to the Edge......................................................................................... 191

Authenticate a session without administrative access ............................................................. 192

Create a read-only administrative account ................................................................................... 192

Use the built-in administrator account........................................................................................... 193

Set a WebBlocker profile for a user........................................................................................................ 193

Change a user account name or password ........................................................................................ 194

About LDAP/Active Directory authentication........................................................................................ 195

About using third-party authentication servers............................................................................... 195

Configure the LDAP/Active Directory authentication service..................................................... 196

Use the LDAP authentication test feature .......................................................................................... 197

viii Firebox X Edge e-Series

Configure groups for LDAP authentication........................................................................................ 197

Add a group for LDAP authentication.................................................................................................. 198

Set a WebBlocker profile for an LDAP group ..................................................................................... 199

LDAP authentication and Mobile VPN with IPSec............................................................................ 199

Before You Begin..................................................................................................................................... 200

Enable Single Sign-On........................................................................................................................... 201

Install the WatchGuard Single Sign-On (SSO) agent.................................................................. 201

See active sessions and users ....................................................................................................................... 204

Firebox user settings................................................................................................................................... 204

Active sessions .............................................................................................................................................. 204

Local User account ...................................................................................................................................... 205

Editing a user account........................................................................................................................... 206

Deleting a user account ........................................................................................................................ 206

Allow internal devices to bypass user authentication ........................................................................ 206

Chapter 14 WebBlocker ........................................................................................................................... 207

About WebBlocker ........................................................................................................................................... 207

Configure global WebBlocker settings..................................................................................................... 207

Install the Quarantine Server and WebBlocker Server ........................................................................ 209

Download the server software........................................................................................................... 209

About WebBlocker profiles ........................................................................................................................... 210

Create a WebBlocker profile..................................................................................................................... 210

About WebBlocker categories ..................................................................................................................... 212

See whether a site is categorized........................................................................................................... 213

Add, remove, or change a category...................................................................................................... 214

About allowing sites to bypass WebBlocker........................................................................................... 215

Add an allowed site..................................................................................................................................... 215

Add a denied site ......................................................................................................................................... 216

Allow internal hosts to bypass WebBlocker ............................................................................................ 217

Chapter 15 spamBlocker ......................................................................................................................... 219

About spamBlocker.......................................................................................................................................... 219

spamBlocker requirements ...................................................................................................................... 219

About Virus Outbreak Detection (VOD)............................................................................................... 220

spamBlocker actions, tags, and categories......................................................................................... 220

spamBlocker tags .................................................................................................................................... 220

Configure spamBlocker ............................................................................................................................. 222

Set POP3 email actions ......................................................................................................................... 224

Set SMTP email actions ......................................................................................................................... 224

About spamBlocker exceptions.............................................................................................................. 225

Create exceptions ................................................................................................................................... 225

Change the order of exceptions........................................................................................................ 225

About using spamBlocker with multiple proxies............................................................................. 226

Send spam or bulk email to special folders in Outlook.................................................................. 227

Report false positives and false negatives............................................................................................... 228

Add trusted email forwarders to improve spam score accuracy..................................................... 228

Add Trusted Email Forwarders ................................................................................................................ 228

Chapter 16 Quarantine Server ................................................................................................................ 229

About the Quarantine Server ....................................................................................................................... 229

Install the Quarantine Server and WebBlocker Server ........................................................................ 230

Download the server software........................................................................................................... 230

Install Quarantine Server and WebBlocker Server ...................................................................... 230

Install server components......................................................................................................................... 231

User Guide ix

Run the Setup Wizard ................................................................................................................................. 231

Define the server location........................................................................................................................ 231

Set general server parameters ................................................................................................................ 232

Change expiration settings and user domains ................................................................................. 234

Change notification settings.................................................................................................................... 235

Enable or disable logging .................................................................................................................... 237

Add or prioritize Log Servers .............................................................................................................. 237

Send messages to the Windows Event Viewer ............................................................................ 237

Send messages to a file......................................................................................................................... 237

Open the messages dialog box ......................................................................................................... 240

Save messages or send to a user’s inbox........................................................................................ 241

Delete messages manually .................................................................................................................. 241

Delete messages automatically ......................................................................................................... 241

Open the messages dialog box .............................................................................................................. 242

About managing users ................................................................................................................................... 243

Add users ................................................................................................................................................... 244

Remove users ........................................................................................................................................... 244

Change the notification option for a user...................................................................................... 244

Get statistics on Quarantine Server activity ............................................................................................ 245

See statistics from specific dates ....................................................................................................... 245

See specific types of messages .......................................................................................................... 245

Group statistics by month, week, or day ........................................................................................ 245

Export and print statistics .................................................................................................................... 245

Chapter 17 Gateway AntiVirus and Intrusion Prevention Service ....................................................... 247

About Gateway AntiVirus and Intrusion Prevention ........................................................................... 247

About Gateway AntiVirus settings......................................................................................................... 248

POP3 proxy deny messages and Gateway AV/IPS ...................................................................... 248

Configure Gateway AV ............................................................................................................................... 249

About Intrusion Prevention Service settings..................................................................................... 250

Configure the Intrusion Prevention Service....................................................................................... 250

Chapter 18 Branch Office Virtual Private Networks .............................................................................. 253

About Branch Office Virtual Private Networks (BOVPNs) ................................................................... 253

Process required to create a tunnel.................................................................................................. 253

About VPN Failover ..................................................................................................................................... 254

About managed VPNs..................................................................................................................................... 255

Set up manual VPN tunnels .......................................................................................................................... 255

What you need for Manual VPN......................................................................................................... 255

Sample VPN address information table............................................................................................... 256

See VPN statistics ......................................................................................................................................... 263

Why do I need a static external address? ....................................................................................... 264

How do I get a static external IP address?...................................................................................... 264

How do I troubleshoot the connection?......................................................................................... 264

Why is ping not working? .................................................................................................................... 264

How do I set up more than the number of allowed VPN tunnels on my Edge?............... 264

x Firebox X Edge e-Series

Chapter 19 About Mobile VPN with PPTP .............................................................................................. 265

Enable PPTP on the Edge ............................................................................................................................... 267

Configure DNS and WINS settings .................................................................................................... 268

Prepare the client computers....................................................................................................................... 268

Create and connect a PPTP VPN from a Windows Vista client .................................................... 268

Create and connect a PPTP VPN from a Windows XP client......................................................... 269

Create and connect a PPTP VPN from a Windows 2000 client .................................................... 269

Use PPTP and Access the Internet.............................................................................................................. 270

Chapter 20 About Mobile VPN with IPSec ............................................................................................. 271

Client requirements ......................................................................................................................................... 271

Enable Mobile VPN for a group.................................................................................................................... 273

About Mobile VPN Client configuration files.......................................................................................... 274

Configure global Mobile VPN with IPSec client settings ............................................................... 274

Get the user’s .wgx file ............................................................................................................................... 275

Client Requirements ................................................................................................................................... 277

Import the end-user profile...................................................................................................................... 277

Select a certificate and enter the PIN.................................................................................................... 278

Connect and disconnect the Mobile VPN client............................................................................... 279

Disconnect the Mobile VPN client .................................................................................................... 280

Control connection behavior.............................................................................................................. 280

Mobile User VPN client icon................................................................................................................ 281

See Mobile VPN log messages ................................................................................................................ 281

Enable the link firewall .......................................................................................................................... 282

About the desktop firewall .................................................................................................................. 283

Enable the desktop firewall ................................................................................................................. 283

Define friendly networks ...................................................................................................................... 284

Create firewall rules ................................................................................................................................ 284

Chapter 21 About Mobile VPN with SSL ................................................................................................ 289

Before You Begin.......................................................................................................................................... 289

Steps required to set up your tunnels.................................................................................................. 289

Options for Mobile VPN with SSL tunnels........................................................................................... 289

Client requirements ......................................................................................................................................... 290

Enable Mobile VPN with SSL for a Firebox user ..................................................................................... 290

Enable Mobile VPN with SSL for a group ................................................................................................. 291

Enable the Edge to use Mobile VPN with SSL......................................................................................... 292

SSL VPN Advanced tab .......................................................................................................................... 294

Download the client software...................................................................................................................... 295

Install the Mobile VPN with SSL client software (Windows Vista and Windows XP) ........... 296

Install the Mobile VPN with SSL client software (Mac OS X) ......................................................... 296

Connect to the Firebox with the Mobile VPN with SSL client (Windows Vista and

Windows XP).................................................................................................................................................. 297

Connect to the Firebox with the Mobile VPN with SSL client (Mac OS X) ............................... 297

Uninstall the Mobile VPN with SSL client ............................................................................................ 298

Mobile VPN with SSL client for Windows Vista and Windows XP.......................................... 298

Mobile VPN with SSL client for Mac OS X ....................................................................................... 298

User Guide xi

xii Firebox X Edge e-Series

1

Introduction to Network
Security

About networks and network security

A network is a group of computers and other devices that are connected to each other. It can be two
computers that you connect with a serial cable, or many computers around the world connected through the
Internet. Computers on the same network can work together and share data.

Although the Internet gives you access to a large quantity of information and business opportunity, it also
opens your network to attackers. A good network security policy helps you find and prevent attacks to your
computer or network

Attacks are costly. Computers may need to be repaired or replaced. Employee time and resources are used to
fix problems created by attacks. Valuable information can be taken from the network.

Many people think that their computer holds no important information. They do not think that their computer
is a target for a hacker. This is not correct. A hacker can use your computer as a platform to attack other
computers or networks or use your account information to send email spam or attacks. Your personal
information and account information is also vulnerable and valuable to hackers.

About Internet Connections

ISPs (Internet service providers) are companies that give access to the Internet through network connections.
Bandwidth is the rate at which a network connection can send data: for example, 3 megabits per second
(Mbps).

A high-speed Internet connection, such as a cable modem or a DSL (Digital Subscriber Line), is known as a
broadband connection. Broadband connections are much faster than dial-up connections. The bandwidth of
a dial-up connection is less than .1 Mbps, while a cable modem can be 5 Mbps or more.

Typical speeds for cable modems are usually lower than the maximum speeds, because each computer in a
neighborhood is a member of a LAN. Each computer in that LAN uses some of the bandwidth. Because of this
shared-medium system, cable modem connections can become slow when more users are on the network.

DSL connections supply constant bandwidth, but they are usually slower than cable modem connections.
Also, the bandwidth is only constant between your home or office and the DSL central office. The DSL central
office cannot guarantee a constant connection bandwidth to a web site or network.

User Guide 1

Introduction to Network Security

About protocols

A protocol is a group of rules that allow computers to connect across a network. Protocols are the grammar of
the language that computers use when they speak to each other across a network.

The standard protocol when you connect to the Internet is the IP (Internet Protocol). This protocol is the usual
language of computers on the Internet.

A protocol also tells how data is sent through a network. The most frequently used protocols are TCP
(Transmission Control Protocol) and UDP (User Datagram Protocol).

TCP/IP is the basic protocol used by computers that connect to the Internet.

You must know some settings of TCP/IP when you set up your Firebox X Edge. For more information on
TCP/IP, see Find your TCP/IP Properties

.

How Information Travels on the Internet

The data that you send through the Internet is cut into units, or packets. Each packet includes the Internet
address of the destination. The packets that make up a connection can use different routes through the
Internet. When they all get to their destination, they are assembled back into the original order. To make sure
that the packets get to the destination, address information is added to the packets.

2 Firebox X Edge e-Series

Introduction to Network Security

The TCP and IP protocols are used to send and receive these packets. TCP disassembles the data and
assembles it again. IP adds information to the packets, such as the sender, the recipient, and any special
instructions.

About IP addresses

To send ordinary mail to a person, you must know his or her street address. For one computer on the Internet
to send data to a different computer, it must know the address of that computer. a computer address is known
as an Internet Protocol (IP) address. All devices on the Internet have unique IP addresses, which enable other
devices on the Internet to find and interact with them.

An IP address consists of four octets (8-bit binary sequences) expressed in decimal format and separated by
periods. Each number between the periods must be within the range of 0 and 255. Some examples of
IP addresses are:

 206.253.208.100 = WatchGuard.com
 4.2.2.2 = core DNS server
 10.0.4.1 = private IP

Private addresses and gateways

Many companies create private networks that have their own address space. The addresses 10.x.x.x and

192.168.x.x are set aside for private IP addresses. Computers on the Internet cannot use these addresses. If
your computer is on a private network, you connect to the Internet through a gateway device that has a public
IP address.

Usually, the default gateway is the router that is between your network and the Internet. After you install the
Firebox on your network, it becomes the default gateway for all computers connected to its trusted or
optional interfaces.

User Guide 3

Introduction to Network Security

About subnet masks

Because of security and performance considerations, networks are often divided into smaller portions called
subnets. All devices in a subnet have similar IP addresses. For example, all devices that have IP addresses
whose first three octets are 50.50.50 would belong to the same subnet.

A network IP address’s subnet mask, or netmask, is a string of bits that mask sections of the IP address to show
how many addresses are available and how many are already in use. For example, a large network subnet
mask might look like this: 255.255.0.0. Each zero shows that a range of IP addresses from 1 to 255 is available.
Each decimal place of 255 represents an IP address range that is already in use. In a network with a subnet
mask of 255.255.0.0, there are 65,025 IP addresses available. A smaller network subnet mask is 255.255.255.0.
Only 254 IP addresses are available.

About slash notation

The Firebox uses slash notation for many purposes, including policy configuration. Slash notation is a compact
way to show the subnet mask for a network. To write slash notation for a subnet mask:

1. First, find the binary representation of the subnet mask.

For example, the binary representation of 255.255.255.0 is 11111111.11111111.11111111.00000000.

2. Count each 1 in the subnet mask.

This example has twenty-four (24) of the numeral 1.

3. Add the number from step two to the IP address, separated by a forward slash (/).

The IP address 192.168.42.23/24 is equivalent to an IP address of 192.168.42.23 with a netmask of

255.255.255.0.

This table shows common network masks and their equivalents in slash notation.

Network mask Slash equivalent

255.0.0.0 /8

255.255.0.0 /16

255.255.255.0 /24

255.255.255.128 /25

255.255.255.192 /26

255.255.255.224 /27

255.255.255.240 /28

255.255.255.248 /29

255.255.255.252 /30

About entering IP addresses

When you type IP addresses in the Quick Setup Wizard or dialog boxes in Firebox management software, type
the digits and periods in the correct sequence. Do not use the TAB key, arrow key, spacebar, or mouse to put
your cursor after the periods.

For example, if you type the IP address 172.16.1.10, do not type a space after you type 16. Do not try to put
your cursor after the subsequent period to type 1. Type a period directly after 16, and then type 1.10. Press the
slash (/) key to move to the netmask.

4 Firebox X Edge e-Series

Static and dynamic IP addresses

ISPs (Internet service providers) assign an IP address to each device on their network. The IP address can be
static or dynamic.

A static IP address is an IP address that always stays the same. If you have a web server, FTP server, or other
Internet resource that must have an address that cannot change, you can get a static IP address from your ISP.
A static IP address is usually more expensive than a dynamic IP address, and some ISPs do not supply static IP
addresses. You must configure a static IP address manually.

A dynamic IP address is an IP address that an ISP lets you use temporarily. If a dynamic address is not in use,
it can be automatically assigned to a different device. Dynamic IP addresses are assigned using either
DHCP or PPPoE.

About DHCP

Dynamic Host Configuration Protocol (DHCP) is an Internet protocol that computers on a network use to get
IP addresses and other information such as the default gateway. When you connect to the Internet, a
computer configured as a DHCP server at the ISP automatically assigns you an IP address. It could be the same
IP address you had before, or it could be a new one. When you close an Internet connection that uses a
dynamic IP address, the ISP can assign that IP address to a different customer.

You can configure the Firebox as a DHCP server for networks behind the Firebox. You assign a range of
addresses that the DHCP server can choose from.

Introduction to Network Security

About PPPoE

Some ISPs assign their IP addresses through Point-to-Point Protocol over Ethernet (PPPoE). PPPoE expands a
standard dial-up connection to add some of the features of Ethernet and PPP. This network protocol allows
the ISP to use the billing, authentication, and security systems of their dial-up infrastructure with DSL modem
and cable modem products.

About Domain Name Service (DNS)

If you do not know the address of a person, you can frequently find it in the telephone directory. On the
Internet, the equivalent to a telephone directory is the DNS (Domain Name Service). Each web site has a
domain name (such as mysite.com) that maps to an IP address. When you type a domain name to show a web
site, your computer gets the IP address from a DNS server.

A URL (Uniform Resource Locator) includes a domain name and a protocol. An example of a URL is:

http://www.watchguard.com/

In summary, the DNS is the system that translates Internet domain names into IP addresses. A DNS server is a
server that performs this translation.

.

About services and policies

You use a service to send different types of data (such as email, files, or commands) from one computer to
another across a network or to a different network. These services use protocols. Frequently used Internet
services are:

User Guide 5

Introduction to Network Security

 World Wide Web access uses Hypertext Transfer Protocol (HTTP)
 Email uses Simple Mail Transfer Protocol (SMTP) or Post Office Protocol (POP3)
 File transfer uses File Transfer Protocol (FTP)
 Resolving a domain name to an Internet address uses Domain Name Service (DNS)
 Remote terminal access uses Telnet or SSH (Secure Shell)

When you allow or deny a service, you must add a policy to your Firebox configuration. Each policy you add
can also add a security risk. To send and receive data, you must open a door in your computer, which puts your
network at risk. We recommend that you add only the policies that are necessary for your business.

About ports

Usually, a port is a connection point where you use a jack and cables to connect devices. Computers also have
ports that are not physical locations. These ports are where programs transmit data.

Some protocols, such as HTTP, have ports with assigned numbers. For example, many computers transmit
email on port 110 because the POP3 protocol is assigned to port 110. Other programs are assigned port
numbers dynamically for each connection. The IANA (Internet Assigned Numbers Authority) keeps a list of
well known ports. You can see this list at: http://www.iana.org/assignments/port-numbers

Most policies are given a port number in the range from 0 to 1024, but possible port numbers range from
0 to 65535.

.

6 Firebox X Edge e-Series

About Firewalls

A firewall separates your trusted computers on the internal network from the external network, or the
Internet, to decrease risk of an external attack. The figure below shows how a firewall divides the trusted
computers from the Internet.

Introduction to Network Security

User Guide 7

Introduction to Network Security

Firewalls use access policies to identify and filter different types of information. They can also control which
policies or ports the protected computers can use on the Internet (outbound access). Many firewalls have
sample security policies, and users can select the policy that is best for them. With others, including the
Firebox, the user can customize these policies.

Firewalls can be in the form of hardware or software. A firewall protects private networks from unauthorized
users on the Internet. All traffic that enters the trusted or protected networks must go through the firewall.
The firewall examines each message and denies those that do not match the security criteria or policies.

In some closed, or default-deny firewalls, all network connections are denied unless there is a specific rule to
allow the connection. To deploy this type of firewall, you must have detailed information about the network
applications required to meet your organization’s needs. Other firewalls allow all network connections that
have not been explicitly denied. This type of open firewall is easier to deploy, but it is not as secure.

The Firebox X Edge and your Network

The Firebox X Edge controls all traffic between the external network and the trusted network. The Edge also
includes an optional network interface that is separate from the trusted network. Use the optional network for
computers with mixed trust. For example, customers frequently use the optional network for their remote
users or for public servers such as a web server or email server. Your firewall can stop all suspicious traffic from
the external network to your trusted and optional networks.

The Firebox X Edge e-Series is a firewall for small and remote offices. Some customers who purchase an Edge
do not know much about computer networks or network security. The Edge provides wizards and many self­help tools for these customers. Advanced customers can use Edge Pro appliance software’s advanced
integration features and multiple WAN support to connect an Edge to a larger wide area network. The Edge
connects to a cable modem, DSL modem, or ISDN router.

The web-based user interface of the Firebox X Edge lets you manage your network safely. You can manage
your Edge from different locations and at different times. This gives you more time and resources to use on
other components of your business.

8 Firebox X Edge e-Series

2

Installation

Before you begin

To install the WatchGuard Firebox X Edge e-Series in your network, you must complete these steps:

 Identify and record the TCP/IP properties for your Internet connection.
 Disable the HTTP proxy and pop-up blocker properties of your web browser.
 Connect the Edge to your network.
 Connect your computer to the Edge.
 Use the Quick Setup Wizard to configure the Edge.

Verify basic requirements

To install the Firebox X Edge e-Series, you must have:

 A computer with a 10/100BaseT Ethernet network interface card to configure the Edge.
 A web browser. You can use Internet Explorer 6.0 or later, Netscape 7.0 or later, or an equivalent

browser.

 The serial number of your Edge.

You can find the serial number on the bottom of the device. You use the serial number to register the Edge.

 An Internet connection.

The external network connection can be a cable or DSL modem with a 10/100BaseT port, an ISDN router, or a
direct LAN connection. If you have problems with your Internet connect ion, call your ISP (Internet Service Provider)
to correct the problem before you install the Firebox X Edge.

User Guide 9

Installation

Check package contents

Make sure that the package for your Firebox X Edge e-Series includes these items:

 Firebox X Edge e-Series User Guide on CD-ROM
 Firebox X Edge e-Series Quick Start Guide
 LiveSecurity Service activation card
 Hardware warranty card
 AC power adapter (12 V/1.2A) with international plug kit
 Power cable clip

Use this clip to attach the cable to the side of the Edge. This decreases the tension on the power cable.

 One green straight-through Ethernet cable
 Wall mount plate (wireless models only)
 Two antennae (wireless models only)

10 Firebox X Edge e-Series

Identify your network settings

To configure your Firebox X Edge, you must know some information about your network. Use this section to
learn how to identify your network settings. For an overview of network basics, see About networks and

network security.

Network Addressing Requirements

Speak with your ISP or corporate network administrator to learn how your computer receives its IP address.
Use the same method to connect to the Internet with the Firebox X Edge that you use with your computer. If
you connect your computer directly to the Internet with a broadband connection, you can put the Edge
between your computer and the Internet and use the network configuration from your computer to configure
the Edge external interface.

You can use a static IP address, DHCP, or PPPoE to configure the Edge external interface. For more information
about network addressing, see About configuring external interfaces

Your computer must have a web browser. You use the web browser to configure and manage the Firebox X
Edge. Your computer must have an IP address on the same network as the Edge.

In the factory default configuration, the Firebox X Edge assigns your computer an IP address with DHCP
(Dynamic Host Configuration Protocol). You can set your computer to use DHCP and then you can connect to
the Edge to manage it. You can also give your computer a static IP address that is on the same network as the
trusted IP address of the Edge. For more information, see Set your computer to connect to the Edge

Installation

.

.

Find your TCP/IP Properties

To learn about the properties of your network, look at the TCP/IP properties of your computer or any other
computer on the network. You must have the following information to install your Firebox X Edge:

 IP address
 Subnet mask
 Default gateway
 Whether your computer has a static or dynamic IP address
 IP addresses of primary and secondary DNS servers

If your ISP assigns your computer an IP address that starts with 10, 192.168, or 172.16 to 172.31, then
your ISP uses NAT (Network Address Translation) and your IP address is private. We recommend that
you get a public IP address for your Firebox X Edge external IP address. If you use a private IP address,
you can have problems with some features, such as virtual private networking.

To find your TCP/IP properties, use the following instructions for your computer operating system.

Finding your TCP/IP properties on Microsoft Windows Vista

1. Select Start > Programs > Accessories > Command Prompt.

The Command Prompt window appears.

2. At the command prompt, type ipconfig /all and press Enter.

3. Record the values that you see for the primary network adapter.

User Guide 11

Installation

Finding your TCP/IP properties on Microsoft Windows 2000, Windows 2003, and
Windows XP

Finding your TCP/IP properties on Microsoft Windows NT

Finding your TCP/IP properties on Macintosh OS 9

1. Select Start > All Programs > Accessories > Command Prompt.

The Command Prompt window appears.

2. At the command prompt, type ipconfig /all and press Enter.

3. Record the values that you see for the primary network adapter.

1. Select Start > Programs > Command Prompt.

The Command Prompt window appears.

2. At the command prompt, type

3. Record the values that you see for the primary network adapter.

1. Select the Apple menu > Control Panels > TCP/IP.

The TCP/IP window appears.

2. Record the values that you see for the primary network adapter.

ipconfig /all and press Enter.

Finding your TCP/IP properties on Macintosh OS X 10.5

1. Select the Apple menu > System Preferences, or select the icon from the Dock.

The System Preferences window appears.

2. Click the Network icon.

The Network preference pane appears.

3. Select the network adapter you use to connect to the Internet.

4. Record the values that you see for the network adapter.

Finding your TCP/IP properties on other operating systems (Unix, Linux)

1. Read your operating system guide to find the TCP/IP settings.

2. Record the values that you see for the primary network adapter.

Find PPPoE settings

Many ISPs use Point to Point Protocol over Ethernet (PPPoE) because it is easy to use with a dial-up
infrastructure. If your ISP uses PPPoE to assign IP addresses, you must get the following information:

 Login name
 Domain (optional)
 Password

12 Firebox X Edge e-Series

Installation

Register your Firebox and activate LiveSecurity Service

To enable all of the features on your Firebox X Edge, you must register on the WatchGuard LiveSecurity web
site and retrieve your feature key. You have only one user license (seat license) until you apply your feature
key. You must also use your feature key to apply any additional upgrades that you purchase. See About user

licenses for more information.

When you register, you also activate your free 90-day LiveSecurity Service subscription. The LiveSecurity
Service gives you threat alert notifications, security advice, virus protection information, software updates,
technical support by web or telephone, and access to online help resources and the WatchGuard user forum.

To register your Firebox X Edge:

1. Use your browser to go to: http://www.watchguard.com/activate/

To use the LiveSecurity Service website, your browser must have JavaScript enabled.

2. If you are a new customer, you must create a user profile.

3. If you are an existing customer, log in with your LiveSecurity Service user name and password.

4. Follow the online instructions to register your Firebox X Edge. You must have the serial number. You
can find the serial number on the bottom of the Edge or on the box it is packaged in.

5. When you enter your serial number, you receive a feature key. Copy and save this text to a file on your
local drive.

6. We recommend that you also download the latest appliance software for your Edge at this time.

7. If a model upgrade key is included with your model, activate it at:

http://www.watchguard.com/upgrade

Disable the HTTP proxy

Many web browsers are configured to use an HTTP proxy server to increase the download speed of web pages.
To manage or configure the Firebox X Edge e-Series, your browser must connect directly to the Edge. If you
use an HTTP proxy server, you must temporarily disable the HTTP proxy setting in your browser. You can
reenable the HTTP proxy server setting in your browser after you set up the Edge.

.

.

Use these instructions to disable the HTTP proxy in Firefox, Safari, or Internet Explorer. If you are using a
different browser, use the browser Help system to find the necessary information. Many browsers
automatically disable the HTTP proxy feature.

Disable the HTTP proxy in Internet Explorer 6.x or 7.x

1. Open Internet Explorer.

2. Select Tools > Internet Options.

The Internet Options window appears.

3. Click the Connections tab.

4. Click the LAN Settings button.

The Local Area Network (LAN) Settings window appears.

5. Clear the check box labeled Use a proxy server for your LAN.

6. Click OK two times.

User Guide 13

Installation

Disable the HTTP proxy in Firefox 2.x

Disable the HTTP proxy in Safari 2.0

1. Open the browser software.

2. Select Tools > Options.

The Options window appears.

3. Click the Advanced icon.

4. Select the Network tab. Click Settings.

5. Click the Connection Settings button.

The Connection Settings dialog box appears.

6. Make sure the Direct Connection to the Internet option is selected.

7. Click OK two times.

1. Open the browser software.

2. From the application menu, select Preferences.

The Safari preferences window appears.

3. Click the Advanced icon.

4. Click the Change Settings button.

The System Preference window appears.

5. Clear the Web Proxy (HTTP) check box.

6. Click Apply Now.

Disable pop-up blocking

The Firebox X Edge e-Series uses pop-up windows for many features, including the Quick Setup Wizard. If you
block pop-up windows, you must disable this function when you connect to the Edge.

Use these instructions to disable the pop-up blocking option in Firefox, Netscape, Safari, or Internet Explorer.
If you are using a different browser, use the browser Help system to find the necessary information.

Disable the pop-up blocker in Internet Explorer 6.x or 7.x

1. Open Internet Explorer.

2. Select Tools > Pop-Up Blocker > Turn Off Pop-Up Blocker.

Disable the pop-up blocker in Firefox 2.x

1. Open the browser software.

2. Select Tools > Options.

The Options window appears.

3. Click the Content icon.

4. Make sure the Block pop-up windows option is not selected.

5. Click OK.

Disable the pop-up blocker in Safari 2.0

1. Open the browser software.

2. Click Application. Make sure that the Block Pop-Up Windows menu item is not selected.

14 Firebox X Edge e-Series

Connect the Firebox X Edge

Many people configure their Firebox X Edge e-Series on one computer before they put it on the network.

Installation

Use this procedure to connect a computer to your Firebox X Edge:

1. Shut down your computer.

2. If you use a DSL or cable modem to connect to the Internet, disconnect its power supply.

3. Find the Ethernet cable between the modem and your computer. Disconnect this cable from your
computer and connect it to the Edge external interface (labeled WAN 1).

4. Find the green Ethernet cable supplied with your Edge. Connect this cable to a trusted interface (LAN0­LAN2) on the Edge. Connect the other end of this cable to the Ethernet interface of your computer.

5. If you use a DSL or cable modem, connect its power supply.

6. Find the AC adapter supplied with your Edge. Connect the AC adapter to the Edge and to a power
source.

The Edge power indicator light comes on, then the WAN indicator lights flash and then come on.

Use only the supplied AC adapter for the Firebox X Edge.

User Guide 15

Installation

Add computers to the trusted network

You can connect as many as three computers to the trusted interface of the Firebox X Edge e-Series if you
connect each computer to one of the Edge’s Ethernet ports 0 through 2. You can use 10/100 BaseT Ethernet
hubs or switches with RJ-45 connectors to connect more than three computers. It is not necessary for the
computers on the trusted network to use the same operating system.

To add more than three computers to the trusted network:

1. Make sure that each computer has a functional Ethernet card.

2. Connect each computer to the network. For more information, see Connect the Edge to more than four

devices.

Connect the Edge to more than four devices

The Firebox X Edge e-Series has three Ethernet ports (LAN0-LAN2) for the trusted network, and one Ethernet
port (OPT) for the optional network. You can connect devices directly to the Edge, or use a hub or switch to
connect more than four devices. The number of devices that can connect to the external network is limited by
the number of session licenses available. See About user licenses

To connect more than four devices to the Edge, you must have:

 An Ethernet 10/100Base TX hub or switch
 Straight-through Ethernet cables, with RJ-45 connectors, for each computer
 A straight-through Ethernet cable to connect each hub or switch to the Firebox X Edge

for more information.

To connect more devices to the Firebox X Edge:

1. Shut down your computer.

2. If you use a DSL or cable modem to connect to the Internet, disconnect its power supply.

3. Disconnect the Ethernet cable that comes from your DSL modem, cable modem, or other Internet
connection to your computer. Connect the Ethernet cable to the WAN1 port on the Firebox X Edge.

The Firebox X Edge is connected directly to the modem or other Internet connection.

4. Connect one end of the straight-through Ethernet cable supplied with your Firebox X Edge to one of
the four Ethernet ports on the Edge. Connect the other end to the uplink port of the Ethernet hub or
switch.

The Firebox X Edge is connected to the Internet and your Ethernet hub or switch.

5. Connect an Ethernet cable between each computer and one of the ports on the Ethernet hub, and
make sure the link lights are lit on the devices when they are turned on.

6. If you connect to the Internet through a DSL modem or cable modem, connect the power supply to
this device. The indicator lights flash and then stop.

7. Attach the AC adapter to the Firebox X Edge. Connect the AC adapter to a power supply.

16 Firebox X Edge e-Series

About user licenses

Your Firebox X Edge firewall is enabled with a set number of user licenses. The total number of available
sessions is determined by the Edge model you have, and any upgrade licenses you apply. The number of
licenses limits the number of sessions. To control the number of users at any time, close one or more sessions.
When you close a session, you make that user license available for another user. There are several procedures
to close a session:

 If you require users to authenticate, a Firebox User can manually log out and return his or her license.
 The Edge Administrator can close the session manually. He or she can close the session for an

individual user or close all sessions.

 If you require users to authenticate, you can assign a maximum timeout and an idle timeout for each

user.

 The Edge administrator can set a global session maximum timeout.
 Reboot the Edge to close all sessions.

You can purchase license upgrades from your reseller, or from the WatchGuard website:

http://www.watchguard.com/products/purchaseoptions.asp

Installation

.

User Guide 17

Installation

Set your computer to connect to the Edge

Before you can use the Quick Setup Wizard, you must configure your computer to connect to the Firebox X
Edge. You can set your network interface card to use a static IP address, or use DHCP to get an IP address
automatically.

Use DHCP

This procedure configures a computer with the Windows XP operating system to use DHCP. If your computer
does not use Windows XP, read the operating system help for instructions on how to set your computer to
use DHCP.

1. Select Start > Control Panel.

The Control Panel window appears.

2. Double-click the Network Connections icon.

3. Double-click the Local Area Connection icon.

The Local Area Connection Status window appears.

4. Click the Properties button.

The Local Area Connection Properties window appears.

5. Double-click the Internet Protocol (TCP/IP) list item.

The Internet Protocol (TCP/IP) Properties dialog box appears.

6. Select the Obtain an IP address automatically and the Obtain DNS server address automatically
options.

7. Click OK to close the Internet Protocol (TCP/IP) Properties dialog box.

8. Click OK to close the Local Area Network Connection Properties dialog box. Close the Local Area
Connection Status, Network Connections, and Control Panel windows.

Your computer is ready to connect to the Firebox X Edge.

9. When the Edge is ready, start your Internet browser.

10. Type

11. Run the Quick Setup Wizard.

https://192.168.111.1/ into the URL entry field of your browser and press Enter. If you are

asked to accept a security certificate, click OK.

The Quick Setup Wizard starts.

18 Firebox X Edge e-Series