Watchguard SOHO Quick Start Manual

Thank you for choosing the WatchGuard

®

SOHO security appliance to protect your data and comput-

ers. This card gives you an overview of how to install and confi gure the SOHO. Please read the
SOHO User Guide for detailed installation, upgrade, and confi guration information. If you run
into problems during installation, refer to the troubleshooting tips on the back of this card. The
installation and confi guration process normally takes about an hour to complete.

Determine h ow your Internet Service Provider (ISP) issues your IP address. This will affect the instal­lation process. Call your ISP to fi nd out whether your Internet connection is static or dynamically
assigned (DHCP), or whether it uses PPPoE protocol. You can also get your settings from your
computer. Refer to Determine Your Current TCP/IP Settings on page 2 of the SOHO User Guide.

If your IP address is static, follow steps 2-11 and then do the following:
A) Change your computer to dynamic (DHCP) addressing. Refer to Confi guring the SOHO Public
Network for Static Addressing, on page 16 of the SOHO User Guide.
B) Enter the Internet connection settings you received from your ISP into your SOHO. In
your browser’s address fi eld, enter 192.168.111.1 and press ENTER to go to the SOHO
Confi guration menu.
C) Do steps 12 and 13 below.

If your IP address is dynamic, follow these steps:

Connect to the Internet.

Confi rm that your browser HTTP proxy is disabled. Refer to Disable Your Browser’s HTTP Proxy on
page 4 of the SOHO User Guide.

Shut down your computer.

Unplug the power cable from your cable/DSL modem.

Unplug the cable on your computer that goes to the cable/DSL modem, and connect it to the WAN
port on the SOHO.

Plug one end of the cable that came with your SOHO into any of the ports on the SOHO labeled
1, 2, 3, or 4.

Plug the other end into your computer where you removed the fi rst cable, from step 6.

Turn on (plug in) your cable/DSL modem and wait until it is ready; usually the lights will stop fl ashing.

Attach the power cord to the SOHO and plug it into a power outlet.

Restart your computer.

To test that your Internet connection is working properly, enter www.watchguard.com in your
browser’s address fi eld and press ENTER. If the WatchGuard Home Page does not appear, see the
troubleshooting tips section on the back of this card and on page 25 in the SOHO User Guide.

Register your SOHO for a year of LiveSecurity

TM

Service. A team of WatchGuard experts

ensures that your SOHO’s security features are always up-to-date by providing software updates,
security editorials, and access to the services on the LiveSecurity Web site. In your browser’s address
fi eld, enter 192.168.111.1/login.htm, press ENTER and click the Register link to register for the
LiveSecurity Service.

CONGRATULATIONS!

Your WatchGuard SOHO is now protecting your computers from the hazards of the Internet.

Part# 97-200000-01

1

2

3

4

5

6

7

8

9

10

11

12

SOHO

QUICK START GUIDE

www.watchguard.com

Tech Support:

1-877-232-3531 (U.S. and Canada)

+1-360-482-1083 (all other countries)

www.watchguard.com/support

13

SOHO package contents:

Settings needed for static
addressing:

IP Address _____________________
Subnet Mask ___________________
Primary DNS____________________
Secondary DNS _________________

Default Gateway ________________

INTERNET

CPU

MODEM

Adapter Cable User

Guide

SOHO

MODEM

ADAPTER

INTERNET

INTERNET

MODEM

CPU

CPU

MODEM

New Cable

WatchGuard

®

LiveSecurityTM Service

WatchGuard

®

GENERAL

What do the ON and MODE lights signify on the SOHO?

When the ON light is illuminated, the SOHO has power. When the MODE light is
illuminated, the SOHO is operational.

How do I register my SOHO?

Registering your WatchGuard SOHO is required for you to receive all LiveSecurity alerts
and software updates as soon as they are available.
To register your SOHO:

1. Using your Web browser, go to http://192.168.111.1.

2. Click System Administration and then click System Password.

3. Click Click here to register your SOHO.

4. Enter your information and then click Save Profi le.

How do I register for Live Security?

Using your Web browser, go to http://192.168.111.1, and click LiveSecurity Home.

CONFIGURATION

Where are the SOHO settings stored?

The confi guration parameters of the SOHO are stored in a fi le named wg.cfg, located
inside your SOHO.

How do I change to a DHCP private IP address?

1. Make sure your computer is set up to use DHCP dynamic addressing (refer to
page 10 of the SOHO User Guide).

2. Using your Web browser, go to http://192.168.111.1.

3. Click Private Network.

4. Enable the checkbox labeled Enable DHCP Server and then click Submit.

5. Click Reboot and wait for the SOHO to fi nish rebooting. The MODE and ON light
fl ash at different times during boot, which takes about a minute.

How do I change to a static private IP address?

Before you can use a static IP address, you must have a base Private IP address and
subnet mask.
The following IP address ranges and subnet masks are set aside for private networks in
compliance with RFC 1918. Replace the X in the network IP address with a number
between 1 and 254. The subnet addresses do not need to be changed.

Network IP range Subnet mask

10.x.x.x 255.0.0.0

172.16.x.x 255.240.0.0

192.168.x.x 255.255.0.0

To change to a static private IP address:

1. Using your Web browser, go to http://192.168.111.1.

2. Click Private Network, and disable the checkbox labeled Enable DHCP Server.

3. Enter the information in the appropriate fi elds. Click Submit.

4. Click Reboot and wait for the SOHO to fi nish rebooting. The MODE light on the front
of the SOHO will turn off, then back on approximately 1 minute.

How do I set up and disable the WebBlocker

TM

option?

1. Using your Web browser, go to http://192.168.111.1.

2. Click Services. Click WebBlocking.

3. To enable WebBlocking, select the Enable WebBlocking checkbox and enter a
password, time limit for your password, and select the type of sites you want blocked.

4. To disable WebBlocking, deselect the Enable WebBlocking checkbox.

How do I allow incoming services such as UDP, POP3, Telnet, and Web service?

1. Using your Web browser, go to http://192.168.111.1.

2. Click Services and then click Allowed Incoming Services.

3. Click Add a Service and then click the service you want to add.
For UDP, you will need to select UDP on the Forward drop list and enter the range of
port numbers in the port fi elds. For all other services, enter the IP address of the
computer that needs the incoming service.

4. Click Submit.

How do I allow incoming IP protocols?

You will need the IP address of the computer that will be receiving the incoming data
and the IP protocol number that corresponds to the specifi c incoming IP protocol.
Follow these steps:

1. Using your Web browser, go to http://192.168.111.1.

2. Click Services. Click Allowed Incoming Services.

3. Click Add a Service. Click Add Other Service.

4. In the protocol fi eld, enter the protocol you want allowed.

5. Enter the IP address of the host computer. Click Submit.

How do I allow all incoming services?

With the SOHO, you can allow any incoming service, however, this opens your network
to the public. Warning: This creates a major security risk. For instructions on how to
allow incoming services, refer to Allowing Incoming Services in Chapter 3 of the SOHO
User Guide.

Troubleshooting Tips

Tech Support:

1-877-232-3531

(U.S. and Canada)

+1-360-482-1083

(all other countries)

www.watchguard.com/support

www.watchguard.com

Confi guring a SOHO VPN Tunnel

With the WatchGuard SOHO VPN option,
you can confi gure a secure tunnel over the
Internet to a variety of IPSec/compliant
devices. The fi rst step is to obtain from our
Web site the confi guration instructions for the
type of device at the other end of the tunnel.
Use your Web browser to connect to: http://

www.watchguard.com/support/interopvpn.asp

Contact your System Administrator or
Internet Service Provider to obtain the IP
addressing information required to complete
any VPN tunnel. If you have any questions,
please feel free to contact WatchGuard Tech­nical Support or visit the WatchGuard SOHO
Confi guration page at:

http://bisd.watchguard.com/SOHO/
confi guration.asp

The list below identifi es many ISPs that
provide cable and DSL service. The phone

numbers shown are general access num­bers. For complete contact information,
see your ISP documentation.

AT&T@home

888-262-6300, www.broadband.att.com

Earthlink (Sprint)

888-829-8466, www.earthlink.com

Mindspring (Sprint)

888-847-4708, www.earthlink.com

MSN

877-327-6744
http://supportservices.msn.com

PacBell

800-310-2355
www.pacbell.com/ContactUs

Prodigy

800-213-0992, www.prodigy.com

Qwest

888-777-9569, http://my.qwest.net

RoadRunner

703-345-2400, http://help.rr.com

Southwest Bell

888-792-3751, www.swbell.com/DSL

Verio

800-551-1630
http://home.verio.net/support

Verizon (Bell Atlantic)

877-525-2375
www.verizon.com/support/index_cs.html

© 2001 WatchGuard Technologies, Inc.
All rights reserved. WatchGuard

®

and LiveSecurityTM are either a trademark or registered trademark of WatchGuard Technologies, Inc. in the United States and other countries. WebBlocker and VPN Manager are trademarks of

WatchGuard Technologies, Inc. All other trademarks and trade names are property of their respective owners.

VPN MANAGEMENT

Before setting up a VPN, you must have the following:

●

Two properly confi gured and working SOHOs or one SOHO and one Firebox with the

latest version of fi rmware. Each SOHO must have the VPN feature key enabled.

●

The static public IP address, the network address, and the subnet masks of both

SOHOs. (The base private IP address of each SOHO must be static and unique.)

●

The DNS and WINS server IP address, if used.

●

The shared key (passphrase) for the tunnel.

●

The same encryption method on each end of the tunnel (DES or 3DES).

●

The same authentication method on each end (MD-5 or SHA-1).

How do I set up a VPN between two SOHOs?

For detailed information on how to confi gure a VPN tunnel between two SOHO devices,
download the SOHO to SOHO IPSec VPN Tunnel confi guration instructions:

1. Using your Web browser, go to http://www.watchguard.com/support.

2. Click Interoperability on the left of the page.

3. Click VPN Confi guration.

4. Click Confi guring a SOHO to SOHO IPSec VPN Tunnel.

5. Download and follow the instructions to confi gure your VPN tunnel.

TECHNICAL

How do I reboot my SOHO?

1. Using your Web browser, go to http://192.168.111.1 to open the SOHO local settings
page.

2. Click System Information.

3. Click Features and Version Information.

4. Click Reboot. Wait for the MODE light on the SOHO to turn off, then back on.
You can also reboot by removing the power coupling for 10 seconds, and then
restoring power.

How do I set up my SOHO for remote confi guration?

This requires the add-on product, WatchGuard VPN Manager

TM

software, which is

purchased separately. To purchase VPN Manager, go to https://www.watchguard.com/
products/vpnmanager.asp. For more information on how to remotely confi gure a SOHO,
see the VPN Manager Guide.

How do I reset the SOHO to factory defaults?

To reset the SOHO to factory settings, disconnect the power, disconnect all cables, plug
one end of an Ethernet cable into the WAN port and the other end into any LAN
port, connect power, wait 90 seconds, and disconnect power. Your SOHO is now reset to
factory defaults so connect cables in original confi guration and power up again.

How does the seat limitation on the SOHO work?

The default user license on the SOHO is 10. The fi rst 10 computers on the network to
attempt access are allowed through to the Internet.

How do I get to the SOHO Knowledge Base?

Using your Web browser, to http://www.watchguard.com/support. Log in using your
WatchGuard User Name and Password created when you regis tered. Click Technical
Support and then click Knowledge Base.

I set a password on my unit, but I forgot it. Can you help?

If you forgot your password, you must reset the SOHO to its factory default. See
question above on “How do I reset the SOHO to factory defaults”.

How do I install a SOHO using a Macintosh

®

computer?

The SOHO User Guide explains the installation steps for Macintosh computer users.
Refer to page 2 of the SOHO User Guide.

How do I know whether the cables are connected correctly to my SOHO?

There are twelve Link lights on the front of the SOHO grouped in pairs. The Link lights
labeled WAN tell you if your SOHO is connected to your modem. If these lights are
not illuminated, the SOHO is not connected to your modem. Check to make sure that
both sides of the cable are connected and that your Internet connection is not down. The
Link lights numbered 1 through 4 are the LAN Link lights. They tell you if the SOHO is
connected to a computer or hub through that LAN port. If the lights are not illuminated,
the SOHO is not connected to the computer or hub. Check to make sure that both sides
of the cable are connected and that the computer or hub has power.

I can connect to the confi guration screen; why can’t I browse the Internet?

This means that the SOHO is on, but something may be wrong with the connection from
the SOHO to the Internet. Your ISP may be temporarily down--call your ISP. Make sure
the cable or DSL modem is connected correctly and has power.

How can I see the MAC address of my SOHO?

Using your Web browser, go to http://192.168.111.1/sysstat.htm.

I can’t get a certain feature to work, and I have a DSL modem.

Some DSL routers implement NAT fi rewalls. Running NAT in front of the SOHO causes
problems with WebBlocker and the performance of IPSec. When a SOHO is used in
conjunction with a DSL router, the NAT feature of the DSL router should be set for
bridge-only mode.