WatchGuard Technologies BF4S16E5W User Manual

WatchGuard

Firebox® SOHO 6 Wireless User Guide

SOHO 6 firmware version 6.2

Using this Guide

To use this guide you need to be familiar with your computer’s operating system. If you have questions about navigating in your computer’s environment, please refer to your system user manual.

The following conventions are used in this guide.

Convention Indication

Bold type Menu commands, dialog box options, Web page

NOTE Important information, a helpful tip or additional

options, Web page names. For example: “On the System Information page, select Disabled.”

instructions.

ii WatchGuard Firebox SOHO 6 Wireless

Abbreviations used in this user guide

3DES Triple Data Encryption Standard

DES Data Encryption Standard

DNS Domain Name Service

DHCP Dynamic Host Control Protocol

DSL Digital Subscriber Line

IP Internet Protocol

IPSec Internet Protocol Security

ISDN Integrated Services Digital Network

ISP Internet Service Provider

MAC Media Access Control

MUVPN Mobile User Virtual Private Network

NAT Network Address Translation

PPP Point-to-Point Protocol

PPPoE Point-to-Point Protocol over Ethernet

TCP Transfer Control Protocol

UDP User Datagram Protocol

URL Universal Resource Locator

VPN Virtual Private Network

WAN Wide Area Network

WSEP WatchGuard Security Event Processor

User Guide iii

Certifications and Notices

FCC Certification

This appliance has been tested and found to comply with limits for a Class A digital appliance, pursuant to Part 15 of the FCC Rules. Operation is subject to the following two conditions:

•This appliance may not cause harmful interference.

•This appliance must accept any interference received,

including interference that may cause undesired operation.

IMPORANT NOTICE: Changes or modifications not expressly approved by the party responsible for compliance could void the user's authority to operate the equipment.

This equipment has been tested and found to comply with the limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable protection against harmful interference when the equipment is operated in a commercial environment. This equipment generates, uses, and can radiate radio frequency energy and, if not installed and used in accordance with the instruction manual, may cause harmful interference to radio communications. Operation of this equipment in a residential area is likely to cause harmful interference in which case the user will be required to correct the interference at his own expense.

iv WatchGuard Firebox SOHO 6 Wireless

CE Notice

The CE symbol on your WatchGuard Technologies equipment indicates that it is in compliance with the Electromagnetic Compatibility (EMC) directive and the Low Voltage Directive (LVD) of the European Union (EU).

Industry Canada

This Class A digital apparatus meets all requirements of the Canadian Interference-Causing Equipment Regulations.

Cet appareil numerique de la classe A respecte toutes les exigences du Reglement sur le materiel broulleur du Canada.

CANADA RSS-210

The term “IC:” before the radio certification number only signifies that Industry of Canada technical specifications were met.

Operation is subject to the following two conditions:

• This device may not cause interference.

• This device must accept any interference, including interference that may cause undesired operation of the device.

User Guide v

VCCI Notice Class A ITE

vi WatchGuard Firebox SOHO 6 Wireless

Declaration of Conformity

User Guide vii

WATCHGUARD SOHO SOFTWARE END-USER LICENSE AGREEMENT

IMPORTANT - READ CAREFULLY BEFORE ACCESSING WATCHGUARD SOFTWARE This WatchGuard SOHO Software End-User License Agreement ("EULA") is a legal agreement between you (either an individual or a single entity) and WatchGuard Technologies, Inc. ("WATCHGUARD") for the WATCHGUARD SOHO software product, which includes computer software (whether installed separately on a computer workstation or on the WatchGuard hardware product) and may include associated media, printed materials, and on-line or electronic documentation, and any updates or modifications thereto, including those received through the WatchGuard LiveSecurity service (or its equivalent) (the "SOFTWARE PRODUCT"). WATCHGUARD is willing to license the SOFTWARE PRODUCT to you only on the condition that you accept all of the terms contained in this EULA. Please read this EULA carefully. By installing or using the SOFTWARE PRODUCT you agree to be bound by the terms of this EULA. If you do not agree to the terms of this EULA, WATCHGUARD will not license the SOFTWARE PRODUCT to you, and you will not have any rights in the SOFTWARE PRODUCT. In that case, promptly return the SOFTWARE PRODUCT, along with proof of payment, to the authorized dealer from whom you obtained the SOFTWARE PRODUCT for a full refund of the price you paid.

1. Ownership and License. The SOFTWARE PRODUCT is protected by copyright laws and international copyright treaties, as well as other intellectual property laws and treaties. This is a license agreement and NOT an agreement for sale. All title and copyrights in and to the SOFTWARE PRODUCT (including but not limited to any images, photographs, animations, video, audio, music, text, and applets incorporated into the SOFTWARE PRODUCT), the accompanying printed materials, and any copies of the SOFTWARE PRODUCT are owned by WATCHGUARD or its licensors. Your rights to use the SOFTWARE PRODUCT are as specified in this EULA, and WATCHGUARD retains all rights not expressly granted to you in this EULA. Nothing in this EULA constitutes a waiver of our rights under U.S. copyright law or any other law or treaty.

2. Permitted Uses. You are granted the following rights to the SOFTWARE PRODUCT: (A) You may use the SOFTWARE PRODUCT solely for the purpose of operating the SOHO hardware product in accordance with the SOHO or user documentation.

viii WatchGuard Firebox SOHO 6 Wireless

If you are accessing the SOFTWARE PRODUCT via a Web based installer program, you are granted the following additional rights to the SOFTWARE PRODUCT: (A) You may install and use the SOFTWARE PRODUCT on any computer with an associated connection to the SOHO hardware product in accordance with the SOHO user documentation; (B) You may install and use the SOFTWARE PRODUCT on more than one computer at once without licensing an additional copy of the SOFTWARE PRODUCT for each additional computer on which you want to use it, provided that each computer on which you install the SOFTWARE PRODUCT has an associated connection to the same SOHO hardware product ; and (C) You may make a single copy of the SOFTWARE PRODUCT for backup or archival purposes only.

3. Prohibited Uses. You may not, without express written permission from WATCHGUARD: (A) Reverse engineer, disassemble or decompile the SOFTWARE PRODUCT; (B) Use, copy, modify, merge or transfer copies of the SOFTWARE PRODUCT or printed materials except as provided in this EULA; (C) Use any backup or archival copy of the SOFTWARE PRODUCT (or allow someone else to use such a copy) for any purpose other than to replace the original copy in the event it is destroyed or becomes defective; (D) Sublicense, lend, lease or rent the SOFTWARE PRODUCT; or (E) Transfer this license to another party unless (i) the transfer is permanent, (ii) the third party recipient agrees to the terms of this EULA, and (iii) you do not retain any copies of the SOFTWARE PRODUCT.

4. Limited Warranty. WATCHGUARD makes the following limited warranties for a period of ninety (90) days from the date you obtained the SOFTWARE PRODUCT from WATCHGUARD or an authorized dealer; (A) Media. The disks and documentation will be free from defects in materials and workmanship under normal use. If the disks or documentation fail to conform to this warranty, you may, as your sole and exclusive remedy, obtain a replacement free of charge if you return the defective disk or documentation to us with a dated proof of purchase; and (B) SOFTWARE PRODUCT. The SOFTWARE PRODUCT will materially conform to the documentation that accompanies it. If the SOFTWARE PRODUCT fails to operate in accordance with this warranty, you may, as your sole and exclusive remedy, return all of the SOFTWARE PRODUCT and the documentation to the authorized dealer from whom you obtained it, along with a dated proof of purchase, specifying the problems, and they will provide you with a new version of the SOFTWARE PRODUCT or a full refund at their

User Guide ix

election.

Disclaimer and Release. THE WARRANTIES, OBLIGATIONS AND LIABILITIES OF WATCHGUARD, AND YOUR REMEDIES, SET FORTH IN PARAGRAPHS 4, 4(A) AND 4(B) ABOVE ARE EXCLUSIVE AND IN SUBSTITUTION FOR, AND YOU HEREBY WAIVE, DISCLAIM AND RELEASE ANY AND ALL OTHER WARRANTIES, OBLIGATIONS AND LIABILITIES OF WATCHGUARD AND ITS LICENSORS AND ALL OTHER RIGHTS, CLAIMS AND REMEDIES YOU MAY HAVE AGAINST WATCHGUARD AND ITS LICENSORS, EXPRESS OR IMPLIED, ARISING BY LAW OR OTHERWISE, WITH RESPECT TO ANY NONCONFORMANCE OR DEFECT IN THE SOFTWARE PRODUCT (INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ANY IMPLIED WARRANTY ARISING FROM COURSE OF PERFORMANCE, COURSE OF DEALING, OR USAGE OF TRADE, ANY WARRANTY OF NONINFRINGEMENT, ANY WARRANTY THAT THIS SOFTWARE PRODUCT WILL MEET YOUR REQUIREMENTS, ANY WARRANTY OF UNINTERRUPTED OR ERROR-FREE OPERATION, ANY OBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY IN TORT, WHETHER OR NOT ARISING FROM THE NEGLIGENCE (WHETHER ACTIVE, PASSIVE OR IMPUTED) OR FAULT OF WATCHGUARD AND ANY OBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY FOR LOSS OR DAMAGE TO, OR CAUSED BY OR CONTRIBUTED TO BY, THE SOFTWARE PRODUCT).

Limitation of Liability. WATCHGUARD'S LIABILITY (WHETHER IN CONTRACT, TORT, OR OTHERWISE; AND NOTWITHSTANDING ANY FAULT, NEGLIGENCE, STRICT LIABILITY OR PRODUCT LIABILITY) WITH REGARD TO THE SOFTWARE PRODUCT WILL IN NO EVENT EXCEED THE PURCHASE PRICE PAID BY YOU FOR SUCH PRODUCT. THIS WILL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF AN AGREED REMEDY. IN NO EVENT WILL WATCHGUARD BE LIABLE TO YOU OR ANY THIRD PARTY, WHETHER ARISING IN CONTRACT (INCLUDING WARRANTY), TORT (INCLUDING ACTIVE, PASSIVE OR IMPUTED NEGLIGENCE AND STRICT LIABILITY AND FAULT), FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOSS OF BUSINESS PROFITS, BUSINESS INTERRUPTION, OR LOSS OF BUSINESS INFORMATION) ARISING OUT OF OR IN CONNECTION WITH THIS WARRANTY OR THE USE OF OR INABILITY TO USE THE SOFTWARE PRODUCT, EVEN IF WATCHGUARD HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS WILL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF AN AGREED REMEDY.

5. United States Government Restricted Rights. The enclosed SOFTWARE PRODUCT and documentation are provided with

x WatchGuard Firebox SOHO 6 Wireless

Restricted Rights. Use, duplication or disclosure by the U.S Government or any agency or instr umentality thereof is subject to restrictions as set forth in subdivision (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013, or in subdivision (c)(1) and (2) of the Commercial Computer Software -- Restricted Rights Clause at 48 C.F.R. 52.227-19, as applicable. Manufacturer is WatchGuard Technologies, Incorporated, 505 5th Ave. South, Suite 500,Seattle, WA 98104.

6. Export Controls. You agree not to directly or indirectly transfer the SOFTWARE PRODUCT or documentation to any countr y to which such transfer would be prohibited by the U.S. Export Administration Act and the regulations issued thereunder.

7. Termination. This license and your right to use the SOFTWARE PRODUCT will automatically terminate if you fail to comply with any provisions of this EULA, destroy all copies of the SOFTWARE PRODUCT in your possession, or voluntarily return the SOFTWARE PRODUCT to WATCHGUARD. Upon termination you will destroy all copies of the SOFTWARE PRODUCT and documentation remaining in your control or possession.

8. Miscellaneous Provisions. This EULA will be governed by and construed in accordance with the substantive laws of Washington excluding the 1980 United National Convention on Contracts for the International Sale of Goods, as amended. This is the entire EUL A between us relating to the contents of this package, and supersedes any prior purchase order, communications, advertising or representations concerning the SOFTWARE PRODUCT AND BY USING THE SOFTWARE PRODUCT YOU AGREE TO THESE TERMS. IF THE SOFTWARE PRODUCT IS BEING USED BY AN ENTITY, THE INDIVIDUAL INDICATING AGREEMENT TO THESE TERMS REPRESENTS AND WARRANTS THAT (A) SUCH INDIVIDUAL IS DULY AUTHORIZED TO ACCEPT THIS EULA ON BEHALF OF THE ENTITY AND TO BIND THE ENTITY TO THE TERMS OF THIS EULA; (B) THE ENTITY HAS THE FULL POWER, CORPORATE OR OTHERWISE, TO ENTER INTO THIS EULA AND PERFORM ITS OBLIGATIONS UNDER THIS EULA AND; (C) THIS EULA AND THE PERFORMANCE OF THE ENTITY’S OBLIGATIONS UNDER THIS EULA DO NOT VIOLATE ANY THIRD-PARTY AGREEMENT TO WHICH THE ENTITY IS A PARTY. No change or modification of this EULA will be valid unless it is in writing, and is signed by WATCHGUARD.

User Guide xi

Notice to Users

Information in this guide is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, without the express written permission of WatchGuard Technologies, Inc.

Copyright© 1998 - 2002 WatchGuard Technologies, Inc. All rights reserved. AppLock®, AppLock®/Web, Designing peace of mind®, Firebox®, Firebox® 1000, Firebox® 2500, Firebox® 4500, Firebox® II, Firebox® II Plus, Firebox® II FastVPN, Firebox® III, Firebox® SOHO, Firebox® SOHO 6, Firebox® SOHO 6tc, Firebox® SOHO|tc, Firebox® V100, Firebox® V80, Firebox® V60, Firebox® V10, LiveSecurity®, LockSolid®, RapidStream®, RapidCore®, ServerLock®, WatchGuard®, WatchGuard® Technologies, Inc., DVCP™ technology, Enforcer/MUVPN™, FireChip™, HackAdmin™, HostWatch™, Make Security Your Strength™, RapidCare™, SchoolMate™, ServiceWatch™, Smart Security. Simply Done.™, Vcontroller™, VPNforce™ are either registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries.

Microsoft®, Internet Explorer®, Windows® 95, Windows® 98, Windows NT® and Windows® 2000 are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.

Netscape and Netscape Navigator are registered trademarks of Netscape Communications Corporation in the United States and other countries.

RC2 Symmetric Block Cipher, RC4 Symmetric Stream Cipher, RC5 Symmetric Block Cipher, BSAFE, TIPEM, RSA Public Key Cryptosystem, MD, MD2, MD4, and MD5 are either trademarks or registered trademarks of RSA Data Security, Inc. Certain materials herein are Copyright © 1992-1999 RSA Data Security, Inc. All rights reserved.

RealNetworks, RealAudio, and RealVideo are either a registered trademark or trademark of RealNetworks, Inc. in the United States and/or other countries. Java and all Jave-based marks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All right reserved.

© 1995-1998 Eric Young (eay@cryptsoft). All rights reserved. © 1998-2000 The OpenSSL Project. All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

xii WatchGuard Firebox SOHO 6 Wireless

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"

4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact openssl-core@openssl.org.

5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior written permission of the OpenSSL Project.

6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit (http:/ /www.openssl.org/)" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software written by Tim Hudson (tjh@cryptsoft.com).

© 1995-1998 Eric Young (eay@cryptsoft.com) All rights reserved. This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to conform with Netscapes SSL. This library is free for commercial and non-commercial use as long as the following conditions are aheared to. The following conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson (tjh@cryptsoft.com). Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a textual message at program startup or in documentation (online or textual) provided with the package. Redistribution and use in source

User Guide xiii

and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.

3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This product includes cryptographic software written by Eric Young (eay@cryptsof t.com)" The word 'cryptographic' can be left out if the routines from the library being used are not cryptographic related :-).

4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. The licence and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code cannot simply be copied and put under another distribution licence [including the GNU Public Licence.]

The mod_ssl package falls under the Open-Source Software label because it's distributed under a BSD-style license. The detailed license information follows. Copyright (c) 1998-2001 Ralf S. Engelschall. All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

3. All advertising materials mentioning features or use of this software must display the following acknowledgment: "This product includes software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http://www.modssl.org/)."

xiv WatchGuard Firebox SOHO 6 Wireless

4. The names "mod_ssl" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact rse@engelschall.com.

5. Products derived from this software may not be called "mod_ssl" nor may "mod_ssl" appear in their names without prior written permission of Ralf S. Engelschall.

6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software developed by Ralf S. Engelschall <rse@engelschall.com> for use in the mod_ssl project (http://www.modssl.org/)."

THIS SOFTWARE IS PROVIDED BY RALF S. ENGELSCHALL ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL RALF S. ENGELSCHALL OR HIS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,

EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.

3. The end-user documentation included with the redistribution, if any, must include the following acknowledgment: "This product includes software developed by the Apache Software Foundation (http:// www.apache.org/)." Alternately, this acknowledgment may appear in the software itself, if and wherever such third-party acknowledgments normally appear.

4. The names "Apache" and "Apache Software Foundation" must not be used to endorse or promote products derived from this software without prior written permission. For written permission, please contact apache@apache.org.

User Guide xv

5. Products derived from this software may not be called "Apache", nor may "Apache" appear in their name, without prior written permission of the Apache Software Foundation.

THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE APACHE SOFTWARE FOUNDATION OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

This software consists of voluntary contributions made by many individuals on behalf of the Apache Software Foundation. For more information on the Apache Software Foundation, please see <http://www.apache.org/>.

Portions of this software are based upon public domain software originally written at the National Center for Supercomputing Applications, University of Illinois, Urbana-Champaign.

All other trademarks or trade names mentioned herein, if any, are the property of their respective owners.

Limited Hardware Warranty

This Limited Hardware Warranty (the “Warranty”) applies to the enclosed WatchGuard hardware product (the “Product”), not including any associated software which is licensed pursuant to a separate end-user license agreement and warranty. BY USING THE PRODUCT, YOU AGREE TO THE TERMS HEREOF. If you do not agree to these terms, please return this package, along with proof of purchase, to the authorized dealer from which you purchased it for a full refund. WatchGuard Technologies, Inc. (”WatchGuard”) and you agree as follows:

1. Limited Warranty. WatchGuard warrants that upon delivery and for one (1) year thereafter (the “Warranty Period”): (a) the Product will be free from material defects in materials and workmanship, and (b) the Product, when properly installed and used for its intended purpose and in its intended operating environment, will perform substantially in accordance with WatchGuard applicable specifications. This warranty does not apply to any Product that has been: (i) altered, repaired or modified by any party other than WatchGuard; or (ii) damaged or destroyed by accidents, power spikes or similar events or by any intentional, reckless or negligent acts or omissions of any party. You may have additional warranties with respect to the Product from the manufacturers of Product components. However, you agree not to look to WatchGuard for, and hereby release WatchGuard from any

xvi WatchGuard Firebox SOHO 6 Wireless

liability for, performance of, enforcement of, or damages or other relief on account of, any such warranties or any breach thereof.

2. Remedies. If any Product does not comply with the WatchGuard warranties set forth in Section 1 above, WatchGuard will, at its option, either (a) repair the Product, or (b) replace the Product; provided, that you will be responsible for returning the Product to the place of purchase and for all costs of shipping and handling. Repair or replacement of the Product shall not extend the Warranty Period. Any Product, component, part or other item replaced by WatchGuard becomes the property of WatchGuard . WatchGuard shall not be responsible for return of or damage to any software, firmware, information or data contained in, stored on, or integrated with any returned Products.

3. Disclaimer and Release. THE WARRANTIES, OBLIGATIONS AND LIABILITIES OF WATCHGUARD, AND YOUR REMEDIES, SET FORTH IN PARAGRAPHS 1 AND 2 ABOVE ARE EXCLUSIVE AND IN SUBSTITUTION FOR, AND YOU HEREBY WAIVE, DISCLAIM AND RELEASE ANY AND ALL OTHER WARRANTIES, OBLIGATIONS AND LIABILITIES OF WATCHGUARD AND ALL OTHER RIGHTS, CLAIMS AND REMEDIES YOU MAY HAVE AGAINST WATCHGUARD, EXPRESS OR IMPLIED, ARISING BY LAW OR OTHERWISE, WITH RESPECT TO ANY NONCONFORMANCE OR DEFECT IN THE PRODUCT (INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ANY IMPLIED WARRANTY ARISING FROM COURSE OF PERFORMANCE, COURSE OF DEALING, OR USAGE OF TRADE, ANY WARRANTY OF NONINFRINGEMENT, ANY WARRANTY OF UNINTERRUPTED OR ERRORFREE OPERATION, ANY OBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY IN TORT, WHETHER OR NOT ARISING FROM THE NEGLIGENCE (WHETHER ACTIVE, PASSIVE OR IMPUTED) OR FAULT OF WATCHGUARD OR FROM PRODUCT LIABILITY, STRICT LIABILITY OR OTHER THEORY, AND ANY OBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY FOR LOSS OR DAMAGE TO, OR CAUSED BY OR CONTRIBUTED TO BY,THE PRODUCT).

4. Limitation of Liability. WATCHGUARD TECHNOLOGIES’ LIABILITY (WHETHER ARISING IN CONTRACT (INCLUDING WARRANTY), TORT (INCLUDING ACTIVE, PASSIVE OR IMPUTED NEGLIGENCE AND STRICT LIABILITY AND FAULT) OR OTHER THEORY) WITH REGARD TO ANY PRODUCT WILL IN NO EVENT EXCEED THE PURCHASE PRICE PAID BY YOU FOR SUCH PRODUCT. THIS SHALL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF ANY AGREED REMEDY. IN NO EVENT WILL WATCHGUARD TECHNOLOGIES BE LIABLE TO YOU OR ANY THIRD PARTY (WHETHER ARISING IN CONTRACT (INCLUDING WARRANTY), TORT (INCLUDING ACTIVE, PASSIVE OR IMPUTED NEGLIGENCE AND STRICT LIABILITY AND FAULT) OR OTHER THEORY) FOR COST OF COVER OR FOR ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES (INCLUDING WITHOUT LIMITATION LOSS OF PROFITS, BUSINESS, OR DATA) ARISING OUT OF OR IN CONNECTION WITH THIS WARRANTY OR THE USE OF OR INABILITY TO USE THE PRODUCT, EVEN IF WATCHGUARD TECHNOLOGIES HAS BEEN

User Guide xvii

ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. THIS SHALL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF ANY AGREED REMEDY.

5. Miscellaneous Provisions. This Warranty will be governed by the laws of the state of Washington, U.S.A., without reference to its choice of law rules. The provisions of the 1980 United Nations Convention on Contracts for the International Sales of Goods, as amended, shall not apply. You agree not to directly or indirectly transfer the Product or associated documentation to any country to which such transfer would be prohibited by the U.S. Export laws and regulations. If any provision of this Warranty is found to be invalid or unenforceable, then the remainder shall have full force and effect and the invalid provision shall be modified or partially enforced to the maximum extent permitted by law to effectuate the purpose of this Warranty. This is the entire agreement between WatchGuard and you relating to the Product, and supersedes any prior purchase order, communications, advertising or representations concerning the Product AND BY USING THE PRODUCT YOU AGREE TO THESE TERMS. No change or modification of this Agreement will be valid unless it is in writing, and is signed by WatchGuard. Software Version Number: 6.2 Part No 1230-000

xviii WatchGuard Firebox SOHO 6 Wireless

CHAPTER 1 Introduction ..................................................1

Package contents ......................................................2

How does a firewall work? ........................................2

How does information travel on the Internet? ..........4

How does the SOHO 6 Wireless process

information? ..........................................................5

How Does Wireless Networking Work? ....................5

SOHO 6 Wireless hardware description ...................6

CHAPTER 2 Installation ..................................................13

Before you Begin the Installation ............................14

Physically Connect to the SOHO 6 Wireless ...........21

Setting up the Wireless Network ............................26

Setting up the Wireless Access Point ......................27

Configuring the Wireless Card on your computer ..27

User Guide xvii

CHAPTER 3 SOHO 6 Wireless basics ...........................29

SOHO 6 Wireless System Status page ...................29

Factory default settings ...........................................31

LiveSecurity Service ............................................ 33

Reboot the SOHO 6 Wireless ................................. 34

CHAPTER 4 Configure the Network Interfaces ...........37

External Network Configuration .............................37

Configure the Trusted Network ..............................42

Configure the Optional Network for Wireless

Networking .........................................................46

Configure the Wireless Network .............................49

Configure static routes ............................................ 54

View network statistics ............................................55

Configure the dynamic DNS Service ....................... 56

CHAPTER 5 Administrative options ..............................59

The System Security page ......................................59

Set up VPN manager access ................................... 63

Update the firmware ...............................................65

Activate the SOHO 6 Wireless upgrade options .... 66

View the configuration file ...................................... 69

CHAPTER 6 Configure the Firewall Settings ................71

Firewall settings ......................................................71

Configure incoming and outgoing services ............71

Block external sites .................................................75

Firewall options ....................................................... 77

xviii WatchGuard Firebox SOHO 6 Wireless

Enable override MAC address for the external

network ...............................................................82

Create an Unrestricted Pass Through .....................82

CHAPTER 7 Configure logging .....................................85

View SOHO 6 Wireless log messages ....................86

Set up logging to a WatchGuard Security Event

Processor log host ..............................................87

Set up logging to a Syslog host ..............................88

Set the system time .................................................90

CHAPTER 8 SOHO 6 Wireless WebBlocker .................93

How WebBlocker works ..........................................93

Purchase and activate SOHO 6 Wireless

WebBlocker ........................................................95

Configure the SOHO 6 Wireless WebBlocker .........95

WebBlocker Categories ........................................101

CHAPTER 9 VPN—Virtual Private Networking ..........105

What You Need .....................................................106

Step-by-step instructions to configure a SOHO 6

Wireless VPN tunnel ......................................... 109

Frequently Asked Questions .................................110

Set Up multiple SOHO-SOHO VPN tunnels .........111

Configure split tunneling ...................................... 116

MUVPN Clients .....................................................117

View the VPN Statistics ......................................... 118

User Guide xix

CHAPTER 10 MUVPN Clients ........................................119

Configure the SOHO 6 Wireless for

MUVPN Clients .................................................120

Prepare the Remote Computers for the MUVPN

Client ................................................................123

Install and Configure the MUVPN Client ..............137

Connect and Disconnect the MUVPN Client ........147

Monitor the MUVPN Client Connection ...............151

The ZoneAlarm Personal Firewall ..........................153

Use the MUVPN Client to Enforce your Corporate

Policy ................................................................157

Troubleshooting Tips ............................................167

CHAPTER 11 Support resources ...................................171

Troubleshooting tips ............................................. 171

Contact technical support ..................................... 180

Online documentation and FAQs .........................180

Special notices ......................................................180

Index ................................................................. 181

xx WatchGuard Firebox SOHO 6 Wireless

CHAPTER 1 Introduction

This manual shows how to use your WatchGuard® Firebox® SOHO 6 Wireless or SOHO 6tc Wireless security appliance for secure access to the Internet.

User Guide 1

The only difference between these two appliances is the VPN feature. VPN is available as an upgrade option for the SOHO 6 Wireless. The SOHO 6tc Wireless includes the VPN upgrade option.

The SOHO 6 Wireless provides security and wireless networking when your computer is connected to the Internet with a highspeed cable modem, DSL modem, leased line, or ISDN.

The newest installation and user information is available from the WatchGuard Web site:

http://support.watchguard.com/sohoresources/

Package contents

Make sure that the package contains all of these items:

• SOHO 6 Wireless QuickStart Guide

• Wireless User Guide

• LiveSecurity Service

• Hardware Warranty card

• AC adapter (12 V, 1.2 A)

activation card

• Straight-through Ethernet cable

• SOHO 6 Wireless security appliance

• Two 5dBi detachable antennae

How does a firewall work?

The Internet connects your network to resources. Some examples of resources are the World Wide Web, email and video/audio

2 WatchGuard Firebox SOHO 6 Wireless

How does a firewall work?

conferencing. A connection to the Internet is dangerous to the privacy and the security of your network. A firewall divides your internal network from the Internet to reduce this danger. The appliances on the trusted side of your SOHO 6 Wireless firewall are protected. The illustration below shows how the SOHO 6 Wireless physically divides your trusted network from the Internet.

The SOHO 6 Wireless controls all traffic between the external network (the Internet) and the trusted network (your computers). All suspicious traffic is stopped. The rules and policies that identify the suspicious traffic are shown in “Configure incoming and outgoing services” on page 71.

User Guide 3

How does information travel on the Internet?

The data that is sent through the Internet is divided into packets. To make sure that the packets are received at the destination, information is added to the packets. The protocols for these tasks are called TCP and IP. TCP disassembles and reassembles the data, for example an email message or a program file. IP adds information to the packets, which includes the destination and the handling requirements.

IP addresses

An IP address identifies a computer on the Internet that sends and receives packets. Each computer on the Internet has an address. The SOHO 6 Wireless is also a computer and has an IP address. When you configure a service behind a firewall, you must include the trusted network IP address for the computer that supplies the service.

A URL (Uniform Resource Locator) identifies each IP address on the Internet. An example of a URL is:

http://www.watchguard.com/.

Protocols

A protocol defines how a packet is assembled and transmitted through a network. The most frequently used protocols are TCP and UDP (User Datagram Protocol). There are other IP protocols that are less frequently used.

Port numbers

During the communication between computers, port numbers identify which programs or applications are connected.

4 WatchGuard Firebox SOHO 6 Wireless

How does the SOHO 6 Wireless process information?

Services

A service is the group of protocols and port numbers for a specified program or type of application. The standard configuration of the SOHO 6 Wireless contains the correct settings for many standard services.

Network Address Translation

All connections from the trusted network to the external network through a SOHO 6 Wireless use dynamic NAT. Dynamic NAT prevents that private IP addresses from your trusted network are sent through the Internet.

The SOHO 6 Wireless replaces the private IP addresses with the public IP address to protect the trusted network. Each packet sent through the Internet contains IP address information. Packets sent through the SOHO 6 Wireless with Dynamic NAT include only the public IP address of the SOHO 6 Wireless and not the private IP address of the computer in the trusted network. Because only the IP address of the SOHO 6 Wireless is sent to the external network, unauthorized access by the computers in the public network to the computers in the trusted network is prevented.

How Does Wireless Networking Work?

Wireless networking creates a network by transmitting and receiving data as radio-frequency signals between your computers and the SOHO 6 Wireless using the 802.11b standard defined by

User Guide 5

the Institute of Electrical and Electronics Engineers (IEEE) and is part of a series of wireless standards.

Unless adequately protected, a wireless network is susceptible to access from the outside by unauthorized users to compromise your machine or simply to access a free Internet connection.

Increase your corporate network security by forcing users to authenticate with a Mobile User VPN client, creating a secure IPSec tunnel from the wireless computer to the SOHO 6 Wireless. Separation of the trusted network from the optional network further protects the connection from the wireless computer to the SOHO 6 Wireless. For information on how to configure this, see Chapter 11 “MUVPN Clients” on page 119.

SOHO 6 Wireless hardware description

The hardware of the SOHO 6 Wireless uses newer technology than earlier SOHO models.

Faster Processor

The SOHO 6 Wireless has a new network processor that runs at a speed of 150 MHz. Ethernet and encryption technology are included.

Ethernet ports

The SOHO 6 Wireless has five 10/100 Base TX ports. The Ethernet ports have the labels 0 through 3 and WAN.

6 WatchGuard Firebox SOHO 6 Wireless

SOHO 6 Wireless hardware description

Wireless

Wireless operating range--indoors (these values are approximations):

100 feet at 11 Mbps 165 feet at 5.5 Mbps 230 feet at 2 Mbps 300 feet at 1 Mbps

Understanding IEEE 802.11b Wireless Communication

In general, transmitted RF power and signal bandwidth place an upper limit on the rate that data can be transmitted over a wireless link. The basic equation to determines the maximum data rate is:

Channel Capacity = Channel Bandwidth x Log2(1 + Signal Strength/Noise Level

This equation says the maximum amount of data (bits/s) that can be transmitted over a given channel depends on:

• The Channel Bandwidth: (22Mbits/s) for 802.11b

• The Signal Strength: (15dBm transmitted) for Soho6 Wireless

• The Noise Level: Depends on the channel environment and the receiver design.

Data rate cannot exceed channel capacity. Channel capacity depends on signal strength, noise, and transmitted power.

User Guide 7

Noise Level (watts)

The more in-band RF noise there is the less data can be transmitted over a given channel (wireless link). The noise level is primarily due to three factors:

First, there is a minimum level of background noise due to the ambient temperature of the channel (atmosphere) and the bandwidth.

Second, the 802.11b receiver will have an innate noise level due to its own components operating temperature.

Third, there are many unlicensed transmitters using the same frequency bands as 802.11. Some of these are:

- Cordless phones,

- Other 802.11b devices operating on adjacent channels.

Note that only channels 1, 6, and11 are unique. All other channels overlap because while the center frequencies increment by 5MHz per channel, the bandwidths are 22MHz.

-Microwave ovens,

- Sodium type lighting systems (fusion lamps),

- Arc welders (broadband spark gap transmitters)

- Blue-Tooth transmitters. Note that a Blue-Tooth

transmitter operates at lower power levels and would need to be near an 802.11b receiver to interfere with it.

- Industrial, Scientific, and Medical equipment can also use

these bands.

Signal Strength (watts)

The signal strength depends primarily on:

- How much RF signal power is transmitted

8 WatchGuard Firebox SOHO 6 Wireless

+ 178 hidden pages

WatchGuard Technologies BF4S16E5W User Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

CHAPTER 1 Introduction

Package contents

How does a firewall work?

How does information travel on the Internet?

IP addresses

Protocols

Port numbers

Services

Network Address Translation

How Does Wireless Networking Work?

Understanding IEEE 802.11b Wireless Communication