WatchGuard Configuration

Archived from groups: comp.security.firewalls (More info?)

In article <Xns94F438D42BE7Dnotmenotmecoml@216.148.227.77>,
notme@notme.com says...
> So far, things have gone well in the configuration of the WG. But I do
> have a couple of issues in the configuation of it.
>
> 1) Syslog is enabled pointing to my host IP. How do I view past Syslogs
> if possible?

Use Log Viewer and FILE/OPEN and select the file with the date (part of
the file name) that you want.

> 2) The screen refresh rate in the Log viewing is a little annoying as it
> takes you back to the top of the log entries every time it refreshes. Can
> it be controlled?

The cursor will stay on any line you put it on - scroll to the bottom,
click a line, it will stay there as it adds more.

> Because of my usage of IPsec and the AnalogX SecPol rules for the
> services on the Win XP O/S in its role of acting like a FW, it has kind
> of prepared me for the WG FW rules and the pre-configured services it has
> established.
>
> So far, it's a piece of cake.
>
> Things may change when I try to connect the Linksys up for the WAP.

Just setup the Linksys in the DMZ and then VPN into the trusted zone,
this will ensure that you don't get your LAN (trusted) compromised by
some known/unknown wireless issue.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)

Archived from groups: comp.security.firewalls (More info?)

In article <Xns94F57CC313BD0notmenotmecoml@204.127.204.17>,
notme@notme.com says...
> Leythos <void@nowhere.com> wrote in
> news:MPG.1b1e683b2729580398a587@news-server.columbus.rr.com:
>
> > In article <Xns94F54551FDFE9notmenotmecoml@204.127.199.17>,
> > notme@notme.com says...
> >> Leythos <void@nowhere.com> wrote in
> >> news:MPG.1b1cf0ce8c5448cf98a57f@news-server.columbus.rr.com:
> >>
> >> > In article <Xns94F438D42BE7Dnotmenotmecoml@216.148.227.77>,
> >> > notme@notme.com says...
> >> >
> >> > Use Log Viewer and FILE/OPEN and select the file with the date
> >> > (part of the file name) that you want.
> >>
> >> It looks like I have to purchase this feature as the Firebox III SOHO
> >> line doesn't initially come with it. That's no big deal. I have to
> >> purchase the MUVPN to get the Logviwer. I am not really sure as to
> >> what I need on this as the manual is talking about MUVPN client.
> >
> > Here in is the problem - I didn't realize that you purchased the SOHO
> > series, I thought that you purchased a III as in the 700 or higher.
> > The SOHO is limited in it's features.
>
> Yes, after getting on the phone again with WG and getting someone with
> ENGLISH I could understand, I can use the Kiwi Syslog Damon to view the
> logs. Its functions are similar to Wallwatcher.
>
> >
> > MUVPN client is WG's VPN application that you run on your laptop or
> > computer at a remote location to connect to the SOHO so that you can
> > get behind the SOHO. If you are not going to be remote and VPN into
> > the SOHO you don't need the MUVPN Software.
>
> I don't need MUVPN and a 5 user licenses is $199. I don't know if I'll
> ever need the feature. I also think that whatever issues I was having
> with the Linksys and doing a VPN to work with the AT&T VPN Client
> software is going to disappear when I connect the company laptop to a WG
> port. I'll find out here soon.
>
> >
> > Additionally, if you are going to do VPN's inbound, then you really
> > should have purchased a 700 or higher - they come with inbound VNP
> > ability without the need for extra licenses or cost.
> >
> > The only thing that I use the SOHO for is to connect remote offices to
> > the home office, and I always purchase the SOHO6tc units.
> >
> >> > The cursor will stay on any line you put it on - scroll to the
> >> > bottom, click a line, it will stay there as it adds more.
> >>
> >> I did scroll down and clicked on several lines. The Logging screen
> >> refresh still sends the cursor back to the top of the log.
> >
> > You are using a SOHO, it's a web interface, the log is completely
> > different on a SOHO. If you were using a Non-SOHO unit you would have
> > all the features you want.
>
> Yes, the SOHO doesn't have that feature.
>
> >
> >> > Just setup the Linksys in the DMZ and then VPN into the trusted
> >> > zone, this will ensure that you don't get your LAN (trusted)
> >> > compromised by some known/unknown wireless issue.
> >>
> >> I think that Pass Through on the Admin screen must be the DMZ setup.
> >> I did go to the Firewall that has a DMZ config. I went to configure
> >> the DMZ and it took me to the Pass Through section asking for the IP.
> >>
> >> I am a little confused about this DMZ thing as I went to on-line Help
> >> about the DMZ setup on the SOHO(s). It talks about needing two IP(s)
> >> from the ISP for DMZ setup. Even the Pass Through example in the book
> >> had an IP that was not a Trusted Network IP.
> >
> > A DMZ in the firewall is a LOCAL IP that you pass things too - it
> > should be a different subnet than the trusted (lan) side. I don't use
> > the SOHO with a DMZ config, but I'll look at a couple of them and tell
> > you what I see/think.
>
> So, you're telling me I can take the Linksys (on another subnet) and put
> it into the DMZ if I wish.
>
> >
> >> I disable DHCP and used a Static IP setup on the Linksys and plugged
> >> it into the WG, using 192.168.111.13. 192.168.111.13 is not part of
> >> my DHCP pool of IP(s) on the WG. I don't have any issues in using the
> >> Linksys with a wired machine at this point.
> >
>
> Now, say I want FTP open on the FW, and then I go to the FTP service on
> the WG FW and give it the IP of the machine I want as the Service Host.
> There is no more port forwarding like on the Linksys.

It's the same - if you assign FTP to an IP you are forwarding just like
the linksys. The difference is that the SOHO will ensure that it's FTP
traffic and not just something on that port.

> If I need the PCAW RDS inbound port open on the FW, then I have to make a
> Custom Service and give the port I need and give the Service Host IP.

If you want to create custom rules, as I did for CITRIX clients, you
just give them the port and setup forwarding if needed.

> Is there a way to look at the Common Services rules that WG has created
> for FTP or one of the other ones?

Not that I know of.

> The differnces between the Linksys and WG are night and day.

Yes, they share some features, but the SOHO Routers are getting
better/more features.

--
--
spamfree999@rrohio.com
(Remove 999 to reply to me)