Instruction/ maintenance manual of the product WatchGuard SOHO and SOHO | tc WatchGuard Technologies
Go to page of 80
W atchGuard SOHO and SOHO | t c W atchGuar d ® SOHO User Guide SOHO and SOHO|tc 2.3.
ii Regist ration and identific ation infor mation Ple ase use this area to e nter your SOHO information. The SOHO serial number is located on the bottom of t he SOHO. Y ou create a LiveSecurity user ID and password when you register y o u r W a t c h G u a r d S O H O o r S O H O | t c .
User Guide 2.3 iii W atchGuard® SOHO End-User Licens e Agreement IMPORTANT - READ CAREF ULL Y B EFORE ACCESS ING WA TCH GUARD SO FT WARE This WatchG uard SOH O End-U ser Lice nse Agre ement (“EU L A ”) is a legal ag reemen t betwee n you (eithe r an ind iv id ual or a singl e en tit y) and WatchG uard T ech nologie s, Inc.
iv 4. LIMITED WARRANTY . WA TCHGUARD make s the following limi ted warr anties for a per io d of ni n ety (90 ) days fr om the da t e you obt ai ned the SOFTWARE PRODUCT from WA TC H G UARD or an au thori ze d de al er ; (A) Media . The disks and do cument ati on wi ll be free fro m defe cts in materi als and wo r kmans hip un der norma l us e.
User Guide 2.3 v SUCH DAMAGES. THIS SHAL L BE TRUE EV EN IN THE EV ENT OF THE F AIL U RE OF AN AGREED REM EDY . 5. UNITE D STA TES GO VE RN ME NT REST RICTED RIG HTS. The enc lo sed S OFTWA RE PRODU CT and do cumenta tion ar e provide d with Restricted Right s.
vi W atchGuard® Limited Har dwar e W arranty This WatchGuard Li m ited H ardw are War ran ty (the "Warranty " ) app li es to the enclo s ed WatchGuard h ardware pro duct (the "Hardwa re Product"). By usi ng the HARDWARE Product, you agree to the ter ms hereo f .
User Guide 2.3 vii NONCONFORMANCE OR DEFECT IN THE HARDWARE PRODUCT (INCL UDING, BUT N OT LIMITED TO, ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNE SS FOR A P ART ICULAR P URPOSE, ANY IM PLIED WARR.
viii We l c o m e Congrat ulations on purchasing the idea l solution for providi ng secure acces s to the Internet–the W atchG uard SOHO or W atchGuard SOHO|tc. Y our new security device will give you peace of mind when connecting to the Internet using a high-speed cable or DSL modem , a leased line, or ISDN.
User Guide 2.3 ix Usi ng this guid e This manual assumes t hat you are fa miliar with your computer’s operating syst em. If you have questions about navigating in your computer’s envir on ment, pleas e refer to your system user manual . The following conventions are used throughout this g uide.
x.
User Guide 2.3 xi T able of Contents CHAP TER 1 Installation ............. .............. .............. ........... 1 Befor e you begin .......... ....................... .......... ........... 1 Performing manual installation ........ .... ..... ...
xii CHAP TER 3 Configuring Services for a SO HO ....... ..... 33 How does information travel on the inte rnet? ........ 33 Allowing incoming s ervices .............. .............. ......... 35 Blocking outgoing services .............. ...............
User Guide 2.3 1 CHAP TER 1 Installation Before you begin Pr e-insta llatio n c hecklis t Before instal ling your new W atchGuard SOHO please ensure that you have: • A 10BaseT Ethernet I/O network car d installed in your comp uter . • A cable or DSL modem with a 10BaseT port.
Performing ma nual instal lation 2 • An operational Internet connection. Setup of your SOHO requires ac cess to the Internet. If your connection does not work, please c ontact your Internet service provider (ISP). When your connection has been established, you ma y proceed wit h installation and setup.
User Guide 2.3 3 Performing manual instal lation Micr osoft Windows NT or 2000 1C l i c k Start => Pro grams => Command Prompt. 2 At the C: pr ompt, enter ipconfig/all . Press Enter . 3 Ent er y ou r cur ren t TCP/ IP s ett ing s in the cha rt prov id ed belo w .
Performing ma nual instal lation 4 N OTE If you are connecting more than one computer to the pr ivate network behind the SOHO, obtain the configuration TCP/IP infor mation fo r each computer .
User Guide 2.3 5 Performing manual instal lation the browser to W eb pages locat ed in other places. Disab ling the HTTP will not prevent you from accessing your favorite W eb sites, but it will al low you to access the speci al configura tion pages that reside only on the SOHO.
Physically connecting your SOHO 6 6C l i c k Configure at th e bo tt o m on th e Intern et Options scr een. 7 R e c o r d t h e U R L b o x i n f o r m a t i o n h e re : 8C l i c k OK to save setti ngs. Internet Explorer 5.0 1 Open Internet Explorer .
User Guide 2.3 7 Physically connecting your SOHO 1 Complete t he “Pre-installat ion checklist” on page 1. 2 T ur n of f your computer . 3 Unplug the power fr om your cable or DSL modem. 4 Unplug the Ethernet cab le that i s c onnected f r om your ca ble or DSL modem to your computer .
Physically connecting your SOHO 8 6 T urn on the power to your cable or DSL mode m. W ait until the lights stop fla shing, indicating that the modem is ready.
User Guide 2.3 9 Physically connecting your SOHO The SOHO and SOHO|tc ship with a “1 0-seat” license. In other words, the SOHO allows up to ten computers on a network behind the SOHO to access the Internet.
Physically connecting your SOHO 10 8 Attach the power cor d to the SOHO and plug it into an outlet. 9 Restart your computer ..
User Guide 2.3 11 CHAP TER 2 Setting Up Y our SOHO Network How does a firewall work? Fu ndamentally , a firewal l is a way of diff erentiating between, as well as pr otecting, “us” fr om “them”. On the public side of your SOHO firewall i s the entire Internet.
Configuring your public network 12 N OTE The config uration ins tr uctions in this ch apter assume th at you are using Windows 95/98/ME. If this is not the case, see your operating system help or user guide to locate the equivalent options and comma nds.
User Guide 2.3 13 Configuring your public network of Ethernet and PPP by simulating a sta ndar d Dial-Up connection. It is popular among many ISP s because it enables them to use existing Dial- Up infrastructur e such as bill ing, authentication, and security for DSL and ca ble modems.
Configuring your public network 14 4 If “Ob tain an IP Address Automati cally” is sel ected, your computer is configur ed for dynamic DHCP . If “Ob tain an IP Address Automati cally” is not check ed, your computer is configured for st atic addressing.
User Guide 2.3 15 Configuring your public network Configuring t he SOHO pub lic network for dynami c a ddressin g Out of the box, the SOHO is configured to ob tain its public addr ess info rma tion auto ma tica lly , us in g dy nam ic DH CP .
Configuring your public network 16 Configuring t he SOHO publi c network for static addressing If you are ass igned a static addr ess, then you must transfer the permanent address assi gnment from your co mputer to the SOHO itself. Instead of communic ating directl y to your computer , the ISP will now communicate f irst through the SOHO.
User Guide 2.3 17 Configuring your public network 7 On most platf orms, click OK until the Cont rol P anel window clos es . 8 Shut down and reboot the compute r . On the SOHO: 1 Open your W eb browser . Click Stop . At this point, the Inter net connection is not fully co nfigured, and the computer cannot loa d yo ur home page from the Internet.
Configuring your public network 18 5 Enter the T CP/IP sett ings you copi ed from the computer when you started the install process. 6C l i c k Submit . T o complete SOHO Publi c Network configurati on, see “Release and renew the IP configur ation” on page 19.
User Guide 2.3 19 Configuring your public network 5 Enable the che ckbox labelled Use PP P oE to obta in conf igurat ion . 6 Enter the PPP oE login name supplied by your ISP . 7 Enter the PPP oE password supplied by your ISP 8 Enter the Inacti vity T imeou t period in minutes.
Configuring your private network 20 2 At the C: pr ompt, enter winipcfg . Press Enter . The IP Conf igur ation dialo g bo x appea rs. 3 V e rify that the informati on is di splayed for "E thernet Adapter ," not for "PPP Adapter ," which would apply for a dial-up telephone modem.
User Guide 2.3 21 Configuring your private network N OTE T o disab le the SOHO DHCP ser ver and as sign addres ses stat ically on your privat e network, op en the SOHO Confi guration men u, click P r ivate Network, an d dis able t he checkbox l abelle d Enab l e DHCP Server .
Changing the SOHO system name and password 22 Changing the S OHO system name and password P asswor ds are a b arrier between your computer and anyone trying to break in. They are the first line of defense in computer sec urity. They are, unfortunately , the mos t frequently overlook ed of all security measures .
User Guide 2.3 23 Default factory setti ngs 4C h e c k t h e Enable P assword ch eckbox. 5 Enter the system user name in the Name f ield. 6 Enter the system pa ssword in the Pa s s w o r d field. 7 Enter the system pa ssword again i n t he Retype P assword fie ld.
Defa u lt fa ctory se tt in gs 24 • Public network settings use D HCP N OTE DHCP must be enabled for you to be able to access the SOHO device when it bo ots up . Private Network • Private network IP addr ess: 192.168.11 1 .1 . • All computers on t he private network automaticall y receive their addresses using dynamic DHCP .
User Guide 2.3 25 T roubleshooting installation and network configuration Vir t u a l P r iv a t e N e tw or k in g • IPSec VPN is not installed. The SOHO|tc comes with the VPN F eature K ey , however you must first enable the VPN F eature K ey in order to configure virtual pr ivate networking.
T roubleshoo ting installation and network configuration 26 GENERAL What do th e ON and MODE lights signify on th e SOHO? When the ON light is illuminated, the SOHO has power .
User Guide 2.3 27 T roubleshooting installation and network configuration 5C l i c k Reboot and wait for the SOHO to fi nish rebooting. The MODE and ON light fl ash at diffe rent times during boot, which takes a bout a minute.
T roubleshoo ting installation and network configuration 28 C AUT ION This is a m ajor security ri sk. For instr uctio ns on how to a llow any incoming services, r efer to “ Adding the Any ser vice.
User Guide 2.3 29 T roubleshooting installation and network configuration 3C l i c k Add a Service and then c lick the service you want to add. F or UDP , you will need to se lect UDP on the For w ar d drop list and enter the r ange of port numbers in the port fields.
T roubleshoo ting installation and network configuration 30 3C l i c k VPN Configuration . 4C l i c k Configuring a SOHO to SOHO IPSec VPN T unnel . 5 Download and foll ow the instructions to configure y our VPN tunnel. TECHNICAL How do I reboot my SOHO? 1 Using y our W eb browser , go to http://192.
User Guide 2.3 31 T roubleshooting installation and network configuration factory defaults so con nect cables in or iginal configur ation and power up again.
T roubleshoo ting installation and network configuration 32 the LAN Link lights. They tell you if the SOHO is connected to a computer or hub through that LAN port.
User Guide 2.3 33 CHAP TER 3 Configuring Services for a SOHO How does information travel on the inte rnet? Each pack et of information tr anspor ted over the Internet must be packaged in a s pecial way to ensure th at it is abl e to travel f rom one computer to the next.
How does information travel on the internet? 34 address of the W atchGuard sit e is 209.19 1 .160.60 while the domai n name is www .watchguard.com. Protocol A protocol defines how a pack et is bundled up and packaged for shipment across a network.
User Guide 2.3 35 Allowing incoming services Allowing in co ming services By default, the sec urity stance of the SOHO is to deny unsolicited incoming packets to computers on the private network protec ted by the SOHO firewal l. Y ou can, however , selectively open your network to certain types of Internet connectiv ity.
Allowing incoming services 36 violate the compute r , they are stopped cold at the SOHO, never learning the true address of the computer . Adding a pre-configured incoming service Each service is defined b y a combination of In ternet protocols a nd port numbers to uniquely identify the connecti on type to application s and servers on the Internet.
User Guide 2.3 37 Allowing incoming services 7C l i c k Submit . The config uration cha nge i s saved to the SOHO and the Show Incomi ng R ules page a ppears. The inco ming ser vice r ules ar e identified by pr otocol, port, and destinat ion on the priva te network.
Allowing incoming services 38 9C l i c k Submit . The config uration change i s saved to the SOHO , and the Show Inco ming R ules pa ge appears. Adding an incomi ng s ervice with another type of protocol In addition to T CP and UDP , there are sever al other types of Internet protocols.
User Guide 2.3 39 Allowing incoming services C AUT ION Unfortu nately , the hole created us ing the Any service is indiscri minate. Any type of p acket can enter th rough this ser vice and be fo r warded automatically t o the private network address you pr ovide.
Blocking outgoing services 40 4C l i c k Remove a Service . A list of existing, incoming ser vices appears. Ser vices are identified by protoc ol, port number , and destin ation ad dress. 5 Enable the checkbox next to t he services you would like to rem ov e.
User Guide 2.3 41 Blocking outgoing services 2 Select Se rvices . The Ser vices menu appears. 3 Select Block ed Outgoing Services . The Blocked Outgoing Services Menu appears . In additio n, a list of blocked out going ser vices is displayed b eneath the menu identified b y protoc ol and port number .
Blocking outgoing services 42 6C l i c k Submit . The config uration change i s saved to the SOHO and the Blocked Ser vice List pag e appears. Removing a blocked outgoi ng s ervice At any time, you can reopen a service now required by your network.
User Guide 2.3 43 CHAP TER 4 Configuring Vi rtual Private Networking This chapter describ es an optional feature of the W atchGuard SOH O: v irtua l pri vate ne twor king wit h IPSec .
What you will need 44 encrypted Internet connection, a VPN connection eliminates a ny significant ri sk of data being r ead or altered by outside users a s it tra verses the Internet. What you will need 1 One W atchGuard SOHO with VPN and an IPSec-com pliant device.
User Guide 2.3 45 What you will need IP Addr ess T able (example) Item De scri ption A ssigned By Public IP Address The IP ad dress that identi fi es the SOHO to the Inter net.
What you will need 46 About Feature Keys When you purchase a SOHO, the software for all extended features is provided with that instal lation regar dless of whether you have actually purchased any of those f eatures. Once you ha ve purchased an extended fe ature, its F eature key all ows you to enable its software.
User Guide 2.3 47 Special considerations other IPSec-compliant de vices. T o download these instruct ions, open your W eb browser to: http://www .watchguar d.
Frequently asked questions 48 Frequently asked questions Why do I need a s tatic public address? T o create a VPN connection, one SOHO must be able to find its partner device. If the a ddresses were all owed to change, the SOHO could not find its remote computer .
User Guide 2.3 49 Frequently asked questions OK, ping is not working. If you cannot ping the local network address of the remote SOHO, take the f ollowing steps to classify the pr oblem: 1 Ping the public address of the remote SOHO. F or example, at Site A, ping 68.
Frequently asked questions 50.
User Guide 2.3 51 CHAP TER 5 Additional SOHO Featur es SOCKS for SOHO SOCKS is a network proxy filt er th at works with SOCKS-aware application s such as ICQ. A typical SOCKS-de pendent a pplic ation requires that sever al socke ts be opened and made avai lable to the Internet.
SOCKS for SOHO 52 SOHO SOCKS implementati on The SOHO SOCKS feature has the following c haracteristic s and lim itat io ns: • SOHO supports SOCKS version 5 only. • It is a limited version of SOCKS and does not support authentication, nor does it support Domain Name System (DNS ) reso lut io n.
User Guide 2.3 53 SOCKS for SOHO • If you can choos e different services or versi ons of SOCKS, choose SOCKS version 5.. • Select port 1080 for the application • F or the SOCKS proxy , enter the URL or IP addres s of the SOHO private network. The default IP addr ess is 192.
SOHO logging 54 5C l i c k Submit to register the cha nge. The SOHO is enabled aga in as a Pr oxy ser ver and read y to pass SOCKS packets. SOHO logging The W atchGuard SOHO genera tes an ongoing activity log stor ed on the SOHO. This l og stores a m aximum of 150 message s.
User Guide 2.3 55 Rebooting a W atchGuard SOHO 2C l i c k System Administr ation . The Sy stem Adm inistra tion m enu appe ars. 3 Select Re mote Logging . The S ecure R em ote Lo ggin g page app ears. 4 Check the box la beled Enable Remote Loggi ng . 5 Enter the IP address of the W atchGuard log server that will be your remote se cure log host.
Rebooting a W atchGuard SOHO 56 • Send an FTP command to the remote SOHO device. U se an FTP application to connec to the SOHO device, then enter the command: quote r ebt.
User Guide 2.3 57 CHAP TER 6 W atchGuar d SOHO W ebBlocker W atchGuard SOHO W ebBlocker i s an optional feature of the W atchGuard SOHO and SOHO|tc that pr ovides W eb site filtering capabilit ies. It gives you preci se contr ol over the types of W eb sites users on your private network are all owed to view .
How W ebBlocker works 58 site, the SOHO queries the W atchGuard da tabase and determines whether or not to block the site. The SOHO considers the following conditions in determining whether or not to .
User Guide 2.3 59 Purchasing and enabling SOHO W ebB locker those members of your private network who should be able bypass W ebBlocker . When a site is block ed or unavailable, the user has the option of entering t he full access passwor d. Wi th the password entered, t he browser displ ays the otherwise blocked si te.
W ebBloc ker categories 60 4 Enable the che ckbox labeled Enable W eb Blocking . This tur ns on SOHO WebBlocker . 5 Enter the full a ccess passwor d. The full access password gives selected users a password that b ypasses otherwise blocked sit es. 6 Enter the password expiration dura tion in minutes.
User Guide 2.3 61 W ebBlocker categ ories N OTE In all of the categories sites to be blocked are selected by advocacy r ather than opini on or educati onal mater ial. F or example, the Drugs/Drug Cultur e categor y blocks s ites descr i bing how to g row and use mar ijuana but does not block sites discussing t he historical use of marijuana .
W ebBloc ker categories 62 their primary pu rpose to alter the individual’s state of min d, su ch as g lue s niff ing . Th is d oes not incl ude (th at is , if selected these si tes would not be W e.
User Guide 2.3 63 W ebBlocker categ ories Sear ch Engines Search e ngine sites such as AltaV ista, InfoSeek , Y ahoo!, and We b C r a w l e r . Sports and Le isure Pictures or text des cribing spor ti ng events, spor ts figures, or other entertainment activities .
Searching for blocked sites 64 sites hosted by muse ums such as the Guggenheim, the Louvre, or the Museum of Modern Art. P artial /Artistic Nudity Pictur es exposing the female breast or full exposure of eith er m ale o r f e mal e bu ttoc ks ex cep t wh en ex po sing genitalia which is handled under the F ull Nudity category.
User Guide 2.3 65 Index A Adding i ncoming services 37, 38 Allowing incoming se rvices 35 Any ser vice, adding 38 B Blocked outgoing service, removing 42 block ed si tes in WebB locker 64 Blockin g alternative prot oco ls 41 Blockin g outgoing s er vices 40 Browse r Internet Explo rer disab ling HTTP pr oxy 5 Net sca pe 4 .
66 Default gateway 44 Default IP address, SOHO 24 disa bling HT TP pr oxy 5 Disabling SOCKS 52 , 53 DNS ser vice primary IP ad dress 44 secondary IP address 44 Domain name 44 E Encr yption, SOHO 47 Ex.
User Guide 2.3 67 private net work defaul t factory settings 24 Networ k address 44 Networ k Address T rans lation 35 O Outgoing s er vices blocking 40 blocking T CP 40 blocking U DP 40 P P art numb e.
68 T ro uble shoot ing 45 checking link LED 25 connecting more than tw o o ffices 48 pingin g 48 static IP addre ss 48 U UDP adding inco ming 37 blocking o utgoing 40 Unix, setting TCP/IP 3 URL data b.
An important point after buying a device WatchGuard Technologies WatchGuard SOHO and SOHO | tc (or even before the purchase) is to read its user manual. We should do this for several simple reasons:
If you have not bought WatchGuard Technologies WatchGuard SOHO and SOHO | tc yet, this is a good time to familiarize yourself with the basic data on the product. First of all view first pages of the manual, you can find above. You should find there the most important technical data WatchGuard Technologies WatchGuard SOHO and SOHO | tc - thus you can check whether the hardware meets your expectations. When delving into next pages of the user manual, WatchGuard Technologies WatchGuard SOHO and SOHO | tc you will learn all the available features of the product, as well as information on its operation. The information that you get WatchGuard Technologies WatchGuard SOHO and SOHO | tc will certainly help you make a decision on the purchase.
If you already are a holder of WatchGuard Technologies WatchGuard SOHO and SOHO | tc, but have not read the manual yet, you should do it for the reasons described above. You will learn then if you properly used the available features, and whether you have not made any mistakes, which can shorten the lifetime WatchGuard Technologies WatchGuard SOHO and SOHO | tc.
However, one of the most important roles played by the user manual is to help in solving problems with WatchGuard Technologies WatchGuard SOHO and SOHO | tc. Almost always you will find there Troubleshooting, which are the most frequently occurring failures and malfunctions of the device WatchGuard Technologies WatchGuard SOHO and SOHO | tc along with tips on how to solve them. Even if you fail to solve the problem, the manual will show you a further procedure – contact to the customer service center or the nearest service center
