Скачать презентацию Firewall Basics with Fireware v 9 1 for
e06da6b7b3f440b635e6b6f9826b64e1.ppt
- Количество слайдов: 139
Скачать презентацию Firewall Basics with Fireware v 9 1 for
Скачать презентацию Firewall Basics with Fireware v 9 1 for
Firewall Basics with Fireware v 9. 1 for Watch. Guard System Manager v 9. 1
Course Introduction 2
Course Introduction Objectives • Understand use the basic management and monitoring components of Watch. Guard System Manager • Understand how to configure a Watch. Guard Firebox X Core or Peak e. Series device for your network environment • Understand how to create basic security policies for your Firebox to enforce • Understand how to use security services to expand Firebox functionality 3
Course Introduction Audience This course is intended for network administrators who have a Firebox X Core or Peak. A basic understanding of TCP/IP networking is required. 4
Course Introduction Environment To use this training presentation: • It is helpful, but not necessary, for you to have Watch. Guard System Manager installed on your computer • It is not necessary to have a Firebox X Core or Peak • We recommend you view or print the instructor’s notes for this presentation, as they contain additional details which may be helpful 5
Course Introduction Outline This course includes sections on: • Getting Started with your Firebox X Core or Peak • Introducing Policy Manager • Using Policy Manager to Configure Network Settings • Using Policy Manager to Configure Policies • Working with Proxy Policies • Web. Blocker • spam. Blocker • Gateway AV/IPS • Policy Manager Intrusion Prevention • Firebox Administration • Working with Firebox Log Messages 6
Course Introduction Exam • The Watch. Guard Certified System Professional exam is available for all Watch. Guard partners. The exam is based on the contents of this course. Studying the information in this courseware can help you prepare to take the exam. • If you are a WCSP, you can find the exam at: https: //www. watchguard. com/training/Cert. Central. asp 7
Getting Started with your Firebox X Core or Peak 8
Getting Started Management and Appliance Software To configure a Watch. Guard Firebox, you must install two software packages: • Watch. Guard System Manager (WSM) – The management software you use to configure, manage, and monitor your Firebox. • Fireware Appliance Software – The software that is installed on the Firebox itself. 9
Getting Started Management Station Your management station is a PC running Windows 2000, Windows XP, Windows 2000 Server, or Windows 2003 Server. • You install WSM on your management station to configure, manage, and monitor your Firebox. • You also install Fireware appliance software on your management station. Use WSM to put Fireware on your Firebox. 10
Getting Started Components of WSM includes a set of management and monitoring utilities: • Policy Manager • Firebox System Manager • Log. Viewer • Host. Watch • Historical Reports 11
Getting Started Server Software When you install WSM on your management station, you have the option to install any or all of these server components: • Management Server – Use to manage all firewall devices and create VPN (virtual private network) tunnels using a simple drag-and-drop function. • Log Server – Collects log messages from each Watch. Guard Firebox. • Web. Blocker Server – Operates with the Firebox HTTP proxy to deny user access to specified categories of web sites. • Quarantine Server – Collects and isolates mail confirmed as spam by spam. Blocker 12
Getting Started Registering your Firebox Before you can begin to configure your Firebox, you must register your Firebox to your Live. Security account. • If you have not created a Live. Security profile with a user name and password, you must create it before you register your Firebox. • You must have your Firebox serial number when you log in to Live. Security to register your device. 13
Getting Started Quick Setup Wizard The Quick Setup Wizard works with a Firebox X Core or Peak e-Series device and allows you to: • Install Fireware appliance software on the Firebox • Create and upload a basic configuration file • Assign passphrases to control access to the Firebox 14
Getting Started Preparing to use the Quick Setup Wizard Before you start the Quick Setup Wizard, you must have: • The feature key for your Firebox When you register your Firebox with Live. Security, a feature key is created that is unique to the serial number of the device. Save a copy of the feature key to complete the Quick Setup Wizard. • Installed WSM and Fireware on your management station Download the latest versions from the Live. Security /software downloads site. Note that WSM and Fireware separate software downloads. You must download and install both packages. • Network information You must know the IP address of your gateway router, and IP addresses to give to the external and trusted interfaces of the Firebox. 15
Getting Started Starting the Quick Setup Wizard For the Quick Setup Wizard to operate correctly, you must: • Assign a static IP address to your management workstation from the same subnet that you plan to assign to the Trusted interface of the Firebox. • Connect the Firebox to a power source. Hold down the down arrow on the front of the Firebox while you turn on the power switch. Hold the button until the LCD display shows “Watch. Guard Technologies. ” • Connect your management station’s Ethernet interface to the eth 1 interface of the Firebox. • Launch Watch. Guard System Manager (WSM) and launch the Quick Setup Wizard from the WSM > Tools menu. 16
Getting Started Starting the Quick Setup Wizard The QSW asks you to choose which model of Firebox you are configuring. 17
Getting Started Starting the Quick Setup Wizard If you have connected your workstation to the Firebox correctly, the QSW will automatically detect the Firebox and identify its model and serial number. Verify that this information is correct. 18
Getting Started Naming Your Firebox The name you assign to the Firebox in the wizard is used to: • Identify the Firebox in WSM • Identify the Firebox log file • Identify the Firebox when you use Historical Reports 19
Getting Started Adding a Feature Key If you have purchased additional options for your Firebox and already registered them with Live. Security, the feature key will reflect those features. You can register the features later and update your feature key using Policy Manager. 20
Getting Started Configuring the External Interface The IP address you give to the external interface can be: • A static IP address • An IP address assigned with DHCP • An IP address assigned with PPPo. E You must also add an IP address for the Firebox default gateway. This is the IP address of your gateway router. 21
Getting Started Configuring Trusted and Optional Interface To configure the trusted and optional interfaces, you must select one of these configuration options: Routed Configuration – Each interface is configured with an IP address on a different subnet. Drop-in Configuration – All Firebox interfaces are configured with the same IP address. Use drop-in mode when devices from the same publicly addressed network are located on more than one Firebox interface. 22
Getting Started Understanding Drop-in configurations In drop-in mode: • You must assign the same primary IP address to all interfaces on your Firebox (external, trusted, and optional). • You can assign secondary networks on any interface. • You can keep the same IP addresses and default gateways for hosts on your trusted and optional networks, and add a secondary network address to the Firebox interface so the Firebox can correctly send traffic to the hosts on these networks. 23
Getting Started Setting Passphrases You define two passphrases for the Firebox. Passphrases must be at least 8 characters long and different from each other: • Status passphrase – used for readonly connections to the Firebox. • Configuration passphrase – used for read-write connections to the Firebox. 24
Getting Started Completing the Quick Setup Wizard • The wizard is complete when it has saved a basic configuration to the Firebox. • You are now ready to put your Firebox in place on your network. • Remember to reset your management station to get its IP address in its usual way. 25
Introduction Policy Manager Introduction to to Policy Manager 26
Introduction to Policy Manager Launch WSM from Windows Start > All Programs > Watch. Guard System Manager 9. 1 > Watch. Guard System Manager to monitor and configure your Firebox. From WSM, connect to the Firebox. Once connected, you can monitor the device or launch Policy Manager to configure the device. 27
Introduction to Policy Manager What is Policy Manager? • Policy Manager is the off-line editing tool used to modify the configuration of your Firebox. • Changes made in Policy Manager do not take effect until you save them to the Firebox. • Launch Policy Manager from WSM. 28
Introduction to Policy Manager Navigating Policy Manager Use drop-down menus to configure many basic and advanced Firebox features. 29
Introduction to Policy Manager Navigating Policy Manager • Security policies controlling traffic through the Firebox are represented by icons in the Policy Manager. • To edit security policies, double-click on an icon. • To display policies in list view, select View > Details. 30
Using Policy Manager to Configure Network Settings 31
Network Settings Beyond the Quick Setup Wizard The Quick Setup Wizard configures the Firebox with an external, trusted, and optional network only. 32
Network Settings Network Configuration Options Use Policy Manager to: • Modify a configured interface’s properties • Change the interface type (from trusted to optional, etc. ) • Add secondary networks and addresses • Enable DHCP server on the Firebox • Configure additional interfaces • Configure WINS/DNS settings for the Firebox • Add network or host routes • Configure NAT 33
Network Settings Interface Types You can identify each interface as external, trusted, or optional. In most cases, these terms refer to: • External – Connects to your gateway router. • Trusted – Connects to your LAN of desktop computers or workstations, not accessible from the public internet • Optional – Connects to a network of servers that need to be physically separate from the trusted network and accessible from the public internet, such as web and mail servers. 34
Network Settings Interface Independence • You can change the interface type of any interface configured with the Quick Setup Wizard. • You can choose the interface type of any additional interface you enable. 35
Network Settings Secondary Networks • A secondary network is a network that shares one of the same physical networks as one of the Firebox interfaces. • A secondary network adds an IP alias to the interface. This IP alias is the default gateway for all the computers on the secondary network. 36
Network Settings Secondary Addresses • If your external interface is configured with a static IP address, you can add an IP address on the same subnet as a secondary network. • For example, configure an external secondary network with a second public IP address if you have two public SMTP servers. 37
Network Settings Enabling DHCP Server • The Firebox can act as a DHCP server for clients on any interface configured as trusted or optional. • To configure DHCP server on a Firebox interface, identify the first and last IP addresses in the range you want the Firebox to assign. 38
Network Settings WINS/DNS The Firebox needs WINS/DNS information to: • Resolve names to IP addresses for IPSec VPNs and for the spam. Blocker, Gateway AV and IPS features to operate correctly. • Allow DHCP clients on the trusted or optional networks, MUVPN users, and PPTP RUVPN users to resolve DNS queries. 39
Network Settings Network or Host Routes • Create static routes to send traffic from a Firebox interface to a router. The router can then send the traffic to the correct destination from the specified route. • If you do not add a route to a remote network or host, all traffic to that network or host is sent to the Firebox default gateway. 40
Configuring Policies Using Policy Manager to Configure Policies 41
Configuring Policies What is a Policy? • A rule to limit access through the Firebox • Can be configured to allow traffic or deny traffic • Can be enabled or disabled • Applies to specific port(s) and protocols • Applies to specific internal hosts or subnets and external hosts or subnets 42
Network Settings Firebox Dynamic NAT: • The Firebox applies its public IP address to the outgoing packets for all connections or for specified services • Is used to hide the IP addresses of internal hosts when they get access to public services • Is enabled by default for valid RFC 1918 networks to any external interface 43
Configuring Policies Adding Policies • To add a policy, select Edit > Add Policy. • Add a policy from the pre-defined Packet Filters list, the Proxies list, or create a Custom policy. 44
Configuring Policies Changing Source and Destinations You can: • Select a pre-defined alias, then click Add. • Click Add User to select an authentication user or group. • Click Add Other to add a host IP address, network IP address, or host range. 45
Configuring Policies Packet Filters and Proxies • Packet Filter – Examines the IP header of each packet. Works at the network and transport protocol packet layers. • Proxy – Examines the IP header AND the content of a packet (at the application layer of a packet). If the content does not match the criteria you set in your proxy policies, it denies the packet, or removes disallowed content. A proxy: • Removes all the network data • Examines the contents for RFC compliance and content type • Adds the network data again • Sends the packet to its destination 46
Configuring Policies When do I use a custom policy? Use a custom policy: • If none of the pre-defined policies include the specific combination of ports that you want. • If you need to create a policy that uses a protocol other than TCP or UDP. • Note: A custom policy can be either a packet filter or proxy policy. 47
Configuring Policies Modifying Policies To edit a policy, double-click the policy icon. By default: • A new policy is enabled and allowed. • It allows traffic on the port(s) specified by the policy. • It allows traffic from any trusted source to any external destination. 48
Configuring Policies Changing Source and Destinations To modify the default source and destination, click Add and define a new source or destination. 49
Configuring Policies Policy Properties The Policy Properties tab lets you: • See the ports and protocols defined in the policy. • Set logging and notification rules for the policy. • Auto-block the source of denied traffic (if the policy is configured to deny traffic). • Set a custom idle time out for the policy. 50
Configuring Policies Proxy Policy Properties When you configure a proxy policy, use the Policy Properties tab to apply a proxy action to the policy. 51
Configuring Policies Advanced Policy Properties Click the Advanced tab to configure: • Schedule • Qo. S • NAT rules • Sticky connection settings (if you use multi-WAN) • ICMP error handling 52
Configuring Policies Scheduling Policies When you apply a schedule to a policy, you set the times of day you want a policy to be enabled. For example: If you only want users to surf the Web between 10: 00 am and 12: 00 am, apply a schedule to your HTTP policy that looks like this: 53
Configuring Policies NAT • You can customize NAT in each policy. • The settings in Network > NAT apply unless you modify the NAT settings in a policy. • Use the Set Source IP option when you want any traffic that uses this policy to show a specified address from your public or external IP address range as the source IP address. 54
Configuring Policies Qo. S • Qo. S (Quality of Service) is available only for Fireware Pro users. • Use Qo. S to set the priority for traffic in a policy. 55
Configuring Policies What is Precedence? • Precedence is used to decide which policy will control a connection when more than one policy could control that connection. • If you look at your policies in list view, the higher the policy appears in the list, the greater its precedence. If two policies could apply to a connection, the policy higher in the list will control that connection. 56
Configuring Policies Changing Precedence • Policy Manager automatically orders the policies when you add and configure them. • To manually order your policies: 1. Select View > Details. 2. Clear the View > Auto-Order Mode option. 3. Drag and drop policies to change the order the policies appear in the list. 57
Configuring Policies The Watch. Guard Policy: • Controls management connections to the Firebox. • By default allows only local administration of the Firebox. You must edit the configuration to allow remote administration. 58
Configuring Policies The Outgoing Policy • Added automatically by the Quick Setup Wizard. • Includes all TCP and UDP ports. • Allows all TCP and UDP traffic from any trusted or optional source to any external source. • Acts as a packet filter, not a proxy, and applies no content filtering restrictions by default. 59
Configuring Policies Find Policy Tool Fireware now features a utility to find policies that match the search criteria you specify. With Find Policies you can quickly check for any and all matching policies for addresses, port numbers, and protocols. 60
Working with Proxy Policies 61
Proxies What is a Proxy? • A proxy is a powerful and highly customizable application inspection engine and content filter. • A packet filter looks at IP header information only; a proxy looks at application data for content specific to the application being examined. • A proxy looks beyond the header to the contents of the packet. 62
Proxies What is a Proxy Action? • A set of rules that tell the Firebox how to apply one of its proxies to traffic of a specific type. • You can apply a proxy action to one policy, or multiple policies. 63
Proxies Fireware Proxies • DNS • FTP • HTTP • SMTP • POP 3 • TCP (applies the HTTP proxy to HTTP traffic on all TCP ports) 64
Proxies Import/Export Proxy Actions Entire proxy actions • Only user-created; not predefined Rulesets • Must be in Advanced View to import/export Web. Blocker Exceptions spam. Blocker Exceptions 65
Proxies Proxy Actions • You can apply a predefined proxy action, or clone a predefined proxy action and create a custom proxy action. • You cannot modify the settings of a predefined proxy action. • Each proxy action includes multiple rulesets to give you control over different components of a proxied connection. 66
Proxies Proxy Actions Watch. Guard provides two predefined proxy actions for each type of proxy: • Client/Outgoing proxy action – includes default settings to protect clients connecting to servers external to the Firebox. • Server/Incoming proxy action – includes default settings to protect servers behind the Firebox. 67
Proxies Quick Setup Wizard and Proxies The Quick Setup Wizard does not include any proxy policies by default. The Outgoing and FTP policies included by the Quick Setup Wizard use packet filters only, not proxies, in Fireware v 9. 0 and higher. Because no proxies are used by the Firebox by default, there are no default restrictions on the types of files which users can download from the Internet or the types of files they can upload. To add these types of restrictions to the Firebox configuration, proxy policies must be added to the Firebox configuration. 68
Proxies and Logging • Each ruleset includes its own option to enable logging. • To get detailed reporting on proxied connections, you must enable Turn on Logging For Historical Reports in the general settings of each proxy action. 69
Proxies DNS Proxy • Protects your DNS server from malicious or malformed connection requests and query types. • Works with Intrusion Prevention Service. 70
Proxies FTP Proxy • Restricts the types of commands and files that can be sent through FTP. • Works with the Gateway AV and the Intrusion Prevention Service (Gateway AV/IPS). 71
Proxies SMTP Proxy • Highly customizable proxy to restrict the types and size of files sent and received in email. • Works with Gateway AV/IPS and spam. Blocker. 72
Proxies POP 3 Proxy • • 73 Highly customizable proxy to restrict the types and size of files sent and received in email. Works with GAV/IPS and spam. Blocker.
Proxies HTTP Proxy • Highly customizable proxy to restrict commands, headers, and file types that can be sent in an HTTP connection. • Works with GAV/IPS and Web. Blocker. 74
Web. Blocker 75
Web. Blocker What is Web. Blocker? Web. Blocker is a tool to filter access to specific web sites. • Install a Web. Blocker database on local server(s) – the Web. Blocker Server. • Configure your Firebox to query the Web. Blocker Server. • Works with the HTTP Proxy. If an HTTP client proxy action is not active, you cannot use Web. Blocker. 76
Web. Blocker The Web. Blocker Database • Database created and maintained by Surf. Control™. • Database updates keep filtering rules current. • 40 categories of web sites that you can allow or deny for different groups of users and different times of day. 77
Web. Blocker Advanced Web. Blocker Settings From the Web. Blocker > Advanced tab, you can control what happens if the Firebox cannot contact the Web. Blocker Server. You can: • Allow access to all web sites. • Deny access to all web sites. 78
Web. Blocker Exceptions • Add exceptions for web sites that Web. Blocker denies and you want to allow (white list). • Add web sites that Web. Blocker allows and you want to deny (black list). 79
spam. Blocker 80
spam. Blocker What is spam. Blocker? • Uses technology licensed from Commtouch™ to identify spam, bulk, or suspect email. • No local server to install. You can optionally install Quarantine Server, but it is not necessary for spam. Blocker to work correctly. • Firebox queries external classification servers and caches results. • Works with the SMTP proxy. You must have an SMTP proxy action configured to use spam. Blocker. 81
spam. Blocker Actions For each category (spam, bulk, or suspect email), configure the action you want the Firebox to take: • Allow • Add Subject Tag • Quarantine • Deny • Drop 82
spam. Blocker Exceptions You can configure exceptions for specific senders or recipients by: • Individual email address • Domain by pattern match (*@xyz. com) 83
Quarantine Server Gateway Anti. Virus/ Intrusion Prevention Service (GAV/IPS) 84
Quarantine Server Quarantine spam • Works with spam. Blocker and the SMTP proxy only (not POP 3) • Install with server components during WSM install Launch from icon in Watch. Guard toolbar 85
Quarantine Server Configuration Watch. Guard Quarantine Server is highly configurable. You can set: • Database size and admin notification • Server settings • How long to keep messages • For which domains the Quarantine server will keep mail • Rules - Automatically remove messages based on: • From specific senders • From specific domains • With specific text in the Subject 86
Gateway Anti. Virus/ AV/IPS Intrusion Prevention Service (GAV/IPS) 87
Gateway AV/IPS What is Gateway AV/IPS? • Signature-based antivirus and intrusion prevention service. • Firebox downloads signature databases at regular, frequent intervals. • Gateway AV works with SMTP, HTTP, FTP, and TCP proxy. • IPS works with all proxy actions when IPS is enabled in a policy. 88
Gateway AV/IPS Wizards • Gateway AV and IPS can be enabled and configured with wizards you launch from the Tasks menu. • The wizards ask you to select which proxy policies you want to configure Gateway AV or IPS for. 89
Gateway AV/IPS Gateway AV and the SMTP Proxy When an email attachment contains a known virus signature, the Firebox can: • Allow – attachment goes through with no change. • Lock – attachment can only be opened by administrator. • Remove – attachment is stripped from the email. • Drop – entire email is denied without acknowledgement. • Block – email is denied and sending server is added to blocked sites list. 90
Gateway AV/IPS Gateway AV and the HTTP proxy The HTTP proxy applies Gateway AV settings: • To requests to specific URL paths defined in your configuration. • To responses that include specific file types defined in your configuration. 91
Gateway AV/IPS Gateway AV and the HTTP proxy When Gateway AV finds a known virus signature in an HTTP session, the Firebox can: • Allow – file goes through with no change. • Drop – HTTP connection is denied. • Block – HTTP connection is denied and web server is added to blocked sites list. 92
Gateway AV/IPS Gateway AV and the FTP Proxy The FTP proxy applies Gateway AV settings: • To downloaded files allowed in your configuration. • To uploaded files allowed in your configuration. 93
Gateway AV/IPS Gateway AV and the FTP Proxy When Gateway AV finds a known virus signature in an FTP session, the Firebox can: • Allow – file goes through with no change. • Deny - Denies the transaction and sends a deny message. • Drop – FTP connection is dropped immediately. • Block – FTP connection is denied and offending IP is added to blocked sites list. 94
Gateway AV/IPS Gateway AV Settings • Select if you want Gateway AV to decompress file formats such as. zip or. tar and set the number of levels to scan. • Gateway AV for SMTP now supports in-line scanning, so there is no need to set the maximum size of email attachments to scan for viruses. 95
Gateway AV/IPS Updates to Signatures and Engine • To protect against latest viruses, enable automatic updates to Gateway AV signatures at frequent intervals. • Automated Gateway AV engine updates assure you latest functionality. • You now have the option to send update requests through a proxy server. 96
Gateway AV/IPS Configuring IPS in a proxy policy Signatures are divided into three severity levels: high, medium, and low When an IPS signature is matched, the Firebox can: • Allow – lets traffic pass. • Deny – denies traffic and sends a deny message. • Drop – drops the connection immediately without acknowledgement. • Block – drops the connection and adds the source to the blocked sites list. 97
Gateway AV/IPS and the HTTP Proxy Protects your own web server, and your trusted users making connections to external web servers You can enable specific IPS signature categories for: • Instant Messaging clients • Peer to peer clients • Spyware categories 98
GAV/IPS Updates to IPS Signatures and Engine • To protect against latest intrusions, enable automatic updates to IPS signatures at frequent intervals • Automated IPS engine updates make sure you have latest functionality. 99
Gateway AV/IPS Monitoring Gateway AV and IPS From Firebox System Manager, select the Security Services tab to see status of Gateway AV and IPS signatures and manually request updates. 100
Policy Manager Intrusion Prevention 101
Intrusion Prevention Blocking Sites and Ports Policy Manager’s Blocked Sites and Ports features: • Block all traffic from specific IP addresses, subnets, or on specific ports. • Take precedence over policy configuration. • Allow you to take extra precaution against known security risks on the Internet associated with specific IP addresses or ports, such as the Blaster worm, which infected systems on TCP port 135. 102
Intrusion Prevention Blocked Sites Configuration • Static configuration – Add specific IP addresses or subnets to be permanently blocked. • Dynamic configuration – Enable auto-blocking as part of configuration in many different places in Policy Manager, such as: • • • 103 Proxy actions Default packet handling settings Policy configuration
Intrusion Prevention Auto-blocking sites • Each policy configured to deny traffic has an active check box to auto-block the source of denied traffic. The source IP address of any packet denied by the policy is automatically added to the Blocked Sites List. 104
Intrusion Prevention Auto-blocking sites • When you select a proxy action of “Block”, the IP address denied by the proxy action is automatically added to the Blocked Sites List. 105
Intrusion Prevention Configuring Auto-blocking • Configure the amount of time to auto-block sites in Policy Manager > Setup > Intrusion Prevention > Blocked Sites > Autoblocked tab. • You can add Blocked Sites Exceptions if there is an IP address you want to make sure is never auto-blocked. 106
Intrusion Prevention Default Packet Handling • A set of configurable thresholds for the detection of potentially hostile activity, such as syn floods, IKE floods, DDo. S attacks, or address probes. • Any activity above threshold results in the Firebox dropping connections, or adding sites to the Blocked Sites List. • Default thresholds are meant as a benchmark for an average user and may need to be adjusted for your environment. 107
Firebox Administration 108
Firebox Administration Changing your passphrases • We recommend you change your status and configuration passphrases frequently. • To change your passphrases in Policy Manager, select File > Change Passphrases. 109
Firebox Administration Backing up your configuration • Back up your configuration image before you make any major change to your configuration and before you upgrade to a new WSM or Fireware version. • To back up your configuration image, from Policy Manager select File > Backup. 110
Firebox Administration Adding New Licensed Features • If you purchase a new feature or renew a subscription service, you must activate your feature and get a new feature key from the Live. Security web site. • To add your new feature key to Policy Manager, select Setup > Feature Keys > Add. 111
Firebox Administration Upgrading your Firebox To upgrade to a new version of Fireware, use these steps: 1. Back up your existing Firebox image. 2. Download and install the new version of Fireware on your management station. 3. From Policy Manager, select File > Upgrade. Browse to the location of. wgu upgrade file. 112
Firebox Administration Fireware Web Server Certificate Why does the user get warnings from the browser? 1. Name on certificate does not match the URL. • • Fix with Fireware web server certificate. Uses subject alt names to match several possible URLs. 2. Certificate is not trusted. • 113 User still needs to import the certificate to trusted root store.
Firebox Logging Working with Firebox Log Messages 114
Firebox Logging Introduction to Log Server • You can install the Log Server on your management station, or another Windows-based computer. • Log Server is not required for Firebox operation, but we recommend you configure a Log Server and regularly review log messages as part of your security policy. • The Firebox generates encrypted log messages in XML and sends them to the Log Server. The Log Server decrypts and stores the messages in log files. • The Log Server can store log messages for more than one Firebox at the same time, each in its own file. 115
Firebox Logging Configuring Logging For log messages to be correctly stored on the Log Server, you must: 1. Install the Log Server software. 2. Configure the Log Server. 3. Configure the Firebox to send log messages to the Log Server. 116
Firebox Logging Installing the Log Server From the WSM installer, select to install the Log Server component. • The Log Server does not have to be installed on the same computer that you use as your management station. • The Log Server should be on a computer with a static IP address. 117
Firebox Logging Configuring the Log Server • To configure, right-click the Log Server icon on your Windows toolbar and select Start service. • Set a log encryption key. You will use this same key when you configure the Firebox to send log messages to this Log Server. 118
Firebox Logging Configuring the Firebox for Logging • In Policy Manager, select Setup > Logging to configure the Firebox with a Log Server. • You must have the same log encryption key you entered in your Log Server configuration. • You can configure backup Log Servers in case your primary Log Server fails. 119
Firebox Logging Log Server Status and Configuration Right-click the Log Server option and select Status/Configuration to: • See which Firebox devices are currently sending log messages to this Log Server. • Set interval for starting new log files based on time or size of file. • Schedule automatic generation of Historical Reports. • Configure notification options. 120
Firebox Logging Setting Rules for Logging • The Firebox generates log messages for many different types of activities. • You control what log messages are stored on the Log Server – most features include options to turn logging on or off. 121
Firebox Logging Setting Rules for Logging You can also configure the Firebox to send detailed diagnostic logging if you are troubleshooting a specific problem. 122
Firebox Logging Notification When you turn on logging, you can also enable notification or trigger an SNMP trap. Notification options include: • Send email to specific email address. • Pop-up notification on Log Server. 123
Firebox Logging Default Logging Policy • When you create a policy that allows traffic, logging is not enabled by default for that policy. • When you create a policy that denies traffic, logging is enabled by default. • If denied traffic does not match a specific policy, it is logged by default. 124
Firebox Logging and Proxies • Proxy policies contain many more advanced options for logging than packet filter policies. • Each proxy category has its own check box to turn on logging. 125
Firebox Logging and Proxies If you want detailed Historical Reports with information on packets handled by proxy policies, make sure you select this option in each proxy action: Turn on logging for Historical Reports 126
Firebox Logging Viewing Log Messages You can see log messages with two different tools: • Traffic Monitor – Real-time monitoring from any computer running WSM. • Log. Viewer – Shows full log file stored on the Log Server. 127
Firebox Logging Traffic Monitor To see real-time traffic, select Firebox System Manager > Traffic Monitor 128
Firebox Logging Traffic Monitor From Traffic Monitor, right-click on a log message to get more information or take action. 129
Firebox Logging Log. Viewer • Launch Log. Viewer from WSM and open the log file you want to see. • Log. Viewer includes search features to help you find specific log messages. 130
Firebox Logging Historical Reports creates reports from the log files that are recorded on the Log Server. With the advanced features of Historical Reports, you can: • Set a specified time period for a report. • Customize the report with data filters. • Consolidate different log files to create a report for a group of Fireboxes. • Show the report data in different formats. 131
Firebox Logging Historical Reports After you define a report, use the Log Server Status/Configuration dialog box to automate your report on a schedule you select. 132
Firebox Logging Historical Reports – Tips and Tricks • If you do not see data that you expected to see, make sure you have turned on the logging options in Policy Manager that control that data. • Make sure the computer on which you are using Historical Reports has access to the log files on the Log Server. • When you use the HTML reporting option, make sure to check the option: Execute Browser Upon Completion. This opens the report in your default web browser when the report is generated. • The HTTP Proxy report and Denied Packet Summary report are particularly useful for new Firebox customers. • If you select the option to resolve DNS in your reports (recommended), you must be patient – this can take a long time. 133
Monitoring your Firebox and your network 134
Monitoring your Firebox Performance Console With the Performance Console, users can monitor and graph the following information: • System Information-Firebox statistics such as total active connections and cpu usage. • Interfaces - total sent and received packets through the firebox interfaces. • Policies – Total connections, current connections, discards. • VPN Peers – Inbound and outbound SA’s, Inbound and outbound packets. • Tunnels – Inbound and outbound packets, Auth errors, and replay errors. 135
Monitoring your Firebox Performance Console After you create a counter, you see it graphed out in intervals that you set. 136
Monitoring your Firebox Performance Console You can monitor packets processed by policy name. 137
Monitoring your Firebox Host. Watch shows the connections through a Firebox from the trusted network (including VLAN’s) to the external network. Create any combination of interfaces to monitor using regular expressions. 138
Thank You 139
Скачать презентацию Firewall Basics with Fireware v 9 1 for
e06da6b7b3f440b635e6b6f9826b64e1.ppt