Watchguard Firebox X10E Reference Manual

Other manuals for Firebox X10E: Install Manual, Reference Manual, User Manual, Quick Start, Quick Start Manual, User Manual, User Manual, Reference Manual, Hardware Manual, User Manual, Quick Start Manual, Quick Start Manual, Quick Reference Manual

Manual is about: Watchguard Firebox X1000: User Guide

Page of 78

Download

Print this page

Bookmark us

WatchGuard

Firebox

™

System

Reference Guide

Firebox System 4.6

1 2 3 4 5 6 7 Next › »

Summary of Firebox X10E

Page 1
Watchguard ® firebox ™ system reference guide firebox system 4.6.
Page 2
Ii disclaimer information in this guide is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, for any purpose, withou...
Page 3
User guide iii table of contents chapter 1 internet protocol reference ............................................. 1 internet protocol header ................................................................ 1 internet protocol options ..................................................................
Page 4
Iv chapter 6 firebox read-only system area ....................................39 initializing a firebox using hands-free installation ......................40 initializing a firebox using a serial cable ......................................40 initializing a firebox using a modem .....................
Page 5
Reference guide 1 chapter 1 internet protocol reference internet protocol (ip) specifies the format of packets and the addressing scheme for sending data over the internet. By itself, it functions like a postal system allowing you to address a package and drop it into the system. There is, however, ...
Page 6
Internet protocol header 2 ip header number list the ip protocol header contains an 8-bit field that identifies the protocol for the transport layer for the datagram. Protocol 8 bits ip protocol number. Indicates which of tcp, udp, icmp, igmp, or other transport protocol is inside. Check 16 bits che...
Page 7
Reference guide 3 internet protocol header rdp 27 reliable data protocol irtp 28 internet reliable transaction iso-tp4 29 iso transport protocol class 4 netblt 30 bulk data transfer protocol mfe-nsp 31 mfe network services protocol merit-inp 32 merit internodal protocol sep 33 sequential exchange pr...
Page 8
Internet protocol header 4 visa 70 visa protocol ipcv 71 internet packet core utility cpnx 72 computer protocol network executive cphb 73 computer protocol heart beat wsn 74 wang span network pvp 75 packet video protocol br-sat-mon 76 backroom satnet monitoring sun-nd 77 sun ndprotocol-temporary wb-...
Page 9
Reference guide 5 internet protocol options internet protocol options internet protocol options are variable-length additions to the standard ip header. Ip options can either be of limited usefulness or very dangerous. There are several kinds of ip options: security control routing of ip packets tha...
Page 10
Transfer protocols 6 • often used for services involving the transfer of small amounts of data where retransmitting a request is not a problem. • used for services such as time synchronization in which an occasionally lost packet will not affect continued operation. Many systems using udp resend pac...
Page 11
Reference guide 7 standard ports and random ports ipip (ip-within-ip) an encapsulation protocol used to build virtual networks over the internet. Ggp (gateway-gateway protocol) a routing protocol used between autonomous systems. Gre a protocol used for pptp. Esp an encryption protocol used for ipsec...
Page 12
Standard ports and random ports 8.
Page 13
Reference guide 9 chapter 2 content types a content-type header is used by applications to determine what kind of data they are receiving, thus allowing them to make decisions about how it should be handled. It allows clients to correctly identify and display video clips, images, sound, or non- html...
Page 14
Mime content types list 10 application/applefile generic macintosh files application/astound astound web player application/atomicmail atomic mail application/cals-1840 cals (rfc 1895) application/commonground application/cybercash application/dca-rft application/dec-dx application/eshop application...
Page 15
Reference guide 11 mime content types list application/sgml sgml application (rfc 1874) application/sgml-open-catalog application/slate application/vis5d vis5d 5-dimensional data application/vnd.3m.Post-it-notes application/vnd.Flographit application/vnd.Acucobol application/vnd.Acucobol~ applicatio...
Page 16
Mime content types list 12 application/vnd.Fujixerox.Docuworks application/vnd.Fut-misnet application/vnd.Hp-hpgl application/vnd.Hp-pcl application/vnd.Hp-pclxl application/vnd.Hp-hps application/vnd.Ibm.Minipay application/vnd.Ibm.Modcap application/vnd.Intercon.Formnet application/vnd.Intertrust....
Page 17
Reference guide 13 mime content types list application/vnd.Musician application/vnd.Netfpx application/vnd.Noblenet-directory application/vnd.Noblenet-sealer application/vnd.Noblenet-web application/vnd.Novadigm.Edm application/vnd.Novadigm.Edx application/vnd.Novadigm.Ext application/vnd.Osa.Netdep...
Page 18
Mime content types list 14 application/vnd.Wt.Stf application/vnd.Xara application/vnd.Yellowriver-custom-menu application/wita wang info. Transfer format (wang) application/wordperfect5.1 wordperfect 5.1 document application/x-alpha-form specialized data entry forms application/x-asap asap wordpowe...
Page 19
Reference guide 15 mime content types list application/x-troff-me troff document with me macros application/x-troff-ms troff document with ms macros application/x-ustar posix tar format application/x-wais-source wais sources application/x-webbasic visual basic objects application/x400-bp x.400 mail ...
Page 20
Mime content types list 16 image/vnd.Net-fpx image/vnd.Svf image/vnd.Xiff image/wavelet wavelet-compressed image/x-cals cals type 1 or 2 image/x-cmu-raster cmu raster image/x-cmx cmx vector image image/x-dwg autocad drawing image/x-dxf autocad dxf file image/x-mgx-dsf quicksilver active image image/...
Page 21
Reference guide 17 mime content types list multipart/byteranges multipart/digest multipart/encrypted multipart/form-data multipart/header-set multipart/mixed multipart/parallel multipart/related multipart/report multipart/signed multipart/voice-message qfn/updatedir quicken financial news qfn/stockq...
Page 22
Mime content types list 18 video/vivo vivo streaming video (vivo software) video/vnd.Motorola.Video video/vnd.Motorola.Videop video/vnd.Vivo video/x-ms-asf microsoft netshow (streaming audio and video) video/x-msvideo microsoft video video/x-sgi-movie sgi movie format workbook/* workbook/formulaone ...
Page 23
Reference guide 19 chapter 3 services and ports well-known services are a combination of port number and transport protocol for specific, standard applications. This chapter contains several tables that list service names, port number, protocol and description. Ports used by watchguard products the ...
Page 24
Ports used by microsoft products 20 ports used by microsoft products port # protocol purpose 137, 138 udp browsing 67, 68 udp dhcp lease 135 tcp dhcp manager 138 139 udp tcp directory replication 135 tcp dns administration 53 udp dns resolution 139 tcp event viewer 139 tcp file sharing 137, 138 139 ...
Page 25
Reference guide 21 well-known services list well-known services list in addition to the ports used by services described above, watchguard maintains a list of well-known services. Because software developers regularly add new services, this does not represent a comprehensive list of all possible ser...
Page 26
Well-known services list 22 msg-auth 31 tcp/udp msg authentication dsp 33 tcp/udp display support protocol time 37 tcp/udp time rap 38 tcp/udp route access protocol rlp 39 tcp/udp resource location protocol graphics 41 tcp/udp graphics nameserver 42 tcp/udp host name server nicname 43 tcp/udp whois ...
Page 27
Reference guide 23 well-known services list finger 79 tcp/udp finger www-http 80 tcp/udp world wide web http hosts2-ns 81 tcp/udp hosts2 name server xfer 82 tcp/udp xfer utility mit-ml-dev 83 tcp/udp mit ml device ctf 84 tcp/udp common trace facility mit-ml-dev 85 tcp/udp mit ml device mfcobol 86 tc...
Page 28
Well-known services list 24 uucp-path 117 tcp/udp uucp path service sqlserv 118 tcp/udp sql services nntp 119 tcp/udp network news transfer protocol cfdptkt 120 tcp/udp cfdptkt erpc 121 tcp/udp encore expedited rpc smakynet 122 tcp/udp smakynet ntp 123 tcp/udp network time protocol ansatrader 124 tc...
Page 29
Reference guide 25 well-known services list rsvd 168 tcp/udp rsvd send 169 tcp/udp send xyplex-mux 173 tcp/udp xyplex mux xdmcp 177 tcp/udp x display manager control protocol nextstep 178 tcp/udp nextstep window server bgp 179 tcp/udp border gateway protocol unify 181 tcp/udp unify irc 194 tcp/udp i...
Page 30
Well-known services list 26 courier 530 tcp/udp rpc conference 531 tcp/udp chat netnews 532 tcp/udp readnews netwall 533 tcp/udp for emergency broadcasts uucp 540 tcp/udp uucpd uucp-rlogin 541 tcp/udp uucp-rlogin stuart lynne klogin 543 tcp/udp kshell 544 tcp/udp krcmd dhcpv6-client 546 tcp/udp dhcp...
Page 31
Reference guide 27 well-known services list source: j. Reynolds and j. Postel, assigned numbers, rfc1700 , available at these web sites: • http://www.Cis.Ohio-state.Edu/htbin/rfc/rfc1700.Html • ftp://ftp.Isi.Edu/in-notes/iana/assignments/port-numbers rfe 5002 tcp/udp radio free ethernet aol 5190 tcp...
Page 32
Well-known services list 28.
Page 33
Reference guide 29 chapter 4 webblocker content webblocker works in conjunction with the http proxy to provide content-based url-filtering capabilities. Webblocker categories webblocker relies on a url database built and maintained by surfcontrol. The firebox automatically and regularly downloads a ...
Page 34
Webblocker categories 30 militant/extremist pictures or text advocating extremely aggressive or combative behavior or advocacy of unlawful political measures. Topic includes groups that advocate violence as a means to achieve their goals. It also includes pages devoted to “how to” information on the...
Page 35
Reference guide 31 searching for blocked sites included in this category are commercial sites selling sexual paraphernalia (topics included under sexual acts ). Sexual acts pictures or text exposing anyone or anything involved in explicit sexual acts and/or lewd and lascivious behavior. Topic includ...
Page 36
Searching for blocked sites 32.
Page 37
Reference guide 33 chapter 5 resources there are many resources you can draw upon to support your efforts to improve network security. This chapter lists several sources of information commonly used by watchguard engineers, developers, and technical support teams to learn more about network security...
Page 38
Books 34 books non-fiction amoroso, edward and bellovin, steven. Intranet and internet firewall strategies . Indianapolis: que corporation, 1996. Isbn 1562764225 chapman, brent, and zwicky, elizabeth d. Building internet firewalls . Sebastopol: o'reilly & associates, 1994. Isbn 1-56592-124-0. Cheswi...
Page 39
Reference guide 35 white papers & requests for comments fiction stoll, cliff. Cuckoo’s egg. Pocket books, 1995. Isbn 0671726889. White papers & requests for comments reynolds, j. And j. Postel, assigned numbers, rfc1700. Available at these web sites: http://www.Cis.Ohio-state.Edu/htbin/rfc/rfc1700.H...
Page 40
Web sites 36 firewall.Com http://www.Firewall.Com firewall and proxy server how to http://metalab.Unc.Edu/mdw/howto/firewall-howto.Html fishnet security information http://www.Kcfishnet.Com/secinfo/types.Html information security magazine http://www.Truesecure.Com/html/tspub/index.Shtml internet fir...
Page 41
Reference guide 37 newsgroups center for education and research in information assurance and security http://www.Cerias.Purdue.Edu/ reality check http://www.Dilbert.Com/ the realplayer website http://service.Real.Com/firewall vicomsoft network definitions webpage http://www.Vicomsoft.Com/knowledge/r...
Page 42
Newsgroups 38.
Page 43
Reference guide 39 chapter 6 firebox read-only system area watchguard ships all fireboxes with a fixed, baseline set of functionality stored on the read-only system area of the firebox flash disk memory. It is possible to start the firebox using this read-only system area when the primary user area ...
Page 44
Initializing a firebox using hands-free installation 40 • out-of-band via a modem • direct via a serial cable • hands-free installation via a local area network • ip connection using remote provisioning initializing an older firebox with the livesecurity system 4.1 or later automatically upgrades th...
Page 45
Reference guide 41 initializing a firebox using a serial cable • troubleshoot problems where all access to the firebox is lost booting from the system area from the control center: 1 select livesecurity control center => tools => advanced => flash disk management . The flash disk management tool dia...
Page 46
Initializing a firebox using a serial cable 42 communicate only with the firebox trusted interface; while booted from the read- only system area, the firebox will not pass traffic or perform other normal operations. 1 verify that you can communicate with the firebox. The firebox read-only system are...
Page 47
Reference guide 43 initializing a firebox using a modem initializing a firebox using a modem the watchguard firebox can accept both external and pcmcia modems. Use a modem for out-of-band initialization and configuration in cases where the firebox is located remotely from the management station to i...
Page 48
Managing flash disk memory 44 • older firebox– for fireboxes shipped before livesecurity system 4.1, initialize the firebox with livesecurity system 4.1 software. Then use the red cross-over cable supplied with the firebox to connect the trusted and optional ethernet interfaces in a loopback configu...
Page 49
Reference guide 45 managing flash disk memory making a backup of the current configuration file to ensure that you always have a backup version of a current, working configuration file, copy the configuration file stored in the primary area to the firebox flash disk backup area. From the control cen...
Page 50
Managing flash disk memory 46.
Page 51
Reference guide 47 chapter 7 out-of-band initialization strings this chapter provides a reference list of ppp and modem initialization strings used to configure out-of-band (oob) management. Ppp initialization strings these are the strings and syntaxes available for use when configuring a firebox fo...
Page 52
Ppp initialization strings 48 mpfto specifies how long the ppp session should wait for a valid management session to begin. If no valid session starts, then ppp will disconnect after this time-out period. The default is 90 seconds. Mru n set the mru (maximum receive unit) value to n . Pppd will ask ...
Page 53
Reference guide 49 ppp initialization strings for nr or nt disables compression in the corresponding direction. Use nodeflate or deflate 0 to disable deflate compression entirely. Idle n specifies that pppd should disconnect if the link is idle for n seconds. The link is idle when no data packets (t...
Page 54
Ppp initialization strings 50 lcp-max-configure n set the maximum number of lcp configure-request transmissions to n (default 10). Lcp-max-failure n set the maximum number of lcp configure-naks. Lcp-max-terminate n set the maximum number of lcp terminate-request transmissions to n (default 3). Lcp-r...
Page 55
Reference guide 51 modem initialization strings nocrtscts disable hardware flow control (that is, rts/cts) on the serial port. If neither the crtscts nor the nocrtscts option is given, the hardware flow control setting for the serial port is left unchanged. Noipdefault disables the default behavior ...
Page 56
Modem initialization strings 52 explanation of fields 1 specifies that the firebox should expect nothing back from the modem at this point in the chat. 2 specifies that three plus characters ( + ) should be sent with short pauses in between, then a 1-second delay, then a return character, a short pa...
Page 57
Reference guide 53 modem initialization strings break the special reply string of break will cause a break condition to be sent. The break is a special signal on the transmitter. The break sequence can be embedded into the send string using the \k sequence. Escape sequences the expect and reply stri...
Page 58
Modem initialization strings 54 \t send or expect a tab character \\ send or expect a backslash character \ddd collapse the octal digits (ddd) into a single ascii character and send that character. Some characters are not valid in ctrl+c; for these characters, substitute the sequence with the contro...
Page 59
Reference guide 55 chapter 8 glossary this glossary contains a list of terms, abbreviations, and acronyms frequently used when discussing networks, firewalls, and watchguard products. Active mode ftp one of two ways an ftp data connection is made. In active mode, the ftp server establishes the data ...
Page 60
56 arp tables a table of active arp addresses on a computer. Ascending a method of ordering a group of items from lowest to highest, such as from a to z. Authentication authentication is a method of mapping a username to a workstation ip address, allowing the tracking of connections based on name ra...
Page 61
Reference guide 57 broadcast address an address used to broadcast a request to a network, usually to discover the presence of a machine. Browser see web browser . Cascade a command that arranges windows so that they are overlapped, with the active window in front. Cd-rom (compact disc read-only memo...
Page 62
58 control panel the set of windows 95/98 or windows nt programs used to change system hardware, software, and windows settings. Coprocessor a separate processor designed to assist in specific functions, such as handling complex mathematics or graphics, and to temporarily reduce the workload of the ...
Page 63
Reference guide 59 default packet handling default packet handling automatically and temporarily blocks hosts that originate probes and attacks against a network. Denial of service (dos) a way of monopolizing system resources so that other users are ignored. For example, someone could finger an unse...
Page 64
60 drop-in configuration a configuration in which the firebox is physically located between the router and the lan without any of the computers on the trusted interface being reconfigured. This protects a single network that is not subdivided into smaller networks. Drop-in network this configuration...
Page 65
Reference guide 61 firewall crash opens all traffic in both directions. Fail-shut is the default failure mode of the watchguard livesecurity system. Field an area in a form or web page in which to enter or view specific information about an individual task or resource. File extension a period and up...
Page 66
62 home page the first page of a web site used as an entrance into the site. Host route a setup in which an additional router is behind the firebox and one host is behind that router. You configure a host route to inform the firebox of this additional host behind the additional router. Hostwatch a g...
Page 67
Reference guide 63 internet address class to efficiently administer the 32-bit ip address class space, ip addresses are separated into three classes that describe networks of varying sizes: class a iif the first octet of an ip address is less than 128, it is a class a address. A network with a class...
Page 68
64 java applet a java applet is a program written in the java programming language that can be included on an html page, much in the same way an image is included. When you use a java technology—enabled browser to view a page that contains an applet, the applet’s code is transferred to your system a...
Page 69
Reference guide 65 masquerading in the livesecurity system, masquerading sets up addressing so that a firebox presents its ip address to the outside world in lieu of the ip addresses of the hosts protected by the firebox. Mazameter see bandwidth meter . Mime (multipurpose internet mail extensions) e...
Page 70
66 optional interface an interface that connects to a second secured network, typically any network of servers provided for public access. Out-of-band (oob) a management feature that enables the management station to communicate with the firebox via a telephone line and a modem. Oob is very useful f...
Page 71
Reference guide 67 port, tcp or udp a tcp or udp service endpoint. Together with the hosts’ ip addresses, ports uniquely identify the two peers of a tcp connection. Ppp (point-to-point protocol) a link-layer protocol used to exchange ip packets across a point-to-point connection, usually a serial li...
Page 72
68 report a formatted collection of information that is organized to provide project data on a specific subject. Rfc (request for comments) rfc documents describe standards used or proposed for the internet. Each rfc is identified by a number, such as rfc 1700. Rfcs can be retrieved either by e-mail...
Page 73
Reference guide 69 security triangle display an led indicator on the front of a firebox that indicates the directions of traffic between the three firebox interfaces. Self-extracting file a compressed file that automatically decompresses when double-clicked. Server message block (smb) a message form...
Page 74
70 spam the practice of sending unsolicited e-mail to many recipients, much like an electronic version of junk mail. Spoofing altering packets to falsely identify the originating computer to confuse or attack another computer. The originating computer is usually misidentified as a trusted computer w...
Page 75
Reference guide 71 tunnel a technology that enables one network to send its data via another network’s connections. Tunneling works by encapsulating a network protocol within packets carried by the second network. For example, microsoft’s pptp technology enables organizations to use the internet to ...
Page 76
72 wins (windows internet name service) wins provides name resolution for clients running windows nt and earlier versions of microsoft operating systems. With name resolution, users access servers by name rather than needing to use an ip address. Wizard a tool that guides you through a complex task ...
Page 77
Reference guide 73 index b backup making 45 restoring 45 backup area 44 blocked sites searching for 31 booting from the system area 41 c categories, webblocker 29 configuration file making backup 45 restoring backup 45 content types 9 html 9 f firebox booting from the system area 41 flash memory 44 ...
Page 78
74 working with firebox from 41 system area 44 t tcp 1 tcp/ip 1 transfer protocols esp 6 general 5 ggp 6 gre 6 icmp 6 igmp 6 ipip 6 tcp 6 udp 5 troubleshooting 42 w webblocker categories 29 searching for blocked sites 31 the learning company 29.