Watchguard SOHO SOHO and SOHO | tc User Manual - => Settings =>

Manual is about: WatchGuard SOHO User Guide SOHO and SOHO|tc 2.3

Page of 80

Download

Print this page

Bookmark us

Configuring your public network

Configuring the SOHO public network for static

addressing

If you are assigned a static address, then you must transfer the

permanent address assignment from your computer to the SOHO

itself. Instead of communicating directly to your computer, the ISP

will now communicate first through the SOHO. To do this you

must both modify the static settings on your personal computer as

well as enter the information into the SOHO Configuration pages.

OTE

The SOHO supports a mini, onboard Web server which provides a Web

interface for configuring the unit. Therefore, the SOHO configuration

pages are reached via your Web browser. Simply point your Web browser

to the internal, Private IP address of the SOHO to reach these Web

pages.

On your computer:

Click

Start

=> Settings =>

Control Panel

The Control Panel window appears.

Double-click the Network icon.

The Network dialog box appears.

Double-click the TCP/IP network component which is bound

to your Ethernet card. Look for (Ethernet) in parentheses.

The Properties window appears with the addressing information already

filled in.

Select the Obtain an IP address automatically option. Click

OK.

Reminder: The wording may differ slightly depending on the operating

system. A similar option, however, is found on all platforms.

If prompted with “Do you want to enable DHCP?” click Yes.

Save the changes.

« ‹ Prev 25 26 27 28 29 30 31 Next › »

Summary of SOHO SOHO and SOHO | tc

Page 3
User guide 2.3 iii watchguard® soho end-user license agreement important - read carefully before accessing watchguard software this watchguard soho end-user license agreement (“eula”) is a legal agreement between you (either an individual or a single entity) and watchguard technologies, inc. (“watch...
Page 4
Iv 4. Limited warranty. Watchguard makes the following limited warranties for a period of ninety (90) days from the date you obtained the software product from watchguard or an authorized dealer; (a) media. The disks and documentation will be free from defects in materials and workmanship under norm...
Page 5
User guide 2.3 v such damages. This shall be true even in the event of the failure of an agreed remedy. 5. United states government restricted rights. The enclosed software product and documentation are provided with restricted rights. Use, duplication or disclosure by the u.S government or any agen...
Page 6
Vi watchguard® limited hardware warranty this watchguard limited hardware warranty (the "warranty") applies to the enclosed watchguard hardware product (the "hardware product"). By using the hardware product, you agree to the terms hereof. If you do not agree to these terms, please return this packa...
Page 7
User guide 2.3 vii nonconformance or defect in the hardware product (including, but not limited to, any implied warranty of merchantability or fitness for a particular purpose, any implied warranty arising from course of performance, course of dealing, or usage of trade, any warranty of noninfringem...
Page 9
User guide 2.3 ix using this guide this manual assumes that you are familiar with your computer’s operating system. If you have questions about navigating in your computer’s environment, please refer to your system user manual. The following conventions are used throughout this guide. Convention ind...
Page 10
X.
Page 11
User guide 2.3 xi table of contents chapter 1 installation ....................................................1 before you begin ......................................................1 performing manual installation .................................2 physically connecting your soho ...................
Page 12
Xii chapter 3 configuring services for a soho ............33 how does information travel on the internet? ........33 allowing incoming services .....................................35 blocking outgoing services .....................................40 chapter 4 configuring virtual private networking ...
Page 13
User guide 2.3 1 chapter 1 installation before you begin pre-installation checklist before installing your new watchguard soho please ensure that you have: • a 10baset ethernet i/o network card installed in your computer. • a cable or dsl modem with a 10baset port. • two ethernet network cables with...
Page 14
Performing manual installation 2 • an operational internet connection. Setup of your soho requires access to the internet. If your connection does not work, please contact your internet service provider (isp). When your connection has been established, you may proceed with installation and setup. • ...
Page 15
User guide 2.3 3 performing manual installation microsoft windows nt or 2000 1 click start => programs => command prompt. 2 at the c:\ prompt, enter ipconfig/all. Press enter . 3 enter your current tcp/ip settings in the chart provided below. 4 click cancel . Microsoft windows 95 or 98 or me 1 click...
Page 16
Performing manual installation 4 n ote if you are connecting more than one computer to the private network behind the soho, obtain the configuration tcp/ip information for each computer. Disable your browser’s http proxy to configure a watchguard soho after it is installed, you must be able to acces...
Page 17: Click The + Before
User guide 2.3 5 performing manual installation the browser to web pages located in other places. Disabling the http will not prevent you from accessing your favorite web sites, but it will allow you to access the special configuration pages that reside only on the soho. To disable the http proxy in...
Page 18
Physically connecting your soho 6 6 click configure at the bottom on the internet options screen. 7 record the url box information here: 8 click ok to save settings. Internet explorer 5.0 1 open internet explorer. 2 click tools => internet options . The internet options screen displays. 3 click the ...
Page 19
User guide 2.3 7 physically connecting your soho 1 complete the “pre-installation checklist” on page 1. 2 turn off your computer. 3 unplug the power from your cable or dsl modem. 4 unplug the ethernet cable that is connected from your cable or dsl modem to your computer. Connect it from your modem t...
Page 20
Physically connecting your soho 8 6 turn on the power to your cable or dsl modem. Wait until the lights stop flashing, indicating that the modem is ready. 7 attach the power cord to the soho and plug it into an outlet. 8 restart your computer. 9 for information on the factory default configuration o...
Page 22
Physically connecting your soho 10 8 attach the power cord to the soho and plug it into an outlet. 9 restart your computer..
Page 23
User guide 2.3 11 chapter 2 setting up your soho network how does a firewall work? Fundamentally, a firewall is a way of differentiating between, as well as protecting, “us” from “them”. On the public side of your soho firewall is the entire internet. The internet has many resources that you want to...
Page 24
Configuring your public network 12 n ote the configuration instructions in this chapter assume that you are using windows 95/98/me. If this is not the case, see your operating system help or user guide to locate the equivalent options and commands. Configuring your public network when you configure ...
Page 25: => Settings =>
User guide 2.3 13 configuring your public network of ethernet and ppp by simulating a standard dial-up connection. It is popular among many isps because it enables them to use existing dial-up infrastructure such as billing, authentication, and security for dsl and cable modems. Determining whether ...
Page 26
Configuring your public network 14 4 if “obtain an ip address automatically” is selected, your computer is configured for dynamic dhcp. If “obtain an ip address automatically” is not checked, your computer is configured for static addressing. The actual wording on the menu may differ depending on yo...
Page 27
User guide 2.3 15 configuring your public network configuring the soho public network for dynamic addressing out of the box, the soho is configured to obtain its public address information automatically, using dynamic dhcp. So if your isp assigns you an address automatically (or dynamically), the so...
Page 28: => Settings =>
Configuring your public network 16 configuring the soho public network for static addressing if you are assigned a static address, then you must transfer the permanent address assignment from your computer to the soho itself. Instead of communicating directly to your computer, the isp will now commu...
Page 29: Click Public Network.
User guide 2.3 17 configuring your public network 7 on most platforms, click ok until the control panel window closes. 8 shut down and reboot the computer. On the soho: 1 open your web browser. Click stop. At this point, the internet connection is not fully configured, and the computer cannot load y...
Page 30: Click Submit.
Configuring your public network 18 5 enter the tcp/ip settings you copied from the computer when you started the install process. 6 click submit. To complete soho public network configuration, see “release and renew the ip configuration” on page 19. Configuring soho public network for pppoe while le...
Page 31: Configuration.
User guide 2.3 19 configuring your public network 5 enable the checkbox labelled use pppoe to obtain configuration. 6 enter the pppoe login name supplied by your isp. 7 enter the pppoe password supplied by your isp 8 enter the inactivity timeout period in minutes. 9 click automatically restore lost ...
Page 32: . Press Enter.
Configuring your private network 20 2 at the c:\ prompt, enter winipcfg . Press enter. The ip configuration dialog box appears. 3 verify that the information is displayed for "ethernet adapter," not for "ppp adapter," which would apply for a dial-up telephone modem. 4 click the release button. Then ...
Page 33
User guide 2.3 21 configuring your private network n ote to disable the soho dhcp server and assign addresses statically on your private network, open the soho configuration menu, click private network, and disable the checkbox labelled enable dhcp server. This is not recommended for most soho users...
Page 34: Select System Password.
Changing the soho system name and password 22 changing the soho system name and password passwords are a barrier between your computer and anyone trying to break in. They are the first line of defense in computer security. They are, unfortunately, the most frequently overlooked of all security measu...
Page 35: Click Submit.
User guide 2.3 23 default factory settings 4 check the enable password checkbox. 5 enter the system user name in the name field. 6 enter the system password in the password field. 7 enter the system password again in the retype password field. 8 click submit. The configuration change is saved to the...
Page 36
Default factory settings 24 • public network settings use dhcp n ote dhcp must be enabled for you to be able to access the soho device when it boots up. Private network • private network ip address: 192.168.111.1. • all computers on the private network automatically receive their addresses using dyn...
Page 38: Click Private Network.
Troubleshooting installation and network configuration 26 general what do the on and mode lights signify on the soho? When the on light is illuminated, the soho has power. When the mode light is illuminated, the soho is operational. How do i register my soho? Registering your watchguard soho ensures...
Page 39: Enable Dhcp Server.
User guide 2.3 27 troubleshooting installation and network configuration 5 click reboot and wait for the soho to finish rebooting. The mode and on light flash at different times during boot, which takes about a minute. How do i change to a static private ip address? Before you can use a static ip ad...
Page 40
Troubleshooting installation and network configuration 28 c aution this is a major security risk. For instructions on how to allow any incoming services, refer to “adding the any service” on page 38 how do i allow incoming ip protocols? You will need the ip address of the computer that will be recei...
Page 41: Click Submit.
User guide 2.3 29 troubleshooting installation and network configuration 3 click add a service and then click the service you want to add. For udp, you will need to select udp on the forward drop list and enter the range of port numbers in the port fields. For all other services, enter the ip addres...
Page 42: Click Vpn Configuration.
Troubleshooting installation and network configuration 30 3 click vpn configuration. 4 click configuring a soho to soho ipsec vpn tunnel. 5 download and follow the instructions to configure your vpn tunnel. Technical how do i reboot my soho? 1 using your web browser, go to http://192.168.111.1. 2 cl...
Page 43: Click Knowledge Base.
User guide 2.3 31 troubleshooting installation and network configuration factory defaults so connect cables in original configuration and power up again. How does the seat limitation on the soho work? The default user license on the soho is 10. The first 10 computers on the network behind the soho t...
Page 44: Security.
Troubleshooting installation and network configuration 32 the lan link lights. They tell you if the soho is connected to a computer or hub through that lan port. If the lights are not illuminated, the soho is not connected to the computer or hub. Check to make sure that both sides of the cable are c...
Page 45
User guide 2.3 33 chapter 3 configuring services for a soho how does information travel on the internet? Each packet of information transported over the internet must be packaged in a special way to ensure that it is able to travel from one computer to the next. A system called internet protocol (ip...
Page 46
How does information travel on the internet? 34 address of the watchguard site is 209.191.160.60 while the domain name is www.Watchguard.Com. Protocol a protocol defines how a packet is bundled up and packaged for shipment across a network. The most commonly used protocols are transmission control p...
Page 47
User guide 2.3 35 allowing incoming services allowing incoming services by default, the security stance of the soho is to deny unsolicited incoming packets to computers on the private network protected by the soho firewall. You can, however, selectively open your network to certain types of internet...
Page 48: Select Services.
Allowing incoming services 36 violate the computer, they are stopped cold at the soho, never learning the true address of the computer. Adding a pre-configured incoming service each service is defined by a combination of internet protocols and port numbers to uniquely identify the connection type to...
Page 49: Click Submit.
User guide 2.3 37 allowing incoming services 7 click submit. The configuration change is saved to the soho and the show incoming rules page appears. The incoming service rules are identified by protocol, port, and destination on the private network. Creating a custom incoming service in addition to ...
Page 50: Click Submit.
Allowing incoming services 38 9 click submit. The configuration change is saved to the soho, and the show incoming rules page appears. Adding an incoming service with another type of protocol in addition to tcp and udp, there are several other types of internet protocols. To allow incoming service t...
Page 51: Select Services.
User guide 2.3 39 allowing incoming services c aution unfortunately, the hole created using the any service is indiscriminate. Any type of packet can enter through this service and be forwarded automatically to the private network address you provide. For security reasons, watchguard does not recomm...
Page 52: Click Remove A Service.
Blocking outgoing services 40 4 click remove a service. A list of existing, incoming services appears. Services are identified by protocol, port number, and destination address. 5 enable the checkbox next to the services you would like to remove. You can disable multiple services simultaneously. 6 c...
Page 53: Select Services.
User guide 2.3 41 blocking outgoing services 2 select services. The services menu appears. 3 select blocked outgoing services. The blocked outgoing services menu appears. In addition, a list of blocked outgoing services is displayed beneath the menu identified by protocol and port number. 4 click bl...
Page 54: Click Submit.
Blocking outgoing services 42 6 click submit. The configuration change is saved to the soho and the blocked service list page appears. Removing a blocked outgoing service at any time, you can reopen a service now required by your network. You should do this when you seek to open access to a particul...
Page 56
What you will need 44 encrypted internet connection, a vpn connection eliminates any significant risk of data being read or altered by outside users as it traverses the internet. What you will need 1 one watchguard soho with vpn and an ipsec-compliant device. While you can create a soho to soho vpn,...
Page 57
User guide 2.3 45 what you will need ip address table (example) item description assigned by public ip address the ip address that identifies the soho to the internet. Isp site a:::: 207.168.55.2 site b: 68.130.44.15 public subnet mask the overlay of bits that determines which part of the ip address...
Page 58
What you will need 46 about feature keys when you purchase a soho, the software for all extended features is provided with that installation regardless of whether you have actually purchased any of those features. Once you have purchased an extended feature, its feature key allows you to enable its ...
Page 59
User guide 2.3 47 special considerations other ipsec-compliant devices. To download these instructions, open your web browser to: http://www.Watchguard.Com/support/interopvpn.Asp special considerations consider the following before configuring your watchguard soho vpn network: • you can connect only...
Page 60
Frequently asked questions 48 frequently asked questions why do i need a static public address? To create a vpn connection, one soho must be able to find its partner device. If the addresses were allowed to change, the soho could not find its remote computer. How do i get a static public ip address?...
Page 61
User guide 2.3 49 frequently asked questions ok, ping is not working. If you cannot ping the local network address of the remote soho, take the following steps to classify the problem: 1 ping the public address of the remote soho. For example, at site a, ping 68.130.44.15 (site b). You should get a ...
Page 62
Frequently asked questions 50
Page 63
User guide 2.3 51 chapter 5 additional soho features socks for soho socks is a network proxy filter that works with socks-aware applications such as icq. A typical socks-dependent application requires that several sockets be opened and made available to the internet. When a socks-aware application (...
Page 64
Socks for soho 52 soho socks implementation the soho socks feature has the following characteristics and limitations: • soho supports socks version 5 only. • it is a limited version of socks and does not support authentication, nor does it support domain name system (dns) resolution. C aution config...
Page 65: Select Service Options.
User guide 2.3 53 socks for soho • if you can choose different services or versions of socks, choose socks version 5.. • select port 1080 for the application • for the socks proxy, enter the url or ip address of the soho private network. The default ip address is 192.168.111.0. Disabling socks on th...
Page 66: Click System Information.
Soho logging 54 5 click submit to register the change. The soho is enabled again as a proxy server and ready to pass socks packets. Soho logging the watchguard soho generates an ongoing activity log stored on the soho. This log stores a maximum of 150 messages. When it reaches its maximum, the oldes...
Page 67: Select Remote Logging.
User guide 2.3 55 rebooting a watchguard soho 2 click system administration. The system administration menu appears. 3 select remote logging. The secure remote logging page appears. 4 check the box labeled enable remote logging. 5 enter the ip address of the watchguard log server that will be your r...
Page 68
Rebooting a watchguard soho 56 • send an ftp command to the remote soho device. Use an ftp application to connec to the soho device, then enter the command: quote rebt.
Page 70
How webblocker works 58 site, the soho queries the watchguard database and determines whether or not to block the site. The soho considers the following conditions in determining whether or not to block the site: web site not in webblocker database if the site is not in the watchguard webblocker dat...
Page 71: Select Services.
User guide 2.3 59 purchasing and enabling soho webblocker those members of your private network who should be able bypass webblocker. When a site is blocked or unavailable, the user has the option of entering the full access password. With the password entered, the browser displays the otherwise blo...
Page 72
Webblocker categories 60 4 enable the checkbox labeled enable web blocking. This turns on soho webblocker. 5 enter the full access password. The full access password gives selected users a password that bypasses otherwise blocked sites. 6 enter the password expiration duration in minutes. Setting th...
Page 73: Alcohol/tobacco
User guide 2.3 61 webblocker categories n ote in all of the categories sites to be blocked are selected by advocacy rather than opinion or educational material. For example, the drugs/drug culture category blocks sites describing how to grow and use marijuana but does not block sites discussing the ...
Page 74: Satanic/cult
Webblocker categories 62 their primary purpose to alter the individual’s state of mind, such as glue sniffing. This does not include (that is, if selected these sites would not be webblocked under this category) currently illegal drugs legally prescribed for medicinal purposes (such as, drugs used t...
Page 75: Search Engines
User guide 2.3 63 webblocker categories search engines search engine sites such as altavista, infoseek, yahoo!, and webcrawler. Sports and leisure pictures or text describing sporting events, sports figures, or other entertainment activities. Sex education pictures or text advocating the proper use ...
Page 76: Partial/artistic Nudity
Searching for blocked sites 64 sites hosted by museums such as the guggenheim, the louvre, or the museum of modern art. Partial/artistic nudity pictures exposing the female breast or full exposure of either male or female buttocks except when exposing genitalia which is handled under the full nudity...
Page 77
User guide 2.3 65 index a adding incoming services 37, 38 allowing incoming services 35 any service, adding 38 b blocked outgoing service, removing 42 blocked sites in webblocker 64 blocking alternative protocols 41 blocking outgoing services 40 browser internet explorer disabling http proxy 5 netsc...
Page 78
66 default gateway 44 default ip address, soho 24 disabling http proxy 5 disabling socks 52, 53 dns service primary ip address 44 secondary ip address 44 domain name 44 e encryption, soho 47 external network, default factory settings 24 f factory settings, default 24 frequently asked questions 45 h ...
Page 79
User guide 2.3 67 private network default factory settings 24 network address 44 network address translation 35 o outgoing services blocking 40 blocking tcp 40 blocking udp 40 p part number, soho ii password changing 22 saving ii patent information ii ping 48 port 1080, configuring for socks 52 port...
Page 80
68 troubleshooting 45 checking link led 25 connecting more than two offices 48 pinging 48 static ip address 48 u udp adding incoming 37 blocking outgoing 40 unix, setting tcp/ip 3 url database 57 using the manual ix v virtual private networking introduction 43 w webblocker categories 60 searching fo...