Watchguard-technologies WatchGuard SOHO and SOHO | tc Manuel d'utilisateur

WatchGuard SOHO and SOHO | tcWatchGuard®SOHO User GuideSOHO and SOHO|tc 2.3

x

User Guide 2.3 xiTable of ContentsCHAPTER 1 Installation ...1Before you begin ...

xiiCHAPTER 3 Configuring Services for a SOHO ...33How does information travel on the internet? ...33Allowing incoming services ...

User Guide 2.3 1CHAPTER 1 InstallationBefore you beginPre-installation checklistBefore installing your new WatchGuard SOHO please ensure that you have

Performing manual installation2• An operational Internet connection.Setup of your SOHO requires access to the Internet. If your connection does not wo

User Guide 2.3 3Performing manual installationMicrosoft Windows NT or 20001Click Start => Programs => Command Prompt.2 At the C:\ prompt, enter

Performing manual installation4 NOTEIf you are connecting more than one computer to the private network behind the SOHO, obtain the configuration TCP

User Guide 2.3 5Performing manual installationthe browser to Web pages located in other places. Disabling the HTTP will not prevent you from accessing

Physically connecting your SOHO66Click Configure at the bottom on the Internet Options screen.7 Record the URL box information here:

User Guide 2.3 7Physically connecting your SOHO1 Complete the “Pre-installation checklist” on page 1.2 Turn off your computer.3 Unplug the power from

iiRegistration and identification informationPlease use this area to enter your SOHO information.The SOHO serial number is located on the bottom of th

Physically connecting your SOHO86 Turn on the power to your cable or DSL modem. Wait until the lights stop flashing, indicating that the modem is read

User Guide 2.3 9Physically connecting your SOHOThe SOHO and SOHO|tc ship with a “10-seat” license. In other words, the SOHO allows up to ten computers

Physically connecting your SOHO108 Attach the power cord to the SOHO and plug it into an outlet.9 Restart your computer.

User Guide 2.3 11CHAPTER 2 Setting Up Your SOHO NetworkHow does a firewall work?Fundamentally, a firewall is a way of differentiating between, as well

Configuring your public network12 NOTEThe configuration instructions in this chapter assume that you are using Windows 95/98/ME. If this is not the c

User Guide 2.3 13Configuring your public networkof Ethernet and PPP by simulating a standard Dial-Up connection. It is popular among many ISPs because

Configuring your public network144 If “Obtain an IP Address Automatically” is selected, your computer is configured for dynamic DHCP. If “Obtain an IP

User Guide 2.3 15Configuring your public networkConfiguring the SOHO public network for dynamic addressingOut of the box, the SOHO is configured to ob

Configuring your public network16Configuring the SOHO public network for static addressingIf you are assigned a static address, then you must transfer

User Guide 2.3 17Configuring your public network7 On most platforms, click OK until the Control Panel window closes. 8 Shut down and reboot the comput

User Guide 2.3 iiiWatchGuard® SOHO End-User License AgreementIMPORTANT - READ CAREFULLY BEFORE ACCESSING WATCHGUARD SOFTWAREThis WatchGuard SOHO End-U

Configuring your public network185 Enter the TCP/IP settings you copied from the computer when you started the install process.6Click Submit. To compl

User Guide 2.3 19Configuring your public network5 Enable the checkbox labelled Use PPPoE to obtain configuration.6 Enter the PPPoE login name supplied

Configuring your private network202 At the C:\ prompt, enter winipcfg. Press Enter. The IP Configuration dialog box appears.3 Verify that the informat

User Guide 2.3 21Configuring your private network NOTETo disable the SOHO DHCP server and assign addresses statically on your private network, open t

Changing the SOHO system name and password22Changing the SOHO system name and passwordPasswords are a barrier between your computer and anyone trying

User Guide 2.3 23Default factory settings4Check the Enable Password checkbox.5 Enter the system user name in the Name field.6 Enter the system passwor

Default factory settings24• Public network settings use DHCP NOTEDHCP must be enabled for you to be able to access the SOHO device when it boots up.P

User Guide 2.3 25Troubleshooting installation and network configurationVirtual Private Networking• IPSec VPN is not installed.The SOHO|tc comes with t

Troubleshooting installation and network configuration26GENERALWhat do the ON and MODE lights signify on the SOHO?When the ON light is illuminated, th

User Guide 2.3 27Troubleshooting installation and network configuration5Click Reboot and wait for the SOHO to finish rebooting. The MODE and ON light

iv4. LIMITED WARRANTY. WATCHGUARD makes the following limited warranties for a period of ninety (90) days from the date you obtained the SOFTWARE

Troubleshooting installation and network configuration28CAUTIONThis is a major security risk. For instructions on how to allow any incoming services,

User Guide 2.3 29Troubleshooting installation and network configuration3Click Add a Service and then click the service you want to add. For UDP, you w

Troubleshooting installation and network configuration303Click VPN Configuration.4Click Configuring a SOHO to SOHO IPSec VPN Tunnel.5 Download and fol

User Guide 2.3 31Troubleshooting installation and network configurationfactory defaults so connect cables in original configuration and power up again

Troubleshooting installation and network configuration32the LAN Link lights. They tell you if the SOHO is connected to a computer or hub through that

User Guide 2.3 33CHAPTER 3 Configuring Services for a SOHOHow does information travel on the internet?Each packet of information transported over the

How does information travel on the internet?34address of the WatchGuard site is 209.191.160.60 while the domain name is www.watchguard.com.ProtocolA p

User Guide 2.3 35Allowing incoming servicesAllowing incoming servicesBy default, the security stance of the SOHO is to deny unsolicited incoming packe

Allowing incoming services36violate the computer, they are stopped cold at the SOHO, never learning the true address of the computer.Adding a pre-conf

User Guide 2.3 37Allowing incoming services7Click Submit.The configuration change is saved to the SOHO and the Show Incoming Rules page appears. The i

User Guide 2.3 vSUCH DAMAGES. THIS SHALL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF AN AGREED REMEDY.5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS.

Allowing incoming services389Click Submit.The configuration change is saved to the SOHO, and the Show Incoming Rules page appears.Adding an incoming s

User Guide 2.3 39Allowing incoming servicesCAUTIONUnfortunately, the hole created using the Any service is indiscriminate. Any type of packet can ente

Blocking outgoing services404Click Remove a Service.A list of existing, incoming services appears. Services are identified by protocol, port number, a

User Guide 2.3 41Blocking outgoing services2 Select Services.The Services menu appears.3 Select Blocked Outgoing Services.The Blocked Outgoing Service

Blocking outgoing services426Click Submit.The configuration change is saved to the SOHO and the Blocked Service List page appears.Removing a blocked o

User Guide 2.3 43CHAPTER 4 Configuring Virtual Private NetworkingThis chapter describes an optional feature of the WatchGuard SOHO: virtual private ne

What you will need44encrypted Internet connection, a VPN connection eliminates any significant risk of data being read or altered by outside users as

User Guide 2.3 45What you will needIP Address Table (example)Item Description Assigned ByPublic IP AddressThe IP address that identifies the SOHO to t

What you will need46About Feature KeysWhen you purchase a SOHO, the software for all extended features is provided with that installation regardless o

User Guide 2.3 47Special considerationsother IPSec-compliant devices. To download these instructions, open your Web browser to:http://www.watchguard.c

viWatchGuard® Limited Hardware WarrantyThis WatchGuard Limited Hardware Warranty (the "Warranty") applies to the enclosed WatchGuard hardwar

Frequently asked questions48Frequently asked questionsWhy do I need a static public address? To create a VPN connection, one SOHO must be able to find

User Guide 2.3 49Frequently asked questionsOK, ping is not working. If you cannot ping the local network address of the remote SOHO, take the followin

Frequently asked questions50

User Guide 2.3 51CHAPTER 5 Additional SOHO FeaturesSOCKS for SOHOSOCKS is a network proxy filter that works with SOCKS-aware applications such as ICQ.

SOCKS for SOHO52SOHO SOCKS implementationThe SOHO SOCKS feature has the following characteristics and limitations:• SOHO supports SOCKS version 5 only

User Guide 2.3 53SOCKS for SOHO• If you can choose different services or versions of SOCKS, choose SOCKS version 5..• Select port 1080 for the applica

SOHO logging545Click Submit to register the change. The SOHO is enabled again as a Proxy server and ready to pass SOCKS packets.SOHO loggingThe WatchG

User Guide 2.3 55Rebooting a WatchGuard SOHO2Click System Administration.The System Administration menu appears.3 Select Remote Logging.The Secure Rem

Rebooting a WatchGuard SOHO56• Send an FTP command to the remote SOHO device. Use an FTP application to connec to the SOHO device, then enter the comm

User Guide 2.3 57CHAPTER 6 WatchGuard SOHO WebBlockerWatchGuard SOHO WebBlocker is an optional feature of the WatchGuard SOHO and SOHO|tc that provide

User Guide 2.3 viiNONCONFORMANCE OR DEFECT IN THE HARDWARE PRODUCT (INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS

How WebBlocker works58site, the SOHO queries the WatchGuard database and determines whether or not to block the site. The SOHO considers the following

User Guide 2.3 59Purchasing and enabling SOHO WebBlockerthose members of your private network who should be able bypass WebBlocker. When a site is blo

WebBlocker categories604 Enable the checkbox labeled Enable Web Blocking.This turns on SOHO WebBlocker.5 Enter the full access password.The full acces

User Guide 2.3 61WebBlocker categories NOTEIn all of the categories sites to be blocked are selected by advocacy rather than opinion or educational m

WebBlocker categories62their primary purpose to alter the individual’s state of mind, such as glue sniffing. This does not include (that is, if select

User Guide 2.3 63WebBlocker categoriesSearch EnginesSearch engine sites such as AltaVista, InfoSeek, Yahoo!, and WebCrawler.Sports and LeisurePictures

Searching for blocked sites64sites hosted by museums such as the Guggenheim, the Louvre, or the Museum of Modern Art.Partial/Artistic NudityPictures e

User Guide 2.3 65IndexAAdding incoming services 37, 38Allowing incoming services 35Any service, adding 38BBlocked outgoing service, removing 42blocked

66Default gateway 44Default IP address, SOHO 24disabling HTTP proxy 5Disabling SOCKS 52, 53DNS serviceprimary IP address44secondary IP address 44Domai

User Guide 2.3 67private network default factory settings24Network address 44Network Address Translation 35OOutgoing servicesblocking40blocking TCP 40

viiiWelcomeCongratulations on purchasing the ideal solution for providing secure access to the Internet–the WatchGuard SOHO or WatchGuard SOHO|tc. You

68Troubleshooting 45checking link LED 25connecting more than two offices 48pinging 48static IP address 48UUDPadding incoming37blocking outgoing 40Unix

User Guide 2.3 ixUsing this guideThis manual assumes that you are familiar with your computer’s operating system. If you have questions about navigati