Watchguard - tech notes

XTM IPSEC iOS mobile VPN:
http://www.watchguard.com/help/docs/wsm/xtm_11/en-us/content/en-us/mvpn/ipsec/mvpn_ipsec_ios_vpn_c.html

Activate new device:

http://www.watchguard.com/activate
Log in with your WatchGuard account user name and password.
On the Support Home tab, click Activate a Product.

Change Device name:

 

Enable Bridge for ETH1 and Wireless (if device is -W):

Change the Bridge interface to static IP
Add Static DNS servers

Activate Subscriptions:

1. Activate SpamBlocker Wizard:

Put incoming SMTP server
POP3 (not recommended)
Prevent mail relay for the example.com domain (SMTP Proxy Action -> Address -> Mail From)

2. Enable Intrusion Priventions

3. Enable Botnet Detection

4. Enable Data Loss Prevemtion

5. Enable APT Blocker (Gateway Antivirus should be activated first)

Enable Wireless Connections:

Open Fireware XTM Policy Manager -> Networking -> Wireless

Configure Firewall Policies:

Watchguard and Watchguard Web UI and FTP policies:

Create MGMT aliaces and add them to the policies FROM field

HTTP-proxy:

- Enable Application Control
- Enable IPS
- Create HTTP-Client-Proxy

- Create new WebBlocker.Policy
- Change Deny Message
- Enable APT Blocker

HTTPS-proxy:

- Enable Application Control
- Enable IPS
- Create HTTPS-Client-Proxy

- Create new WebBlocker.Policy

Add Firewall Policies:

Add HTTPS-Proxy-In (Port forwarding)
Add HTTP-Proxy-In (Port forwarding)
Add RDP-In Packet Filter (Port forwarding)
Add VPN-In Packet Filter (Port forwarding)
Add Outdoing Proxy (TCP-UDP)

- Enable Application Control
- Enable IPS
- Create TCP-UDP-Proxy-Out

Add SMTP-Out-Deny Policy (enable logging)

Add SMTP-Out-Allow Policy

- From - Mail server
- Create new SMTP-Outgoing-Proxy

- Disable APT blocker

Delete/Disable Firewall Policies:

Outgoing Packet Filter (TCP-UDP)

Logging Setup (Setup -> Logging):

Send log messages to these WatchGuard Servers:
Select the Send log messages when the configuration for this Firebox is changed check box


AUST IT - Computer help out of hours, when you need it most.

Find out why we do it for less.

About

AUST IT will help you resolve any technical support issues you are facing onsite or remotely via remote desktop 24/7. More...

Contacts

Reservoir, Melbourne,
3073, VIC, Australia

Phone: 0422 348 882

This email address is being protected from spambots. You need JavaScript enabled to view it.

Sydney: 0481 837 077

Connect

Join us in social networks to be in touch.

Newsletter

Complete the form below, and we'll send you our emails with all the latest AUST IT news.