Firewall Setup and Management

Question 1

What sections are included in this deck?

Answer 1

Firebox activation and setup wizards
Default policies and subscription services
Firebox management tools
Firebox configuration files and backup images
Feature keys
Fireware OS upgrades
Default Threat Protection
Global settings, NTP, and SNMP
Firewall policy basics

Question 2

What are the two ways to set up a Firebox?

Answer 2

Locally-managed — Use a setup wizard to configure and use Fireware Web UI or WatchGuard System Manager to manage.
Cloud-managed — Add to WatchGuard Cloud and configure as cloud-managed device. (Factory-default settings connect to WatchGuard Cloud to get configuration.)

Question 3

How do you activate a Firebox?

Answer 3

Create account on WatchGuard website — login.watchguard.com/AccountManager/Login/StartRegistration
Go to watchguard.com/activate
Enter Firebox serial number
After you activate paste the feature key to a local file!

Question 4

What factory-default settings does the Firebox have?

Answer 4

Fireboxes come with ETH0, ETH1, ETH2, ETH24, ETH32, and WIRELESS depending on model. 0,1,2 are on all Fireboxes

Question 5

What setup wizards are available for the Firebox?

Answer 5

Web Setup Wizard (through browser) and Quick Setup Wizard for Watchguard System Manager (WSM)
The Web Setup Wizard can help with activation; the Quick Setup Wizard can’t do that, but provides more configuration granularity.

Question 6

What information is needed before running the setup wizard?

Answer 6

Feature key — required for full functionality and enables setup wizard to auto-configure subscription services.
- If Eth0 on the Firebox is connected to a network with Internet access, the wizard auto-download the feature key
- If no Internet access, get feature key and copy into the setup wizard

A computer with Ethernet or Wi-Fi to connect to wireless Firebox running Fireware v12.5.3 or higher

External network configuration (DHCP, Static, or PPPoE)

Trusted network IP address for your internal network

Question 7

What other configuration methods are found in Wizards?

Answer 7

Outside scope of training, but include:
- Cloud Managed
- Backup Deploy
-Backup Image

Question 8

Memorization: What are the default policies included in the Setup Wizards?

Answer 8

Default Policies
- FTP-proxy
- HTTP-proxy
- HTTPS-proxy
- WatchGuard Certificate Portal
- WatchGuard Web UI
- Ping
- DNS
- WatchGuard
- Outgoing

Question 9

Memorization: What are the possible enabled services included by default in the Setup Wizards?

Answer 9

Enabled Services (if licensed in the feature key)
- WebBlocker
- Gateway AntiVirus
- Intrusion Prevention
- Application Control
- Reputation Enabled Defense
- APT Blocker
- Botnet Detection
- Geolocation

Question 10

Special default policy items to remember:

Answer 10

The default policies allow outgoing FTP, Ping, TCP and UDP connections, NOT incoming for these protocols.
Default FTP, HTTP, and HTTPS proxy actions enable services and enable logging for reports.