WATCHGUARD FIREBOX II
********************************
LIEN POUR PLUS D'INFO:
http://www.watchguard.com/help/docs/v62ReferenceGuide.pdf
http://www.watchguard.com/help/lss/41/user/basics3.htm
descriptif non contractuel:
Firebox II Description
The Firebox II is a rack-mountable, low-profile component, with an indicator display panel in front and physical interfaces in back. For a detailed description of other Firebox models, please see the Reference Guide.
Firebox II Front View
Firebox II indicators are on a central, back-lit indicator panel. From the left, the indicators are:
FIGURE 1. Firebox II -- Front View
Disarmed Red light indicates the Firebox II is either in the processing of rebooting or it detected an error, shut down its interfaces, and will not forward any packets. In the latter condition, reboot the Firebox.
Armed Green light indicates the Firebox II has been booted and is running.
Sys A Steady -- Indicates that the Firebox is running a user-defined configuration. Blinking --Indicates that the Firebox is running in enhanced system mode.
Sys B Indicates that the Firebox II is running from the read-only factory default system area.
Security Triangle Display Indicates traffic between Firebox II interfaces. Green arrows briefly light to indicate allowed traffic between two interfaces in the direction of the arrows. A red light at a triangle corner indicates that the Firebox is denying packets at that interface.
Traffic Volume Indicator A stack of lights that functions as a meter to indicate levels of traffic volume through the Firebox II. Low volume indicators are green while, high volume indicators are yellow. The display updates three times per second. The scale is exponential: the first light represents 64 packets/second, the second light represents 128 packets/second, increasing to the eighth light, which represents 8,192 packets/second and is the ceiling of the scale, but not the Firebox.
Processor Load Indicator A stack of lights that functions as a meter to indicate the system load average. The system load average is the average number of processes running (not including those in wait states) during the last minute. Low average indicators are green, while high average indicators are yellow. The display updates three times per second. The scale is exponential, with each successive light representing a doubling of the load average. The first light represents a load average of 0.15. The most significant load factor on a Firebox II is the number of proxies running.
|
A Firebox direct from the factory runs in Enhanced System Mode (Sys A). In this mode, the functions of some of the indicators are modified. For more information, see Hardware Descriptions and Firebox System Area chapters in the Reference Guide. |
Firebox II Rear View
The rear view of the Firebox II contains ports and jacks for connectivity as well as a power switch. From the left, rear panel features are:
FIGURE 2. Firebox II -- Rear View
AC Receptacle Accepts the detachable AC power cord supplied with the Firebox.
Power-On Light Lights to indicate the Firebox II is receiving AC power.
Power Switch Turns the Firebox II on or off.
PCMCIA Slots Accept one PCMCIA (standard PC-style) modem card in either slot (but not both at once) to facilitate out-of-band management. The PCMCIA interface may be used for other options in the future.
Console Port Connects to the Management Station or modem via a serial cable supplied with the Firebox.
Serial Port Included for future expansion.
FIGURE 3. Firebox II Ethernet Ports
Ethernet Ports Indicators for each network interface display link status, card speed and activity. The network interface cards (NICs) are auto-sensing and adapt to wire speed automatically. The speed indictor lights when there is a good physical connection to the Firebox. When the card runs at 10 Mbit, the speed indicator is yellow. When the card runs at 100 Mbit, the speed indicator is green. The amber traffic indicator blinks when traffic is passing through the Firebox.
Locating a Firebox Within a Network
The most common location for a Firebox is directly behind the Internet router as pictured below:
FIGURE 4. Location of Firebox in Network
- Management Station -- The computer on which you install and run the WatchGuard LiveSecurity Control Center.
- Event Processor -- The computer which receives and stores log messages. You can configure the Management Station to also serve as the log host.
- Trusted Network -- The network behind the firewall which must be protected from the security challenge.
- External Network -- The network presenting the security challenge, typically the Internet.
- Optional Network -- A network protected by the firewall which communicates with both the Trusted and the External networks. Typically, the Optional network is used for "public" servers such as an FTP or Web server.
Opening a Configuration File
The Policy Manager is a comprehensive software tool for creating, modifying, and saving configuration files. A configuration file, with the extension .cfg, contains all the settings, options, addresses, and information that together constitute your Firebox security policy. You can open and edit a configuration file residing on either your local hard drive or in the primary area of the Firebox flash disk.