Basics

January 14, 2018 in watchguard ‐ 3 min read

This article covers the following subjects:

  • What are WatchGuard Firewalls
  • Activating the Firewall
  • The WatchGuard System Manager (WSM)
  • The System Manager (As part of the WSM)
  • The Policy Manager

WatchGuard Firewalls

WatchGuard is a manufacturer of Firewalls and Wifi Access Points. Firewalls manage and filter the datatraffic in computernetworks based on a bunch of rules.

image

Typical usecases are:

  • DHCP: The firewall is responsible for prividing IP Adresses in the Network
  • VPN: multiple company branches can be connected via encrypted tunnels and users can access a companys resources from home
  • V-Lan: Logical seperation of networks on a single physical infrastructure based on the standard 802.1q
  • Traffic priorisation: if there is heavy network load certrain types of triffic like VOIP can be handeled with high priority
  • High availability: If there are multipe ISP uplinks the failure of one of the uplinks will case less then two seconds of downtime. The customer does not even notice if one uplink fails.
  • Cluster: multiple firewalls can be clusterd. If one of the clustermember dies the other one takes over. This way you can also run firmwareupdates without the user having a downtime.

The deployment of these devices reaches from simple firewalls for a few hundred euros to complex setups far beyond 10k. The price strongly depends on the model and the choosen features.

You can compare what firewall supports what feature here.

image

Activating the Firewall

To activate the firewall you have to login to the WatchGuard portal. After logging in you have to go to the Support Center.

image

Here you can for example open Tickets with WatchGuard or like in your case claim a Firewall and associate it with your WatchGuard Account. To do this you have to use Manage Your Products.

image

After you have activated your firewall you should download the feature key. To do this click on the serial number of the device and then choose Get your feature key.

image

The feature key is a string that will be needed when doing the basic configuration of the firewall.

image

Warning: Every feature key has a EMPTY NEW LINE at the end! It will not be recognized without it…

The WatchGuard System Manager

You should use the WatchGuard System Manager WSM for configuring the firewalls. Some of the configuration options are simply not available in the webinterface.

Sadly this is a proprietary Windows Software.

The only usecase for the webinterface I know of is the DHCP Leases. Wenn die Firewall sehr viele Netze und Adressen verwaltet, kann es passieren, dass hier Einträge im System Report des WSM nicht sichtbar sind.

You can download the software here.

image

 

Once WSM is installed you can:

  • Connect directly to a firewall (or cluster)
    image
  • Connect to a (WatchGuard Management-) Server

image

 

  • Or create an offline configuration

image

 

The WSM has a few tools:

image

I am only going to talk about the Policy Manager and the System Manager in this article.

The System Manager

Using the System Manager you can get realtime infos on things like:

  • Linkstate of the interfaces
  • Warnings
  • A log showing what rules get triggered that you can apply filters to
  • Statistics about the current network load
  • Active VPN sessions

image

The Policy Manager

The Policy Manager is used to change configurations like:

  • License
  • Firewall rules
  • Network configuration
  • VPN
  • Clusterconfiguration

image

Cheers, Ori