Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X5000
51525354555657585960
Services
50 WatchGuard Fireware
Services
Fireware handles services in a completely different manner than in WFS. The biggest change is
the lack of Incoming and Outgoing tabs in what are now called policy icons.
Each policy icon now has a tab for configuring the familiar "From:" and "To:" traffic
specification, a tab for viewing and managing the properties of the policy, and an advanced tab.
When migrating a WFS Policy Manager service into the Fireware Policy Manager, you need to
create at least one policy for the information represented by the WFS Incoming tab and one for
the Outgoing tab. This change is only necessary when the current WFS connection setting is
either Enabled and Allowed or Enabled and Denied with logging Denied Packets set.
The lack of direction associated with the policy means that it is implied by the traffic
specification chosen. For example, a policy that allows traffic from Trusted to External represents
a WFS service icon with the Outgoing tab set similarly. This mechanism provides a great deal of
flexibility, especially when multiple types of physical interfaces are used. However, it also presents
the potential for misusing the Any service when populating the "From:" and "To:" entries.
Keep in mind that Any literally means any traffic—trusted, optional or external. Initially, you need
to restrict the use of this service as much as possible. When managing the first migration, apply
"Any" only when no other policy is sufficient. For example, when migrating a WFS service that
allows incoming from Any to Any, migrate it into a Fireware policy that allows from External to
Firebox (maybe with a NAT entry specified to port forward the connections to a trusted server).
These name changes are for packet filter services:
Service-based NAT
Fireware always has service-based NAT enabled. However, it still functions by default exactly as
WFS versions do, making use of the "global" dynamic and 1-to-1 NAT tables in Fireware Policy
Manager Network > Firewall NAT. If you have a policy that needs to manage NAT settings
WFS Fireware 8.0
Outgoing TCP-UDP
Outgoing-TCP TCP
Outgoing-UDP UDP
WatchGuard WG-Firebox-Mgmt
WatchGuard-Logging WG-Logging
WebBlocker WG-WebBlocker
Soho_Management_Gateway WG-SmallOffice-Mgmt