1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Watchguard Firebox x550e

Discussion in 'Computer Security' started by nXPLOSi, Nov 24, 2008.

  1. nXPLOSi

    nXPLOSi Terabyte Poster

    2,874
    30
    151
    Hi all,

    Long story short the firewall at my office wasn't up to much, so I invested in the Watchguard Firebox x550e.

    I've got it up and running, and im pretty impressed. Although being a beginner in this area, Im having trouble allowing incoming RDP Connections through to our network. It worked on the old firewall but was setup yonks ago by someone else!

    I've had a look around and tried to get my head around how to do it, but its really not clear. Could anyone help me with the basic steps needed to complete this?

    Thanks :)
     
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  2. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    I can't remember now myself but if you have set up the Watchguard account correctly then you should be able to login on their site and run thru one of their tutorials (which are very good). The 550's are great machines :biggrin
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  3. nXPLOSi

    nXPLOSi Terabyte Poster

    2,874
    30
    151
    Yeah have a had a good look through the tutorials, loads of interesting stuff on there but I cant seem to get what im looking for. Loads of stuff on VPN's etc, but I was hoping for just something along the lines of opening a port, and allowing traffic through to a certain server. I dont know why im assuming Port Forwarding would be involved?

    Apologies if this is a silly question, but im actually going a little insane looking at it lol.
     
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  4. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    It's been about 4 yrs since I had to touch one of these as I employed guys who did it at client sites.

    Last resort - drop the Watchguard support people an email. They are very good at answering.
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  5. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  6. nXPLOSi

    nXPLOSi Terabyte Poster

    2,874
    30
    151
    Thanks mate, i'll have a look! Cheers for your help :)
     
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  7. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    I've used Firebox's quite a bit - which version of WSM are you using?
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  8. nXPLOSi

    nXPLOSi Terabyte Poster

    2,874
    30
    151
    10.2 :eek:
     
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  9. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    Cool, I'm on 10.2 also. So the steps I'd take to allow RDP are:

    1. Open WSM

    2. File > connect to device (obviously enter the IP and passphrase for your firebox)

    3. Right Click on the device and select Policy Manager

    4. Click the + icon to add a policy

    5. Expand Packet Filters and select RDP, then Add

    6. Set up the From and To Rules (for example lets say you wanted to allow Incoming RDP connections from any public IP to your firebox public IP NAT'ing to internal IP 10.0.0.1)

    In the From box Remove the default Any Trusted.
    Click Add
    Select Any-External
    Select Add > OK

    In the To Box remove the default Any-External
    Select Add
    Select Add NAT
    Type = Static NAT
    External IP = Your Firebox IP
    Internal IP = 10.0.0.1
    Click OK twice

    7. Give Your Policy a Name (You can add comments and set up additional logging in properties)

    8. Select OK then Close to get back to the main Policy Manager screen

    9. Select File > Save > To Firebox (obviously backing up your original config to a different filename prior to this)

    Enter your write passphrase, then thats it job done.

    At this point I should add it's probably not the best Idea to allow RDP incoming unless you at least restrict it to specific IP addresses. VPN would be a better option, if you need any help setting it up just PM me

    Hope this helps
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  10. nXPLOSi

    nXPLOSi Terabyte Poster

    2,874
    30
    151
    Thats brilliant BrizoH, a great help - thank you :)

    Im going to print that off and have ago in a second, i'll post back with how I get on! :)
     
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  11. nXPLOSi

    nXPLOSi Terabyte Poster

    2,874
    30
    151
    Right then!

    I've had a look through and gone through the steps, the only bit thats different is on the "To" Box. I do the following...

    Type = Static NAT
    External IP = It doesn't let me specify an IP, it just says "External" or "Any-External"
    Internal IP = Lets me input fine.

    I dont know how much effect that will have on whether it works or not? Is there any way I can test it from inside the office the firewall protects? I imagine remote connecting to the same IP your coming from may stop it from working?

    Thanks
     
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  12. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    In that case you can just specify External as the External IP - this will be your firewalls public IP that's NAT'ed.

    If you have a range of IP's you can enable them for use on the firebox in Network > Configuration. How you do it depends if your Firebox is configured in Drop In or Routed mode

    Unfortunately there's no way to test internally, that I know of
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP
  13. UKDarkstar
    Honorary Member

    UKDarkstar Terabyte Poster

    3,477
    121
    184
    Glad you got it sorted guys :biggrin
     
    Certifications: BA (Hons), MBCS, CITP, MInstLM, ITIL v3 Fdn, PTLLS, CELTA
    WIP: CMALT (about to submit), DTLLS (on hold until 2012)
  14. nXPLOSi

    nXPLOSi Terabyte Poster

    2,874
    30
    151
    I done that and tested it from home, works fine. Thanks for the help guys! :)

    I may been asking for help with the VPN at a later date as well.. so watch this space! Lol.

    Thanks again guys.
     
    Certifications: A+, Network+, Security+, MCSA 2003 (270, 290, 291), MCTS (640, 642), MCSA 2008
    WIP: MCSA 2012
  15. BrizoH

    BrizoH Byte Poster

    243
    6
    25
    No problem at all, glad to help
     
    Certifications: CCNA, CCNA Security
    WIP: CCNP

Share This Page

Loading...