Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Networking

Introduction to WatchGuard Dimension v1.0

advertisement 
Introduction to
WatchGuard Dimension™
WatchGuard Training
Introduction to WatchGuard Dimension
 What is WatchGuard Dimension?
 Deploy WatchGuard Dimension
 Configure WatchGuard Dimension
 Use WatchGuard Dimension
 Support WatchGuard Dimension
WatchGuard Training
2
What is WatchGuard Dimension?
WatchGuard Training
3
What is WatchGuard Dimension?
 Secure and centralized logging, visibility, and reporting for XTM devices and
WatchGuard servers
•
•
•
•
•
•
New ways to visualize network data
Dashboards with simple drill-down into detailed log and report information
Customizable reports that can be emailed to different roles in the organization
Complements Web UI visibility tools in XTM OS v11.8
Reports available after first summary report period (5 minutes)
All reports are ‘on demand’ all the time
 Cloud-ready zero-installation deployment
•
•
•
•
Delivered as a virtual appliance for ESXi (.ova)
Running on 64-bit Linux
Driven by Postgres 9.2
Web interface supports most desktop and mobile browsers
WatchGuard Training
4
What is Dimension? — Architecture
 Log Collector — Receives logs from devices, aggregates data
 Web Services — Serves web application to users and administrators
 Log Server — Provides API for log data, provisioning, and automated
maintenance
 Database — Persistent storage for log and report data
WatchGuard Training
5
Deploy WatchGuard Dimension
WatchGuard Training
6
Deployment — Requirements
 WatchGuard Dimension is distributed as an .ova file for installation on
VMware ESXi 5.x.
•
•
•
Your ESXi host must support 64-bit guest operating systems
WatchGuard Dimension has been primarily tested on VMWare ESXi hypervisors.
It can also be installed in VMware Workstation, Player, Fusion environments,
which is a great option for training and demonstration.
WatchGuard is not currently available on any non-VMware hypervisors.
 WatchGuard Dimension is available on the Software Downloads pages with
the downloads for XTM devices.
1. Log in to WatchGuard.com
2. Browse to Articles & Software
3. Filter by Software Downloads (excluding Articles and Known Issues)
WatchGuard Training
7
Deployment
 After downloading the WatchGuard Dimension virtual appliance (.ova)
connect to your ESXi host with vSphere.
 From the File menu,
select Deploy OVF Template.
WatchGuard Training
8
Deployment
 Browse to the downloaded WatchGuard Dimension OVA and select that as
your source.
WatchGuard Training
9
Deployment
 Confirm the OVF Template Details and Accept the EULA.
WatchGuard Training
10
Deployment
 Choose a name and disk format for this VM.
WatchGuard Training
11
Deployment
 Map the virtual network adapter to the appropriate destination network.
 Note:
•
•
WatchGuard Dimension’s network adapter defaults to DHCP.
You will need a DHCP server on the network for Dimension to receive an IP
address and access the setup wizard web interface.
WatchGuard Training
12
Deployment
 Confirm the deployment settings.
 Note the disk allocation defaults to 43GB.
•
•
3GB for OS drive (disk 1)
40GB for Data drive (disk 2)
 Power on after deployment if you
want to keep the default settings.
WatchGuard Training
13
Deployment
 Changing the provisioned size of Hard disk 2 before boot (or reboot) will
result in more storage for logging and reports.
 Other defaults include:
•
•
2GB of RAM
2 CPUs (2 sockets, 1 core each)
WatchGuard Training
14
Deployment
 Notes:
•
•
•
•
The Dimension VM is deployed by default with a data disk size of 40GB.
The data disk is fully reserved for the log database and the related overhead
space required by Postgres.
After the Dimension VM is deployed, the data disk size cannot be reduced.
To limit the size to be less than 40GB and avoid data loss, you must remove and
re-add Hard disk 2 before you power on the VM for the first time.
WatchGuard Training
15
Deployment
 Once your VM is powered on, you see the IP address assigned to
Dimension through DHCP.
 Use this this IP address to
make an HTTPS connection
to Dimension and start the
Dimension Setup Wizard.
WatchGuard Training
16
Configure WatchGuard Dimension
WatchGuard Training
17
Configuration — Requirements
 WatchGuard Dimension supports these web browsers:
•
•
•
•
•
Firefox v22 and later
Internet Explorer 9 and later
Safari 5 and later
Safari on iOS 6 and later
Chrome v29 and later
 You should be able to successfully use WatchGuard Dimension on most
mobile phone and tablet devices.
 Connect to Dimension in a web browser at https://<dimension-IP-address>
WatchGuard Training
18
Configuration — Setup Wizard
 Accept the security
warning to continue
to connect to
WatchGuard
Dimension.
WatchGuard Training
19
Configuration — Setup Wizard
 Log in with these
credentials:
•
•
User Name: admin
Password: readwrite
WatchGuard Training
20
Configuration — Setup Wizard
 Make sure you have
this information
before you start the
Setup Wizard:
•
•
•
•
Host name
IPv4 address and
settings for the
eth0 interface
Administrator
passphrase
Log Server
Encryption Key
WatchGuard Training
21
Configuration — Setup Wizard
 Specify the host name
for Dimension
 Select the IP address
method:
•
•
Static
DHCP
 For a static IP address,
we recommend that
you specify an IPv4
address.
WatchGuard Training
22
Configuration — Setup Wizard
 Set the Administrator
Passphrase to use to
connect to Dimension
and manage the
Dimension servers.
 The Administrator
Passphrase must
have a minimum of
8 characters.
WatchGuard Training
23
Configuration — Setup Wizard
 Set the Log Server
Encryption Key.
WatchGuard Training
24
Configuration — XTM Devices
 WatchGuard Dimension can accept log messages and generate reports for
any device that runs Fireware XTM OS.
 WatchGuard Dimension can also accept log messages from a WatchGuard
Management Server or Quarantine Server.
•
•
On an XTM device, use the IP address and Encryption Key from WatchGuard
Dimension when you configure the WatchGuard Log Server settings.
On WatchGuard servers, use the same IP address and Encryption Key in the
Logging settings.
 In some environments you may be NATing the HTTPS and WatchGuard
Logging connections through your XTM device. This changes the IP
address you use to connect to WatchGuard Dimension or where you send
WatchGuard Logging connections.
WatchGuard Training
25
Configuration — After the Wizard…Log In
 Multiple “Super administrator users” can be logged in at the same time
 Configuration pages have modes:
•
•
RO (Read-Only)
RW (Read-Write)
WatchGuard Training
26
Configuration — After the Wizard…Manage Services
 The Manage Services drop-down list includes the menu options to
configure settings for Dimension:
•
•
•
•
•
Schedule Reports
Manage the
Log Server
Manage the
Log Database
Manage user
accounts
Configure System
Settings
WatchGuard Training
27
Configuration — System Settings
 Configure System and
Network settings
 Manage certificates
 System Maintenance
•
•
•
•
Reboot
Upgrade
Restore
 Factory default!!!!
Diagnostic Tools
 View Connected Users
WatchGuard Training
28
Configuration — User Management
 Manage Users and Roles
•
•
Add, edit, or remove users
Apply roles:
 RO – View-only
 RW – Read-write
 Active Directory Settings
•
•
Enable Active Directory
Authentication
Specify an Active
Directory Server
WatchGuard Training
29
Configuration - Users
 Add/Edit User:
•
•
•
•
Types:
 Local
 Active Directory
Specify password
Select Roles
Select Devices
WatchGuard Training
30
Configuration — Users
 Role policy same as WSM
•
User + List of roles + List of Devices
 User authentication similar to WSM:
•
•
Local user, AD user, AD Group
AD requires DNS to resolve DCs by internal domain name
 Built-in roles only (no custom roles)
•
•
•
•
Super Administrator
 Full access
Report Administrator
 View logs
 View reports
 Manage scheduled reports and groups
View Logs
View Reports
 Applied to a list of devices
WatchGuard Training
31
Configuration — Logging Server Management
 On the Status page:
•
•
View the status of
the Log Server
Stop and start the
Log Server
WatchGuard Training
32
Configuration — Logging Server Management
 On the Configuration > General page, you configure these settings for the
Log Server:
•
•
•
Change the Encryption Key
Specify the log data
deletion settings
Back up and restore
the Log Server database
WatchGuard Training
33
Configuration — Logging Server Management
 On the Configuration > Notifications page, configure the settings for
email:
•
•
•
Failure Events
Device Events
Message Purge
 Must be configured to send
scheduled reports
WatchGuard Training
34
Configuration — Logging Server Management
 On the Configuration > Notifications page, configure the settings for
reports:
 Report Customizations
are templates to apply to
report PDFs:
•
•
•
Header
Footer
Logo
 Configure settings for
ConnectWise Integration
WatchGuard Training
35
Configuration — Logging Server Management
 On the Diagnostics page, you can use these diagnostic tools:
•
•
•
•
•
Purge diagnostic logs
Backup/Restore Log Server
database
View Process List
View Log Server log
messages
View Log Collector log
messagess
WatchGuard Training
36
Configuration — Schedule Reports
 Report Schedules
•
•
RO — View only
RW — Add/Edit/Remove
scheduled reports
 Before scheduled
reports can be sent,
an SMTP server
must be configured
in the Notifications
settings
WatchGuard Training
37
Configuration — Schedule Reports
 Schedule General settings
•
•
Name
Descripton (optional)
WatchGuard Training
38
Configuration — Schedule Reports
 Device Selection
•
•
Devices:
 All Devices
 Specify Devices
Servers:
 All Servers
 Specify Servers
WatchGuard Training
39
Configuration — Schedule Reports
 Recipient Selection
•
Must add at least
one recipient
WatchGuard Training
40
Configuration — Schedule Reports
 Report Selection
•
•
•
•
•
Report Types
Timezone
 For report display
purposes only.
Web-based reports
appear in the
browser/OS time zone.
Customization
Aggregation
 Single (per device)
 Combined (grouped
devices)
Frequency
WatchGuard Training
41
Configuration — New Summary Reports
 Schedule two new Reports:
•
•
Executive Summary
Web Traffic Summary
 Both new reports are available as scheduled reports that you can send to
specific email addresses.
 Both reports can use any Report Customization (report template) that you
create.
WatchGuard Training
42
Configuration — Executive Summary Report
 Executive Summary report
•
•
Sent as a PDF file
Specify a logo, header, and footer
to customize the report
WatchGuard Training
43
Configuration — Web Traffic Summary Report
 Web Traffic Summary report
•
•
•
Sent as a PDF file
Specify a logo, header, and footer
to customize the report
Report includes the Top Domains
chart with the Web Categories
(in a pie chart), and removes
any byte counts or
tabular information
WatchGuard Training
44
Use WatchGuard Dimension
WatchGuard Training
45
Use WatchGuard Dimension
 To get the most out of Dimension, make sure to:
•
•
•
Select Enable logging for reports in proxy actions on your XTM devices and
WatchGuard Servers.
Enable logging of Allowed Packets in all policies.
Configure your XTM devices and WatchGuard servers to send all log messages
to your Dimension Log Server.
WatchGuard Training
46
Use WatchGuard Dimension
Log Messages
Reports
Dashboards
Packet Filter Allowed Logs
Web, Packet Filter, Top Client, Application Control
Executive, Threat Map, FireWatch
Packet Filter Denied Logs
Web, Packet Filter, Denied Packet, Top Client,
Application Control
Security, Threat Map
Intrusion Prevention Logs
IPS, Denied Packet
Security, Threat Map
Log when configuration has changed
Authentication, Audit
All Proxies: ‘Enable logging for reports’
GAV, IPS, SPAM, Application Control
Executive, Security, Threat Map,
FireWatch
Web, Firebox Statistics, RED
Executive, Security, Threat Map,
FireWatch
Firebox Statistics
Executive, Security, Threat Map,
FireWatch
SMTP, Firebox Statistics
Executive, Security, Threat Map,
FireWatch
POP3 Proxies: ‘Enable logging for reports’
POP3, Firebox Statistics
Executive, Security, Threat Map,
FireWatch
Any alarms
GAV, Alarms
HTTP Proxies: ‘Enable logging for reports’
FTP Proxies: ‘Enable logging for reports’
SMTP Proxies: ‘Enable logging for reports’
WatchGuard Training
47
Executive Dashboard
 Top 10
•
•
•
•
•
•
•
Clients
Domains
URL Categories
Destinations
Applications
Application
Categories
Protocols
 Click a summary to
expand it and see
more detail.
WatchGuard Training
48
Security Dashboard
 Top 10 Blocked
•
•
•
•
•
•
Clients
Destinations
URL Categories
Applications
Application Categories
Protocols
 IPS Signatures
 Gateway Anti-Virus
 Click a summary to
expand it and see more
detail.
WatchGuard Training
49
Threat Map
 Denied Packets
(Blocked)
 Intrusion Prevention
Service
 Web Traffic
 Application Control
 All Traffic
WatchGuard Training
50
FireWatch
 Sort by:
•
•
•
•
•
•
Source
Destination
Domains
Application
WebBlocker
Protocol
 Pivot on:
•
•
Bytes
(Not available for
packet filter traffic
prior to XTM OS v11.8)
Connections
 Hover for more detail:
•
•
Filter further
Show connections
WatchGuard Training
51
Log Manager
 Log messages stored
in UTC time
 Appears in your web
browser’s local time
WatchGuard Training
52
Log Search
 Run simple or complex
search queries to refine
the log messages that
appear for the selected
XTM device.
 Filter the search results
by log message type:
•
•
•
•
•
•
Traffic
Alarm
Event
Diagnostic
Statistic
All
WatchGuard Training
53
Other Available Reports
 The same reports are
available that were
previously available
on your WatchGuard
Report Server
 Select options to pivot
on from the pivot
drop-down list
 Export the report to
a PDF file
WatchGuard Training
54
Support WatchGuard Dimension
WatchGuard Training
55
Dimension Support — Console Access
 vSphere console shows command line access
 Login with wgsupport/readwrite (must change the password on initial login)
•
•
•
Account restricted to only change the IP address
To set a static IP address, use the command wg_ip_addr.sh, located in
/opt/watchguard/dimension/bin.
For example, to set a static IP address of 192.168.24.101 on network
192.168.24.0/24 with gateway 192.168.24.1, type:
/opt/watchguard/dimension/bin/wg_ip_addr.sh i 192.168.24.101 -m 24 -g 192.168.24.1
When given without any options, or with the option --help, the command displays
help text.
 Support Access for Diagnostics is available with a connection restricted by a
client-side certificate.
WatchGuard Training
56
Dimension Support — Known Limitations





No external database
Local Backup/Restore
No host name resolution
Cannot import log files to Dimension
Certificates must use CSR
•
No external private key
WatchGuard Training
57
Thank You!
WatchGuard Training
58
Related documents
Watchguard - Hackfest.ca
Watchguard - Hackfest.ca
What`s New in Fireware XTM v11.8.3
What`s New in Fireware XTM v11.8.3
WatchGuard SSL v3.2
WatchGuard SSL v3.2
School Climate Control
School Climate Control
COCA COLA
COCA COLA
What`s new in Fireware XTM 11.4
What`s new in Fireware XTM 11.4
What`s New in XCS v9.1
What`s New in XCS v9.1
What`s New in XCS v9.1
What`s New in XCS v9.1
Meet the Next Generation Firewall (NGFW)
Meet the Next Generation Firewall (NGFW)
What`s New in XCS v9.1
What`s New in XCS v9.1
WatchGuard XCS Outlook Add-In
WatchGuard XCS Outlook Add-In
Download
advertisement