introduction to watchguard dimension™ v1.2 ©2013 watchguard technologies, inc. watchguard...

67
Introduction to Introduction to WatchGuard Dimension™ v1.2 WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Upload: clifton-waters

Post on 15-Jan-2016

257 views

Category:

Documents


0 download

TRANSCRIPT

Page 1: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Introduction to Introduction to WatchGuard Dimension™ v1.2WatchGuard Dimension™ v1.2

©2013 WatchGuard Technologies, Inc.WatchGuard Training

Page 2: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Introduction to WatchGuard DimensionIntroduction to WatchGuard Dimension

What is WatchGuard Dimension?

Deploy WatchGuard Dimension

Set Up WatchGuard Dimension

Configure WatchGuard Dimension

Use WatchGuard Dimension

Support WatchGuard Dimension

WatchGuard Training 22

Page 3: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

What is WatchGuard Dimension?What is WatchGuard Dimension?

WatchGuard Training 33

Page 4: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

What is WatchGuard Dimension?What is WatchGuard Dimension?

Secure and centralized logging, visibility, and reporting for XTM devices and WatchGuard servers• New ways to visualize network data

• Dashboards with simple drill-down into detailed log and report information

• Customizable reports that can be emailed to different roles in the organization

• Complements Web UI visibility tools in XTM OS v11.8.x and later

• Reports available after first summary report period (5 minutes)

• All reports are on demand all the time Cloud-ready zero-installation deployment

• Delivered as a virtual appliance for ESXi (.ova) and Hyper-V (.vhd)

• Running on 64-bit Linux

• Driven by PostgreSQL 9.2

• Web interface supports most desktop and mobile browsers

WatchGuard Training 44

Page 5: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Dimension ArchitectureDimension Architecture

Log Collector — Receives logs from devices, aggregates data Web Services — Serves web application to users and

administrators Log Server — Provides API for log data, provisioning, and

automated maintenance Database — Persistent storage for log and report data

WatchGuard Training 55

Page 6: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Deploy WatchGuard DimensionDeploy WatchGuard Dimension

WatchGuard Training 66

Page 7: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Deployment Requirements Deployment Requirements

WatchGuard Dimension is distributed as an .ova file for installation on VMware ESXi 5.x. and a .vhd file for installation on Hyper-V.• Your VM host must support 64-bit guest operating systems

• WatchGuard Dimension has been primarily tested on VMWare ESXi hypervisors and Microsoft Hyper-V. It can also be installed in VMware Workstation, Player, Fusion environments, and other Hyper-V platforms, which is a great option for training and demonstration.

WatchGuard Dimension is available on the WatchGuard web site Software Downloads pages.1.Log in to WatchGuard.com.2.Browse to Articles & Software.3.Filter by Software Downloads (excluding Articles and Known Issues).4.Select WatchGuard Dimension Software Downloads.

WatchGuard Training 77

Page 8: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Deployment NotesDeployment Notes

The Dimension VM default data disk size is 40GB. The data disk is fully reserved for the log database and the related

overhead space required by PostgreSQL. After the Dimension VM is deployed, the data disk size cannot be

reduced. To limit the size to be less than 40GB and avoid data loss, you

must remove and add Hard disk 2 again, before you power on the VM for the first time.

WatchGuard Training 88

Page 9: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Deployment NotesDeployment Notes

WatchGuard Training 99

Once your VM is powered on, you see the IP address assigned to Dimension through DHCP.

If you do not have a DHCP server, you must make a console connection to your Dimension VM, and set a static IP address.

Use this this IP address tomake an HTTPS connectionto Dimension and start theDimension Setup Wizard.

Page 10: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Set Up WatchGuard DimensionSet Up WatchGuard Dimension

WatchGuard Training 1010

Page 11: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Dimension RequirementsDimension Requirements

WatchGuard Dimension supports these web browsers:• Firefox v22 and later

• Internet Explorer 9 and later

• Safari 5 and later

• Safari on iOS 6 and later

• Chrome v29 and laterNote: The Dimension FireWatch feature requires browser versions that supports

HTML5.

You should be able to successfully use WatchGuard Dimension on most mobile phone and tablet devices.

Connect to Dimension in a web browser at https://<dimension-IP-address>

WatchGuard Training 1111

Page 12: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

WatchGuard Dimension Setup WizardWatchGuard Dimension Setup Wizard

Accept the securitywarning to continue to connect to WatchGuard Dimension.

WatchGuard Training 1212

Page 13: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

WatchGuard Dimension Setup WizardWatchGuard Dimension Setup Wizard

WatchGuard Training 1313

Log in with these credentials:• User Name — admin

• Password — readwrite

Page 14: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

WatchGuard Dimension Setup WizardWatchGuard Dimension Setup Wizard

Make sure you have this information before you start the Setup Wizard:• Host name

• IPv4 address and settings for the eth0 interface

• Administrator passphrase

• Log Server Encryption Key

WatchGuard Training 1414

Page 15: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

WatchGuard Dimension Setup WizardWatchGuard Dimension Setup Wizard

Specify the host namefor Dimension

Select the IP address method: • Static

• DHCP For a static IP address,

we recommend that you specify an IPv4 address.

WatchGuard Training 1515

Page 16: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

WatchGuard Dimension Setup WizardWatchGuard Dimension Setup Wizard

Set the Administrator Passphrase to use to connect to Dimension and manage the Dimension servers.

The Administrator Passphrase must have a minimum of 8 characters.

WatchGuard Training 1616

Page 17: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

WatchGuard Dimension Setup WizardWatchGuard Dimension Setup Wizard

WatchGuard Training 1717

Set the Log Server Encryption Key.

Page 18: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Send Log Messages to DimensionSend Log Messages to Dimension

WatchGuard Dimension can accept log messages and generate reports for any device that runs Fireware XTM OS.

WatchGuard Dimension can also accept log messages from a WatchGuard Management Server or Quarantine Server.• On a Firebox or XTM device, use the IP address and Encryption Key

from WatchGuard Dimension when you configure the WatchGuard Log Server settings.

• On WatchGuard servers, use the same IP address and Encryption Key in the Logging settings.

In some environments, you might use NAT for the HTTPS and WatchGuard logging connections through your XTM device. This changes the IP address you use to connect to WatchGuard Dimension and where you send WatchGuard Logging connections.

WatchGuard Training 1818

Page 19: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Configure Devices to Send Log Messages to Configure Devices to Send Log Messages to DimensionDimension

WatchGuard Training 1919

Enable Logging For… Reports Dashboards

Packet Filter Allowed Logs Web, Packet Filter, Top Client, Application Control

Executive, Threat Map, FireWatch

Packet Filter Denied Logs Web, Packet Filter, Denied Packet, Top Client, Application Control

Security, Threat Map

APT Blocker APT Summary and Detail reports, PCI Compliance, Executive Summary PDF

Security

Intrusion Prevention Logs IPS, Denied Packet Security, Threat Map

Log when configuration has changed Authentication, Audit

All Proxies: Enable logging for reports GAV, IPS, SPAM, Application Control Executive, Security, Threat Map, FireWatch

HTTP Proxies: Enable logging for reports Web, Firebox Statistics, RED Executive, Security, Threat Map, FireWatch

FTP Proxies: Enable logging for reports Firebox Statistics Executive, Security, Threat Map, FireWatch

SMTP Proxies: Enable logging for reports SMTP, Firebox Statistics Executive, Security, Threat Map, FireWatch

POP3 Proxies: Enable logging for reports POP3, Firebox Statistics Executive, Security, Threat Map, FireWatch

WebBlocker ActionsSelect Categories > Log this action

Web Audit Executive, Security, Threat Map, FireWatch

Any alarms GAV, Alarms

Page 20: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

After the Wizard…Log In to DimensionAfter the Wizard…Log In to Dimension

WatchGuard Training 2020

Multiple super-administrator users can be logged in at the same time

Configuration pages have modes:• RO (Read-Only)

• RW (Read-Write)

Page 21: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Configure WatchGuard DimensionConfigure WatchGuard Dimension

WatchGuard Training 2121

Page 22: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

AdministrationAdministration

WatchGuard Training 2222

The Administration drop-down list includes the menu options to configure Dimension:• Schedule Reports

• Log Server Management

• Database

• User Management

• System Settings

Page 23: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Log Server Management — Status Log Server Management — Status

WatchGuard Training 2323

On the Status page:• View the status of

the Log Server

• Stop and start theLog Server

Page 24: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Log Server Management — ConfigurationLog Server Management — Configuration

WatchGuard Training 2424

On the Configuration > General page, you configure these settings for the Log Server:• Change the Encryption

Key

• Specify the log data deletion settings

• Back up and restore the Log Server database

• Specify the Log Server database location

Page 25: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Log Server Management — ConfigurationLog Server Management — Configuration

WatchGuard Training 2525

On the Configuration > Notifications page, configure the settings for email:• Failure Events

• Device Events

• Message Purge To send scheduled

reports, these settings must be configured

Specify an SMTP server, and enable STARTTLS

Page 26: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Log Server Management — ConfigurationLog Server Management — Configuration

WatchGuard Training 2626

On the Configuration > Reporting page, configure the settings for reports:• Add Custom Report

Templates for report PDFs to specify the:

Header Footer Logo

• Specify the FTP servers where you can send reports

• Configure settings forConnectWise Integration

Page 27: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Log Server Management — ConfigurationLog Server Management — Configuration

WatchGuard Training 2727

On the Configuration > Logging page, enable logging for the Dimension Log Server.

Select the Log Level for the log messages:• Error

• Warning

• Info

• Debug

Page 28: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Log Server Management — IP Address MappingLog Server Management — IP Address Mapping

WatchGuard Training 2828

On the IP Address Mapping page, configure IP address resolution for dynamically or statically addressed devices.

Some Dimension Dashboards and reports show a name instead of the IP address for the device.

Enable Dynamic IP Address Resolution for devices with dynamic IP addresses.

Add an IP address/name pair to the Static IP Address Map list for devices with static IP addresses.

Page 29: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Log Server Management — DiagnosticsLog Server Management — Diagnostics

WatchGuard Training 2929

On the Diagnostics page, you can use these diagnostic tools:• Purge diagnostic log

messages

• View Process List

• View Log Server log messages

• View Log Collector log messages

Page 30: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

System Settings — StatusSystem Settings — Status

WatchGuard Training 3030

On the System Settings > Status page, you can:• Review Dimension

system and network settings

• Manage certificates

• System Maintenance Reboot Upgrade Restore

Returns Dimension to the factory default settings

• View Connected Users

Page 31: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

System Settings — ConfigurationSystem Settings — Configuration

WatchGuard Training 3131

On the System Settings > Configuration page, you can:• Change the system

configuration details

• Enable Dimension to send feedback to WatchGuard

• Specify the domain settings

Page 32: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

System Settings — ConfigurationSystem Settings — Configuration

WatchGuard Training 3232

• Configure settings for NTP servers

• Enable Dimension to save a backup file to a remote FTP server

Page 33: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

System Settings — DiagnosticsSystem Settings — Diagnostics

WatchGuard Training 3333

On the System Settings > Diagnostics page, you can run diagnostic tasks for the Dimension operating system and Dimension server.

Operating System tasks:• Ping

• System Diagnostics

• Support Access for Diagnostics

• System Package Update

• Status Report

Page 34: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

System Settings — DiagnosticsSystem Settings — Diagnostics

WatchGuard Training 3434

Dimension Server tasks:• Process Information

• Task History

• Log Messages

Page 35: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

DatabaseDatabase

WatchGuard Training 3535

On the Database page, monitor the status of the Dimension database.

Database Status• Current status of the database.

• Stop and start the database processes.

Process List• See all the active Dimension

database processes. Log Messages

• View the log messages generated each day.

Status Report• See statistics for the devices

connected to Dimension.

Page 36: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Schedule ReportsSchedule Reports

WatchGuard Training 3636

Report Schedules• Read-Only — View

only

• Read-Write — Add/Edit/Removescheduled reports

Before scheduled reports can be sent, an SMTP server must be configured in the Log Server Management > Configuration > Notifications settings.

Page 37: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Schedule ReportsSchedule Reports

WatchGuard Training 3737

Create Schedule > Name & Description settings:• Schedule Name

• Description (optional)

Page 38: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Schedule ReportsSchedule Reports

WatchGuard Training 3838

Resource Selection• Devices:

All Devices Specify Devices

• Servers: All Servers Specify Servers

Page 39: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Schedule ReportsSchedule Reports

WatchGuard Training 3939

Destination Selection• Must add at least one

destination to send the report

• Send reports in email

• Send reports to a directory on an FTP server

• Send reports to ConnectWise

Page 40: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Schedule ReportsSchedule Reports

WatchGuard Training 4040

Report Selection• Report Types

• Time Zone For report display

purposes only. Web-based reports appear in the browser/OS time zone.

• Report Template Use any Custom Template

that you create

• Report Aggregation Single (one report/device) Combined (one report for

all devices)

• Run Reports Daily Weekly Monthly

Page 41: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Executive Summary ReportExecutive Summary Report

WatchGuard Training 4141

Executive Summary Report• Sent as a PDF file

• Specify a logo, header, and footer to customize the report

Page 42: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Web Traffic Summary ReportWeb Traffic Summary Report

WatchGuard Training 4242

Web Traffic Summary report• Sent as a PDF file

• Specify a logo, header, and footer to customize the report

• Report includes the Top Domains chart with the Web Categories (in a pie chart), and removes any byte counts or tabular information

Page 43: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

User ManagementUser Management

On the User Management page, you can manage the local users that can connect to Dimension.

Add users and assign roles to the users to specify what parts of Dimension each user can get access to.

Enable Dimension to connect to your Active Directory server to get user credentials and group information.

WatchGuard Training 4343

Page 44: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

User ManagementUser Management

WatchGuard Training 4444

Manage Users and Roles• Add, edit, or remove

users

• Apply roles: Read-Only – View-only Read-Write – Read-

write

Active Directory Settings• Enable Active Directory

Authentication

• Specify an Active Directory Server

Page 45: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

User ManagementUser Management

Dimension includes these roles for role-based administration that you can assign to local users:• User:

Local authentication Active Directory User Active Directory Group

• Devices — List of devices that send log messages to the Dimension Log Server

• Roles that apply to all devices: Super Administrator (All access) Report Administrator (Schedule reports, manage groups, view logs, view

reports)

• Roles that can be applied to individual devices and groups: View Logs View Reports

WatchGuard Training 4545

Page 46: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

User ManagementUser Management

Role policies function the same way they do in WSM:• User + List of roles + List of Devices

User authentication is similar to WSM:• Local user, AD user, AD Group

• AD requires DNS to resolve DCs by internal domain name Built-in roles only (no custom roles)

• Super Administrator Full access

• Report Administrator View logs View reports Manage scheduled reports and groups

• View Logs

• View Reports Applied to a list of devices

WatchGuard Training 4646

Page 47: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

User ManagementUser Management

WatchGuard Training 4747

Add a UserWhen you add a user, set the password and select the type of user, which specifies the location of the user account. User types include:• Local User

• AD User

• AD Group Select a role for the user:

• Super Administrator

• Report Administrator

• View Logs

• View Reports Select devices for the user

Page 48: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

User ManagementUser Management

WatchGuard Training 4848

Enable Active Directory Authentication• Enable Dimension to

connect to your Active Directory server.

• Specify at least one Active Directory domain.

• LDAPS must be enabled on your Active Directory server.

Page 49: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Use WatchGuard DimensionUse WatchGuard Dimension

WatchGuard Training 4949

Page 50: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Use WatchGuard DimensionUse WatchGuard Dimension

To get the most out of Dimension, make sure to:• Select Enable logging for reports in proxy actions on your Firebox

and XTM devices.

• Enable logging of Allowed Packets in all policies on your Firebox and XTM devices.

• Configure your Firebox and XTM devices and WatchGuard servers to send all log messages to your Dimension Log Server.

WatchGuard Training 5050

Page 51: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Use WatchGuard DimensionUse WatchGuard Dimension

When logging is enabled on your device, you can see details in the subsequent Dimension dashboards and reports.• Dashboards only include widgets for available data.

WatchGuard Training 5151

Page 52: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Use WatchGuard DimensionUse WatchGuard Dimension

WatchGuard Training 5252

Logging Enabled For… Dashboards Reports

Packet Filter Allowed Logs Executive, Threat Map, FireWatch Web, Packet Filter, Top Client, Application Control

Packet Filter Denied Logs Security, Threat Map Web, Packet Filter, Denied Packet, Top Client, Application Control

Advanced Persistent Threat Security APT Summary and Detail reports, PCI Compliance, Executive Summary PDF

Intrusion Prevention Logs Security, Threat Map IPS, Denied Packet

Log configuration changes Authentication, Audit

All Proxies Executive, Security, Threat Map, FireWatch GAV, IPS, SPAM, Application Control

HTTP Proxies Executive, Security, Threat Map, FireWatch Web, Firebox Statistics, RED

FTP Proxies Executive, Security, Threat Map, FireWatch Firebox Statistics

SMTP Proxies Executive, Security, Threat Map, FireWatch SMTP, Firebox Statistics

POP3 Proxies Executive, Security, Threat Map, FireWatch POP3, Firebox Statistics

WebBlocker Actions Executive, Security, Threat Map, FireWatch Web Audit

Any alarms GAV, Alarms

Page 53: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Executive DashboardExecutive Dashboard

WatchGuard Training 5353

Executive Dashboard Widgets• Top Clients

• Top Domains

• Top URL Categories

• Top Destinations

• Top Applications

• Top Application Categories

• Top Protocols Click a summary to expand

it and see more detail.

Page 54: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Security DashboardSecurity Dashboard

WatchGuard Training 5454

Security Dashboard Widgets• Blocked APT Malware

• Blocked Clients

• Blocked Destinations

• Blocked URL Categories

• Blocked Applications

• Blocked Application Categories

• Blocked Protocols IPS Signatures Gateway AntiVirus Click a summary to expand

it and see more detail.

Page 55: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Threat MapThreat Map

WatchGuard Training 5555

Denied Packets (Blocked) Intrusion Prevention

Service Web Traffic Application Control All Traffic

Page 56: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

FireWatchFireWatch

WatchGuard Training 5656

Sort by:• Source

• Destination

• Domains

• Application

• WebBlocker

• Protocol Pivot on:

• Bytes (Not available for packet filter traffic prior to XTM OS v11.8)

• Connections Hover for more detail:

• Filter further

• Show connections

Page 57: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Log ManagerLog Manager

WatchGuard Training 5757

Log messages stored in UTC time

Appears in your web browser’s local time

Page 58: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Log SearchLog Search

WatchGuard Training 5858

Run simple or complex search queries to refine the log messages that appear for the selected Firebox or XTM device.

Filter the search results by log message type:• Traffic

• Alarm

• Event

• Diagnostic

• Statistic

• All

Page 59: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Per Client ReportsPer Client Reports

WatchGuard Training 5959

Includes information from proxy log messages about an authenticated user, host name, or an IP address

Detailed activity summary for the selected client and the time range

Specify at least one of these options:• User name or ID

• IP address

• Host name

Page 60: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Per Client ReportsPer Client Reports

For a Data Loss Prevention report, you can also specify these options:• Policy name

• Rule name (required)

WatchGuard Training 6060

Page 61: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

View ReportsView Reports

WatchGuard Training 6161

On the Reports tab for a device, group, or server, you can select many of the same reports that are available on your WatchGuard Report Server

On a report, select options to pivoton from the pivotdrop-down list

Export the report to a PDF file

Page 62: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Use Dimension in Another LanguageUse Dimension in Another Language

The Dimension user interface is localized into these languages:• French

• Spanish (Latin America)

• Japanese

• Korean

• Traditional Chinese

• Simplified Chinese Explanatory text included in the Executive Summary and

Compliance reports is also localized, when you view them in your web browser, or generate a PDF from a web browser view.• PDF reports that are generated from a schedule do not include

localized text.

WatchGuard Training 6262

Page 63: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Support WatchGuard DimensionSupport WatchGuard Dimension

WatchGuard Training 6363

Page 64: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Dimension Support — Console AccessDimension Support — Console Access

Console shows command line access Log in with the wgsupport/readwrite credentials

• Change the password on initial login

• Account restricted to only find or change the IP address To set a static IP address, use the command wg_ip_addr.sh,

located in /opt/watchguard/dimension/bin. • For example, to set a static IP address of 192.168.24.101 on network

192.168.24.0/24 with gateway 192.168.24.1, type: /opt/watchguard/dimension/bin/wg_ip_addr.sh -i 192.168.24.101 -m 24 -g 192.168.24.1 

• When given without any options, or with the option --help, the command displays help text.

WatchGuard Training 6464

Page 65: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Dimension Support — Console AccessDimension Support — Console Access

To find the external IP address, run the ifconfig command. To find the Eth0 IP address and interface configuration details, run

the ip addr show command.

To find the route information for Eth0, run the ip route show command.

Support access for diagnostics is available with a connection restricted by a client-side certificate.

WatchGuard Training 6565

Page 66: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Dimension Support — Known LimitationsDimension Support — Known Limitations

Cannot import log files to Dimension Certificates must use CSR

• No external private key

WatchGuard Training 6666

Page 67: Introduction to WatchGuard Dimension™ v1.2 ©2013 WatchGuard Technologies, Inc. WatchGuard Training

Thank You!Thank You!

WatchGuard Training 6767