watchguard WG.Post-Sales.Training.Lab

地址：深圳市福田区燕南路404栋605室我们刚从厂家拿回来一台设备时是没有经过配置的，虽然有默认ip ，但是没有默认的密码。

所以我们还是不能用管理软件来配置并管理这台设备。

在这种情况下，我们使用快速安装向导来进行初始的配置。

首先安装WSM 管理软件。

接着使用快速安装向导。

点击下一步，将会出现一下窗口。

按照你的情况选择，没有多大关系。

在接下来的窗口中，选择你的防火墙的型号。

地址：深圳市福田区燕南路404栋605室地址：深圳市福田区燕南路404栋605室目前最新的版本为10.2.6 。

所以推荐选择10.2 以上将你的电脑接到防火墙的Trusted 端口上。

地址：深圳市福田区燕南路404栋605室按住防火墙面板上的按钮，接着关掉电源，然后打开。

（如果你是第一次使用快速安装向导，则按住向上键，若你是想恢复一下出厂设置，则按住向下键，因为当你是第一次使用时，设备里没有feature key ,而你想恢复时，设备里有feature key ）直到前面面板的指示灯出现安全模式字眼时，就可以松手，不用按住向上键了。

地址：深圳市福田区燕南路404栋605室选择pc 上的网络接口。

然后设备会自动查找。

地址：深圳市福田区燕南路404栋605室若找到设备了，就会显示设备的型号，版本号，序列号。

在这个窗口中，你可以为这个设备取个名字，方便记忆就可以，同时写上防火墙的位置，联系人。

一般我没有写。

地址：深圳市福田区燕南路404栋605室好了，现在就可以填写有点用的东西了，在这个窗口中，请你为外网口选择获取ip 地址的方式，有DHCP, PPPOE,或者使用静态的ip 地址。

按照你的具体情况而定吧！因为我是选择使用静态ip 地址的，所以它需要我填上ip 地址和默认网关。

（其实在这里都可以随便填写的，当你进入设备时还是可以改正的。

）地址：深圳市福田区燕南路404栋605室这个窗口是要你配置Trusted/optional 口的ip 地址。

地址：深圳市福田区燕南路404栋605室要使用这个功能必须购买防垃圾邮件模块，第一次注册设备时，可以免费使用一个月。

进入策略管理器，任务-防垃圾邮件-激活。

激活向导。

垃圾邮件只能在SMTP-proxy 和POP3-proxy 这两条策略中实现。

请选择实现的策略，选择SMTP 时需要指定邮件服务器的ip 地址，因为任何从外部发来的邮件都会被投递到防垃圾邮件模块里，先让它进行检查，若发现没有任何可疑，就由这个模块投递到邮件服务器。

地址：深圳市福田区燕南路404栋605室完成向导。

接着点击配置。

地址：深圳市福田区燕南路404栋605室选中SMTP-proxy 这条策略，然后点击配置。

动作标签中，系统将所有有问题的邮件分为三个类别，分别为Confirmed Spam///已确认的垃圾邮件。

Bulk///垃圾。

Suspect///可疑。

Confirmed Spam///已确认的垃圾邮件类别，包括来自已知垃圾邮件发送者的电子邮件。

Bulk///垃圾类别，包括并非来自已知垃圾邮件发送者，但确实符合一些已知的垃圾邮件结构模式的电子邮件。

Suspect///可疑类别，包括看起来似乎与新的垃圾邮件攻击相关的电子邮件。

每个类别的下拉菜单中，可以相应的选择动作。

包括：允许，添加主题标记，隔离，拒绝，丢弃。

若选择添加主题标记，应该写上相应的标记。

若选择隔离，则应该先创建隔离服务区，请参考其他文档。

下面说明了，当这个防垃圾邮件模块不可达的时候，是该怎么处理邮件，是允许还是拒绝。

切换到例外标签。

这里的优先级高于防垃圾邮件模块，当收到一封邮件首先跟例外列表进行匹配，若匹配则执行动作。

否则让防垃圾邮件模块扫描。

点击ADD地址：深圳市福田区燕南路404栋605室选择匹配时应执行的动作。

然后输入发送者和接受者，支持通配符。

切换到病毒爆发检测。

当防垃圾邮件模块扫描到一个病毒，该怎么处理。

可以选择，Allow///允许”、“Lock///锁定”、“Remove///删除”、“Quarantine///隔离”、“Drop///丢弃”以及“Block///阻止”操作（当选择锁定时，只能有管理员解锁，解锁方法： C:\ProgramFiles\WatchGuard\wsm10.0\bin\unlock.exe 打开锁定文件：1.打开命令提示符窗口。

一、网络拓扑图：DMZ二、网页过滤库、日志报表服务的配置步骤：1、首先是在服务器里安装日志报表服务，运行管理软件后会提示所要装的服务器软件这里勾上日志和报表服务，然后单击下一步安装完成后双击屏幕右下方的按照默认配置点击下一步，然后配置登录日志报表服务器的密码（如：密码：12345678）点击下一步后配置日志报表服务器的加密密钥和日志报表存放的位置（即数据库位置），如：密钥设为：12345678，日志报表存放位置在C盘下单击下一步再单击下一步便完成了注意，日志和报表默认的数据库大小都是100G，如果服务器磁盘不够，可以把默认的数据改一下。

然后在设置下点击“日志记录”勾上“将日志消息发送到ip地址的log server”，然后点击“配置”然后点击“添加”输入刚才配置日志报表服务器的Ip地址，密钥要与刚才建立日志报表服务器是输入的加密密钥相同单击确定后保存到防火墙便可注：日志报表服务所在的服务器必须长期开着才有数据2、安装网页过滤库服务运行管理软件，安装时勾上网页过滤库服务器后单击下一步进行安装安装完成后双击屏幕右下方的按照默认配置点击下一步，然后配置登录日志报表服务器的密码（如：密码：12345678）单击下一步后选择下载网页过滤库，勾上“是”，点击下载（在确保网络连通的情况下）选择下载存放的位置后点击下载下载完成后点击确定，再按照默认单击下一步单击完成后然后打开防火墙管理软件，进行配置网页过滤，点击“激活”然后进行配置，按照默认点击“下一步”，到了配置网页过滤连接到服务器的地址时点击“添加”，然后输入刚才建立的网页过滤库服务器的Ip点击下一步后把默认的“其他”前面的勾去掉在点击下一步直到完成便可3、日志报表系统测试结果如：上网流量报表如：带宽流量统计如：病毒检测报表系统按很多种类型来分别表示的，详情看报表文档。

Firebox拥有一套全面的统一威胁管理 (UTM) 解决方案，它可提供真正预防御功能，过滤间谍软件、病毒、特洛伊木马、垃圾邮件以及混合式威胁，确保您的数据安全。

而便于配置的VPN 通道实现了网络资源的加密远程接入，而其灵活的网络功能更便于对流量和带宽进行优先顺序设置，最大限度提高了效率和网络性能。

产品主要有如下特点：主动的真正预防御Firebox X Edge 所提供的强大网络防御是基于尖端的代理技术。

它们提供了内置的主动防御系统，可抵御多种类型的攻击，包括缓冲溢出、DNS 毒害、DoS 和 DDoS。

这种独特级别的真正预防御远远优于那些单独依赖数据包过滤和基于攻击特征技术来阻挡已知威胁的产品。

在您开启Firebox 的那一瞬间，您便拥有了强大的防御。

强大的综合安全功能通过在Firebox系列中添加强大的安全方案订购，可增强关键易受攻击领域的防御，它们与内置的防御系统完美配合，形成了全面的统一威胁管理解决方案：spamBlocker：有效实时过滤近 100% 的垃圾邮件和其携带的恶意软件而不受信息的内容、格式或语言所限。

WebBlocker：通过阻止 HTTP 和 HTTPS 访问恶意或不当网络内容，提高工作效率，并降低安全风险。

网关防病毒/入侵防御服务：基于攻击特征的强大的安全保护，在网关内阻止已知的间谍软件、木马、病毒及其它基于网络漏洞的攻击。

全面的网络功能为您提供可靠、灵活的网络选项，确保您的企业、远程办公室和分支办公室始终安全、连通。

为多个外部 IP 地址提供安全防御,支持 Dynamic NAT、1:1 NAT 和 PAT通过广域网容错至辅助端口或通过串口进行拨号连接，可最大限度减少网络中断时间完全的 VPN 容错，使连接性提升至最高可靠的可配置服务质量 (QoS) 机制设置动态分配带宽的优先顺序，使 VoIP 等关键任务和有时间敏感性的流量优先于次关键业务的流量安全的远程连接拥有了 Firebox X Peak，无论远程人员身处何处，均可轻松地得到保护。

WatchGuard®产品及服务注册指南目录如何注册一个用户3如何注册一个设备 12如何注册或更新一个服务 20如何应用一个 FEATURE KEY 26如何注册一个用户第一步在浏览器中输入/activate/ ，点击create a user profile （创建一个用户描述）第二步使用下拉菜单选择您所在的国家。

然后选择您的类型。

共有三个选项：I am a Channel Partner or Reseller（我是一名渠道商或代理商）I am a Business End-User or Customer （我是一名最终用户）Neither option describes me （没有适合我的选项）点击Continue继续。

第三步本页面由三部分组成：Contact Information, About Your Company, and User Name and Password.在Contact Information（联系方式）部分，请输入如下内容:First Name （姓名）Last NameCompany Name （公司名称）Company Address Line 1 （公司地址）Company Address Line 2 （公司地址）City （所在城市）Province （所在省份）Country （所在国家）Postal Code （邮政编码）Email Address （有效的邮件地址，最好使用公司邮箱）Phone Number （联系电话，应包含国家代码与当地区号）在About Your Company（公司情况）部分，请输入如下内容:How many people work at your company?（贵公司有多少名员工）How many office locations does your company have?（贵公司有多少分支机构）What is your company’s primary business focus?（贵公司主要的商业方向是什么？请点下拉菜单选择）Which of the following most closely describes your job title?（您的工作职务是什么？请点下拉菜单选择）Which role do you play in the purchase of network security products at your company?（您在贵公司采购网络安全设备中的任务是什么？请点下拉菜单选择）How did you learn about WatchGuard?（您是如何了结到WatchGuard公司的？）在User Name and Password（用户名与口令）部分，请输入如下内容:User Name （用户名，登录时使用）Password （口令）Confirm password （再次确认口令）注意：口令必须在6至15个字节范围内Security question （安全问题）Security answer （安全答案）如果您确认填写或修改正确，并希望得到WatchGuard的确认，点击Continue按钮。

WatchGuard® Technologies, Inc.Data Loss Preventionwith WatchGuard® XCS SolutionsData Loss Prevention is buiLt into aLL WatchGuarD® Xcs aPPLiance moDeLs as a PoWerfuL business tooL for controLLinG confiDentiaLinformation as it moves acrossnetWork bounDaries. This allows you to protect the growing volume of private data that traverses your network to prevent accidental or malicious data leakage in a single solution, without the need for multiplepoint products. Data loss prevention and privacy tools give you the ability to both secure information as needed to maintain policy compliance, as well as share authorized sensitive information securely with business partners outside the company.With a WatchGuard XCS appliance, you have an automatic, extensive risk management and policyenforcement boundary of outbound content. This ensures privacy and compliance, but does not impede the flow of your legitimate electronicbusiness communications.WatchGuard XCS email security solutions automatically incorporate powerful data loss prevention (DLP) capabilities to ensure that the content of outgoing email messages is in strict accord with your organization’s confidentiality and regulatory compliance policies. Adding an XCS Web Security subscription (available for all XCS models) extends those capabilities to your web-based traffic as well, for comprehensive coverage across protocols.HOW DATA LOSS PREVENTION WITHIN YOUR CORPORATE EMAIL SYSTEM WORKSsimPLifieD anD effective PoLicy manaGementD LP Wizard guides administrators through DLP configuration controls quickly and simply, allowing you to gain privacy and compliance and define remediation actions with a few simple clicks.c entralized policy management provides a single point of administration for creating, managing and enforcing content security and data loss policies to eliminate data loss gaps.P re-defined compliance dictionaries streamline the policy-setting process for HIPAA, PCI, GLBA and other regulations, and are customizable to conform with your unique business requirements and compliance regulations.c ustom policies for groups or individuals can be set to control who can send what and to whom without impeding critical business processes. Content controls include flexible and granular tools including the ability to set complex rules and even nest rules within one another.P oWerfuL content & conteXtuaL anaLysis accurateLy Detects PoLicy vioLationsD efense-in-depth methodology scans all outbound content (including files and attachments) and inspects context of the traffic (who is sending the data, where or to whom) to determine if there is a policy violation.a ttachment scanning & control provides the ability to apply existing content scanning policies to more than 400 file attachment types. Compressed file attachments can also be scanned to ensure sensitive information does not leave the organization.a pplied intelligence learns from previously allowed content to make future decisions more accurately and faster.D ata discovery and classification tools allow you to protect known confidential or sensitive data files, thereby training the system on what to look for and subsequent remediation actions to be taken upon discovery of such data.transParent remeDiation ProviDes unParaLLeLeD controL & visibiLityi nstant-on remediation actions are instantly applied when policy violations are detected for transparent protection, control and visibility of information leaving your organization. Options include block, quarantine, allow, encrypt, blind copy, or reroute content.s eamless email encryption , easily added to your solution with a WatchGuard SecureMail Email Encryption subscription, allows you to securely transmit and receive private, sensitive, and regulated information without hindering the free flow of critical business communications.GranuLar LoGGinG anD rePortinG for auDit reQuirementsP olicy violation alerts and the remediation actions taken are triggered instantly for immediate visibility.G ranular logs and one-click administration for customizable reports of policy violations are easily accessible to meet audit requirements.ADDRESS 505 Fifth Avenue South, Suite 500, Seattle, WA 98104 WEB U.S. SALES 1.800.734.9905 InTERnATIOnAL SALES +1.206.613.0895no express or implied warranties are provided for herein. All specifications are subject to change and expected future products, features or functionality will be provided on an if and when available basis. © 2012 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Fireware, and LiveSecurity are either trademarks or registered trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. All other tradenames are the property of their respective owners. Part no. WGCE66739_102212WatchGuarD Xcs inteGrateD Process for Data Loss PreventionData Loss Prevention is integrated into all WatchGuard XCS models. It provides comprehensive, instant protection from information loss. The system uses an integrated process for inspection, discovery, and remediation of policy violations for outbound communications containing sensitive content.1. e xamine. Outbound communications are checked for private or sensitive data, including personal information and intellectual property.2. D etermine. The sophisticated XCS policy engine determines the appropriate action to take on a message, based on pre-defined policies. P olicies are determined by the organization using customizable templates that aggregate internal policy with compliance-driven regulationsI ndustry-specific compliance dictionaries, including dictionaries for PCI, HIPAA and GLB, help make policy generation fast and effective. 3. t ake action: Take the appropriate action on the message instantly, without the need for manual intervention. Depending on pre-defined policies, the message can be allowed, blocked, encrypted, copied to a compliance officer, stamped, returned to sender, and/or entered in the audit/log.4. r eport. It is important to be able to easily document the policies that have been implemented to enforce the regulations, as well as tracking actual message traffic to ensure compliance. XCSsolutions provide granular logs for customizable reports of violations and remediation action taken to meet audit requirements.eXtenD Data Loss Prevention to Web trafficThe Web provides many exit points for sensitive information toleave your organization, including communications sent by popmail systems (hotmail, gmail, etc.), wikis, blogs, and social networks such as Facebook. Adding a Web Security subscription extends the data loss prevention capabilities of your XCS appliance* to include HTTP traffic, for comprehensive protection across protocols.S cans content in all outbound web traffic, including attachments, for policy violations.I nspects context in which communication is sent including who is sending the data, where it is being sent, and to whom.U ses the same policies developed for your organization’s email communications to save time and ensure strong and consistent enforcement.A llows administrator to manage data loss prevention across protocols from one easy-to-use administrative console.P rovides consolidated visibility and control so you can meet stringent compliance requirements.* W eb Security subscriptions are available for all XCS models.For more information on Data Loss Prevention capabilities and our complete line of powerful WatchGuard XCS solutions, visit /xcs.Examine entire content including attachmentsDetermine if content and context is in accordance with de ned policiesMonitor and provide reports to demonstrate compliance and identify gapsDeliver content in accordance withde ned policies - send, copy, encrypt, blockPrivacy & Compliance EngineInspect - Filters Validate - Dictionaries Decide - PoliciesinteGrateD Process for Privacy anD comPLiance Protection。

WatchGuard防火墙特性WatchGuard拥有一套全面的统一威胁管理 (UTM) 解决方案，它可提供真正预防御功能，过滤间谍软件、病毒、特洛伊木马、垃圾邮件以及混合式威胁，确保众通广告的数据安全。

而便于配置的VPN 通道实现了网络资源的加密远程接入，而其灵活的网络功能更便于对流量和带宽进行优先顺序设置，最大限度提高了效率和网络性能。

部署该产品主要有如下优势：1.主动的真正预防御WatchGuard 所提供的强大网络防御是基于尖端的代理技术。

它们提供了内置的主动防御系统，可抵御多种类型的攻击，包括缓冲溢出、DNS 毒害、DoS 和 DDoS。

这种独特级别的真正预防御远远优于那些单独依赖数据包过滤和基于攻击特征技术来阻挡已知威胁的产品。

在众通广告开启 WatchGuard 的那一瞬间，众通广告便拥有了强大的防御。

2.安全的远程连接众通广告在新一代的IDC机房部已经署了一台WatchGuard X 550e的产品,由于众通广告的办公网络与IDC机房的服务器有很多数据交互，需要保证安全、快速、稳定的连接，而同一厂商的设备VPN互联有更高的可靠性，该产品可以方便的在两地部署VPN连接。

3.流量和并发会话数控制Watchguard 提供基于策略的流量管理，可以设置该策略的最大带宽、最小带宽、并发连接数。

例如，有个客户的网络分办公区域和酒店区域两部分，均通过Watchguard代理上网。

由于酒店区域必须开放所有端口，加上客人经常大并发访问和BT 下载，占用带宽从而影响到办公区域的应用。

因此Watchguard 协助客户实现对酒店部分进行流量控制，设定酒店区域最大占用网络带宽，并给办公区域设定了最小的网络保留带宽，确保办公区域正常应用。

同时，为了避免酒店区域进行BT 等高并发下载，从而占满网络最大并发数，从而影响所有网络的应用，Watchguard 协助客户设定酒店区域的并发数，来避免BT 应用对网络的影响。

WatchGuard硬件防火墙特色介绍(日志报表篇)前面我对WatchGuard硬件防火墙的特色做了初步的介绍，详情请见WatchGuard 硬件防火墙特色介绍（待续），今天将为大家介绍WatchGuard硬件防火墙强大的日志及其报表功能。

防火墙的日志功能可以为网络管理人员提供丰富的信息资源，包括各种网络活动的详细信息（时间、来源IP、目的IP、源和目的端口等）、被拦截或丢弃的数据包信息、丢弃原因等，因此日志功能的完善及强大与否决定了网络管理人员能否快速的从防火墙日志中查找问题，发现设置或策略上的错误并及时修正。

这在日常的安全管理及维护操作中是非常重要的一个环节。

几乎所有的硬件防火墙产品均有日志记录功能，从存储的位置上来区分的话，基本上有下面三种方式：一、存储在设备本身的存储器或内存当中二、将日志记录发送至第三方的SYSLOG服务器三、与设备配套专用的日志服务器系统SonicWall、FortiGate、Netscreen等防火墙均可以登陆WEB管理界面查看日志信息，或将日志记录发送至第三方的SYSLOG服务器。

存储在设备当中的日志记录，由于受设备本身容量的限制，日志信息不能保存太长时间，并且可供查看的信息相对较简单。

有些设备重启后日志记录将被重新初始化，那么用户将丢失以前的日志记录。

将日志发送至外置的SYSLOG服务器，可以将日志进行存档，并结合第三方工具进行分析。

由于常用的SYSLOG服务器只具备日志的存档能力，而不具备强大的分析及报表生成能力，因此容易造成用户查找信息，分析问题上的不便。

以SonicWall硬件防火墙为例，虽然可以直接登陆WEB管理界面查看日志记录，但设备重启后日志便丢失。

虽然可以将日志信息发送至SYSLOG服务器，但由于没有免费配套的日志分析及报表工具（ViewPoint虽然提供了日志的分析及报表生成功能，但并非免费提供给用户，用户需要另行购买该软件），因此用户也很难对过于庞大的日志记录进行分析。

WatchGuard推出新一代企业网络安全设备/security/2011年11月24日14：13 来源：IT168【文章摘要】全球企业安全方案厂商WatchGuard Technologies推出新一代企业网络安全设备WatchGuard XTM 2050。

全球企业安全方案厂商WatchGuard Technologies推出新一代企业网络安全设备WatchGuard XTM 2050.新一代防火墙（next-generation firewall;NGFW）为需要高效能防火墙、应用控制和入侵预防系统（intrusion prevention system;IPS）的大型企业与资料中心提供企业层级安全防护，协助防范资料盗取、恶意程序攻击和安全漏洞。

持续专注于防火墙与网络安全本业是WatchGuard与其它竞争对手最大的不同之处，也让WatchGuard在企业网络安全市场中占有一席之地。

WatchGuard深耕公司主力产品防火墙，并结合质量最佳的统合威胁管理方案（unified threat management;UTM），提供企业端全方位的网络安全防护。

但在社群网络与Web 2.0应用程序的快速兴起下，网络攻击模式更形复杂，网络端资安防御设备也势必从以往单纯的防火墙与VPN功能，衍生出更多具延伸的安全防护机制，可延伸威胁管理方案（extensible threat management;XTM）成为解决此一问题的关键平台。

WatchGuard Technologies营销副总裁Eric Aarrestad表示：「拥有超过15年防火墙和网络安全专业，WatchGuard特别针对企业环境独特且持续变化的需求设计XTM 2050新一代防火墙。

企业可以藉由它定义、执行与稽核具安全与可接受的使用政策，在提升员工生产力的同时为具关键性的网络资源、应用程序和资料提供最佳的保护。

」南中国区业务总监梁定全强调，XTM 2050新一代防火墙特别适用于需要高速网络、多租户与虚拟化服务的中大型企业、互联网服务提供业者（ISPs）以及网页寄存公司（hosting company）。

WatchGuard 安全设备当公司需要成熟的网络安全解决方案时，WatchGuard 是一个不错的选择。

我们致力于为客户提供卓越的服务、可靠的产品、杰出的技术支持与创新，供应多样化的产品，以满足客户特殊的业务需求。

作为XTM 产品，是否具有主动防御的功能？WatchGuard® 公司通过其 XTM 设备的智能分层安全（IntelligentLayered Security）技术提供了“预防御保护”（Zero Day Protection），能够有效地主动阻止新的未知的攻击，同时不再完全依靠攻击特征的支持。

“预防御保护”是指在发现漏洞，以及黑客在建立和发起真正的攻击之前，就阻止新的或未知的威胁。

智能分层安全技术具有多种分析技术：协议异常检测——阻止与协议标准不符的恶意通信。

模式匹配——通过全面检查整个数据包，在系统中标记并移除高风险文件，比如.exe 和 脚本文件、病毒、间谍软件和木马。

行为分析——识别并阻止来自主机的可疑通信，其中包括DoS 和DDoS 攻击、端口扫 描和地址扫描。

们能适应各种规模的企业，包括用户数量低于 50 的企业到拥有超过 10,000 名用户的企业。

XTM 在性能上的优化，得益于智能分层安全技术构架。

和市面上的许多病毒墙和入侵防护产品不同，XTM 产品的各网络安全层能够协同工作，以加强总体安全性。

如：当入侵防御服务发现攻击时，可通知XTM设备进行处理。

层与层之间是流水线式的合作关系，从而减轻了XTM 整体的处理压力，在保证安全的同时优化了性能。

部署XTM 后是否可以实时拦截来自Internet 的病毒和入侵攻击？网关防病毒/入侵防御服务（Gateway AntiVirus/Intrusion Prevention Service）是XTM® 系列设备的基于特征的安全服务。

它与 XTM “预防御”联手打造强大的实时防护，能够防止间谍软件、病毒、木马、缓存溢出、资料隐码、即时消息和点对点（P2P）通讯。

Firewall Basics with Fi 11Presenter Name,P Ti l Fireware XTM Presenter Title Quick SetupUpgrade To XTM入门准备管理主机与Firebox学标学习目标•使用快速配置向导完成初始化•使用WSM连接设备与服务器•使用策略编辑器使用各个应用•WSM•登录XTM Web界面注册Firebox必须拥有个有效的账户•必须拥有一个有效的账户•在配置Firebox 前，必须对设备进行注册•准备好Firebox 的序列号管理工作站管作站•使用WSM管理•管理工作站运行Windows Vista（32‐bit）、Windows XP SP2、Windows Server2003•安装WSM软件•安装Fireware XTM软件使管•使用Web管理•支持浏览器的工作站•使用命令行管理•支持SSH协议WSM 软件介绍WSM软件介绍•下载必要的软件•https:///archive/softwarecenter.asp •选择对应的设备型号，并下载软件选择对应的设备型号并下载软件•WSM为管理器•Fireware是Firebox的OS•使用新软件版本前，请仔细阅读Release Note 文档Upgrade to XTM学标学习目标•Edge的XTM OS升级Ed•Edge的XTM OS降级•Core/Peak的XTM OS升级•Core/Peak的XTM OS降级将Edge的OS升级到XTM‐适用于Edge e Series注意事项•确认License文件的LSS许可在有效期内•确认当前Edge系统所运行的版本•Edge当前运行的OS版本低于v10.2.9时，请先升级OS到v10.2.9或更高版本•Edge当前运行的OS版本为XTM v11.0、v11.0.1，请先升版本或降级到更高版本级OS到v11.0.2版本，或降级到v10.2.9及更高版本•WatchGuard Management Server管理的Edge不由h可以集中统一升级到XTM，需要按照后面的步骤做单台设备升级的载设备OS的下载•Edge的OS文件从下载，这里Ed t h d下载这里有3个不同的升级文件包，请根据Edge当前的OS 版本和您的目的，选择下载。

Before You Begin2WatchGuard Technologies,Inc.LocalizationAny data returned from the device operating system(e.g.log data)is displayed in English only.Additionally,all items in the Web UI System Status menu and any software components provided by third-party companies remain in English.Fireware XTM Web UIThe Web UI will launch in the language you have set in your web browser by default.The name of the currently selected language is shown at the top of each page.To change to a different language,click the language name that appears.A drop-down list of languages appears and you can select the language you want to use.WatchGuard System ManagerWhen you install WSM,you can choose what language packs you want to install.The language displayed in WSM will match the language you select in your Microsoft Windows environment.For example,if you use Windows XP and want to use WSM in Japanese,go to Control Panel>Regional and Language Options and select Japanese from the language list.Log and Report Manager,CA Manager,Quarantine Web UI,and Wireless Hotspot These web pages automatically display in whatever language preference you have set in your web browser.Release Notes3Fireware XTM and WSM v11.6.3Operating System Compatibility***4WatchGuard Technologies,Inc.Fireware XTM and WSM v11.6.3Operating System CompatibilityRelease Notes 5AuthenticationSupportThis table gives you a quick view of the types of authentication servers supported by key features of Fireware ing an authentication server gives you the ability to configure user and group-based firewall and VPN policies in your XTM device configuration.With each type of third-party authentication server supported,you can specify a backup server IP address for failover.—Fully supported by WatchGuard—Not yet supported,but tested with success by WatchGuard customers122Mobile VPN with IPSec/Shrew Soft 3–Mobile VPN with IPSec for iPhone/iPad iOS and Mac OS XMobile VPN with IPSec for Android devices –Mobile VPN with SSL for Windows 44Mobile VPN with SSL for Mac 5Mobile VPN with PPTP––N/ABuilt-in Authentication Web Page on Port 4100Windows Single Sign-On Support (with or without client software)––––Terminal Services Manual Authentication Terminal Services Authentication with Single Sign-On6––––Citrix Manual Authentication1.Active Directory support includes both single domain and multi-domain support,unless otherwise noted.2.RADIUS and SecurID support includes support for both one-time passphrases and challenge/responseauthentication integrated with RADIUS.In many cases,SecurID can also be used with other RADIUS implementations,including Vasco.3.The Shrew Soft client does not support two-factor authentication.4.Fireware XTM supports RADIUS Filter ID 11for group authentication.5.PIN +Tokencode mode is supported.Next Tokencode mode and SMS OneTimePasswords are notsupported.6.Only single domain Active Directory configurations are supported.Fireware XTM and WSM v11.6.3Operating System Compatibility6WatchGuard Technologies,Inc.Downloading SoftwareRelease Notes7Downloading Software8WatchGuard Technologies,Inc.Upgrade from Fireware XTM v11.x to v11.6.3Release Notes9Upgrade your FireCluster to Fireware XTM v11.6.310WatchGuard Technologies,Inc.Downgrade InstructionsResolved IssuesResolved IssuesLogging&Reportingl The unnecessary log message"block_dump:Select timed out"has been removed.[66635]l The unnecessary log message"miiGetLinkStatus"no longer shows when a network bridge is enabled.[41811]l The web service file"LogService.wsdl"is now accessible for Eclipse setup.[69869]l Reports generated with UTF-8encoding no longer contain corrupted characters.[66584]Proxies and Security Servicesl This release resolves an issue with IPS and the HTTP proxy that caused NAT exhaustion in some customer environments.[66246]l A problem that caused XTM device instability when the SIP ALG was in use has been resolved in this release.[68312]l A problem that caused ActiveFTP to fail in some customer environments has been resolved.[65848] l This issue resolves an issue that caused some XTM devices to crash during heavy mail traffic.[66428] l XTM devices no longer try to update Gateway AV and IPS signatures when these features are not licensed.[66415]Authenticationl SSO exceptions added as an IP Range now operate correctly.[68986]l SSO exceptions no longer incorrectly trigger when the last octet of an IP address matches a configured exception.[68344]Networkingl A problem that caused Policy-Based Routing to fail when the interface was not down has been resolved.[67116]l This release resolves an issue that could cause an interface to fail.[68554]l A problems that caused some XTM devices to periodically fail to pass network traffic has been fixed.[65179]l Static routes no longer fail when multi-WAN and PPPoE are both enabled.[68090]l An interfaced configured to use PPPoE no longer waits for a multi-WAN failover to occur before it requests a new IP address.[68232]l This release resolves an issue that caused outbound traffic to fail after a multi-WAN failover.[68183] l Multi-WAN now works correctly on XTM2050devices configured with ETH16-19as external interfaces.[68405]FireClusterl This release resolves some memory management issues that caused FireCluster instability.[68026] l This release resolves a crash issue that caused a FireCluster member failover in an active/passive FireCluster.[66872]VPNl Branch office VPN tunnels no longer fail when a PPPoE interface goes down.[68639]l This release resolves several IKE process crashes that caused failure for Mobile VPN with IPSec and Branch Office VPN.[68118,69625,67961,67881,68237]Resolved Issuesl Branch office VPN tunnels no longer fail when a dynamically assigned external IP address on the XTM device changes.[68163,68910,68188]l This release resolves an issuethat causedbranch officeVPN tunnels tofail topass traffic.[69090,67819] l A large number of active branch office VPN tunnels no longer causes a CPU spike.[68886]l A memory leak that occurred when a large number of branch office VPN tunnels were active has been fixed.[66200]l This release resolves an issue that caused branch office VPN tunnels to stop passing traffic.[67921] l Branch office VPN tunnel routes configured to use1-to-1NAT now operate correctly with Multi-WAN.[67001]l This release resolves an issue that caused branch office VPNs to fail after a Fireware XTM OS upgrade.[68247]l The IKE process now remains stable when Mobile VPN with IPSec connections that use the Safenet client are disconnected.[66772]XTMvl Network connectivity no longer fails after you upgrade the Fireware XTM OS on an XTMv installation.[69500]l XTMv appliances with PPPoE configured no longer lose network routes after a reboot.[69492]Known Issues and LimitationsKnown Issues and LimitationsKnown Issues and LimitationsKnown Issues and LimitationsKnown Issues and LimitationsKnown Issues and LimitationsKnown Issues and LimitationsKnown Issues and LimitationsKnown Issues and LimitationsKnown Issues and LimitationsUsing the CLITechnical Assistance。

Revision E WGD00151Important NoticeCopyright©2019WatchGuard,Inc.All rights reserved.This document and supporting data are the exclusive property of WatchGuard,Inc.and may not be copied or reproduced without permission.Software updatesWatchGuard is committed to the continual testing and improvement of our software.As new software revisions become available,these updates will be made available to your agency;fees may apply depending on your licensing agreement.Manufacturer contact informationWatchGuardWatchGuard,Inc.415East Exchange ParkwayAllen,TX75002Customer Service:1-800-605-6734Customer Service web portal:https:///hc/en-usSend us your suggestionsWe want to hear from you.Tell us about your experience and how you are using theWatchGuard REDACTIVE software.We will do our best to accommodate any suggestions you may have in future revisions.For U.S.customers,call Customer Service at800-605-6734or email us at*****************************with your comments,questions,and concerns.International customers,please contact your local distributor.Trademark noticesMicrosoft,Windows,Windows Server,.Net,and Internet Explorer are trademarks orregistered trademarks of Microsoft Corporation in the United States and/or other countries.All other marks,names,and logos mentioned herein are the property of their respectiveowners.WGD00151Revision EWatchGuard REDACTIVE3.0.3User Guide, Single User,Revision E WGD00151iiiivWatchGuard REDACTIVE 3.0.3User Guide,SingleUser,Revision E.WGD00151Note:Multiple redaction will not work with2.0version redacted videos.5 WatchGuard REDACTIVE3.0.3User Guide,Single User,Revision E WGD00151Installing REDACTIVE Single UserInstalling REDACTIVE Single UserIn this section...l Installing or Upgrading Single User Desktop(page7)l System Requirements(page7)l Upgrade from Version2.0to3.0(page7)l Installing Single User Desktop(page8)l Changing Evaluation License to Paid License(page12)6WatchGuard REDACTIVE3.0.3User Guide,SingleUser,Revision E.WGD00151Note:When working with long videos,WatchGuard recommends a16+coresystem with2GB memory,or more,per core processor for best performance.Note:Multiple redaction will not work with2.0version redacted videos.WatchGuard REDACTIVE3.0.3User Guide,7 Single User,Revision E WGD00151The User Account Control window appears.Click Yes8WatchGuard REDACTIVE3.0.3User Guide,SingleUser,Revision E.WGD00151WatchGuard REDACTIVE3.0.3User Guide, Single User,Revision E WGD001519Installing REDACTIVE Single User4.Change the location or click Next to accept the shown location.The Ready to Install window appears.5.Click Install.The Installing window appears showing the status.10WatchGuard REDACTIVE3.0.3User Guide,SingleUser,Revision E.WGD00151Click Finish.desktopImportant!License keys are distinct between the desktop and the Enterprise versions.If you switch between the two on the same machine,you must re-enter the license key.Depending on your user permissions,you may not be able to replace the license file.A"cannot save license data"message appears.If you encounter this,remove the licenses file at C:\ProgramData\WatchGuard REDACTIVE\licenses.Important!If you have a problem with your installation and have to reinstall, delete the file C:\ProgramData\WatchGuard REDACTIVE\licenses before proceeding.Getting Started with REDACTIVEGetting Started with REDACTIVEREDACTIVE is an automated redaction tool that saves you time when redacting files.It automatically identifies faces,vehicles,and license plates,but also lets you manually redact faces and other objects and edit the automated file.This section covers:l UI Controls(page15)l Video playback controls(page16)l Keyboard shortcuts(page17)1.Export Options(page33)2.Detection Type(page34)10.About(page37)11.Video playback controls(pageNote:If you choose pixelate,blur,or intensity for your redaction type, Redaction Intensity(page33)appears in place of Redaction Color.frame: Play/pause:frame:Getting Started with REDACTIVEThis page intentionally left blank.This takes you to the first screen where you import and open a videoNote:Export your videos from your Evidence Library software to a folder on your computer and then import them into REDACTIVE.o Load Data:Loads the video with the auto run,manual,and audio redactiono Delete:Removes all of the auto run,manual,and redaction information, Run Auto Redaction againREDACTIVE Workflow2.Click Delete and the file loads with all redacted information deleted.3.Click Load Data and the file loads with redacted outlines appearing.REDACTIVE WorkflowRun Auto RedactionYou can run auto redaction multiple times or you can run it once to find faces,people,licenses, and vehicles.1.Select and open a video.2.Click RUN AUTO REDACTION button.The Select Detection Types window appears.3.Choose the objects you want to redact.You can choose as many as you want.Choose whether to wait for the redaction to finish or Run in Background working.If you have a process running,REDACTIVE tells you how many processes are agency determines the number of process that can run in the background. ADVANCED button to set the maximum number of processes you can run.Review your file for false positives.Note:Redactions that you ran in version2.0.x can be rerun through autoredaction.The detection types you did not run will show up in the detection type list.See step3.If the frame is in more than one place in the video,you may want to delete it from beginning to end.See editing an object(page32).Note:The Objects List is disabled when a version2redacted video is on thescreen.REDACTIVE Workflow2.Choose Cancel,Static,or Automatically Track for each bounding box you added.o Cancel:Removes the bounding box you've drawn and returns to playback modeo Static:Saves the new bounding box on this frame onlyo Automatically Track:Tracks the outlined object for as far as it extends in either directionPerform audio redactionYou can also redact audio choosing to submit only a section of the audio.Or,you can mute the entire video.1.Click Redact Audio to bring up a visual display of the audio(page46).2.Click Remove All Audio box to mute all audio for the event.3.Click Remove All Audio box again to restore the audio to the event.4.Press,hold,and drag the mouse across the audio display to select the portion you want toredact(mute).If you did not get all you wanted,pull the timelineMove the timeline to the position you want to capture.a.Click and drag the audio timeline for the audioDrag the audio until it connects with the first selection, worry about overlap.The two sections will merge.The entire selection is muted.REDACTIVE WorkflowRedact audio1.Click and drag the cursor over the waveform to mute the audio.A red highlight appears.If the selected region overlaps or abuts an already muted region,the two regions combine into one segment.The entire region is muted.To change this,you have to unmute the region and start over.2.Click and drag either end of a selection to change the region to be muted.3.Right click in the region and select Unmute to remove the selection.o Go to last frame:Goes to theThe video file is exported to an MP4container with compression).REDACTIVE WorkflowExport optionsYou can control what your redacted file looks like with the Export Options.Detection TypeThis setting tells you what is redacted in the video or if you did the redaction manually.Redaction TypeYou choose how the redaction on your objects appears:l Outline:Shows the colored box or ellipse;the face is till viewable;this is more of a highlight than a redaction.Choose the bounding box color from the Redaction Color selection.The redaction colors are only available for Outline and Fill.l Fill:Covers the subject with a solid color,obscuring the face.Choose the fill color from the Redaction Color selection.The redaction colors are only available for Outline and Fill.l Pixelate:Covers the subject with broken up pixels,obscuring the face.l Blur:Blurs the faceNote:Redaction Intensity appears when you use Pixelate,Blur,or Mosaic.REDACTIVE WorkflowAudio RedactionBeep or mute out the section of audio you want to redact.If you do not want to export the entire video,you can select which part of the video and audio you want to export.You set the slider bar to where you want to start your selection and stop it where you want to end your selection.(page38)View OptionsThe View Options selections change the display of the outlines while in REDACTIVE.View options cannot be run on an exported video.The two options include:l Multicolored objects:displays outlines in a range of colors to allow easy and immediate differentiation of objectsl Show object labels:Overlays a number on the bounding box aiding in object differentiationThe default is on for both multicolored objects and labels.Advanced settingYou can run concurrent auto redactions and continue to work on other videos at the same time.Running multiple auto redactions can slow the performance of your system.You will haveTo run a partial video:1.Uncheck the Export entire video box.2.Select the Start and End times for the part of the video you want to export.Important!You can only export a file once.You cannot remove any redaction after a file has been exported.o Download Video downloadsOpen the downloaded fileThe video file is exported to an MP4container with compression).Note:The redaction processing speed is improved when running auto redaction on an Intel CPU.The speed still depends on the size of the video and your system.Understanding REDACTIVEBox43also appears in the next frame.Select Delete object to remove the box in both frames.On bounding box43,you can right click your mouse and choose Delete object to remove this bounding box.You have six options on the bounding box on box43:l Go to first frame-moves to the first frame the bounding box appears inl Go to last frame-show the last frame box43appears inl Delete object-removes the bounding box from the video and the Object List The rest of the frame remains the samel Delete to beginning-removes bounding box43from this point to the beginning of the video l Delete to the end-removes bounding box43from this point to the end of the videol Split object-splits the bounding box into two separate objects-one goes to the beginning,Tip:REDACTIVE performs with more accuracy using high definition(HD)versus standard definition(SD)videos.Shown here is the same video captured with a VISTA Wearable Camera.One video is set to HD and one to SD.Note:You can run automatic redaction only once on a video.When you close the video,you can reopen it and delete the redaction data and run automatic redaction again.Understanding REDACTIVEFor more information...How to Edit Objects(page32)Redact audio1.Click and drag the cursor over the waveform to mute the audio.A red highlight appears.If the selected region overlaps or abuts an already muted region,the two regions combine into one segment.The entire region is muted.To change this,you have to unmute the region and start over.2.Click and drag either end of a selection to change the region to be muted.。