Firebox III Hardware Guide Firebox 500, Firebox 700, Firebox 1000, Firebox 2500, Firebox 4500
Copyright and Patent Information Copyright© 1998 - 2003 WatchGuard Technologies, Inc. All rights reserved. AppLock, AppLock/Web, Designing peace of mind, Firebox, Firebox 1000, Firebox 2500, Firebox 4500, Firebox II, Firebox II Plus, Firebox II FastVPN, Firebox III, Firebox SOHO, Firebox SOHO 6, Firebox SOHO 6tc, Firebox SOHO|tc, Firebox V100, Firebox V80, Firebox V60, Firebox V10, LiveSecurity, LockSolid, RapidStream, RapidCore, ServerLock, WatchGuard, WatchGuard Technologies, Inc.
Contents Limited Hardware Warranty ........................................................... 1 FCC Certification ............................................................................ 4 CE Notice ....................................................................................... 5 Industry Canada ............................................................................. 5 Taiwanese Notice ........................................................................... 6 VCCI Notice Class A ITE ..
Firebox System Area .................................................................... 20 Read-only system area ................................................................ 21 Enhanced System Mode .............................................................. 21 Managing flash disk memory .......................................................
Hardware Guide The WatchGuard Firebox III is a specially designed and optimized security appliance. Solid-state architecture removes the risk of hard-drive failure and disk crashes. Three independent network interfaces allow you to separate your protected office network from the Internet while providing you an optional public interface for hosting Web, e-mail, or FTP servers. Each network interface is independently monitored and visually displayed on the front of the Firebox.
and used for its intended purpose and in its intended operating environment, will perform substantially in accordance with WatchGuard applicable specifications. This warranty does not apply to any Product that has been: (i) altered, repaired or modified by any party other than WatchGuard; or (ii) damaged or destroyed by accidents, power spikes or similar events or by any intentional, reckless or negligent acts or omissions of any party.
Limited Hardware Warranty 4. Limitation of Liability. WATCHGUARD TECHNOLOGIES’ LIABILITY (WHETHER ARISING IN CONTRACT (INCLUDING WARRANTY), TORT (INCLUDING ACTIVE, PASSIVE OR IMPUTED NEGLIGENCE AND STRICT LIABILITY AND FAULT) OR OTHER THEORY) WITH REGARD TO ANY PRODUCT WILL IN NO EVENT EXCEED THE PURCHASE PRICE PAID BY YOU FOR SUCH PRODUCT. THIS SHALL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF ANY AGREED REMEDY.
FCC Certification This device has been tested and found to comply with limits for a Class A digital device, pursuant to Part 15 of the FCC Rules. Operation is subject to the following two conditions: • This device may not cause harmful interference.
CE Notice • This device must accept any interference received, including interference that may cause undesired operation. CE Notice The CE symbol on your WatchGuard Technologies equipment indicates that it is in compliance with the Electromagnetic Compatibility (EMC) directive and the Low Voltage Directive (LVD) of the European Union (EU). Industry Canada This Class A digital apparatus meets all requirements of the Canadian Interference-Causing Equipment Regulations.
Taiwanese Notice VCCI Notice Class A ITE 6 Hardware Guide
Installing the Firebox III Installing the Firebox III Easily installed into your network, the rack-mountable Firebox plugs in at the Internet connection of your offices to implement security policies and protection.
Locating a Firebox within a network One of the first steps in installing a Firebox is determining where to place it within the network. Nearly always, a Firebox is placed directly behind the Internet router, as pictured below. This is the most effective location for the Firebox to operate correctly and protect your network. Connecting a Firebox After you have decided where to place the Firebox, the next task is to make all the hardware connections.
Installing the Firebox III You can connect to and initialize a new Firebox in several ways: • Using TCP/IP. This is the quickest way to configure a Firebox in most situations. • Using a serial cable. Use this method if you want to isolate the Firebox during configuration. • Using a modem. Use this method if the Firebox is located remotely from the Management Station. • Using remote provisioning.
3 Install the power cord from the Firebox AC receptacle to a power source. 4 When prompted to do so during the QuickSetup wizard (described in “Running the QuickSetup Wizard” on page 11), select Use Serial Cable to Assign IP Address as the configuration access method. Initializing a Firebox using a modem The following are required when using a modem: • Management Station running Firebox System 4.6 or later and equipped with a modem, Dial-Up Networking software, and a working telephone line.
Installing the Firebox III • • • The Management Station is running Firebox System 4.6 or later, which has IP connectivity to the network on which the Firebox is connected. The network address and the netmask of the net behind the router are known. One or more unused IP connections are behind the router. During remote provisioning, one light appears on the front panel Traffic Volume Indicator (on Models 1000, 2500, and 4500 only) for each successful IP address the Firebox claims.
file and saves it to the primary area of the Firebox flash disk. The Firebox loads the primary configuration file when it boots. The QuickSetup wizard also writes a basic configuration file called wizard.cfg to the Management Station hard disk. By default, the QuickSetup wizard starts automatically after you finish installing the Firebox System software. To manually start the QuickSetup wizard from the Windows desktop, select Start => Programs => WatchGuard => QuickSetup Wizard.
Hardware Description Firebox III front view (all models except Model 500 and 700) Indicators for the Firebox III Model 1000, Model 2500, and Model 4500 are on a central back-lit indicator panel. The following photograph shows the entire front view. The photograph below shows a close-up of the indicator panel. From the left, the indicators are as described on the next page. Disarm Red light indicates the Firebox detected an error, shut down its interfaces, and will not forward any packets.
Sys A Indicates that the Firebox is running from its primary userdefined configuration. Sys B Indicates that the Firebox is running from the read-only factory default system area. Power Indicates that the Firebox is currently powered up. Security Triangle Display Indicates traffic between Firebox interfaces. Green arrows briefly light to indicate allowed traffic between two interfaces in the direction of the arrows.
Hardware Description The following photograph shows a close-up of the indicator panel. From the left, the indicators are as described below. Disarm Armed Sys A Sys B Power Disarm Red light indicates the Firebox detected an error, shut down its interfaces, and will not forward any packets. Armed Green light indicates the Firebox has been booted and is running. Sys A Indicates that the Firebox is running from its primary userdefined configuration.
Sys B Indicates that the Firebox is running from the read-only factory default system area. Power Indicates that the Firebox is currently powered up. Security Triangle Display Indicates traffic between Firebox interfaces. Green arrows briefly light to indicate allowed traffic between two interfaces in the direction of the arrows. A red light at a triangle corner indicates that the Firebox is denying packets at that interface.
Hardware Description PCI Expansion Slot Reserved for future use. Factory Default This button is active only during the boot process. To boot the Firebox to SYS B, press this button and hold it down for 20-60 seconds (or until you see the Sys B light come on). Console Port Connects to the Management Station or modem through a serial cable supplied with the Firebox using PPP. .
AC Receptacle Accepts the detachable AC power cord supplied with the Firebox. Power Switch Turns the Firebox on or off. Factory Default This button is active only during the boot process. To boot the Firebox to SYS B, press this button and hold it down for 20-60 seconds (or until you see the Sys B light come on). Console Port Connects to the Management Station or modem through a serial cable supplied with the Firebox using PPP. .
Hardware Description (NICs) are auto-sensing and adapt to wire speed automatically. The speed indicator lights when there is a good physical connection to the Firebox. When the card runs at 10Mbit, the speed indicator is yellow. When the card runs at 100 Mbit, the speed indicator is green. The amber traffic indicator blinks when traffic is passing through the Firebox.
Cross-over cabling To connect a Firebox to a hub or switch, use a standard, straight-through cable. However, if you plan to connect a Firebox directly to a router, either purchase or build a cross-over cable for RJ-45 (Cat5) wire. The tables below provide pin-out descriptions for both a straight-through and a RJ-45 (Cat5) cross-over cable.
Firebox System Area • Reset Firebox passphrases when you do not know or have forgotten them Fireboxes shipped before LiveSecurity System 4.1 shipped with the original, standard functionality called the read-only system area. Fireboxes shipped with LiveSecurity System 4.1 or later contain both the older functions and a new set of features designed to enhance usability, called the enhanced system area.
• • Primary (SysA)– Contains the Firebox software image used in normal operation and the enhanced read-only system area. Backup– Contains the Firebox software image. Making a backup of the Firebox software To ensure that you always have a backup version of the current Firebox software, copy the image stored in the primary area to the Firebox flash disk backup area.
Firebox System Area Note that this procedure is possible only when a backup image is on the backup area of the Firebox’s flash disk. There is no backup image on the Firebox until you copy one there. 1 Click the Control Center Main Menu button (shown at right), which is located on the upper-left corner of Control Center. 2 3 Select Tools => Advanced => Flash Disk Management. 4 Click Yes.
24 Hardware Guide
Index A AC receptacle 16 Armed light 13, 15 B backup area 22 backup image 22 C cabling cross-over 20 using serial cable 9 using TCP/IP 9 certification, FCC 4 configuration file and QuickSetup Wizard 12 Connect To Firebox dialog box 22 console port 17, 18 Control Center button 22, 23 cross-over cabling 20 D F Factory Default button 17, 18 factory default system area and Sys B light 14, 16 FCC certification 4 Firebox III booting 17, 18 cabling using TCP/IP 9 front panel 13, 15 hardware connections for 8 h
traffic 14 installation 7 R L read-only system area 20, 21 remote provisioning and Process Load Indicator 11 and Traffic Volume Indicator 11 described 10 lights Armed 13, 15 Disarm 13, 15 Power 14, 16 Sys A 14, 15 Sys B 14, 16 limited hardware warranty 1 load indicator 14 M Management Station described 7 N network, Firebox located in 8 P PCI expansion slot 17, 18 physical specifications 19 ports 16, 17 Power light 14, 16 power switch 16, 18 primary area 22 Process Load Indicator and remote provisioni