WatchGuard SOHO User Guide ® SOHO and SOHO|tc 2.
Registration and identification information Please use this area to enter your SOHO information. SOHO Serial Number: LiveSecurity User ID: Password: The SOHO serial number is located on the bottom of the SOHO. You create a LiveSecurity user ID and password when you register your WatchGuard SOHO or SOHO|tc. To register, after you install your SOHO, open your browser to 192.168.111.1/login.htm and click Click here to register your SOHO. Please keep this information in a secure place.
WatchGuard® SOHO End-User License Agreement IMPORTANT - READ CAREFULLY BEFORE ACCESSING WATCHGUARD SOFTWARE This WatchGuard SOHO End-User License Agreement (“EULA”) is a legal agreement between you (either an individual or a single entity) and WatchGuard Technologies, Inc.
. LIMITED WARRANTY. WATCHGUARD makes the following limited warranties for a period of ninety (90) days from the date you obtained the SOFTWARE PRODUCT from WATCHGUARD or an authorized dealer; (A) Media. The disks and documentation will be free from defects in materials and workmanship under normal use.
SUCH DAMAGES. THIS SHALL BE TRUE EVEN IN THE EVENT OF THE FAILURE OF AN AGREED REMEDY. 5. UNITED STATES GOVERNMENT RESTRICTED RIGHTS. The enclosed SOFTWARE PRODUCT and documentation are provided with Restricted Rights. Use, duplication or disclosure by the U.S Government or any agency or instrumentality thereof is subject to restrictions as set forth in DFARS 227.7202-3 (Commercial Computer Software) and DFARS 252.227-7015(b) (Technical Data-Commercial Items) -- Restricted Rights Clause at FAR 52.
WatchGuard® Limited Hardware Warranty This WatchGuard Limited Hardware Warranty (the "Warranty") applies to the enclosed WatchGuard hardware product (the "Hardware Product"). By using the HARDWARE Product, you agree to the terms hereof. If you do not agree to these terms, please return this package, along with proof of purchase, to the authorized dealer from whom you purchased the Hardware Product for a full refund.
NONCONFORMANCE OR DEFECT IN THE HARDWARE PRODUCT (INCLUDING, BUT NOT LIMITED TO, ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ANY IMPLIED WARRANTY ARISING FROM COURSE OF PERFORMANCE, COURSE OF DEALING, OR USAGE OF TRADE, ANY WARRANTY OF NONINFRINGEMENT, ANY WARRANTY OF UNINTERRUPTED OR ERROR-FREE OPERATION, ANY OBLIGATION, LIABILITY, RIGHT, CLAIM OR REMEDY IN TORT, WHETHER OR NOT ARISING FROM THE NEGLIGENCE (WHETHER ACTIVE, PASSIVE OR IMPUTED) OR FAULT OF WATCHGUARD TECHNOLOG
Welcome Congratulations on purchasing the ideal solution for providing secure access to the Internet–the WatchGuard SOHO or WatchGuard SOHO|tc. Your new security device will give you peace of mind when connecting to the Internet using a high-speed cable or DSL modem, a leased line, or ISDN. This User Guide applies to both the SOHO and SOHO|tc. The only difference between these two devices is the ability to create and use a Virtual Private Network (VPN).
Using this guide This manual assumes that you are familiar with your computer’s operating system. If you have questions about navigating in your computer’s environment, please refer to your system user manual. The following conventions are used throughout this guide. Convention Indication Bold type Denotes menu commands, dialog box options, Web page options, Web page names. For example: “On the System Information page, select Disabled.” CAUTION Denotes a warning or precautionary information.
x
Table of Contents Installation .................................................... 1 Before you begin ...................................................... 1 Performing manual installation ................................. 2 Physically connecting your SOHO ............................ 6 CHAPTER 1 Setting Up Your SOHO Network ............. 11 How does a firewall work? ...................................... 11 Configuring your public network ............................
Configuring Services for a SOHO ............ 33 How does information travel on the internet? ........ 33 Allowing incoming services .....................................35 Blocking outgoing services .....................................40 CHAPTER 3 Configuring Virtual Private Networking .. 43 Why create a virtual private network? ..................... 43 What you will need ................................................. 44 Special considerations ............................................
CHAPTER 1 Installation Before you begin Pre-installation checklist Before installing your new WatchGuard SOHO please ensure that you have: • A 10BaseT Ethernet I/O network card installed in your computer. • A cable or DSL modem with a 10BaseT port. • Two Ethernet network cables with RJ45 connectors. These must not be “crossover cables” (which are usually red or orange). One cable is furnished with your unit. A second cable may have been supplied with your modem.
Performing manual installation • An operational Internet connection. Setup of your SOHO requires access to the Internet. If your connection does not work, please contact your Internet service provider (ISP). When your connection has been established, you may proceed with installation and setup. • If you have either a cable or DSL modem, consult the manual that came with your service, or call the ISP to find out whether your particular modem supports DHCP or PPPoE.
Performing manual installation Microsoft Windows NT or 2000 1 Click Start => Programs => Command Prompt. 2 At the C:\ prompt, enter ipconfig/all. Press Enter. 3 Enter your current TCP/IP settings in the chart provided below. 4 Click Cancel. Microsoft Windows 95 or 98 or ME 1 Click Start => Run. 2 At the C:\ prompt, enter winipcfg. Click OK. 3 4 Select the “Etherenet Adapter.” Enter your current TCP/IP settings in the chart provided below. Click Cancel.
Performing manual installation TCP/IP Setting Value IP Address Subnet Mask Default Gateway . . . . . . . . . DHCP Enabled Yes Primary WINS Server Secondary WINS Server DNS Server(s) Primary Secondary No . . . . . . . . . . . . NOTE If you are connecting more than one computer to the private network behind the SOHO, obtain the configuration TCP/IP information for each computer.
Performing manual installation the browser to Web pages located in other places. Disabling the HTTP will not prevent you from accessing your favorite Web sites, but it will allow you to access the special configuration pages that reside only on the SOHO. To disable the HTTP proxy in three commonly used browsers, see the instructions below. If your browser is not listed, see your browser Help menus to learn how to disable the HTTP proxy. Netscape 4.5 or 4.7 1 Open Netscape. 2 3 Click Edit => Preferences.
Physically connecting your SOHO 6 Click Configure at the bottom on the Internet Options screen. 7 Record the URL box information here: 8 Click OK to save settings. Internet Explorer 5.0 1 Open Internet Explorer. 2 3 Click Tools => Internet Options. The Internet Options screen displays. Click the Advanced tab. 4 Scroll down the page to HTTP 1.1 Settings. 5 Clear all checkboxes. 6 Click OK to save the settings.
Physically connecting your SOHO 1 Complete the “Pre-installation checklist” on page 1. 2 Turn off your computer. 3 Unplug the power from your cable or DSL modem. 4 Unplug the Ethernet cable that is connected from your cable or DSL modem to your computer. Connect it from your modem to the WAN port on the SOHO. This creates a connection between the SOHO and the modem. 5 Plug the Ethernet cable supplied with your SOHO into any one of the numbered (1-4) ports on the SOHO.
Physically connecting your SOHO 6 Turn on the power to your cable or DSL modem. Wait until the lights stop flashing, indicating that the modem is ready. 7 Attach the power cord to the SOHO and plug it into an outlet. 8 Restart your computer. 9 For information on the factory default configuration options, see “Default factory settings” on page 24. For specialized configurations, see “Configuring your public network” on page 12, as well as, “Configuring your private network” on page 20.
Physically connecting your SOHO The SOHO and SOHO|tc ship with a “10-seat” license. In other words, the SOHO allows up to ten computers on a network behind the SOHO to access the Internet. More than ten computers can exist on the network and communicate with each other, but only the first ten which attemtp to access the Internet will be allowed out. If you would like to upgrade your SOHO to a fifty-seat user license, please visit: http://www.watchguard.com/sales/buyonline.asp.
Physically connecting your SOHO 8 Attach the power cord to the SOHO and plug it into an outlet. 9 Restart your computer.
CHAPTER 2 Setting Up Your SOHO Network How does a firewall work? Fundamentally, a firewall is a way of differentiating between, as well as protecting, “us” from “them”. On the public side of your SOHO firewall is the entire Internet. The Internet has many resources that you want to be able to reach, such as the Web, email, and conferencing. It also presents dangers to the privacy and security of your computers.
Configuring your public network NOTE The configuration instructions in this chapter assume that you are using Windows 95/98/ME. If this is not the case, see your operating system help or user guide to locate the equivalent options and commands. Configuring your public network When you configure the public network, you establish how the SOHO communicates with your Internet service provider (ISP). This configuration is very much dependent on how your ISP distributes network addresses–using DHCP or PPPoE.
Configuring your public network of Ethernet and PPP by simulating a standard Dial-Up connection. It is popular among many ISPs because it enables them to use existing Dial-Up infrastructure such as billing, authentication, and security for DSL and cable modems. Determining whether your ISP uses dynamic or static addressing Most ISPs support both dynamic and static addressing. To determine if your connection to the Internet is dynamic or static: 1 2 3 Click Start => Settings => Control Panel.
Configuring your public network 4 14 If “Obtain an IP Address Automatically” is selected, your computer is configured for dynamic DHCP. If “Obtain an IP Address Automatically” is not checked, your computer is configured for static addressing. The actual wording on the menu may differ depending on your operating system, but all platforms differentiate somehow between dynamic and static addressing.
Configuring your public network Configuring the SOHO public network for dynamic addressing Out of the box, the SOHO is configured to obtain its public address information automatically, using dynamic DHCP. So if your ISP assigns you an address automatically (or dynamically), the SOHO itself will obtain all the addressing information it needs when it powers on and attempts to connect to the Internet. No further configuration of the SOHO is required.
Configuring your public network Configuring the SOHO public network for static addressing If you are assigned a static address, then you must transfer the permanent address assignment from your computer to the SOHO itself. Instead of communicating directly to your computer, the ISP will now communicate first through the SOHO. To do this you must both modify the static settings on your personal computer as well as enter the information into the SOHO Configuration pages.
Configuring your public network 7 On most platforms, click OK until the Control Panel window closes. 8 Shut down and reboot the computer. On the SOHO: 1 2 Open your Web browser. Click Stop. At this point, the Internet connection is not fully configured, and the computer cannot load your home page from the Internet. However, the computer can access special configuration Web pages installed on the SOHO itself. Using your Web browser, go to http://192.168.111.1.
Configuring your public network 5 Enter the TCP/IP settings you copied from the computer when you started the install process. 6 Click Submit. To complete SOHO Public Network configuration, see “Release and renew the IP configuration” on page 19. Configuring SOHO public network for PPPoE While less common, PPPoE is another method for an ISP to assign addresses. Check the information and manuals sent to you by your ISP to see if they use PPPoE.
Configuring your public network 5 Enable the checkbox labelled Use PPPoE to obtain configuration. 6 Enter the PPPoE login name supplied by your ISP. 7 Enter the PPPoE password supplied by your ISP 8 Enter the Inactivity Timeout period in minutes. 9 Click Automatically restore lost connections. This enables a constant flow of “heartbeat’ traffic between the SOHO and the PPPoE server. In the event of routine packet loss, this option allows the SOHO to maintain it’s PPPoE connection.
Configuring your private network 2 At the C:\ prompt, enter winipcfg. Press Enter. The IP Configuration dialog box appears. 3 Verify that the information is displayed for "Ethernet Adapter," not for "PPP Adapter," which would apply for a dial-up telephone modem. 4 Click the Release button. Then click the Renew button. Your IP Configuration should look similar to the screenshot below. The values in the IP Configuration dialog box were obtained from the SOHO itself.
Configuring your private network NOTE To disable the SOHO DHCP server and assign addresses statically on your private network, open the SOHO Configuration menu, click Private Network, and disable the checkbox labelled Enable DHCP Server. This is not recommended for most SOHO users. Configure additional computers to the private network Up to four computers can be plugged directly into the four numbered ports (1-4) of the SOHO.
Changing the SOHO system name and password Changing the SOHO system name and password Passwords are a barrier between your computer and anyone trying to break in. They are the first line of defense in computer security. They are, unfortunately, the most frequently overlooked of all security measures. The SOHO system name and password are designed to protect the SOHO configuration from being altered by someone on your private network.
Default factory settings 4 Check the Enable Password checkbox. 5 Enter the system user name in the Name field. 6 Enter the system password in the Password field. 7 Enter the system password again in the Retype Password field. 8 Click Submit. The configuration change is saved to the SOHO and a password confirmation page appears. Click Configuration Home Page to return to the main menu.
Default factory settings • Public network settings use DHCP NOTE DHCP must be enabled for you to be able to access the SOHO device when it boots up. Private Network • Private network IP address: 192.168.111.1. • All computers on the private network automatically receive their addresses using dynamic DHCP. • Ten seat license–Ten computers have access to the Internet through the SOHO.
Troubleshooting installation and network configuration Virtual Private Networking • IPSec VPN is not installed. The SOHO|tc comes with the VPN Feature Key, however you must first enable the VPN Feature Key in order to configure virtual private networking. The SOHO does not come with the VPN Feature Key; it can be purchased separately. Services • All incoming services are blocked. • All outgoing services are allowed. • WebBlocker is not installed. • No DMZ pass-through address entered.
Troubleshooting installation and network configuration GENERAL What do the ON and MODE lights signify on the SOHO? When the ON light is illuminated, the SOHO has power. When the MODE light is illuminated, the SOHO is operational. How do I register my SOHO? Registering your WatchGuard SOHO ensures that you receive all LiveSecurity alerts and software updates as soon as they are available. The first year of service is free with purchase of the SOHO.
Troubleshooting installation and network configuration 5 Click Reboot and wait for the SOHO to finish rebooting. The MODE and ON light flash at different times during boot, which takes about a minute. How do I change to a static private IP address? Before you can use a static IP address, you must have a base Private IP address and subnet mask. The following IP address ranges and subnet masks are set aside for private networks in compliance with RFC 1918.
Troubleshooting installation and network configuration CAUTION This is a major security risk. For instructions on how to allow any incoming services, refer to “Adding the Any service” on page 38 How do I allow incoming IP protocols? You will need the IP address of the computer that will be receiving the incoming data and the IP protocol number that corresponds to the specific incoming IP protocol. To allow an incoming IP protocol: 1 Using your Web browser, go to http://192.168.111.1.
Troubleshooting installation and network configuration 3 Click Add a Service and then click the service you want to add. For UDP, you will need to select UDP on the Forward drop list and enter the range of port numbers in the port fields. For all other services, enter the IP address of the computer that needs the incoming service. 4 Click Submit.
Troubleshooting installation and network configuration 3 Click VPN Configuration. 4 Click Configuring a SOHO to SOHO IPSec VPN Tunnel. 5 Download and follow the instructions to configure your VPN tunnel. TECHNICAL How do I reboot my SOHO? 1 Using your Web browser, go to http://192.168.111.1. 2 Click System Information. 3 Click Features and Version Information. 4 Click Reboot and wait for the SOHO to finish rebooting. The MODE light on the front of the SOHO will turn off, then back on.
Troubleshooting installation and network configuration factory defaults so connect cables in original configuration and power up again. How does the seat limitation on the SOHO work? The default user license on the SOHO is 10. The first 10 computers on the network behind the SOHO to attempt access are allowed through to the Internet. To clear this list of the first 10 computers you will need to reboot the SOHO. How do I get to the SOHO Knowledge Base? Using your Web browser, to http://www.watchguard.
Troubleshooting installation and network configuration the LAN Link lights. They tell you if the SOHO is connected to a computer or hub through that LAN port. If the lights are not illuminated, the SOHO is not connected to the computer or hub. Check to make sure that both sides of the cable are connected and that the computer or hub has power.
CHAPTER 3 Configuring Services for a SOHO How does information travel on the internet? Each packet of information transported over the Internet must be packaged in a special way to ensure that it is able to travel from one computer to the next. A system called Internet Protocol (IP) takes chunks of information and wraps them up with a header identifying both where the information is going and how it should be handled enroute.
How does information travel on the internet? address of the WatchGuard site is 209.191.160.60 while the domain name is www.watchguard.com. Protocol A protocol defines how a packet is bundled up and packaged for shipment across a network. The most commonly used protocols are Transmission Control Protocol (TCP) and User Datagram Protocol (UDP). In addition, there are special protocols, such as IP, which are used less frequently.
Allowing incoming services Allowing incoming services By default, the security stance of the SOHO is to deny unsolicited incoming packets to computers on the private network protected by the SOHO firewall. You can, however, selectively open your network to certain types of Internet connectivity. For example, if you would like to set up a Web server behind the SOHO, you can add an incoming Web service.
Allowing incoming services violate the computer, they are stopped cold at the SOHO, never learning the true address of the computer. Adding a pre-configured incoming service Each service is defined by a combination of Internet protocols and port numbers to uniquely identify the connection type to applications and servers on the Internet.
Allowing incoming services 7 Click Submit. The configuration change is saved to the SOHO and the Show Incoming Rules page appears. The incoming service rules are identified by protocol, port, and destination on the private network. Creating a custom incoming service In addition to the pre-configured services provided by the WatchGuard SOHO Configuration interface, you can also create a custom service for a server on your private network.
Allowing incoming services 9 Click Submit. The configuration change is saved to the SOHO, and the Show Incoming Rules page appears. Adding an incoming service with another type of protocol In addition to TCP and UDP, there are several other types of Internet protocols. To allow incoming service to these protocols, you must define both the protocol type and the internal destination. You cannot specify a port number. To allow an incoming service: 1 Using your Web browser, go to http://192.168.111.1.
Allowing incoming services CAUTION Unfortunately, the hole created using the Any service is indiscriminate. Any type of packet can enter through this service and be forwarded automatically to the private network address you provide. For security reasons, WatchGuard does not recommend enabling this feature. 1 Using your Web browser, go to http://192.168.111.1. 2 Select Services. 3 4 5 6 The Services menu appears. Click Allowed Incoming Services. Click Add a Service.
Blocking outgoing services 4 5 Click Remove a Service. A list of existing, incoming services appears. Services are identified by protocol, port number, and destination address. Enable the checkbox next to the services you would like to remove. You can disable multiple services simultaneously. 6 Click Submit. The selected service(s) are removed from the list. The list reappears. To return to the Configuration menu, click Configuration at the top of the page.
Blocking outgoing services 2 3 4 Select Services. The Services menu appears. Select Blocked Outgoing Services. The Blocked Outgoing Services Menu appears. In addition, a list of blocked outgoing services is displayed beneath the menu identified by protocol and port number. Click Block TCP or UDP Service. The Block TCP or UDP Service menu appears. 5 Use the drop list to select a protocol type: TCP or UDP. 6 In the From Port field, enter the first port number to block.
Blocking outgoing services 6 Click Submit. The configuration change is saved to the SOHO and the Blocked Service List page appears. Removing a blocked outgoing service At any time, you can reopen a service now required by your network. You should do this when you seek to open access to a particular type of outgoing traffic as the removal increases the accessibility for users on your private network to resources on the Internet.
CHAPTER 4 Configuring Virtual Private Networking This chapter describes an optional feature of the WatchGuard SOHO: virtual private networking with IPSec. NOTE The following WatchGuard SOHOs support IPSec tunnels: •WatchGuard SOHO with VPN Feature Key •WatchGuard SOHO|tc Why create a virtual private network? Virtual Private Networking (VPN) tunnels enable you to simply and securely connect computers in two locations without requiring expensive, dedicated point-to-point data connections.
What you will need encrypted Internet connection, a VPN connection eliminates any significant risk of data being read or altered by outside users as it traverses the Internet. What you will need 1 One WatchGuard SOHO with VPN and an IPSec-compliant device. While you can create a SOHO to SOHO VPN, you can also create a VPN with a WatchGuard Firebox or other IPSec-compliant devices.
What you will need IP Address Table (example) Item Public IP Address Public Subnet Mask Local Network Address Shared Secret Encryption Method Authentication Description The IP address that identifies the SOHO to the Internet. Site A:: 207.168.55.2 Site B: 68.130.44.15 The overlay of bits that determines which part of the IP address identifies your network. For example, a Class C address licenses 256 addresses and has a netmask of 255.255.255.0. Site A:: 255.255.255.0 Site B: 255.255.255.
What you will need About Feature Keys When you purchase a SOHO, the software for all extended features is provided with that installation regardless of whether you have actually purchased any of those features. Once you have purchased an extended feature, its Feature key allows you to enable its software. You must enable the Feature Key whenever a feature is updated or changed on the product. For example, if you want to upgrade from 10 seats to 25 seats, you need a Feature Key.
Special considerations other IPSec-compliant devices. To download these instructions, open your Web browser to: http://www.watchguard.com/support/interopvpn.asp Special considerations Consider the following before configuring your WatchGuard SOHO VPN network: • You can connect only two devices together: a WatchGuard SOHO and either another SOHO or another IPSec-compliant device.
Frequently asked questions Frequently asked questions Why do I need a static public address? To create a VPN connection, one SOHO must be able to find its partner device. If the addresses were allowed to change, the SOHO could not find its remote computer. How do I get a static public IP address? Contact your ISP. Some systems, like many cable modem systems, use dynamically assigned addresses to simplify basic installations.
Frequently asked questions OK, ping is not working. If you cannot ping the local network address of the remote SOHO, take the following steps to classify the problem: 1 2 Ping the public address of the remote SOHO. For example, at Site A, ping 68.130.44.15 (Site B). You should get a reply. If not, verify the Public Network Settings of Site B. If they are correct, verify that computers at Site B can access the internet. If you are still having trouble, contact your ISP.
Frequently asked questions 50
CHAPTER 5 Additional SOHO Features SOCKS for SOHO SOCKS is a network proxy filter that works with SOCKS-aware applications such as ICQ. A typical SOCKS-dependent application requires that several sockets be opened and made available to the Internet. When a SOCKS-aware application (ICQ is SOCKS-aware) registers with the SOCKS server, SOCKS is able to manage the need of the application to have many ports open.
SOCKS for SOHO SOHO SOCKS implementation The SOHO SOCKS feature has the following characteristics and limitations: • SOHO supports SOCKS version 5 only. • It is a limited version of SOCKS and does not support authentication, nor does it support Domain Name System (DNS) resolution. CAUTION Configure the particular application so that it will not attempt to make DNS look-ups with SOCKS. However, some applications use only DNS through SOCKS and therefore will not function properly with the SOHO.
SOCKS for SOHO • If you can choose different services or versions of SOCKS, choose SOCKS version 5.. • Select port 1080 for the application • For the SOCKS proxy, enter the URL or IP address of the SOHO private network. The default IP address is 192.168.111.0. Disabling SOCKS on the SOHO Once you have used a SOCKS-compliant application through the SOHO, the primary SOCKS port is available to anyone on your private network. You can, however, close this security gap between uses of SOCKS applications.
SOHO logging 5 Click Submit to register the change. The SOHO is enabled again as a Proxy server and ready to pass SOCKS packets. SOHO logging The WatchGuard SOHO generates an ongoing activity log stored on the SOHO. This log stores a maximum of 150 messages. When it reaches its maximum, the oldest message is deleted.
Rebooting a WatchGuard SOHO 2 3 Click System Administration. The System Administration menu appears. Select Remote Logging. The Secure Remote Logging page appears. 4 Check the box labeled Enable Remote Logging. 5 Enter the IP address of the WatchGuard log server that will be your remote secure log host. 6 In the Pass Phrase field, enter a pass phrase that will serve as a password to gain access to the log server. 7 In the Retype Phrase field, re-enter the pass phrase. 8 Click Submit.
Rebooting a WatchGuard SOHO • Send an FTP command to the remote SOHO device.
CHAPTER 6 WatchGuard SOHO WebBlocker WatchGuard SOHO WebBlocker is an optional feature of the WatchGuard SOHO and SOHO|tc that provides Web site filtering capabilities. It gives you precise control over the types of Web sites users on your private network are allowed to view. How WebBlocker works WebBlocker relies on a URL database, the CyberNOT list, built and maintained by CyberPatrol. The WebBlocker database contains many thousands of IP addresses and directories.
How WebBlocker works site, the SOHO queries the WatchGuard database and determines whether or not to block the site. The SOHO considers the following conditions in determining whether or not to block the site: Web site not in WebBlocker database If the site is not in the WatchGuard WebBlocker database, the Web browser opens the page for viewing.
Purchasing and enabling SOHO WebBlocker those members of your private network who should be able bypass WebBlocker. When a site is blocked or unavailable, the user has the option of entering the full access password. With the password entered, the browser displays the otherwise blocked site. After the password is entered, the user can browse any site on the Internet until either the Password Expiration duration passes or the individual closes the browser.
WebBlocker categories 4 5 6 7 8 Enable the checkbox labeled Enable Web Blocking. This turns on SOHO WebBlocker. Enter the full access password. The full access password gives selected users a password that bypasses otherwise blocked sites. Enter the password expiration duration in minutes. Setting the full access password expiration at, for example, 15 minutes, ensures that unattended Web browsers will be disconnected after sitting idle for 15 minutes.
WebBlocker categories NOTE In all of the categories sites to be blocked are selected by advocacy rather than opinion or educational material. For example, the Drugs/Drug Culture category blocks sites describing how to grow and use marijuana but does not block sites discussing the historical use of marijuana. Alcohol/Tobacco Pictures or text advocating the sale, consumption, or production of alcoholic beverages and tobacco products.
WebBlocker categories their primary purpose to alter the individual’s state of mind, such as glue sniffing. This does not include (that is, if selected these sites would not be WebBlocked under this category) currently illegal drugs legally prescribed for medicinal purposes (such as, drugs used to treat glaucoma or cancer). Satanic/Cult Pictures or text advocating devil worship, an affinity for evil, wickedness, or the advocacy to join a cult.
WebBlocker categories Search Engines Search engine sites such as AltaVista, InfoSeek, Yahoo!, and WebCrawler. Sports and Leisure Pictures or text describing sporting events, sports figures, or other entertainment activities. Sex Education Pictures or text advocating the proper use of contraceptives. Topic includes sites devoted to the explanation and description of condoms, oral contraceptives, intrauterine devices, and other types of contraceptives.
Searching for blocked sites sites hosted by museums such as the Guggenheim, the Louvre, or the Museum of Modern Art. Partial/Artistic Nudity Pictures exposing the female breast or full exposure of either male or female buttocks except when exposing genitalia which is handled under the Full Nudity category. Topic does not include swimsuits, including thongs.
Index A Adding incoming services 37, 38 Allowing incoming services 35 Any service, adding 38 B Blocked outgoing service, removing 42 blocked sites in WebBlocker 64 Blocking alternative protocols 41 Blocking outgoing services 40 Browser Internet Explorer disabling HTTP proxy 5 Netscape 4.0 disabling HTTP proxy 5 Browsers, supported 2 User Guide 2.
Default gateway 44 Default IP address, SOHO 24 disabling HTTP proxy 5 Disabling SOCKS 52, 53 DNS service primary IP address 44 secondary IP address 44 Domain name 44 E Encryption, SOHO 47 External Network, default factory settings 24 F Factory settings, default 24 Frequently asked questions 45 H HTTP proxy disabling 4 I ICQ, enable with SOCKS 51 ICQ, IRC, AOL Messenger 52 Identification Information ii Implementing SOCKS 51 Incoming service adding 37, 38 allowing 35 creating custom 37 removing 39 Informa
private network default factory settings 24 Network address 44 Network Address Translation 35 O Outgoing services blocking 40 blocking TCP 40 blocking UDP 40 P Part number, SOHO ii Password changing 22 saving ii Patent Information ii Ping 48 Port 1080, configuring for SOCKS 52 Port number, introduction 34 PPPoE, configuring client 18 Pre-configured service, adding 36 Pre-installation, checklist 1 Private network configure 24 setting default factory settings 24 Prococol blocking alternative 41 Protocol, in
Troubleshooting 45 checking link LED 25 connecting more than two offices 48 pinging 48 static IP address 48 U UDP adding incoming 37 blocking outgoing 40 Unix, setting TCP/IP 3 URL database 57 Using the manual ix 68 V Virtual Private Networking introduction 43 W WebBlocker categories 60 searching for blocked sites 64 The Learning Company 60 Windows ’95/’98/NT, disabling HTTP proxy 4