WatchGuard Dimension™ is a virtual visibility and management solution you can use to capture the log data from your Fireboxes, FireClusters, and WatchGuard servers, and manage your Fireboxes and FireClusters. You can use Dimension to see log data in real time, track it across your network, view the source and destination of the traffic, view log message details of the traffic, monitor threats to your network, and view reports of the traffic. You can also add your Fireboxes and FireClusters to Dimension to centrally manage and control the configurations and settings of each Firebox, directly from Dimension.
When Dimension receives log messages from your Fireboxes, FireClusters, and WatchGuard servers, it stores all the audit messages in the Dimension Log Database, and the aggregate log data for traffic logs. Thus, detail reports are based on summary log data instead of individual log message data, which is what appears in reports generated by the WatchGuard Report Server that you install on your Windows-based Management Computer. The aggregated data stored in the Dimension database results in a significant increase in performance and allows you to see the log messages and reports from the log data much more quickly.
When WatchGuard Dimension receives new log data, it automatically analyzes and aggregates the incoming log data. This aggregated data is then saved in a log data summary, which is used to automatically create the Dashboard summaries and Reports. Summary data is stored in the Dimension database once per summary report period (every 5 minutes).
Because the logging settings you specify on your Firebox can impact the performance of your Firebox, you must consider where it is most necessary to enable logging in your Firebox configuration settings. Typically, the more log messages your Firebox generates, the greater the impact on the performance of your Firebox, but this can also depend on the log level that you have selected. After you configure logging on your Firebox, if you notice a decrease in performance on your Firebox, you can review your logging settings and adjust them as necessary to increase performance.
When you set the Diagnostic Log Level for your Firebox, WatchGuard recommends that you do not select the Debug log level because of the significant increase in log messages generated by this log level, unless directed to do so by WatchGuard Technical Support.
Dimension and Firebox Support Subscriptions
WatchGuard Dimension can accept log messages and generate reports for any appliance that runs Fireware v11.x or higher that has a current Support subscription. Dimension can also accept log messages from WatchGuard System Manager Management Server and Quarantine Server. You must make sure that Dimension can resolve and connect to services.watchguard.com for support subscription verification for any Firebox running v11.10 or earlier. Dimension will not accept log messages for any Firebox or XTM device that does not have an active Support subscription (a 30-day grace period is provided before log messages are refused). For a FireCluster, both members must have a current Support subscription. For information about device licenses, see See Device Licenses.
Components of WatchGuard Dimension
WatchGuard Dimension has four main components:
- Log Collector — Receives log messages from Fireboxes, FireClusters, and WatchGuard servers and aggregates the log message data into Dashboard summaries and reports
- Server — Provides the API for log data, provisioning, and automated maintenance of Dimension
- Log Database — Provides storage for all log message data
- Web Services — Serves the Dimension web UI to users and administrators
When you install an instance of Dimension, all four components are automatically installed. The background components (Log Collector, Log Database, and Web Services) are configured by default. After installation, you run the WatchGuard Dimension Setup wizard to complete the initial configuration of the Log Server.
WatchGuard Dimension uses these TCP ports:
- 443 — For connections to the Dimension web UI
Connection attempts over port 80 are redirected to port 443
- 4115 — For Firebox connections to send log messages to Dimension
- 22 — For support and console access to Dimension
- 3269 — For outbound Active Directory connections for authentication
If your Firebox is behind another firewall, make sure the firewall allows connections from the Firebox to send log messages to Dimension on TCP port 4115. For external Fireboxes to send log messages to a Dimension instance behind a Firebox, the Firebox must have a policy to allow inbound TCP port 4115 connections, with a static NAT action to forward those connections to Dimension.
About Administrator Accounts and Read-Write Access
When you run the WatchGuard Dimension Setup Wizard, you specify the Administrator passphrase for the Dimension Administrator user account (the user admin), which is the default account with Super Administrator, read-write privileges. You can create other user accounts to allow users to connect to Dimension with a variety of read-write or read-only privileges.
Dimension allows for flexible user access to the Dimension web UI. This means that more than one user can log in to Dimension with the same user account at the same time. If you are logged in to Dimension with an account with read-write privileges (such as the admin account), and another user logs in with the same account, you both have the same read-write access to Dimension. Because of the read-write access restriction in Dimension, even though you are both logged in with the same account credentials at the same time, you cannot override the configuration changes that you each make in Dimension.
When you want to change a configuration setting in Dimension, you must first unlock the configuration. If another user is logged in to Dimension with the same account with read-write privileges, and has already unlocked the configuration, you see a message that you cannot unlock the configuration to make changes. You must then wait for the other user to lock the configuration before you can unlock the configuration and make changes.
For more information about how to lock and unlock the Dimension configuration, see Lock and Unlock the Dimension Configuration.