Contents

Fireware
Explore Fireware Help
Set Up & Administer Your Firebox
Network & Firewall Basics
About Networks and Network Security
About Internet Connections
About Protocols
About IP Addresses
About Private IP Addresses
About Slash Notation
Type An IP Address
Static and Dynamic IP Addresses
About DNS (Domain Name System)
Identify Your Network Settings
Network Addressing Requirements
Find Your TCP/IP Properties
Find PPPoE Settings
About Firewalls
About Services and Policies
About Ports
The Firebox and Your Network
Set Up WatchGuard System Manager
Install the WatchGuard System Manager Software
Downgrade to an Earlier Version of WSM
Install WatchGuard Servers on Computers with Desktop Firewalls
Start WatchGuard System Manager
Connect to a Device with WatchGuard System Manager
Start WSM Applications
Set Up Your Firebox
About Fireware and Firebox Management
About Fireware Pro
Fireware Version Compatibility
Fireware on a FireboxV or XTMv Device
FIPS Support in Fireware
Prepare to Install Your Firebox
Connect the Firebox Cables
About Dynamic IP Addresses on the External Interface
Enable Your Computer to Connect to Fireware Web UI
Use DHCP
Use a Static IP Address
Connect to a Firebox with Firefox
Disable the HTTP Proxy in the Browser
Connect to Fireware Web UI
About Fireware Web UI
Connect to Fireware Web UI from an External Network
About Firebox Setup Wizards
Setup Wizard Default Policies and Settings
Run the Web Setup Wizard
Run the WSM Quick Setup Wizard
Complete Your Installation
Firebox Configuration Best Practices
Administer Your Firebox
Administer the Firebox from Policy Manager
Open a Configuration File
Make a New Configuration File
Save the Configuration File
Configure Fireware OS Compatibility
About Fireware Web UI
Connect to Fireware Web UI
Connect to Fireware Web UI from an External Network
Restart Your Firebox from the Web UI
About Feature Keys
Get a Firebox Feature Key
Manually Add or Remove a Feature Key
See the Details of a Feature Key
Enable Feature Key Synchronization and Alarm Notification
Troubleshoot Feature Key Synchronization
Download a Feature Key
About WatchGuard Passphrases and Keys
Set the Time Zone and Basic System Properties
Enable NTP and Add NTP Servers
Manage Users and Roles on Your Firebox
Define Firebox Global Settings
Configure the Logon Disclaimer
Administer Your Firebox From a Remote Location
Manage the Firebox Configuration File
Enable Support Access
Upgrade, Downgrade, and Migration
Upgrade Fireware OS or WatchGuard System Manager
Downgrade Fireware OS
Use the Quick Setup Wizard to Downgrade Fireware OS
Use the Web UI to Downgrade Fireware OS
About Recovery Mode for XTM 5 and 8 Series
About Upgrade Options
Move a Configuration to a New Firebox
Configure a Replacement (RMA) Firebox
Firebox Backup and Restore
See Backup Images Stored on the Firebox
Save a Firebox Backup Image
Restore a Firebox Backup Image
Export a Backup Image Stored on the Firebox
Import a Backup Image to the Firebox
Use a USB Drive for System Backup and Restore
Automatically Restore a Backup Image from a USB Drive
USB Drive Directory Structure
Save a Backup Image to a USB Drive Connected to Your Computer
Use a USB Drive to Save a Support Snapshot
Firebox Reset and Recovery
About Factory-Default Settings
Reset a Firebox
Use Recovery Mode
About SNMP
Enable SNMP Polling
Enable SNMP Management Stations and Traps
About Management Information Bases (MIBs)
Enterprise MIB File Details
About SNMP Traps for Alarms
About Subscription Services Expiration
Renew Subscription Services
Set Up Firebox Cloud
Introduction to Firebox Cloud
Firebox Cloud License Options
Firebox Cloud Feature Differences
Deploy Firebox Cloud on Azure
Deploy Firebox Cloud on AWS
Protect a Web Server with Firebox Cloud
Enable Logging for Firebox Cloud
See Firebox Cloud VM Information
Administer Firebox Cloud with the CLI
Changes that Require a Firebox Cloud Reboot
Set Up FireboxV and XTMv
Introduction to FireboxV and XTMv
FireboxV and XTMv Installation Overview
Deploy FireboxV or XTMv on Hyper-V
Configure Resources in Hyper-V
Deploy FireboxV or XTMv on VMware ESXi
Configure Resources in VMware ESXi
Configure a FireCluster on VMware ESXi
Reset FireboxV or XTMv to Factory-Default Settings
Set Up & Administer WatchGuard Servers
Set Up WatchGuard Servers
About the Gateway Firebox
Find Your Management Server License Key
Monitor the Status of WatchGuard Servers
Configure Your WatchGuard Servers
Configure Server Settings for Your WatchGuard Servers
Configure Database Maintenance Settings for Your WatchGuard Servers
Configure Logging Settings for Your WatchGuard Servers
Configure Notification Settings for Your WatchGuard Servers
Open WatchGuard Server Center
Stop and Start Your WatchGuard Servers
Install or Configure WatchGuard Servers from WatchGuard Server Center
Exit or Open WatchGuard Server Center
Certificates
About Certificates
Certificate Authorities Trusted by the Device
Manage Device Certificates (WSM)
Manage Device Certificates (Web)
Manage Management Server Certificates
Create a Certificate CSR
Create a CSR with OpenSSL
Sign a Certificate with Microsoft CA
Use Certificates for Authentication
Certificates for Branch Office VPN (BOVPN) Tunnel Authentication
Certificates for Mobile VPN with IPSec Tunnel Authentication (WSM)
Certificates for Mobile VPN With IPSec Tunnel Authentication (Web)
Certificates for Mobile VPN with L2TP Tunnel Authentication
Certificates for Mobile VPN with IKEv2 Tunnel Authentication
Configure the Web Server Certificate for Firebox Authentication
Import and Install a Third-Party Web Server Certificate
Use Certificates for the HTTPS-Proxy
Export a Certificate from Your Device
Convert Certificate Format
Import a Certificate on a Client Device
Certificate Portal
About Elliptic Curve Digital Signature Algorithm (ECDSA) certificates
Deploy Your Firebox with RapidDeploy
RapidDeploy Activation Options
About RapidDeploy Passphrases
Use RapidDeploy QuickStart
Use RapidDeploy to Upload a Configuration File
Create a Configuration File for RapidDeploy
Upload a Configuration File for RapidDeploy
Connect the Firebox for RapidDeploy
Verify RapidDeploy Success
Troubleshoot RapidDeploy
Use RapidDeploy Configuration Manager
Configure an RMA Replacement with RapidDeploy from the Website
About the Deployment Center & RapidDeploy from the Management Server
Activate Your Devices
Review the Deployment Status of Your Devices
Verify Management Server Registration
Configure an RMA Replacement with RapidDeploy from the Management Server
Use a USB Drive to Configure Interface Settings
Set Up & Administer Dimension
Get Started with WatchGuard Dimension
Deploy Dimension Behind a Firebox
Install WatchGuard Dimension
Install Dimension on VMware
Install Dimension on Hyper-V
Connect to WatchGuard Dimension
Lock and Unlock the Dimension Configuration
Console Access to Dimension
Log Out or Change a User Account Passphrase
Manage Tasks
Back Up and Restore Historical Data
Manage your Dimension Server
See the Dimension Server Status
Configure your Dimension Server
Configure General Database Settings
Configure the Visibility Settings
Anonymize Reports in Dimension
Configure Settings for Managed Devices
Configure Notification Settings
Configure Reporting Settings
Configure Logging Settings
Manage IP Address Mapping
Dimension Server Diagnostics
Increase Log Storage Capacity
Configure and Monitor the Dimension Database
Manage the Dimension Database
Configure the Database Location
Review the Dimension Database Diagnostics
Configure Access Management Settings
Manage Users and Groups
Configure Authentication Settings
Configure User Lockout Settings
Configure Dimension Access Control Settings
Use the CLI to Enable Access to Dimension
Run Authentication Diagnostics
Manage Dimension System Settings
Monitor System Settings
Manage Dimension Certificates
Complete System Maintenance Tasks
Upgrade Dimension from v1.0
Manage Connected Dimension Users
Configure System Settings
Modify Dimension System Information
Modify Dimension Domain Settings
Configure NTP Server Settings
Configure Email Settings
Configure Remote Backup Settings
Use the Audit Report
Run Diagnostic Tasks on Your Dimension System
Configure Network Settings
Network Interface Settings
Network Modes and Interfaces
About Modular Interfaces
About PoE Interfaces
About DSL on the Firebox T10-D
Configure a VLAN for VDSL
About Modem Interfaces
Configure a Modem Interface
Mixed Routing Mode
Configure an External Interface
Configure a Secondary PPPoE Interface
Use a 31-bit or 32-bit Subnet Mask
Configure a Trusted or Optional Interface
Configure an IPv4 DHCP Server
Configure a Custom Interface
Configure a Loopback Interface
Configure IPv6
About IPv6 Support
Configure IPv6 for an External Interface
Configure IPv6 for an Trusted or Optional Interface
Configure IPv6 Connection Settings
Configure an IPv6 DHCP Server
Configure DHCPv6 Prefix Delegation
Configure DHCPv6 Client Prefix Delegation
Configure DHCPv6 Server Prefix Delegation
Configure Dynamic DNS
About the Dynamic DNS service
Configure Dynamic DNS
Configure Multicast Routing
About Multicast Routing
Configure Multicast Routing
Drop-in Mode
Configure Related Hosts
Configure DHCP in Drop-In Mode
Bridge Mode
Common Interface Settings
Disable an Interface
Configure DHCP Relay
Restrict Network Traffic by MAC Address
About DNS on the Firebox
Add WINS and DNS Server Addresses
About DNS Forwarding
Add a Secondary Network IP Address
Advanced Interface Settings
Network Interface Card (NIC) Settings
Set Outgoing Interface Bandwidth
Set DF Bit for IPSec
PMTU Setting for IPSec
Use Static MAC Address Binding
Find the MAC Address of a Computer
Add Static ARP Entries
About Spanning Tree Protocol
Configure Spanning Tree Protocol Settings in the CLI
About Wildcard IP Addresses
Configure Wildcard IP Addresses
About LAN Bridges
Create a Network Bridge Configuration
Assign a Network Interface to a Bridge
About Virtual Local Area Networks (VLANs)
Define a New VLAN
Assign Interfaces to a VLAN
About Link Aggregation
Configure Link Aggregation
Monitor Link Aggregation Interfaces
About Link Monitor
Configure Link Monitor
About Multi-WAN
About Multi-WAN Methods
Multi-WAN Methods and Dynamic Routing
Multi-WAN and SD-WAN
Configure the Routing Table Multi-WAN Method
Configure the Round-Robin Multi-WAN Method
Find How to Assign Weights to Interfaces
Configure the Interface Overflow Multi-WAN Method
Configure the Failover Multi-WAN Method
Configure Modem Failover
Advanced Multi-WAN Settings
Troubleshoot Network Connectivity
Network Setup Examples
Configure Two VLANs on the Same Interface
Configure One VLAN Bridged Across Two Interfaces
Network Address Translation (NAT)
About Network Address Translation (NAT)
About Dynamic NAT
Add Network Dynamic NAT Rules
Configure Policy-Based Dynamic NAT
About Dynamic NAT Source IP Addresses
About 1-to-1 NAT
Configure Firewall 1-to-1 NAT
Configure Policy-Based 1-to-1 NAT
1-to-1 NAT Example
About SNAT
Configure Static NAT
Configure Server Load Balancing
About NAT Loopback
NAT Loopback and Static NAT
NAT Loopback and 1-to-1 NAT
NAT Loopback for Mobile VPN Users
Routes and Routing
Add a Static Route
Read the Route Tables
About Dynamic Routing
About Routing Daemon Configuration Files
About Routing Information Protocol (RIP and RIPng)
Configure IPv4 Routing with RIP
RIP commands
Sample RIP Routing Configuration File
Configure IPv6 Routing with RIPng
RIPng Commands
About Open Shortest Path First (OSPF) Protocol
Configure IPv4 Routing with OSPF
OSPF Commands
Sample OSPF Routing Configuration File
Configure IPv6 Routing with OSPFv3
OSPFv3 Commands
OSPF Interface Cost Table
About Border Gateway Protocol (BGP)
Configure IPv4 and IPv6 Routing with BGP
BGP Commands
Sample BGP routing configuration file
Manual Branch Office VPN Tunnels
About Manual Branch Office VPNs
About IPSec VPNs
Branch Office VPN Terminology
About IPSec Algorithms and Protocols
About IPSec VPN Negotiations
About IPSec VPN Tunnel Authentication Methods
Configure Phase 1 and Phase 2 Settings
Sample VPN Address Information Table
VPN Tunnel Capacity and Licensing
About Global VPN Settings
Quick Start — Set Up a VPN Between Two Fireboxes
BOVPN Virtual Interfaces
BOVPN Virtual Interface Examples
BOVPN Virtual Interface with Dynamic Routing
BOVPN Virtual Interface with Metric-Based Failover
BOVPN Virtual Interface with Policy-Based Routing
BOVPN Virtual Interface for Dynamic Routing to Cisco
BOVPN Virtual Interface for Dynamic Routing to Microsoft Azure
BOVPN Virtual Interface for Static Routing to Microsoft Azure
BOVPN Virtual Interface for Dynamic Routing to Amazon Web Services (AWS)
BOVPN Virtual Interface for Static Routing to Amazon Web Services (AWS)
About BOVPN Virtual Interfaces
Configure a BOVPN Virtual Interface
Define Gateway Endpoints
Configure VPN Routes
Assign BOVPN Virtual Interface IP Addresses
Virtual Interface IP Addresses for a VPN to a Third-Party Endpoint
Configure BOVPN Virtual Interface Multicast Settings
Configure Manual BOVPN Gateways
Define Gateway Endpoints
VPN Mode and Gateway Endpoint Restrictions
Configure IPSec VPN Phase 1 Settings
Add a Phase 1 Transform
About Diffie-Hellman Groups
Configure IKEv2 Shared Settings
Edit and Delete Gateways
Disable Automatic Tunnel Startup
BOVPN on a Firebox Behind a Device That Does NAT
Disable or Enable a Branch Office VPN
Configure Manual BOVPN Tunnels
Define a Tunnel
Add Routes for a Tunnel
Configure Phase 2 Settings
Add a Phase 2 Proposal
Change Order of Tunnels
Define Custom Tunnel Policies
BOVPN and Network Address Translation
Configure Inbound IPSec Pass-through with SNAT
Configure 1-to-1 NAT Through a Branch Office VPN Tunnel
Configure Outgoing Dynamic NAT Through a Branch Office VPN Tunnel
Control Routing Through a Manual BOVPN Tunnel
Enable Multicast Routing Through a Branch Office VPN Tunnel
Enable Broadcast Routing Through a Branch Office VPN Tunnel
Configure Name Resolution Through a Branch Office VPN Tunnel
Mobile VPN Traffic Through a Branch Office VPN Tunnel
Branch Office VPN Tunnel Switching
Define a Route for All Internet-Bound Traffic
About BOVPN Failover
Configure VPN Failover
Configure VPN Modem Failover
VPN Modem Failover and Multi-WAN
Configure a Branch Office VPN for Failover from a Leased Line
Monitor and Troubleshoot BOVPN Tunnels
Use VPN Diagnostic Messages
Use the VPN Diagnostic Report
Use the BOVPN Configuration Reports
Filter Branch Office VPN Log Messages
Improve Branch Office VPN Tunnel Availability
Force a Branch Office VPN Tunnel Rekey
Related Questions About Branch Office VPN Set Up
Manual BOVPN Configuration Examples
Set up a VPN Between Two Fireware v11.x Devices (WSM)
Set up a VPN Between Two Fireware v11.x Devices (Web UI)
Use a Branch Office VPN for Failover from a Leased Line (BGP)
Use a Branch Office VPN for Failover from a Leased Line (OSPF)
Configure Manual Branch Office VPN Tunnel Switching
Multicast Routing Through a BOVPN Tunnel
Broadcast Routing Through a BOVPN Tunnel
Active Directory Authentication Through a BOVPN Tunnel
Logging Through a BOVPN Tunnel
Allow Mobile VPN with SSL Users to use Resources Through a BOVPN Tunnel
Set up a VPN from a Firebox to a Cyberoam Device
Set up a VPN from a Firebox to a SonicWALL Device
Set up a VPN from a Firebox to a Cisco ASA Device
Set up a VPN from a Firebox to a Cisco ISR Device
Set up a VPN from a Firebox to a Fortinet FortiGate Device
About TLS VPNs
Configure BOVPN over TLS in Server Mode
Configure BOVPN over TLS in Client Mode
Mobile VPN Tunnels
Select a Mobile VPN Type
Internet Access Options for Mobile VPN Users
Virtual IP Addresses and Mobile VPNs
DNS and Mobile VPNs
Mobile VPN Setup Overview
Mobile VPN with IPSec
About Mobile VPN with IPSec on the Firebox
System Requirements
Options for Internet Access Through a Mobile VPN with IPSec Tunnel
About Mobile VPN Client Configuration Files
Configure the Firebox for Mobile VPN with IPSec
Use Certificates for Mobile VPN with IPSec Tunnel Authentication
Use Two-Factor Authentication with Mobile VPN with IPSec
Configure the External Authentication Server
Add Users to a Firebox Mobile VPN Group
Use Mobile VPN with IPSec with Active Directory Groups
Lock Down an End User Profile
Configure DNS and WINS Servers for Mobile VPN with IPSec
Modify an Existing Mobile VPN with IPSec Group Profile
Define Advanced Phase 1 Settings
Define Advanced Phase 2 Settings
Generate Mobile VPN with IPSec Configuration Files
Configure Policies to Filter IPSec Mobile VPN Traffic
Distribute the Software and Profiles
About Mobile VPN Volume Licenses
Additional Mobile VPN Topics
Configure Mobile VPN with IPSec to a Dynamic IP Address
About the IPSec Mobile VPN Client
Client Requirements
Activate the IPSec Mobile VPN Client
Install the IPSec Mobile VPN Client Software
Import the End-User Profile
Select a Certificate and Enter the PIN
Uninstall the IPSec Mobile VPN Client
Connect and Disconnect the Mobile VPN Client
Control Connection Behavior
IPSec Mobile VPN Client Icon
See Mobile VPN Log Messages
Secure Your Computer with the Mobile VPN Firewall
Enable the Link Firewall
Enable the Desktop Firewall
End-User Instructions for WatchGuard IPSec Mobile VPN Client Installation
Add a Custom Logo to the IPSec Mobile VPN Client
Use the macOS or iOS Native IPSec VPN Client
Use Mobile VPN with IPSec with an Android Device
Troubleshoot Mobile VPN with IPSec
Mobile VPN with SSL
Configure the Firebox for Mobile VPN with SSL
Plan Your Mobile VPN with SSL Configuration
Use a Wizard to Configure the Firebox for Mobile VPN with SSL
Choose the Port and Protocol for Mobile VPN with SSL
Options for Internet Access through a Mobile VPN with SSL Tunnel
Name resolution for Mobile VPN with SSL
Configure the External Authentication Server
Use Two-Factor Authentication with Mobile VPN with SSL
Install and Connect the Mobile VPN with SSL Client
About the Mobile VPN with SSL Security Alert
Manually distribute and install the Mobile VPN with SSL client software and configuration file
Uninstall the Mobile VPN with SSL client
Use Mobile VPN with SSL with an OpenVPN Client
Troubleshoot Mobile VPN with SSL
Mobile VPN with L2TP
About Mobile VPN with L2TP Licensing
Options for Internet Access Through a Mobile VPN with L2TP Tunnel
About L2TP User Authentication
Use the WatchGuard L2TP Setup Wizard
Edit the Mobile VPN with L2TP Configuration
Add L2TP IPSec Phase 1 Transforms
Configure L2TP IPSec Phase 1 Advanced Settings
Add an L2TP IPSec Phase 2 Proposal
About L2TP Policies
Configure DNS and WINS Servers for Mobile VPN with L2TP
Configure Client Devices for Mobile VPN with L2TP
Configure and Use L2TP on Windows 10
Configure and Use L2TP on Windows 8.1
Configure and Use L2TP on Windows 8
Configure and Use L2TP on Windows 7
Configure and Use L2TP on Mac OS X
Configure and Use L2TP on an iOS Device
Configure and Use L2TP on Android
Connect from an L2TP VPN Client
Troubleshoot Mobile VPN with L2TP
Mobile VPN with IKEv2
About Mobile VPN with IKEv2 Licensing
Internet Access Through a Mobile VPN with IKEv2 Tunnel
About Mobile VPN with IKEv2 User Authentication
Use the WatchGuard IKEv2 Setup Wizard
Edit the Mobile VPN with IKEv2 Configuration
About IKEv2 Policies
Configure DNS and WINS Servers for Mobile VPN with IKEv2
Configure Client Devices for Mobile VPN with IKEv2
Configure iOS and macOS Devices for Mobile VPN with IKEv2
Configure Windows Devices for Mobile VPN with IKEv2
Configure Android Devices for Mobile VPN with IKEv2
FireCluster
Quick Start — Set Up a FireCluster
About Feature Keys and FireCluster
Features not Supported With FireCluster
Supported Models for FireCluster
About FireCluster with Modular Interfaces
About FireCluster on Wireless Models
About FireCluster with XTM Model Upgrades
About FireCluster Management IP Addresses
Configure FireCluster
Before You Begin
Connect the FireCluster Hardware
Switch and Router Requirements for an Active/Active FireCluster
Add Static ARP Entries for an Active/Active FireCluster
Example Switch and Static ARP Configuration for an Active/Active FireCluster
Use the FireCluster Setup Wizard
Configure FireCluster Manually
Find the Multicast MAC Addresses for an Active/Active Cluster
Active/Passive Cluster ID and the Virtual MAC Address
Configure Link Aggregation for a FireCluster
Configure FireCluster Advanced Settings
Update the FireCluster Configuration
Remove or Add a Cluster Member
Monitor and Control FireCluster Members
Monitor Cluster Health
Discover a Cluster Member
Force a Failover of the Cluster Master
Reboot a Cluster Member
Shut Down a Cluster Member
Connect to a Cluster Member
Make a Member Leave a Cluster
Make a Member Join a Cluster
About FireCluster Failover
FireCluster Upgrade and Migration
Upgrade Fireware OS for a FireCluster
Create a FireCluster Backup Image
Restore a FireCluster Backup Image
Configure a Replacement (RMA) FireCluster Member
Disable FireCluster
Use the Web UI with a FireCluster
FireCluster Diagnostics
Control Network Traffic
User Authentication
About User Authentication
User Authentication Steps
Manage Authenticated Users
Troubleshoot User Authentication
Set Global Firewall Authentication Values
Authentication Server Types
About Third-Party Authentication Servers
Use a Backup Authentication Server
Configure Your Firebox as an Authentication Server
Types of Firebox Authentication
Firewall Authentication
Mobile VPN with IPSec Connections
Mobile VPN with L2TP Connections
Mobile VPN with SSL Connections
Mobile VPN with IKEv2 Connections
Define a New User for Firebox Authentication
Define a New Group for Firebox Authentication
Configure Firebox Account Lockout Settings
Customize the Authentication Portal Page
Authentication and Policies
Use Users and Groups in Policies
Use Authentication to Restrict Incoming Connections
About the WatchGuard Authentication (WG-Auth) Policy
Active Directory Authentication
Configure Active Directory Authentication
Find Your Active Directory Search Base
Change the Default Port for the Active Directory Server
Use Active Directory or LDAP Optional Settings
Resolve a Bind Error in Active Directory Authentication
About Active Directory Single Sign-On (SSO)
How Active Directory SSO Works
Quick Start — Set Up Active Directory SSO
Choose Your Active Directory SSO Components
Install the WatchGuard Active Directory SSO Agent and Event Log Monitor
Configure the SSO Agent
Configure the SSO Event Log Monitor
Install the WatchGuard Active Directory SSO Client
Install the WatchGuard Active Directory SSO Exchange Monitor
Configure the SSO Exchange Monitor
Enable Active Directory SSO on the Firebox
Example Network Configurations for Active Directory SSO
Troubleshoot Active Directory SSO
Use Telnet to Debug the SSO Agent
About Active Directory SSO Log Files
Download Active Directory SSO Log Files
RADIUS Authentication
Configure RADIUS Server Authentication
How RADIUS Server Authentication Works
About RADIUS Single Sign-On
Enable RADIUS Single Sign-On
Monitor RADIUS Single Sign-On
WPA/WPA2 Enterprise Authentication with RADIUS
RADIUS Authentication with Active Directory For Mobile VPN Users
Configure a Hotspot
Configure Hotspot Settings
Configure Hotspot Global Settings
Manage Hotspot Guest User Accounts
Connect to a Hotspot
See Hotspot Connections
About Hotspot External Guest Authentication
Configure a Web Server for Hotspot External Guest Authentication
Configure an External Guest Authentication Hotspot
Troubleshoot Hotspot External Guest Authentication
SAML Single Sign-On (SSO)
Configure SAML Single-Sign On
SAML Requirements for Identity Providers
Configure VASCO Server Authentication
Configure SecurID Authentication
Install and Configure the Terminal Services Agent
Configure Terminal Services Settings
Configure LDAP Authentication
Use Novell eDirectory for LDAP Authentication
Policies
About Policies
About Policy Manager
Open Policy Manager
About Policy Manager Views
Change Colors Used for Policy Manager Text
Find a Policy by Address, Port, or Protocol
Use Policy Checker to Find a Policy
About the Outgoing Policy
Add Policies to Your Configuration
Disable or Delete a Policy
About Policy Tags and Filters
About Policies by Domain Name (FQDN)
About Aliases
Create an Alias
About Policy Precedence
Create Schedules for Firebox Actions
Set an Operating Schedule
About Custom Policies
Create or Edit a Custom Policy Template
Import and Export Custom Policy Templates
About Policy Properties
Set Access Rules for a Policy
Add New Members to a Policy
Set a Custom Idle Timeout
Set ICMP Error Handling
Apply NAT Rules
Set the Sticky Connection Duration for a Policy
Configure Policies for a WatchGuard SSL Device
About Quotas
Quota Rules
Quota Actions
Quota Policies
Quota Exceptions
Quota Authentication
About Policies for Firebox-Generated Traffic
Configure Policies for Firebox-Generated Traffic
Configuration Examples for Control of Firebox-Generated Traffic
About Policies for SD-WAN
Configure SD-WAN
SD-WAN Failover from an MPLS Link to a BOVPN Virtual Interface Tunnel
Proxies
About Proxy Policies and ALGs
Proxy and AV Alarms
About Proxy Actions
Import and Export User-Defined Proxy Actions
About Rules and Rulesets
Add, Change, or Delete Rules
Cut and Paste Rule Definitions
Change the Order of Rules
Change the Default Rule
About Regular Expressions
Import and Export Rulesets
Use Predefined Content Types
About Transport Layer Security (TLS)
Configure TLS Profiles
About Content Actions
Configure HTTP Content Actions
Use an HTTP Content Action for TLS/SSL Offloading
HTTP Content Action and Domain Name Rule Examples
Example: HTTP Proxy with an HTTP Content Action
Example: HTTPS Proxy with an HTTP Content Action
Example: HTTPS Proxy Action with Domain Name Rules
Add a Proxy Policy to Your Configuration
About the DNS-Proxy
DNS-Proxy: General Settings
DNS-Proxy: OPcodes
DNS-Proxy: Query Types
DNS-Proxy: Query Names
DNS-Proxy: Proxy Alarm
About MX (Mail eXchange) Records
About the Explicit-Proxy
Explicit-Proxy: HTTP Web Proxy
Explicit-Proxy: HTTP CONNECT Tunneling
Explicit-Proxy: FTP over HTTP
Explicit-Proxy: PAC Files
Explicit-Proxy: Configure Client Web Browsers
About the FTP-Proxy
FTP-Proxy: General Settings
FTP-Proxy: Commands
FTP-Proxy: Content
FTP-Proxy: Data Loss Prevention
FTP-Proxy: APT Blocker
FTP-Proxy: Proxy and AV Alarms
FTP-Proxy: Antivirus Responses
FTP-Proxy Best Practices
About the H.323-ALG
H.323-ALG: General Settings
H.323-ALG: Access Control
H.323-ALG: Denied Codecs
About the HTTP-Proxy
HTTP Request: General Settings
HTTP Request: Request Methods
HTTP Request: URL Paths
HTTP Request: Header Fields
HTTP Request: Authorization
HTTP Response: General Settings
HTTP Response: Header Fields
HTTP Response: Content Types
HTTP Response: Cookies
HTTP Response: Body Content Types
HTTP-Proxy Exceptions
HTTP-Proxy: Data Loss Prevention
HTTP-Proxy: WebBlocker
HTTP-Proxy: AntiVirus
HTTP-Proxy: Reputation Enabled Defense
HTTP-Proxy: Deny message
HTTP-Proxy: Proxy and AV Alarms
HTTP-Proxy: APT Blocker
Enable Windows Updates Through the HTTP-Proxy
Use a Caching Proxy Server
HTTP-Proxy Best Practices
About the HTTPS-Proxy
HTTPS-Proxy: General Settings
HTTPS-Proxy: Content Inspection
Restrict Google Apps to Allowed Domains
HTTPS-Proxy Domain Name Rules
HTTPS-Proxy:  WebBlocker
HTTPS-Proxy: Proxy Alarm
About the IMAP-Proxy
IMAP-Proxy: General Settings
IMAP-Proxy: STARTTLS
IMAP-Proxy: Content Types
IMAP-Proxy: Filenames
IMAP-Proxy: Headers
IMAP-Proxy: AntiVirus
IMAP-Proxy: spamBlocker
IMAP-Proxy: Deny Message
IMAP-Proxy: Proxy and AV Alarms
IMAP-Proxy: APT Blocker
IMAP-Proxy: TLS
TLS Profiles for the IMAP Proxy
About the POP3-Proxy
POP3-Proxy: General Settings
POP3-Proxy: Authentication
POP3-Proxy: Content Types
POP3-Proxy: File Names
POP3-Proxy: Headers
POP3-Proxy: AntiVirus
POP3-Proxy: Deny Message
POP3-Proxy: spamBlocker
POP3-Proxy: Proxy and AV Alarms
POP3-Proxy: APT Blocker
POP3-Proxy: TLS
About the SIP-ALG
SIP-ALG: General Settings
SIP-ALG: Access Control
SIP-ALG: Denied Codecs
About the SMTP-Proxy
SMTP-Proxy: General Settings
SMTP-Proxy: Greeting Rules
SMTP-Proxy: ESMTP Settings
SMTP-Proxy: STARTTLS Encryption
SMTP-Proxy: Authentication
SMTP-Proxy: Content Types
SMTP-Proxy: File Names
SMTP-Proxy: Mail From/Rcpt To
SMTP-Proxy: Headers
SMTP-Proxy: AntiVirus
SMTP-Proxy: Deny Message
SMTP-Proxy: Data Loss Prevention
SMTP-Proxy: spamBlocker
SMTP-Proxy: Proxy and AV Alarms
SMTP-Proxy: APT Blocker
SMTP-Proxy: TLS
Configure the SMTP-Proxy to Quarantine Email
Protect Your SMTP Server from Email Relaying
Troubleshoot the SMTP-Proxy
About the TCP-UDP-Proxy
TCP-UDP-Proxy: General Settings
TCP-UDP-Proxy: Redirection
Traffic Management & QoS
About Traffic Management and QoS
Set Connection Rate Limits
About QoS Marking
Enable QoS Marking for an Interface
Enable QoS Marking and Prioritization in a Policy
Enable QoS Marking for a Managed BOVPN Tunnel
Get Started with Traffic Management
About Traffic Management in Fireware v11.9 and Higher
Define a Traffic Management Action in v11.9 and Higher
Add Traffic Management Actions to a Policy
Use Traffic Management with Application Control
Monitor Bandwidth by Traffic Management Action
About Traffic Management in Fireware XTM v11.8.x and Lower
Define a Traffic Management Action in v11.8.x and Lower
Add a Traffic Management Action to a Policy