Wednesday, July 31, 2013

WatchGuard Best Practice and XTM

Recently atteneded WatchGuard (WG) XTM 101 presented by Bill (William) Larsen.

Helpful Tips:

When naming rules end with: .in/ .out / .passthrough
     Will make life easier to filter traffic when troubleshooting / investigating

Ensure only your Active Directory (AD)servers provide DNS

  • Setup Alias to include only your AD servers
  • Setup DNS-proxy.out
    • Policy Type: DNS-Proxy
    • From: ADServers
    • To: Any-External
Allow guest wifi to use public DNS
  • Setup DNS-proxy.passthrough
    • Policy Type: DNS-Proxy
    • From: Any-Optional
    • To: Any-External
If you have multiple servers/systems that you need to manage through RDP let WG handle the port translation.
  • Create additional Policy Types using following naming scheme:
    • RDP-[Port]
    • Ex. RDP-3391 | RDP-3390
  • When setting up SNAT us following naming scheme(only if SNAT just for RDP)
    • SNAT Name: RDP-[server name]
      • Ex. RDP-WFE01
    • SNAT Member: [External IP] [Internal IP] [Internal Port (3389 unless changed on server)]
      • xx.xx.xx.xx -> 192.168.40.25 : 3389
To prevent SpamBot from sending on your domain ensure only your Exchange server can send
  • Setup Alias to include only you Exchange server (only have a single server not sure how a cluster would function)
  • Setup following rules:
    • Name: SMTP-Exchange.out
    • Policy Type: SMTP
    • From: Exchange
    • To: Any-External (or alias for offsite SpamFiltering, we use Postini)
Now for the Exchange and DNS to work you need to ensure this finally rule is setup as we have not blocked any thing only setup rules to allow.

Setup Deny Rule:
  • Name: MyDenyRule
    • Policy Type: MyDenyRule
      • Ports: 25 (TCP&UDP), 53 (TCP&UDP) and 161
    • From: Any-Trusted, Any-Optional
    • To: Any-External

1 comment:

  1. Set on his signature 100mm heel,replica shoes Christian Louboutin’s replica flats Platinana courts are guaranteed to lengthen your legs to supermodel standards. Rendered in a combination of patent and matte leather, the ankle strap curves around the front to join the sharp, pointed toe. They’re finished, of course, with the iconic red lacquered sole. These will pair just as well with denim as with a cocktail dress.

    ReplyDelete