WatchGuard XTM Setup Guide

  1. Activate your WatchGuard unit online and download Feature Key: http://www.watchguard.com/activate
  2. Download WSM (WatchGuard System Manager): http://watchguard.com/support/index.asp
  3. Setup Wizard: Eth1 – https://10.0.1.1:8080 admin/readwrite (You may have to manually set PC IP Address first to 10.0.1.2/255.255.255.0)
  4. Install WatchGuard System Manager
  5. Install and configure WatchGuard Servers (if required)
  6. Connect WSM to Firebox – use the status passphrase, not configure passphrase
  7. Policy Manager (switch to View>> Details)
    1. Upgrade if required – check with WatchGuard Sales Engineer. Download from https://www.watchguard.com/archive/softwarecenter.asp. Install OS on PC then Policy Manager>> File>> Upgrade
    2. Configure Network: Network>> Configure. DNS is required by Firewall, but can also be given to Firewall via DHCP. Refer WatchGuard DNS best practice 
    3. Authentication (if required). Install Authentication Gateway Software in Domain (Member Server or DC). ON Firewall: Setup>> Authentication>> Authentication Servers + Authentication Settings (SSO)
    4. Activate and configure Subscription Services. Rules for SMTP, HTTP, DNS, POP3 and FTP are created as required
    5. Enable VOD: WatchGuard Virus Outbreak Detection Setup Guide
    6. Enable AV Decompression. Subscription Services>> Gateway AntiVirus>> Configure>> Setup.
    7. WebBlocker or WebBlocker Auto Update if you are using WebBlocker Server: Auto-Updating the WatchGuard WebBlocker Database                     
    8. Modify HTTP Proxy Rule: Tuning WatchGuard HTTP Client Proxy Action
    9. Other Policies as required. Eg: RTSP (554), MMS (1755), RTMP (1935), SIP/H323, Citrix, HTTPS, TCP-UDP Proxy (use with care WatchGuard Policy Optimisation for Proxy Connection Limitations), NTP (UDP 123).
    10. Block Microsoft SMB/NetBios traffic (Ports TCP/UDP 445, UDP 137-138), TCP 139)
    11. Logging. Setup>> Logging. Also enable Performance Statistics.
    12. Configure Mobile VPN, if required. How To Setup WatchGuard SSL VPN 
    13. Prevent internal subnets from being auto-blocked (Setup>> Default Threat Protection>> Blocked Sites>> Exceptions): Prevent WatchGuard Internal Subnets From Being AutoBlocked
    14. Configure Reporting: How To Set Up Your WatchGuard For Reporting 

Add Feedback