Introduction to WatchGuard Dimension v1.0

seedgemsbokΑποθήκευση

10 Δεκ 2013 (πριν από 3 χρόνια και 7 μήνες)

165 εμφανίσεις

Introduction to

WatchGuard Dimension™

WatchGuard Training

Introduction to WatchGuard Dimension


What is WatchGuard Dimension?


Deploy WatchGuard Dimension


Configure WatchGuard Dimension


Use WatchGuard Dimension


Support WatchGuard Dimension

WatchGuard Training

2

What is WatchGuard Dimension?

WatchGuard Training

3

What is WatchGuard Dimension?


Secure and centralized logging, visibility, and reporting for XTM devices and
WatchGuard servers


New ways to visualize network data


Dashboards with simple drill
-
down into detailed log and report information


Customizable reports that can be emailed to different roles in the organization


Complements Web UI visibility tools in XTM OS v11.8


Reports available after first summary report period (5 minutes)


All reports are ‘on demand’ all the time



Cloud
-
ready zero
-
installation deployment


Delivered as a virtual appliance for
ESXi

(.ova)


Running on 64
-
bit Linux


Driven by
Postgres

9.2


Web interface supports most desktop and mobile browsers


WatchGuard Training

4

What is Dimension?


Architecture



Log Collector


Receives logs from devices, aggregates data


Web Services


Serves web application to users and administrators


Log Server


Provides API for log data, provisioning, and automated
maintenance


Database


Persistent storage for log and report data


WatchGuard Training

5

Deploy WatchGuard Dimension

WatchGuard Training

6

Deployment


Requirements


WatchGuard Dimension is distributed as an .ova file for installation on
VMware
ESXi

5.x.


Your
ESXi

host must support 64
-
bit guest operating systems


WatchGuard
Dimension has been primarily tested on
VMWare

ESXi

hypervisors.
It can also be installed in VMware Workstation, Player, Fusion environments,
which is a great option for training and demonstration.


WatchGuard
is not currently available on any non
-
VMware hypervisors
.


WatchGuard Dimension is available on the Software Downloads pages with
the downloads for XTM devices.

1.
Log in to WatchGuard.com

2.
Browse to Articles & Software

3.
Filter by Software Downloads (excluding Articles and Known Issues)


WatchGuard Training

7

Deployment


After downloading the WatchGuard Dimension virtual appliance (.ova)
connect to your ESXi host with vSphere.


From the
File

menu,

select
Deploy OVF Template
.


WatchGuard Training

8

Deployment


Browse to the downloaded WatchGuard Dimension OVA and select that as
your source.

WatchGuard Training

9

Deployment


Confirm the OVF Template Details and Accept the EULA.

WatchGuard Training

10

Deployment


Choose a name and disk format for this VM.

WatchGuard Training

11

Deployment


Map the virtual network adapter to the appropriate destination network.


Note:


WatchGuard Dimension’s network adapter defaults to DHCP.


You will need a DHCP server on the network for Dimension to receive an IP
address and access the setup wizard web interface.

WatchGuard Training

12

Deployment


Confirm the deployment settings.


Note the disk allocation defaults to 43GB.


3GB for OS drive (disk 1)


40GB for Data drive (disk 2)



Power on after deployment if you

want to keep the default settings.

WatchGuard Training

13

Deployment


Changing the provisioned size of Hard disk 2 before boot (or reboot) will
result in more storage for logging and reports.


Other defaults include:


2GB of RAM


2 CPUs (2 sockets, 1 core each)



WatchGuard Training

14

Deployment


Notes:


The Dimension VM is deployed by default with a data disk size of 40GB.


The data disk is fully reserved for the log database and the related overhead
space required by Postgres.


After the Dimension VM is deployed, the data disk size cannot be reduced.


To limit the size to be less than 40GB and avoid data loss, you must remove and
re
-
add Hard disk 2 before you power on the VM for the first time.


WatchGuard Training

15

Deployment


Once your VM is powered on, you see the IP address assigned to
Dimension through DHCP.


Use this this IP address to

make an HTTPS connection

to Dimension and start the

Dimension Setup Wizard.

WatchGuard Training

16

Configure WatchGuard Dimension

WatchGuard Training

17

Configuration


Requirements


WatchGuard Dimension supports these web browsers:


Firefox v22 and later


Internet Explorer 9 and later


Safari 5 and later


Safari on iOS 6 and later


Chrome v29 and later


You should be able to successfully use WatchGuard Dimension on most
mobile phone and tablet devices.


Connect to Dimension in a web browser at
https://<dimension
-
IP
-
address>

WatchGuard Training

18

Configuration


Setup Wizard


Accept the security

warning to continue

to connect to

WatchGuard

Dimension.

WatchGuard Training

19

Configuration


Setup Wizard


Log in with these

credentials:


User Name: admin


Password: readwrite

WatchGuard Training

20

Configuration


Setup Wizard


Make sure you have

this information

before you start the

Setup Wizard:


Host name


IPv4 address and

settings for the

eth0 interface


Administrator

passphrase


Log Server

Encryption Key



WatchGuard Training

21

Configuration


Setup Wizard


Specify the host name

for Dimension


Select the IP address

method:


Static


DHCP


For a static IP

address,

we recommend that

you specify an IPv4

address.

WatchGuard Training

22

Configuration


Setup Wizard


Set the Administrator

Passphrase to use to

connect to Dimension

and manage the

Dimension servers.


The Administrator

Passphrase must

have a minimum of

8 characters.


WatchGuard Training

23

Configuration


Setup Wizard


Set the Log Server

Encryption Key.


WatchGuard Training

24

Configuration


XTM Devices


WatchGuard Dimension can accept log messages and generate reports for
any device that runs Fireware XTM OS.


WatchGuard Dimension can also accept log messages from a WatchGuard
Management Server or Quarantine Server.


On an XTM device, use the IP

address and Encryption Key from WatchGuard
Dimension when you configure the WatchGuard Log Server settings.


On WatchGuard servers, use the same IP address and Encryption Key in the
Logging settings.


In some environments you may be NATing the HTTPS and WatchGuard
Logging connections through your XTM device. This changes the IP
address you use to connect to WatchGuard Dimension or where you send
WatchGuard Logging connections.

WatchGuard Training

25

Configuration


After the Wizard…Log In


Multiple “Super administrator users” can be logged in at the same time


Configuration pages have modes:


RO (Read
-
Only)


RW (Read
-
Write)


WatchGuard Training

26

Configuration


After the Wizard…Manage Services


The
Manage Services

drop
-
down list includes the menu options to
configure settings for Dimension:


Schedule Reports


Manage the

Log Server


Manage the

Log Database


Manage user

accounts


Configure System

Settings


WatchGuard Training

27

Configuration


System Settings


Configure System and

Network settings


Manage certificates


System Maintenance


Reboot


Upgrade


Restore


Factory default!!!!


Diagnostic Tools


View Connected Users

WatchGuard Training

28

Configuration


User Management


Manage Users and Roles


Add, edit, or remove users


Apply roles:


RO


View
-
only


RW


Read
-
write


Active Directory Settings


Enable Active Directory

Authentication


Specify an Active

Directory Server

WatchGuard Training

29

Configuration
-

Users


Add/Edit User:


Types:


Local


Active Directory


Specify password


Select Roles


Select Devices

WatchGuard Training

30

Configuration


Users


Role policy same as WSM


User + List of roles + List of Devices


User authentication similar to WSM:


Local user, AD user, AD Group


AD requires DNS to resolve DCs by internal domain name


Built
-
in roles only (no custom roles)


Super Administrator


Full access


Report Administrator


View logs


View reports


Manage scheduled reports and groups


View Logs


View Reports


Applied to a list of devices

WatchGuard Training

31

Configuration


Logging Server Management


On the
Status

page:


View the status of

the Log Server


Stop and start the

Log Server

WatchGuard Training

32

Configuration


Logging Server Management


On the
Configuration > General
page, you configure these settings for the
Log Server:


Change the Encryption Key


Specify the log data

deletion settings


Back up and restore

the Log Server database

WatchGuard Training

33

Configuration


Logging Server Management


On the
Configuration > Notifications

page, configure the settings for
email:


Failure Events


Device Events


Message Purge


Must be configured to send

scheduled reports

WatchGuard Training

34

Configuration


Logging Server Management


On the
Configuration > Notifications

page, configure the settings for
reports:


Report Customizations

are templates to apply to

report PDFs:


Header


Footer


Logo


Configure settings for

ConnectWise Integration

WatchGuard Training

35

Configuration


Logging Server Management


On the
Diagnostics

page, you can use these diagnostic tools:


Purge diagnostic logs


Backup/Restore Log Server

database


View Process List


View Log Server log

messages


View Log Collector log

messagess

WatchGuard Training

36

Configuration


Schedule Reports


Report Schedules


RO


View only


RW


Add/Edit/Remove

scheduled reports


Before scheduled

reports can be sent,

an SMTP server

must be configured

in the
Notifications


settings

WatchGuard Training

37

Configuration


Schedule Reports


Schedule General settings


Name


Descripton (optional)

WatchGuard Training

38

Configuration


Schedule Reports


Device Selection


Devices:


All Devices


Specify Devices


Servers:


All Servers


Specify Servers

WatchGuard Training

39

Configuration


Schedule Reports


Recipient Selection


Must add at least

one recipient


WatchGuard Training

40

Configuration


Schedule Reports


Report Selection


Report Types


Timezone


For report display

purposes only.

Web
-
based reports

appear in the

browser/OS time zone.


Customization


Aggregation


Single (per device)


Combined (grouped

devices)


Frequency

WatchGuard Training

41

Configuration


New Summary
Reports


Schedule two new Reports:


Executive Summary


Web Traffic Summary


Both new reports are available as scheduled reports that you can send to
specific email addresses.


Both reports can use any Report Customization (report template) that you
create.

WatchGuard Training

42

Configuration


Executive Summary Report


Executive Summary report


Sent as a PDF file


Specify a logo, header, and footer

to customize the report

WatchGuard Training

43

Configuration


Web Traffic Summary Report


Web Traffic Summary report


Sent as a PDF file


Specify a logo, header, and footer

to customize the report


Report includes the Top Domains

chart with the Web Categories

(in a pie chart), and removes

any byte counts or

tabular information

WatchGuard Training

44

Use WatchGuard Dimension

WatchGuard Training

45

Use WatchGuard Dimension


To get the most out of Dimension, make sure to:


Select
Enable logging for reports

in proxy actions on your XTM devices and
WatchGuard Servers.


Enable logging of
Allowed Packets

in all policies.


Configure your XTM devices and WatchGuard servers to send all log messages
to your Dimension Log Server.


WatchGuard Training

46

Use WatchGuard Dimension

WatchGuard Training

47



Log Messages

Reports

Dashboards

Packet Filter Allowed Logs

Web, Packet Filter, Top Client, Application Control

Executive, Threat Map, FireWatch

Packet Filter Denied Logs

Web, Packet Filter, Denied Packet, Top Client,
Application Control

Security, Threat Map

Intrusion Prevention Logs

IPS, Denied Packet

Security, Threat Map

Log when configuration has changed

Authentication, Audit

All Proxies:

‘Enable logging for reports’

GAV, IPS, SPAM, Application Control

Executive, Security, Threat Map,
FireWatch

HTTP Proxies: ‘Enable logging for reports’

Web, Firebox Statistics, RED

Executive, Security, Threat Map,
FireWatch

FTP Proxies: ‘Enable logging for reports’

Firebox Statistics

Executive, Security, Threat Map,
FireWatch

SMTP Proxies: ‘Enable logging for reports’

SMTP, Firebox Statistics

Executive, Security, Threat Map,
FireWatch

POP3 Proxies: ‘Enable logging for reports’

POP3, Firebox Statistics

Executive, Security, Threat Map,
FireWatch

Any alarms

GAV, Alarms

Executive Dashboard


Top 10


Clients


Domains


URL Categories


Destinations


Applications


Application

Categories


Protocols


Click a summary to

expand it and see

more detail.

WatchGuard Training

48

Security Dashboard


Top 10 Blocked


Clients


Destinations


URL Categories


Applications


Application Categories


Protocols


IPS Signatures


Gateway Anti
-
Virus


Click a summary to

expand it and see more

detail.


WatchGuard Training

49

Threat Map


Denied Packets

(Blocked)


Intrusion Prevention

Service


Web Traffic


Application Control


All Traffic

WatchGuard Training

50

FireWatch


Sort by:


Source


Destination


Domains


Application


WebBlocker


Protocol


Pivot on:


Bytes

(Not available for

packet filter traffic

prior to XTM OS v11.8)


Connections


Hover for more detail:


Filter further


Show connections

WatchGuard Training

51

Log Manager


Log messages stored

in UTC time


Appears in your web

browser’s local time

WatchGuard Training

52

Log Search


Run simple or complex

search queries to refine

the log messages that

appear for the selected

XTM device.


Filter the search results

by log message type:


Traffic


Alarm


Event


Diagnostic


Statistic


All

WatchGuard Training

53

Other Available Reports


The same reports are

available that were

previously available

on your WatchGuard

Report Server


Select options to pivot

on from the pivot

drop
-
down list


Export the report to

a PDF file

WatchGuard Training

54

Support WatchGuard Dimension

WatchGuard Training

55

Dimension Support


Console Access


vSphere console shows command line access


Login with
wgsupport/readwrite

(must change the password on initial login)


Account restricted to only change the IP address


To set a static IP address, use the command
wg_ip_addr.sh
, located in
/opt/watchguard/dimension/bin
.

For example, to set a static IP address of
192.168.24.101

on network
192.168.24.0/24

with gateway
192.168.24.1
, type:


/opt/watchguard/dimension/bin/wg_ip_addr.sh

-
i

192.168.24.101

-
m

24

-
g

192.168.24.1




When given without any options, or with the option
--
help
, the command displays
help text.


Support Access for Diagnostics is available with a connection restricted by a
client
-
side certificate.

WatchGuard Training

56

Dimension Support


Known Limitations


No external database


Local Backup/Restore


No host name resolution


Cannot import log files to Dimension


Certificates must use CSR


No external private key

WatchGuard Training

57

Thank You!

WatchGuard Training

58