Contents

Related Topics

Administer Your Firebox From a Remote Location

When you run the Quick Setup Wizard to configure a Firebox, the WatchGuard policy is created automatically. This policy allows you to connect to and administer the Firebox from any computer on the trusted or optional networks. To manage the Firebox from a remote location (any location external to the device), then you must modify the WatchGuard policy to allow administrative connections from the IP address of your remote location.

The WatchGuard policy controls access to the Firebox on these TCP ports: 4105, 4117, 4118. When you allow connections in the WatchGuard policy, you allow connections to each of these ports.

Rather than modify the WatchGuard policy, you can use a VPN to connect to the Firebox. This greatly increases the security of the connection. If this is not possible, we recommend that you allow access from the external network to only certain authorized users and to the smallest number of computers possible. For example, your configuration is more secure if you allow connections from a single computer instead of from the alias Any-External.

To modify the WatchGuard policy, from Fireware Web UI:

  1. Select Firewall > Firewall Policies.
  2. Click the WatchGuard policy.
    Or, select the WatchGuard policy and from the Action drop-down list, select Edit Policy.
    The Firewall Policies/Edit page appears.

Screen shot of the WatchGuard Policy Configuration page

  1. In the From section, click Add.
    The Add Member dialog box appears.

Screen shot of the Add Member dialog box

  1. To add the IP address of the external computer that connects to the Firebox, from the Member type drop-down list, select Host IP, and click OK. Type the IP address.
  2. To give access to an authorized user, from the Member Type drop-down list, select Alias.
    For information about how to create an alias, see Create an Alias.

To modify the WatchGuard policy from Policy Manager:

  1. Double-click the WatchGuard policy.
    Or, right-click the WatchGuard policy and select Modify Policy.
    The Edit Policy Properties dialog box appears.

Screen shot of the Edit Policy Properties dialog box

  1. In the From section, click Add.
    The Add Address dialog box appears.

Screen shot of the Add Address dialog box

  1. To add the IP address of the external computer that connects to the Firebox, click Add Other.
  2. Make sure Host IP is the selected type, and type the IP address.
  3. To give access to an authorized user, in the Add Address dialog box, click Add User.
    The Add Authorized Users or Groups dialog box appears.
    For information about how to create an alias, see Create an Alias.

See Also

Define a New User for Firebox Authentication

Use Users and Groups in Policies

Give Us Feedback     Get Support     All Product Documentation     Technical Search