Quick Start — Set Up an On-premises WebBlocker Server

You can install the on-premises WebBlocker Server on a virtual machine with a 64-bit OS in a VMware or in a Hyper-V environment. The WebBlocker Server is distributed as an .OVA file for installation on VMWare ESXi 5.x - 6.x and as a .VHD file for installation on Hyper-V.

For installation instructions, go to:

• Install the WebBlocker Server on VMware
• Install the WebBlocker Server on Hyper-V

To use WebBlocker Server, the Firebox must run Fireware v12.2 or later.

After you install and start the virtual machine, connect to the WebBlocker Server in a web browser and run the WebBlocker Server Setup Wizard.

The Setup Wizard helps you configure the network settings and connects to your WatchGuard account to download a WebBlocker Server license.

Before you run the Setup Wizard, make sure you have this information:

WebBlocker Server host name

This is the name of the WebBlocker Server virtual machine. This is used only to identify the virtual machine on the network.

WebBlocker Server IPv4 address and network settings

This is the IP address for the Eth0 interface of the WebBlocker Server virtual machine. The Firebox can use this IP address to connect to the WebBlocker Server. You can assign a static IP address or configure the WebBlocker Server to use DHCP to request an IP address. If you do not assign a domain name to the WebBlocker Server, we recommend you assign a static IP address so that Fireboxes can always connect. If you specify a static IPv4 address, you must also specify the default gateway and DNS server.

Administrator passphrase

This is the passphrase for the account you use to manage the WebBlocker Server.

Authentication key

This is a shared secret used for authentication between Fireboxes and the WebBlocker Server. You must specify this Authentication Key when you add the WebBlocker Server to your WebBlocker configuration on a Firebox.

Your WatchGuard Account ID (ACC-xxxxxx)

This is the account ID of your WatchGuard account. The WebBlocker Server uses it to connect to your account to activate your WebBlocker Server license. The account you specify must have at least one Firebox with an active WebBlocker subscription.Tip! To find your ID, log in to the WatchGuard Support Center, then select My WatchGuard > Manage Profile. In the Manage Profile page, your account ID appears in the Your Company section Partner ID field.

Serial number of a Firebox activated in your WatchGuard account

This can be the serial number of any Firebox activated in your WatchGuard account. This information is used to get the expiration date of your WebBlocker license.

The serial number you specify does not need to be for a Firebox that has a WebBlocker license. The date when the WebBlocker Server activation expires is the latest WebBlocker license expiration date from the feature keys of all Fireboxes associated with your WatchGuard account. For more information, go to WebBlocker Server License.

To run the Setup Wizard:

1. Open a web browser and go tohttps://<IP address of WebBlocker Server>:4130.
   The login page appears.
2. In the User Name text box, type admin.
3. In the Passphrase text box, type readwrite.
4. Click Log In.
   The WebBlocker Server Setup Wizard appears.
5. Complete the Setup Wizard. For detailed instructions, go to Run the WebBlocker Server Setup Wizard.

Make sure you do not power off your WebBlocker Server before the wizard completes.

When you complete the WebBlocker Server Setup Wizard, your WebBlocker Server is available with an initial configuration. You can use the web UI to configure the WebBlocker Server settings.

For configuration instructions, go to:

• Configure WebBlocker Server General Settings
• Configure WebBlocker Server Notification Settings
• Manage WebBlocker Server Users
• Manage WebBlocker Server Certificates
• Configure WebBlocker Server System Settings

Before your Firebox can use the WebBlocker Server for website lookups, you must add the server details to the WebBlocker Settings in Policy Manager or the Fireware Web UI.

To use WebBlocker Server, the Firebox must run Fireware v12.2 or later.

To add a WebBlocker Server:

1. In Policy Manager or the Fireware Web UI, open the WebBlocker Global Settings.
2. In the On-Premises WebBlocker Servers section, click Add.
   The Add On-Premises Server dialog box appears.
3. In the Display Name text box, type a name for the WebBlocker Server.
4. In the Address text box, type the IP address or domain name of the WebBlocker Server.
5. In the Port text box, type or select the port number the WebBlocker Server uses. The default port number is 443.
6. To use Transport Layer Security (TLS) to connect securely to the WebBlocker Server, select the Use TLS check box.
7. In the Authentication Key text box, type the authentication key used to establish a secure connection between the WebBlocker Server and your Firebox. This is the authentication key that was specified in the WebBlocker Server Setup Wizard.
8. Click OK.

For more information, go to Configure WebBlocker Global Settings.

After you have installed the WebBlocker Server and added server details in the WebBlocker Settings, you must configure a WebBlocker action to use the server for category lookups.

1. In Policy Manager or the Fireware Web UI, edit the WebBlocker action you want to configure.
   The Edit WebBlocker Action page appears.
2. Select the Server tab.
3. Select On-premises WebBlocker server.
4. Select the server to use from the drop-down list.
5. Click OK.

For more information, go to Configure WebBlocker Servers