WatchGuard Firewall Guide
- Start by connecting to the firewall.
- When connected, log in as an admin.
- As Admin click the Firewall Category on the left side of the screen. A list of subcategories appears, as shown below.
- Click on Aliases. The Freeware Web UI window will open.
- Click ADD near the bottom of that screen to get to the Alias/Add interface.
- The five aliases in the table below need to be added. For each entry, repeat the following subprocess:
-
-
- Add a name from the table into the Name field.
- Click Add. Another Add Member window will open.
-
-
- Select the correct Member type for that entry. The specific information required for that type will be requested.
- Enter the required information for that member.
- Click OK. This will take you back to the Alias/Add interface and confirm your data.
- Click Save.
- Click Add as needed for another entry.
Name |
Member Type |
Definition |
|
From |
To |
||
Cytracom_DAL |
Host Range IPv4 |
209.105.249.194 |
209.105.249.252 |
Cytracom_KEN |
Host Range IPv4 |
184.175.130.161 |
184.175.130.186 |
Cytracom_AWS |
Host Range IPv4 |
3.208.72.128 |
3.208.72.158 |
Cytracom_FW |
Host IPv4 |
52.90.29.99 |
|
Cytracom_FQDN |
FQDN |
register.cytracom.net kr1.cytracom.net fw.cytracom.com provision.cytracom.net blf.cytracom.net |
- With all the aliases configured, it is time to configure policies. Click on Firewall Policies from the Firewall entry as seen above in step 3. The Firewall Properties window will open, as shown below.
- Click on the Add Policy button near the top of the window to get the Add Firewall Policy window.
- In the Add Firewall Policy window, leave the default setting of Packet Filter and select Any from the top dropdown menu.
- Click Add Policy. You’ll get a Policy Definition Window, as shown below.
-
- In the Policy Definition Window add the Aliases that you created in step 6 to the “To” section
- Change the Idle time to 360 seconds.
- Remove the ANY:external rule in the “To” section for security purposes.
- In the name field, enter the value Cytracom Out.
- Click the Advanced tab at the top of the screen. The following options should be made available.
-
- Uncheck the 1-to-1 NAT box.
- Check the box under QoS labeled Override per-interface settings.
- Change the Marking Method dropdown box to Assign
- Set the Value dropdown box to 46(EF).
- Set the “Prioritize traffic based on” dropdown box to Custom Value.
- Set the final Value dropdown box to the highest value possible for the customer’s system.
- Click the Save button at the bottom of the screen.
- Create a second rule repeating the process from step 10 with the following changes:
-
-
-
- Add the aliases created in step 6 to the From field instead of To
- Name this policy name Cytracom Out instead of Cytracom In
-
-
- Once the two policies are created, return to the Policy list screen.
- Move the Cytracom In and Cytracom Out policies to the top of the priority list, or as close as they can get to prevent any other Polices from interfering with the quality of your phone service. Cytracom prefers that the policies be 1 and 2 but at the minimum we ask that they be put in the top 5.