WatchGuard Firewall Guide

WatchGuard Firewall Guide

  1. Start by connecting to the firewall.
  2. When connected, log in as an admin.
  3. As Admin click the Firewall Category on the left side of the screen. A list of subcategories appears, as shown below.

 

 

       

  1.  Click on Aliases. The Freeware Web UI window will open.

 

  1. Click ADD near the bottom of that screen to get to the Alias/Add interface.

  1. The five aliases in the table below need to be added. For each entry, repeat the following subprocess:
      • Add a name from the table into the Name field.
      • Click Add. Another Add Member window will open.

      • Select the correct Member type for that entry. The specific information required for that type will be requested.
      • Enter the required information for that member.
      • Click OK. This will take you back to the Alias/Add interface and confirm your data.
      • Click Save.
      • Click Add as needed for another entry.

 

 

 

 

 

Name

 

Member Type

Definition

From

To

Cytracom_DAL

Host Range IPv4

209.105.249.194

209.105.249.252

Cytracom_KEN

Host Range IPv4

184.175.130.161

184.175.130.186

Cytracom_AWS

Host Range IPv4

3.208.72.128

3.208.72.158

Cytracom_FW

Host IPv4

52.90.29.99

Cytracom_FQDN

FQDN

register.cytracom.net

kr1.cytracom.net

fw.cytracom.com

provision.cytracom.net

blf.cytracom.net

 

  1. With all the aliases configured, it is time to configure policies. Click on Firewall Policies from the Firewall entry as seen above in step 3. The Firewall Properties window will open, as shown below.

  1. Click on the Add Policy button near the top of the window to get the Add Firewall Policy window.

  1. In the Add Firewall Policy window, leave the default setting of Packet Filter and select Any from the top dropdown menu.
  2. Click Add Policy. You’ll get a Policy Definition Window, as shown below.

      • In the Policy Definition Window add the Aliases that you created in step 6 to the “To” section
      • Change the Idle time to 360 seconds.
      • Remove the ANY:external rule in the “To” section for security purposes.
      • In the name field, enter the value Cytracom Out.
      • Click the Advanced tab at the top of the screen. The following options should be made available.

      • Uncheck the 1-to-1 NAT box.
      • Check the box under QoS labeled Override per-interface settings.
      • Change the Marking Method dropdown box to Assign
      • Set the Value dropdown box to 46(EF).
      • Set the “Prioritize traffic based on” dropdown box to Custom Value.
      • Set the final Value dropdown box to the highest value possible for the customer’s system.
      • Click the Save button at the bottom of the screen.
  1. Create a second rule repeating the process from step 10 with the following changes:
        • Add the aliases created in step 6 to the From field instead of To
        • Name this policy name Cytracom Out instead of Cytracom In

 

  1. Once the two policies are created, return to the Policy list screen.
  2. Move the Cytracom In and Cytracom Out policies to the top of the priority list, or as close as they can get to prevent any other Polices from interfering with the quality of your phone service. Cytracom prefers that the policies be 1 and 2 but at the minimum we ask that they be put in the top 5.

 

Was this article helpful?
4 out of 5 found this helpful