Introduction to WatchGuard Dimension v1.0
Download
Report
Transcript Introduction to WatchGuard Dimension v1.0
Introduction to
WatchGuard Dimension™
WatchGuard Training
Introduction to WatchGuard Dimension
What is WatchGuard Dimension?
Deploy WatchGuard Dimension
Configure WatchGuard Dimension
Use WatchGuard Dimension
Support WatchGuard Dimension
WatchGuard Training
2
What is WatchGuard Dimension?
WatchGuard Training
3
What is WatchGuard Dimension?
Secure and centralized logging, visibility, and reporting for XTM devices and
WatchGuard servers
•
•
•
•
•
•
New ways to visualize network data
Dashboards with simple drill-down into detailed log and report information
Customizable reports that can be emailed to different roles in the organization
Complements Web UI visibility tools in XTM OS v11.8
Reports available after first summary report period (5 minutes)
All reports are ‘on demand’ all the time
Cloud-ready zero-installation deployment
•
•
•
•
Delivered as a virtual appliance for ESXi (.ova)
Running on 64-bit Linux
Driven by Postgres 9.2
Web interface supports most desktop and mobile browsers
WatchGuard Training
4
What is Dimension? — Architecture
Log Collector — Receives logs from devices, aggregates data
Web Services — Serves web application to users and administrators
Log Server — Provides API for log data, provisioning, and automated
maintenance
Database — Persistent storage for log and report data
WatchGuard Training
5
Deploy WatchGuard Dimension
WatchGuard Training
6
Deployment — Requirements
WatchGuard Dimension is distributed as an .ova file for installation on
VMware ESXi 5.x.
•
•
•
Your ESXi host must support 64-bit guest operating systems
WatchGuard Dimension has been primarily tested on VMWare ESXi hypervisors.
It can also be installed in VMware Workstation, Player, Fusion environments,
which is a great option for training and demonstration.
WatchGuard is not currently available on any non-VMware hypervisors.
WatchGuard Dimension is available on the Software Downloads pages with
the downloads for XTM devices.
1. Log in to WatchGuard.com
2. Browse to Articles & Software
3. Filter by Software Downloads (excluding Articles and Known Issues)
WatchGuard Training
7
Deployment
After downloading the WatchGuard Dimension virtual appliance (.ova)
connect to your ESXi host with vSphere.
From the File menu,
select Deploy OVF Template.
WatchGuard Training
8
Deployment
Browse to the downloaded WatchGuard Dimension OVA and select that as
your source.
WatchGuard Training
9
Deployment
Confirm the OVF Template Details and Accept the EULA.
WatchGuard Training
10
Deployment
Choose a name and disk format for this VM.
WatchGuard Training
11
Deployment
Map the virtual network adapter to the appropriate destination network.
Note:
•
•
WatchGuard Dimension’s network adapter defaults to DHCP.
You will need a DHCP server on the network for Dimension to receive an IP
address and access the setup wizard web interface.
WatchGuard Training
12
Deployment
Confirm the deployment settings.
Note the disk allocation defaults to 43GB.
•
•
3GB for OS drive (disk 1)
40GB for Data drive (disk 2)
Power on after deployment if you
want to keep the default settings.
WatchGuard Training
13
Deployment
Changing the provisioned size of Hard disk 2 before boot (or reboot) will
result in more storage for logging and reports.
Other defaults include:
•
•
2GB of RAM
2 CPUs (2 sockets, 1 core each)
WatchGuard Training
14
Deployment
Notes:
•
•
•
•
The Dimension VM is deployed by default with a data disk size of 40GB.
The data disk is fully reserved for the log database and the related overhead
space required by Postgres.
After the Dimension VM is deployed, the data disk size cannot be reduced.
To limit the size to be less than 40GB and avoid data loss, you must remove and
re-add Hard disk 2 before you power on the VM for the first time.
WatchGuard Training
15
Deployment
Once your VM is powered on, you see the IP address assigned to
Dimension through DHCP.
Use this this IP address to
make an HTTPS connection
to Dimension and start the
Dimension Setup Wizard.
WatchGuard Training
16
Configure WatchGuard Dimension
WatchGuard Training
17
Configuration — Requirements
WatchGuard Dimension supports these web browsers:
•
•
•
•
•
Firefox v22 and later
Internet Explorer 9 and later
Safari 5 and later
Safari on iOS 6 and later
Chrome v29 and later
You should be able to successfully use WatchGuard Dimension on most
mobile phone and tablet devices.
Connect to Dimension in a web browser at https://<dimension-IP-address>
WatchGuard Training
18
Configuration — Setup Wizard
Accept the security
warning to continue
to connect to
WatchGuard
Dimension.
WatchGuard Training
19
Configuration — Setup Wizard
Log in with these
credentials:
•
•
User Name: admin
Password: readwrite
WatchGuard Training
20
Configuration — Setup Wizard
Make sure you have
this information
before you start the
Setup Wizard:
•
•
•
•
Host name
IPv4 address and
settings for the
eth0 interface
Administrator
passphrase
Log Server
Encryption Key
WatchGuard Training
21
Configuration — Setup Wizard
Specify the host name
for Dimension
Select the IP address
method:
•
•
Static
DHCP
For a static IP address,
we recommend that
you specify an IPv4
address.
WatchGuard Training
22
Configuration — Setup Wizard
Set the Administrator
Passphrase to use to
connect to Dimension
and manage the
Dimension servers.
The Administrator
Passphrase must
have a minimum of
8 characters.
WatchGuard Training
23
Configuration — Setup Wizard
Set the Log Server
Encryption Key.
WatchGuard Training
24
Configuration — XTM Devices
WatchGuard Dimension can accept log messages and generate reports for
any device that runs Fireware XTM OS.
WatchGuard Dimension can also accept log messages from a WatchGuard
Management Server or Quarantine Server.
•
•
On an XTM device, use the IP address and Encryption Key from WatchGuard
Dimension when you configure the WatchGuard Log Server settings.
On WatchGuard servers, use the same IP address and Encryption Key in the
Logging settings.
In some environments you may be NATing the HTTPS and WatchGuard
Logging connections through your XTM device. This changes the IP
address you use to connect to WatchGuard Dimension or where you send
WatchGuard Logging connections.
WatchGuard Training
25
Configuration — After the Wizard…Log In
Multiple “Super administrator users” can be logged in at the same time
Configuration pages have modes:
•
•
RO (Read-Only)
RW (Read-Write)
WatchGuard Training
26
Configuration — After the Wizard…Manage Services
The Manage Services drop-down list includes the menu options to
configure settings for Dimension:
•
•
•
•
•
Schedule Reports
Manage the
Log Server
Manage the
Log Database
Manage user
accounts
Configure System
Settings
WatchGuard Training
27
Configuration — System Settings
Configure System and
Network settings
Manage certificates
System Maintenance
•
•
•
•
Reboot
Upgrade
Restore
Factory default!!!!
Diagnostic Tools
View Connected Users
WatchGuard Training
28
Configuration — User Management
Manage Users and Roles
•
•
Add, edit, or remove users
Apply roles:
RO – View-only
RW – Read-write
Active Directory Settings
•
•
Enable Active Directory
Authentication
Specify an Active
Directory Server
WatchGuard Training
29
Configuration - Users
Add/Edit User:
•
•
•
•
Types:
Local
Active Directory
Specify password
Select Roles
Select Devices
WatchGuard Training
30
Configuration — Users
Role policy same as WSM
•
User + List of roles + List of Devices
User authentication similar to WSM:
•
•
Local user, AD user, AD Group
AD requires DNS to resolve DCs by internal domain name
Built-in roles only (no custom roles)
•
•
•
•
Super Administrator
Full access
Report Administrator
View logs
View reports
Manage scheduled reports and groups
View Logs
View Reports
Applied to a list of devices
WatchGuard Training
31
Configuration — Logging Server Management
On the Status page:
•
•
View the status of
the Log Server
Stop and start the
Log Server
WatchGuard Training
32
Configuration — Logging Server Management
On the Configuration > General page, you configure these settings for the
Log Server:
•
•
•
Change the Encryption Key
Specify the log data
deletion settings
Back up and restore
the Log Server database
WatchGuard Training
33
Configuration — Logging Server Management
On the Configuration > Notifications page, configure the settings for
email:
•
•
•
Failure Events
Device Events
Message Purge
Must be configured to send
scheduled reports
WatchGuard Training
34
Configuration — Logging Server Management
On the Configuration > Notifications page, configure the settings for
reports:
Report Customizations
are templates to apply to
report PDFs:
•
•
•
Header
Footer
Logo
Configure settings for
ConnectWise Integration
WatchGuard Training
35
Configuration — Logging Server Management
On the Diagnostics page, you can use these diagnostic tools:
•
•
•
•
•
Purge diagnostic logs
Backup/Restore Log Server
database
View Process List
View Log Server log
messages
View Log Collector log
messagess
WatchGuard Training
36
Configuration — Schedule Reports
Report Schedules
•
•
RO — View only
RW — Add/Edit/Remove
scheduled reports
Before scheduled
reports can be sent,
an SMTP server
must be configured
in the Notifications
settings
WatchGuard Training
37
Configuration — Schedule Reports
Schedule General settings
•
•
Name
Descripton (optional)
WatchGuard Training
38
Configuration — Schedule Reports
Device Selection
•
•
Devices:
All Devices
Specify Devices
Servers:
All Servers
Specify Servers
WatchGuard Training
39
Configuration — Schedule Reports
Recipient Selection
•
Must add at least
one recipient
WatchGuard Training
40
Configuration — Schedule Reports
Report Selection
•
•
•
•
•
Report Types
Timezone
For report display
purposes only.
Web-based reports
appear in the
browser/OS time zone.
Customization
Aggregation
Single (per device)
Combined (grouped
devices)
Frequency
WatchGuard Training
41
Configuration — New Summary Reports
Schedule two new Reports:
•
•
Executive Summary
Web Traffic Summary
Both new reports are available as scheduled reports that you can send to
specific email addresses.
Both reports can use any Report Customization (report template) that you
create.
WatchGuard Training
42
Configuration — Executive Summary Report
Executive Summary report
•
•
Sent as a PDF file
Specify a logo, header, and footer
to customize the report
WatchGuard Training
43
Configuration — Web Traffic Summary Report
Web Traffic Summary report
•
•
•
Sent as a PDF file
Specify a logo, header, and footer
to customize the report
Report includes the Top Domains
chart with the Web Categories
(in a pie chart), and removes
any byte counts or
tabular information
WatchGuard Training
44
Use WatchGuard Dimension
WatchGuard Training
45
Use WatchGuard Dimension
To get the most out of Dimension, make sure to:
•
•
•
Select Enable logging for reports in proxy actions on your XTM devices and
WatchGuard Servers.
Enable logging of Allowed Packets in all policies.
Configure your XTM devices and WatchGuard servers to send all log messages
to your Dimension Log Server.
WatchGuard Training
46
Use WatchGuard Dimension
Log Messages
Reports
Dashboards
Packet Filter Allowed Logs
Web, Packet Filter, Top Client, Application Control
Executive, Threat Map, FireWatch
Packet Filter Denied Logs
Web, Packet Filter, Denied Packet, Top Client,
Application Control
Security, Threat Map
Intrusion Prevention Logs
IPS, Denied Packet
Security, Threat Map
Log when configuration has changed
Authentication, Audit
All Proxies: ‘Enable logging for reports’
GAV, IPS, SPAM, Application Control
Executive, Security, Threat Map,
FireWatch
Web, Firebox Statistics, RED
Executive, Security, Threat Map,
FireWatch
Firebox Statistics
Executive, Security, Threat Map,
FireWatch
SMTP, Firebox Statistics
Executive, Security, Threat Map,
FireWatch
POP3 Proxies: ‘Enable logging for reports’
POP3, Firebox Statistics
Executive, Security, Threat Map,
FireWatch
Any alarms
GAV, Alarms
HTTP Proxies: ‘Enable logging for reports’
FTP Proxies: ‘Enable logging for reports’
SMTP Proxies: ‘Enable logging for reports’
WatchGuard Training
47
Executive Dashboard
Top 10
•
•
•
•
•
•
•
Clients
Domains
URL Categories
Destinations
Applications
Application
Categories
Protocols
Click a summary to
expand it and see
more detail.
WatchGuard Training
48
Security Dashboard
Top 10 Blocked
•
•
•
•
•
•
Clients
Destinations
URL Categories
Applications
Application Categories
Protocols
IPS Signatures
Gateway Anti-Virus
Click a summary to
expand it and see more
detail.
WatchGuard Training
49
Threat Map
Denied Packets
(Blocked)
Intrusion Prevention
Service
Web Traffic
Application Control
All Traffic
WatchGuard Training
50
FireWatch
Sort by:
•
•
•
•
•
•
Source
Destination
Domains
Application
WebBlocker
Protocol
Pivot on:
•
•
Bytes
(Not available for
packet filter traffic
prior to XTM OS v11.8)
Connections
Hover for more detail:
•
•
Filter further
Show connections
WatchGuard Training
51
Log Manager
Log messages stored
in UTC time
Appears in your web
browser’s local time
WatchGuard Training
52
Log Search
Run simple or complex
search queries to refine
the log messages that
appear for the selected
XTM device.
Filter the search results
by log message type:
•
•
•
•
•
•
Traffic
Alarm
Event
Diagnostic
Statistic
All
WatchGuard Training
53
Other Available Reports
The same reports are
available that were
previously available
on your WatchGuard
Report Server
Select options to pivot
on from the pivot
drop-down list
Export the report to
a PDF file
WatchGuard Training
54
Support WatchGuard Dimension
WatchGuard Training
55
Dimension Support — Console Access
vSphere console shows command line access
Login with wgsupport/readwrite (must change the password on initial login)
•
•
•
Account restricted to only change the IP address
To set a static IP address, use the command wg_ip_addr.sh, located in
/opt/watchguard/dimension/bin.
For example, to set a static IP address of 192.168.24.101 on network
192.168.24.0/24 with gateway 192.168.24.1, type:
/opt/watchguard/dimension/bin/wg_ip_addr.sh i 192.168.24.101 -m 24 -g 192.168.24.1
When given without any options, or with the option --help, the command displays
help text.
Support Access for Diagnostics is available with a connection restricted by a
client-side certificate.
WatchGuard Training
56
Dimension Support — Known Limitations
No external database
Local Backup/Restore
No host name resolution
Cannot import log files to Dimension
Certificates must use CSR
•
No external private key
WatchGuard Training
57
Thank You!
WatchGuard Training
58