Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/308

Click to flip

308 Cards in this Set

  • Front
  • Back

What is the "WSM"?

The WatchGuard System Manager is the primary software application you use to manage Firebox devices and WatchGuard servers on your network.

What are the components included with WSM?

- Policy Manager




- Firebox System Manager (FSM)




- HostWatch

What are the components included with WatchGuard Server Center?

- Management Server




- Log Server




- Report Server




- Quarantine Server




- WebBlocker Server

What is the "Management Server"?

Manages multiple Firebox devices at the same time and creates virtual private network(VPN) tunnels with a simple drag-and-drop method.

What is the "Log Server"?

Collects log messages from Firebox devices and servers.

What is the "Report Server"?

Periodically consolidates data collected by your Log Servers and uses this data to generatethe reports that you select.

What is the "Quarantine Server"?

Collects and isolates SMTP email confirmed as spam by spamBlocker, or confirmed tohave a virus by Gateway Antivirus or by spamBlocker’s Virus Outbreak Detection feature.

What is the "WebBlocker Server"?

Provides information for an HTTP-proxy to deny user access to specified categories ofwebsites.

What components are included with the "WatchGuard Web Center"?

- Log Manager




- Report Manager




- CA Manager

What port do you use to connect to the WebCenter?

4130

What is "WatchGuard Dimensions"?

A virtual solution you can use to capture the log data from your Firebox devices,FireClusters, and WatchGuard servers. You can use Dimension to see this log data in real-time, track it across yournetwork, view the source and destination of the traffic, view log message details of the traffic, monitor threats to yournetwork, and view or generate reports of the traffic.

What 4 components make up "WatchGuard Dimensions"?

- Log Collector




- Log Server




- Log Database




- Web Services

What is the "Log Collector" (In relation to WatchGuard Dimensions)?

Receives log messages from Firebox devices, FireClusters, and WatchGuard servers andaggregates the log message data into dashboard summaries and reports.

What is the "Log Server" (In relation to WatchGuard Dimensions)?

Provides the API for log data, provisioning, and automated maintenance of Dimension.

What is the "Log Database" (In relation to WatchGuard Dimensions)?

Provides storage for all log message data.

What is the "Web Services" (In relation to WatchGuard Dimensions)?

Serves the Dimension WebUI to users and administrators.

Which components of "WatchGuard Dimensions" are automatically installed?

All of them:




- Log Collector




- Log Server




- Log Database




- Web Services

Which components of "WatchGuard Dimensions" are automatically configured?

- Log Collector




- Log Database




- Web Services




You have to configure the Log Server after the initial install.

Can you configure a device before activating it?

No

What happens when you activate a device?

You start the LiveSecurity Service subscription for the device.

What is the "LiveSecurity Service"?

Provides alerts, threatresponses, and expert advice to help you keep your network secure and up-to-date.

What must you have to activate a device?

Firebox serial number


An account on the WatchGuard website

What are the two setup wizards?

Quick Setup Wizard - inWatchGuard System Manager, select Tools > Quick Setup Wizard




Web Setup Wizard - To start theWeb Setup Wizard, in a web browser, type http://10.0.1.1:8080

What are the differences between the two setup wizards?

The Web Setup Wizard can activate the device and download the require feature key if the external interface has access to the internet




The Quick Setup Wizard has an option to install software on a device started in recovery mode.

When a device uses the factory default settings what two interfaces are active?

- Interface 0 (Eth0)




- Interface 1 (Eth1)

What is Interface 0 (Eth0)?

Interface 0 is configured as an External interface, and is configured to use DHCP to request an IP address. If youuse the Web Setup Wizard to configure a device, we recommend that you connect Interface 0 to a network thathas a DHCP server and Internet access, so the Firebox can connect to WatchGuard to download the Fireboxfeature key.

What is Interface 1 (Eth1)?

Interface 1 is configured as a Trusted interface, with the IP address 10.0.1.1. It has a DHCP Server enabled, andis configured to assign IP addresses on the 10.0.1.0/24 subnet. You must connect your computer to interface 1or to a network connected to Interface 1 when you run the Web Setup Wizard or Quick Setup Wizard.

What is a "Feature Key"?

You receive the feature key when you activate your Firebox on the WatchGuard website. Eachfeature key is unique to the serial number of the Firebox. Thefeature key is required to enable all device functionality.

What happens if the Firebox doesn't have a feature key?

It only allows one connection to the internet.

When you setup a Firebox using either of the setup wizards what 5 basic policies does it add?

- Outgoing




- FTP Packet Filter




- Ping




- WatchGuard WebUI




- WatchGuard



What is "Policy Manager"?

Is the WSM tool you use to build the security rules your Firebox uses to protect your network. You usePolicy Manager to configure policies, set up VPNs, change Device Management user account passphrases, andconfigure logging and notification options.

Can you install different versions of WSM?

You can have more than one version of WSM installed on your computer. However, you can have onlyone version of the server components (Management Server, Log Server, Report Server, QuarantineServer, and WebBlocker Server) installed.

What is required before you start the "Quick Setup Wizard"?

- An account on the WatchGuard website




- The IP address of the gateway router this device will connect to




- A feature key




- An IP address to give to the external and trusted interfaces of the device

Is the "Policy Manager" a online tool?

No its offline

What is the "OS Compatibility Version"?

Policy Manager can manage devices that use different versions of Fireware XTM OS. Each device configuration has anOS Compatibility setting that controls which configuration options are available for some features.

What happens to the feature key when you save a Firebox config to a local file?

The feature key is stored as a separate file, in the samedirectory as the configuration file.

What are the two places you can save a config file on the Policy Manager?

- To a local file




- To a Firebox or XTM device

Does the policy manager let you save if a setting isn't compatible?

If any setting is not compatible, PolicyManager displays a message and does not save the configuration to the device

Using policy manager can you save a config file that created on one device for another device?

To do this, you must remove the existing feature key from the configuration, and add the feature key for the new device.When you add the new feature key, Policy Manager automatically updates the model number in the configuration file.Before you can save the configuration to a different device, you may also need to change other settings to make theconfiguration compatible with the new device. For example, you might need to change the OS Compatibility setting, ormodify the Network settings, if the new device has a different number of network interfaces

What are the 3 default user accounts?

- admin




- status




- wgsupport

What role does the "admin" account have?

Device Administrator (read-write permissions)

What is the default password for the "admin" account?

Readwrite

What role does the "status" account have?

Device Monitor (read-only permissions)

What is the default password for the "status" account?

Readonly

What is the default role for the "wgsupport" account?

Disabled

Can more than one "Device Administrator" accounts connect to a device at one time?

No

Can more than one "Device Monitor" accounts connect to a device at one time?

Yes

What authentication servers can you use for user account on your device?

- Firebox-DB




- Active Directory




- LDAP




- RADIUS

What authentication server is used by default for user accounts?

Firebox-DB

Is the "WebUI" a online configuration tool?

Yes

Is the "CLI" and online configuration tool?

Yes

Which packet filter policy controls administrative connections to the device?

WG-Firebox-Mgmt




The Quick SetupWizard adds this policy with the name WatchGuard. This policy controls access to the device on TCP ports 4105, 4117,and 4118. When you allow connections in the WatchGuard policy, you also allow connections to each of these ports.

What does the device backup include?

Is a saved copy of the working image from the device flash disk. The backupimage includes the Firebox or XTM device OS, configuration file, feature keys, passphrases, DHCP leases, andcertificates. The backup image also includes any event notification settings that you configured in Traffic Monitor

Can you encrypt device backups?

Yes

What is the backup file extension?

.fxi

What is the only way to downgrade a device with factory resetting it?

Restoring a saved backup image which was taken before the upgrade.

What are the 4 types of network interfaces?

- External




- Trusted




- Optional




- Custom

What is an "External Interface"?

An external interface connects to a wide area network (WAN), such as the Internet, and can have either astatic or dynamic IP address. The device gets a dynamic IP address for the external interface from either aDHCP (Dynamic Host Configuration Protocol) server or PPPoE (Point-to-Point Protocol over Ethernet) server.

What is a "Trusted Interface"?

A trusted interface connects the private local area network (LAN) or internal network that you want to secure.User workstations and private servers which cannot be accessed from outside the network are usually found intrusted networks.

What is an "Optional Interface"?

Optional interfaces connect to your optional networks, which are mixed trust or DMZ environments separatedfrom your trusted networks.

What is the difference between "Optional Interfaces" and "Trusted Interfaces"?

The only difference is that optionalinterfaces are members of the alias Any-Optional.

What is a "Custom Interface"?

A custom interface defines a custom internal security zone that has a level of trust different from trusted oroptional. A custom interface is not a member of the built-in aliases Any-Trusted, Any-Optional, or Any-External,so traffic for a custom interface is not allowed through the Firebox unless you specifically configure policies toallow it.

Which aliases is the "Custom Interface" not a member of?

- Any-Trusted




- Any-Optional




- Any-External

Which aliases is the "Custom Interface" a member of?

The alias "All"

What is the built in alias for "External Interfaces"?

Any-External

What is the built in alias for "Trusted Interfaces"?

Any-Trusted

What is the built in alias for "Optional Interfaces"?

Any-Optional

What is a member of the "Any" alias?

- Users


- Groups


- Interfaces


- Addresses


- Tunnels


- Custom Interfaces

On which interfaces can you configure to dish out DHCP?

- Trusted Interfaces




- Optional Interfaces

What are the 3 WatchGuard network modes?

- Mixed Routing




- Drop-In




- Bridge Mode

What is the "Drop-In Mode"?

- All of the Firebox interfaces are on the same network and have the same IP address.




- The computers on the trusted or optional interfaces can have a public IP address.




- NAT is not necessary.

What is "Bridge Mode"?

- All of the Firebox interfaces are on the same network. You specify anIP address to use to manage the device.




- Traffic from all trusted or optional interfaces is examined and sent tothe external interface. Interface IP addresses cannot be configured.




NAT is not used in Bridge mode. Traffic sent or received through thedevice appears to come from its original source.

What is "DynamicDNS"?

Dynamic DNS to make sure that the IP address associated with your domain name changes when yourISP gives your Firebox a new IP address.




DynDNS is the only dynamic DNS service supported by your Firebox

What is a "Secondary Network"?

A secondary network is a network that shares one of the same physical networks as one of the Firebox interfaces.When you add a secondary network, you add a second IP alias to the interface. This IP alias is the default gateway forall the computers on the secondary network

What mode can "Secondary Networks" only be used in?

- Mixed Routing




- Drop-In

In what instances are "Secondary Networks" useful?

- Network Consolidation




- Network Migration




- Static NAT to Multiple Servers

What is a "Network Bridge"?

Used to merge two or more physical network interfaces on your Firebox.

What are "Static Routes"?

You can add static routes to control how your Firebox sends traffic to other devices. For example, you can create astatic route to specify that all traffic that goes to a server at another company is sent through a specific externalinterface.

What are the two "Route" types on a Firewall?

Static Routes — A manually configured route to a specific network or host.




Dynamic Routes — A route automatically learned and updated by a router, based on communication withadjacent network routers.

What does the "Routing Table" include?

- Routes to networks for all enabled Firebox interfaces and BOVPN virtual interfaces




- Static network routes or host routes you add to your configuration




- Routes the Firebox learns from dynamic routing processes that are enabled on the device




The default route, which is used when a more specific route to a destination is not defined. This is the gateway IPaddress you specify for your external interface

What are "Metrics" in regards to routing?

A metric is a numeric value used for priority. If there are more than one route to the same destination then the one with the highest priority will go first.

What are "VLANs"?

Are an advanced network feature that allow you to groupdevices by traffic patterns instead of by physical network access. You can use VLANs to connect devices ondifferent networks so that they appear to be part of the same network.

What is "Link Aggregation"?

Link Aggregation is an advanced network feature that allows you to group physicalinterfaces together to work together as a single logical interface. You can use a link aggregation interface toincrease the cumulative throughput beyond the capacity of a single physical interface, and to provide redundancyif there is a physical link failure.

What is "Multi-WAN"?

The multi-WAN feature allows you to send network traffic to multiple external interfaces. This is useful when you want to have a backup Internet connection, or if you want to divide your outgoing network traffic between multiple physical interfaces.

Can you use "Multi-WAN" for inbound network traffic?

No

What modes can you use "Multi-WAN" in?

Mixed Routing Mode

What is "FireCluster"?

If you have two Firebox devices of the same model, you can configure the two devices as a FireCluster for high availability and load sharing.

Which modes can you use IPv6 in?

Mixed Routing Mode

What are the recommended ranges for Trusted and Optional Interfaces?

- 10.0.0.0 - 10.255.255.255 (10.0.0.0/8)




- 172.16.0.0 - 172.31.255.255 (172.16.0.0/12)




- 192.168.0.0 -192.168.255.255 (192.168.0.0/16)

What is a "Slash Notation"?

Slash notation, also known as CIDR (Classless Inter-Domain Routing) notation, is a shorter way to write an IPv4 address and its subnet mask together.




e.g. instead of 255.255.255.0 would be /24

What do you need to configure to setup the "Log Server"?

Log Server Encryption Key

Can you send log messages to more than one device at a time?

Yes - but not with versions older than v11.10

What mode does the "Log Server" operate in?

Failover Mode - not redundancy mode so backup log server only becomes available when the primary server goes offline.

What are the 5 types of log messages?

- Traffic Log Messages




- Alarm Log Messages




- Event Log Messages




- Debug Log Messages




- Statistic Log Messages

What are "Traffic Log Messages"?

The Firebox sends traffic log messages as it applies packet filter and proxy policy rules to traffic that goesthrough the device.

What are "Alarm Log Messages"?

Alarm log messages are sent when an event occurs that causes the Firebox to send a notification request.

What are "Event Log Messages"?

The Firebox sends an event log message because of user activity.

What are "Debug Log Messages"?

Debug log messages include information used to help troubleshoot problems. You can select the level of debuglog messages to see in Traffic Monitor or write to a log file.

What are "Statistic Log Messages"?

Statistic log messages include information about the performance of your Firebox. By default, the Firebox sendslog messages about external interface performance and VPN bandwidth statistics to your log file. You can usethese log messages to help you determine how to change your Firebox settings to improve performance.

What is the "WSM Log Server" messages stored in?

A PostgreSQL database file.

What are the "Dimensions Log Server" messages stored in?

A PostgreSQL database file.

True or False? For both log servers can you use an external database.

True - as long as its PostgreSQL

If you install the "WSM Log Server" on a dedicated machine what Firewall ports will you need to open up?

Configure a WG-Logging policy to open these ports:




TCP 4115 — Used by devices with Fireware XTM OS




TCP 4107 — Used by devices with WFS OS, and by all SOHO, SOHO 6, and older Edge devices

Can you change the "Log Server Encryption Key"?

Yes

What is the default location for the WatchGuard log files?

Documents and Settings\WatchGuard\logs

What can you install the "WatchGuard Dimensions" package on?

Hyper-V or VMware

What dashboard components are included with the "Firebox System Manager"?

Front Panel


Traffic Monitor


Bandwidth Meter


Service Watch


Status Report


Authentication List


Blocked Sites


Subscription Services


Gateway Wireless Controller

What dashboard components are included with the "Fireware XTM Web UI"?

- Front Panel


- Traffic Monitor


- Authentication List


- Blocked Sites


- Subscription Services


- Gateway Wireless Controller

In the dashboard what is the "Front Panel"?

Displays the status of device interfaces, along with information aboutactive VPN tunnels and Subscription Services.

In the dashboard what is the "Traffic Monitor"?

Displays a color-coded list of the log messages from the device.

In the dashboard what is the "Bandwidth Meter"?

Provides a real-time graphical display of network activities across adevice. If you change the view from connections to bandwidth, FireboxSystem Manager remembers the setting the next time you start theapplication.

In the dashboard what is the "Service Watch"?

Shows a graph of the policies configured on a Firebox. The Y-axis(vertical) shows the number of connections or bandwidth used per policy.The X-axis (horizontal) shows the time. To get more information about apolicy at a point in time, click a location on the chart.

In the dashboard what is the "Status Report"?

Shows the technical details of the device.

In the dashboard what is the "Authentication List"?

Identifies the IP addresses and user names of all the users that areauthenticated to the device. Includes a Summary section with thenumber of users authenticated for each authentication type, and the totalnumber of authenticated users.

In the dashboard what is the "Blocked Sites"?

Lists all the sites currently blocked by the device. From this tab, you canremove a site from the temporary blocked sites list.

In the dashboard what is the "Subscription Services"?

Shows the status of Gateway AntiVirus, Intrusion Prevention Service,Application Control, spamBlocker, and Reputation Enabled Defense.From here, you can also perform a manual update of the signaturedatabases used by Gateway AV, IPS, and Application Control. In FSM,this tab is active only if you have purchased these services.

In the dashboard what is the "Gateway Wireless Controller"?

Shows the connection status and activity on your WatchGuard AP devices.




You can also monitor and manage the client connections to your WatchGuard AP devices.

What diagnostics can you run from the "Firebox System Manager"?

- Ping


- DNS Lookup


- TCP Dump


- Traceroute


- Download Packet Capture (PCAP) Files

True or false? You can save a PCAP file and open it later in Traffic Monitor.

False

True or false? You can add a site to the Blocked Sites list from HostWatch.

True

What version is required to Static NAT for traffic from the optional network?

Fireware v11.8.1

What is Dynamic NAT used for?

Dynamic NAT is used for traffic that goes out to the Internet from behind the Firebox.

What is Static NAT used for?

Static NAT is used for traffic that comes in to your network from the Internet, or for traffic from the optionalnetwork to the trusted network.

What is 1-to-1 NAT used for?

1-to-1 NAT is used for traffic in both directions.

What is Dynamic NAT also known as?

Masquerading

What is Dynamic NAT?

Firebox changes the source IP address of each outgoing connection to match theIP address of the device interface that the connection goes out through. For traffic that goes to an external network,packets go out through the device external interface, so dynamic NAT changes the source IP address to the deviceexternal interface IP address

What is 1-to-1 NAT?

Firebox changes and routes all incoming and outgoing packets sent from one range ofaddresses to a different range of addresses

What does a 1-to-1 NAT rule always have precedence over?

Dynamic NAT

What can you specify in a 1-to-1 NAT rule?

Interface


Real Base (means the actual internal IP)


NAT Base (means the external IP with will be NAT from)


Number of hosts to NAT (for ranges only)

What is Policy Based Dynamic NAT?

With policy-based dynamic NAT, you can make an exception to the global NAT rules

Do policies have dynamic NAT enabled by default?

Yes

What is policy based 1-to-1 NAT?

With this type of NAT, the Firebox uses the private and public IP address ranges that you set when you configuredGlobal 1-to-1 NAT, but you can enable or disable the rules for each individual policy

Do policies have 1-to-1 NAT enabled by default?

Yes

What is Static NAT?

Static NAT, also known as port forwarding, allows inbound connections on specific ports to one or more public serversfrom a single external IP address. The Firebox changes the destination IP address of the packets and forwards thembased on the original destination port number

By default does a static NAT rule change the source IP for inbound traffic?

No

What is Server Load Balancing?

A server load balancing SNAT action forwards inbound traffic addressed to one IP address to one of severalservers behind the firewall. In the SNAT action you select the load balancing algorithm to use and you canoptionally assign different weights to each server.

What is a NAT Loopback?

NAT loopback allows a user on the Trusted or Optional networks to use the public IP address or domain name to getaccess to a public server that is on the same physical device interface.

What do you need to create for a NAT Loopback to work?

Create a policy inyour configuration to allow the traffic. The From section of the policy must list the Trusted or Optional networks fromwhich access is allowed. The To section of the policy must contain a static NAT entry for each server to allow accesswith NAT loopback.

What is static NAT also known as?

Port Forwarding

What are the two types of Intrusion Prevention Service (IPS)?

Firewall Based IPS




Signature Based IPS

What is Firewall Based IPS

The Firebox combines protocol anomaly detection with traffic analysis toproactively block many common attacks.




A firewall-based IPS can also protect your network from a zero-day threat

What is Protocol Anomaly Detection in regards to Firewall Based IPS

Protocol anomaly detection is the examination of a packet forcompliance with RFC guidelines. Attackers can make packets that are different from RFC standards in waysthat allow them to bypass standard packet filters and get access to your network. If you block non-compliantpackets, you can also block the attack. This allows your Firebox to proactively protect you against attacks thatare as yet unknown.

What is Traffic Pattern Analysis in regards to Firewall Based IPS

Traffic pattern analysis examines a series of packets over time and matches them against known patterns ofattack

What is Signature Based IPS

It compares the contents ofpackets against a database of character strings that are known to appear in attacks. Each unique characterstring is called a signature. When there is a match, the Firebox can block the traffic and notify the networkadministrator. To remain protected, you must regularly update the signature database.

What uses less processing power, Firewall Based IPS or Signature Based IPS

Signature-based approaches use less computer processing time than firewall-based IPS options, however, tokeep them current the database must be updated regularly. As a result, signature-based IPS is good formaintaining efficient, high performance protection while firewall-based IPS catches the zero-day threats.

What is best to catch zero day threats, Firewall Based IPS or Signature Based IPS

Firewall Based IPS

What is Default Packet Handling

Is a set of pattern analysis rules to help protect your Firebox from attacks, and to show theFirebox how to process packets when no other rules are specified. With default packet handling, a firewall examines thesource and destination of each packet it receives. The firewall looks at the IP address and port number and monitors thepackets for patterns that show your network is at risk. If there is a risk and the device is properly configured, itautomatically blocks the possible attack.

What happens when Default Packet Handling rejects a packet

Rejects packets that could be used to get information about your network




Automatically blocks all traffic to and from a source IP address when a configured limit is reached




Adds an event to the log file




Sends an SNMP trap to the SNMP management server (when configured)




Sends a notification of possible security risks (when configured)

What are Unhandled Packets

Packets that are denied by the firewall because they do not match any of the firewall policies are blocked as unhandledpackets.

Are the sources of Unhandled Packets blocked by default

No

What is the "Blocked Sites" feature

Helps stop network traffic from systems that you know or think are a security risk. After youidentify the source of suspicious traffic, you can block all the connections to and from that IP address.

Will the Blocked Sites feature allow an IP to connect if there is a policy allowing it.

No

What are the two types of blocked IP addresses in relation to "Blocked Sites"

Permanent Blocked Sites


Auto-Blocked Sites

What are Permanent Blocked Sites in relation to "Blocked Sites"

These are IP addresses that you manually add to your device configuration filebecause you want all connections to and from the IP address blocked

What are Auto-Blocked Sites in relation to "Blocked Sites"

These are IP addresses that the device adds to, and removes from, a list of sites that aretemporarily blocked based on the packet handling rules specified in your device configuration. These IPaddresses are blocked for a period of time you select. This feature is known as the Temporary Blocked Sites list.

Which ports are automatically blocked by default.

0 - NONE


1 - TCPmux


111 - RPC


513,514 - rlogin, rsh, rcp


2049 - NFS


6000-6005 - X Window System


7100 - X Font Server


8000

What is the Blocked Sites Exceptions list

An exception is an entry for which all other rules do not apply. For blocked sites, an exception is an IP address ornetwork address that is never blocked. The automatic rules do not apply for this host. The rule also takes precedenceover the manually blocked sites list.

True or false? An unhandled packet is a packet that does not match any rule created in Policy Manager.

True

What are the two types of Policies

Packet Filter Policy


Proxy Policy

What is a Packet Filter Policy

A packet filter examines the IP header of each packet to control the network traffic into and out of your network.It is the most basic feature of a firewall. If the IP header information is valid, then the Firebox allows the packet. Ifthe packet header information is not valid, the device drops the packet.

What is a Proxy Policy

A proxy monitors and scans the entire connection, from the protocol commands to the data inside the packet. Itexamines the commands used in the connection to make sure they are in the correct syntax and order. It alsoexamines the contents of each packet to make sure that connections are secure. A proxy operates at theapplication layer, as well as the network and transport layers of aTCP/IP packet, while a packet filter operates only at the network and transport protocol layers.

True of False - Proxy policy can prevent potential threats fromreaching your network without blocking the entire connection

True

What can be in the source and destination of a policy

IP Address


IP Host Range


Host Name


Network Address


User Group


Alias


VPN Tunnel


FQDN

What are the 5 default aliases

Any


Firebox


Any-Trusted


Any-External


Any-Optional

In the Advanced Policy Properties what is the "Proxy Action"

Each time you add a proxy policy to Policy Manager, you select a set of rules used to protect either clients or servers on your network. You can use the default proxy action settings, or you can modify them to meet the needs of your organization.

In the Advanced Policy Properties what is the "Schedule"

You can set policies to only be active at the times of the day that you specify. You can also create scheduletemplates so that you can use the same schedule for more than one policy.

In the Advanced Policy Properties what is the "Traffic Management"

A Traffic Management action can guarantee that a particular policy always has a certain amount of bandwidththrough the Firebox, or it can limit the amount of bandwidth that the policy can use.

In the Advanced Policy Properties what is the "Quality of Service (QoS) Marking"

QoS marking allows you to mark network traffic with bits that identify it to other devices that understand QoS.The Firebox and other QoS-capable devices can assign higher or lower priorities to each type of traffic with QoSmarking.

In the Advanced Policy Properties what is the "Network Address Translation (NAT)"

You can enable or selectively disable 1-to-1 and dynamic NAT in any policy. You can also configure incomingNAT properties to allow Internet connections to privately addressed servers protected by the Firebox.

In the Advanced Policy Properties what is the "ICMP Error Handling"

You can customize the method the Firebox uses to handle ICMP errors for each policy.

In the Advanced Policy Properties what is the "Custom Idle Timeout"

Use this feature to set the amount of time the Firebox waits before it drops a connection.

In the Advanced Policy Properties what is the "Sticky Connections"

A sticky connection is a connection that continues to use the same interface for a defined period of time whenyour Firebox is configured with multiple WAN interfaces. Stickiness makes sure that, if a packet goes outthrough one external interface, any future packets between the source and destination address pair use the sameexternal interface for a specified period of time.

In the Advanced Policy Properties what is the "Policy-based Routing"

If your Firebox is configured with multi-WAN, you can configure a policy with a specific external interface to usefor all outbound traffic that matches that policy.

In the Advanced Policy Properties what is the "Bandwidth and Time Quotas"

You can enable time and bandwidth usage quotas in a policy. This feature is useful for applying a daily limit toyour user's Internet usage in an HTTP Proxy Policy to enforce corporate acceptable use policies.

What is the "Outgoing Policy"

The default Outgoing policy is a packet filter policy that is automatically added to your Firebox configuration when yourun the Quick Setup Wizard to set up your device and create a basic device configuration file. The Outgoing policyallows all TCP and UDP connections from any trusted or optional source on your network to any external network.

Does the "Outgoing Policy" filter content when it examines traffic.

No as its a packet filter policy not a proxy policy

What is the "Policy Precedence".

Precedence refers to the order in which the Firebox examines network traffic and applies a policy rule. The Firebox sortspolicies automatically.

What is a "Policy Tag".

A policy tag is a label you can apply to your policies to help you organize them into easy to manage groups. You canapply more than one policy tag to a policy and apply any policy tag to many policies.

Can you disable the Auto-Order mode feature for policy precendence

Yes

True or false? You can use the same operating schedule for multiple policies.

True

True or false? You cannot use SNMP for policy event notifications.

False

True or false? Policies are ordered primarily by name.

False

True or false? You can only apply a policy tag to a single policy.

False

True or false? You cannot save a filter to apply it again later.

False

True or false? If you select Match All when you apply a filter, all policies that have any of the policy tags youinclude in the filter will appear in the filtered policy list.

False. If you select Match All, only policies that have all of the policy tags you specify in the filter will appear inthe filtered policy list.

What are "ALGs".

Application Layer Gateways (ALGs) are very similar to proxy policies, but also contain features thatallow the Firebox to automatically manage some of the network connections necessary for Voice-over-IP (VoIP)sessions to operate correctly.

What are the 9 proxy policies that you can use?

DNS


FTP


H.232


HTTP


HTTPS


POP3


SIP


SMTP


TCP-UDP

Does the DNS proxy work if DNS requests are not routed through the Firebox

No, if your network clients use a static IP address to connect directly to a DNS server on yournetwork, the DNS proxy settings have no effect

What are "OpCodes" in relation to the DNS Proxy

OPcodes (operational codes) are commands sent to a DNS server, such as query, update, or status requests.

True or false? An Application Layer Gateway (ALG) is the same as a packet filter policy.

False - An ALG is similar to a proxy policy and also manages some network connections used by that protocol.

What are the two default SMTP-proxy policy actions

SMTP-Incoming.Standard


SMTP-Outgoing.Standard

What are the two default POP3-proxy policy actions

POP3-Server.Standard


POP3.Client.Standard

Does spamBlocked search contents of emails or patterns in spam traffic

spamBlocker looks for patterns in spam traffic, instead of the contents ofindividual email messages. Because it uses a combination of rules, pattern matching, and sender reputation, it can findspam in any language, format, or encoding method.

What actions can you configure the spamBlocker to take

Deny


Add Subject Line (marks email as spam or not spam then allows through)


Allow


Drop (Unlike deny this drops immediately without sending any SMTP error to sending server)


Quarantine

Does spamBlocker require a DNS server to work

Yes so the Firebox can resolve the IP Addresses of the CYREN servers.

What are the 3 spamBlocker categories

Confirmed Spam


Bulk


Suspect

Can spamBlocker detect spam in outgoing SMTP email

No

What is Virus Outbreak Detection

Virus Outbreak Detection (VOD) is a technology that identifies email virus outbreaks worldwide within minutesand then provides protection against those viruses

What needs to be enabled to allow alarms when a virus is detected by spamBlocker

Virus Outbreak Detection

Which proxies work with spamBlocker

POP3


SMTP

What is the "Web Blocker" in relation to HTTP Client/Server optional services.

Controls the websites trusted users are allowed to browse to at different times of the day. WebBlocker is onlyavailable for the HTTP-Client proxy action.

What is the "Gateway AntiVirus (Gateway AV)" in relation to HTTP Client/Server optional services.

Scans HTTP traffic and can stop viruses before they connect to the client computers and HTTP servers on yournetwork.

What is the "Reputation Enabled Defense (RED)" in relation to HTTP Client/Server optional services.

Sends requested URLs to a cloud-based WatchGuard reputation server, that returns a reputation score. TheHTTP-proxy uses the reputation score to determine whether to drop the traffic, allow the traffic and scan itlocally, or allow the traffic without a local scan.

What is the "APT (Advanced Persistent Threat)" in relation to HTTP Client/Server optional services.

Scans HTTP traffic and blocks APT (Advanced Persistent Threat) malware that takes advantage of zero-dayexploits to gain access to your network. Files are sent to a cloud-based service and examined with full systememulation analysis to identify the characteristics and behavior of advanced malware.

True or False. The HTTP-Client and HTTP-Server proxy actions have the same sets of rules, but the default settings are different.

True

What quotas can you set on HTTP and HTTPS policies.

Time — The time quota is set in minutes per day.



Bandwidth — The bandwidth quota is set in MB per day.

What are the two WebBlocker database options

Websense cloud with Websense categories (130 categories)




WebBlocker Server with SurfControl categories (54 categories)

What must you do in order to use WebBlocker

Install and set up the WebBlocker Server (only if you want to use the SurfControl categories)


Activate a WebBlocker license


Configure an HTTP-proxy policy to use WebBlocker

True or False? The websites you block with WebBlocker exceptions apply only to HTTP traffic (not HTTPS)

True

How do you do a WebBlocker local override?

User must know the override password?

You can use the WebBlocker local override with HTTP and HTTP proxy policies. True or False

False only HTTP-proxy

True or False. You can use schedules with WebBlocker

True

True or False. To use "WebBlocker Server with SurfControl" and "WebBlocker with Websense" you need a local WebBlocker server

False only with WebBlocker Server with SurfControl

How does Reputation Enabled Defense (RED) work?

WatchGuard RED uses cloud-based WatchGuard reputation servers that assign a reputation score between 1 and 100to every URL. When a user goes to a website, RED sends the requested web address (or URL) to the WatchGuardreputation server. The WatchGuard server responds with a reputation score for that URL. Based on the reputationscore, and on locally configured thresholds, RED determines whether the Firebox should drop the traffic, allow thetraffic and scan it locally with Gateway AV, or allow the traffic without a local Gateway AV scan. This increasesperformance, because Gateway AV does not need to scan URLs with a known good or bad reputation.

In Reputation Enabled Defense (RED) is a score of 100 good or bad

100 - Bad


1 - Good

In Reputation Enabled Defense (RED) what are the 2 reputation thresholds

Bad Repudiation Threshold - 90


Good Reputation Threshold - 10

In Reputation Enabled Defense (RED) what happens if you score under the "Good Reputation Threshold"

If the score for a URL is lower than the Good reputation threshold and GatewayAntiVirus is enabled, the HTTP proxy bypasses the Gateway AV scan.

In Reputation Enabled Defense (RED) what happens if you score under the "Bad Reputation Threshold"

If the score for a URL is higher than the Bad reputation threshold, the HTTP proxydenies access without any further inspection.

In Reputation Enabled Defense (RED) what happens if you score between the Good and Bad Reputation Thresholds

If the score for a URL is equal to or between the configured reputation thresholds and if you have enabled Gateway AV,the content is scanned for viruses.

In Reputation Enabled Defense (RED) what happens if your response comes back late?

If the response comes back late, it is possible you will see the reputation score assigned as -1 in theTraffic Monitor.

True or false? WebBlocker adds URL filtering to the SMTP-proxy policy.

False

True or false? An exception to the WebBlocker rules allows a site that is normally blocked to be viewed, or a sitethat is normally viewed to be blocked.

True

True or false? You can allow a user to bypass the WebBlocker restrictions.

True

True or false? A user does not have be authenticated to the Firebox to apply bandwidth and time quotas to theirweb traffic.

False

What does Intrusion Prevention Service protect against.

Identifies direct attacks on your network applications or operating system.

What does GatewayAV protect against.

Identifies viruses and trojans brought into your network through email, web browsing, TCPconnections, or FTP downloads.

What does APT Blocker protect against.

Identifies advanced malware brought into your network through email, web browsing, or FTPtraffic.

What are the GatewayAV actions.

Allow




Allows the packet to go to the recipient, even if the content contains a virus.




Deny (FTP proxy only)




Denies the file and sends a deny message to the sender.




Lock (SMTP and POP3 proxies only)




Locks the attachment. A file that is locked cannot be opened by the user. Only the administrator can unlock thefile. The administrator can use a different antivirus tool to scan the file and examine the content of theattachment.




Quarantine (SMTP proxy only)




If you use the SMTP proxy, you can send email messages with a virus or possible virus to the QuarantineServer.




Remove (SMTP and POP3 proxies only)




Removes the attachment and allows the message and any other safe attachments to go to the recipient.




Drop (not supported in POP3 proxy)




Drops the packet and drops the connection. No information is sent to the source of the message.




Block (not supported in POP3 proxy)




Blocks the packet, and adds the IP address of the sender to the Blocked Sites list.

What proxies can you use APT Blocker with?

SMTP


POP3


HTTP


FTP

True or False? APT Blocker uses the same scan process as Gateway AntiVirus

True

True or False? To use APT Blocker you must enable GatewayAV

True

What are the APT Threat Levels

High


Medium


Low

What are the APT Blocker Actions

Allow




Allows and delivers the file or email attachment to the recipient, even if the content contains detected malware.




Drop




Drops the connection. No information is sent to the source of the message. For the SMTP-proxy, the attachmentis stripped before the message is delivered to the recipient.




Block




Blocks the connection, and adds the IP address of the sender to the Blocked Sites list. For the SMTP-proxy, theattachment is stripped before the message is delivered to the recipient.




Quarantine (SMTP proxy only)




When you use the SMTP-proxy with APT Blocker, you can send email messages to the Quarantine Server. TheSMTP-proxy removes the part of the message that triggered APT Blocker and sends the modified message tothe recipient. The removed part of the message is replaced with the deny message that is configured in the proxyaction settings.




For the HTTP-proxy and FTP-proxy, this action is converted to a Drop action.

True or False? Data Loss Prevention only scans outbound traffic not inbound

True

What proxy actions does Data Loss Prevention work with?

SMTP


FTP


HTTP

True or False? For DLP to scan HTTPS content, you must enable deep inspection of content in the HTTPS proxy action, and configurethe HTTPS proxy action to use an HTTP proxy action with Data Loss Prevention configured.

True

What is a Data Loss Prevention Sensor?

DLP sensor, you enable one or more of the predefined contentcontrol rules, and configure the action to take if data is detected that matches the selected rules. You can configuredifferent actions for email and non-email traffic, and different actions based on the source or destination of the traffic. Inthe DLP sensor you also configure the scan limit, and the action to take for objects that cannot be scanned.

What are the 2 predefined Data Loss Prevention Sensors?

HIPAA Audit Sensor


PCI Audit Sensor

True or False? If you enable a largenumber of rules in a Data Loss Prevention sensor, the performance of the Firebox could be noticeably affected.

True

What are the Data Loss Prevention actions?

Allow — Allows the connection or email




Deny — Denies the request and drops the connection. A notification is sent to the source of the content.




Drop — Denies the request and drops the connection. No information is sent to the source of the content.




Block — Denies the request, drops the connection, and adds the IP address of the content source or sender tothe Blocked Sites list.




Lock — (Email content only) Locks the email attachment. A file that is locked cannot be opened easily by theuser. Only the administrator can unlock the file.




Remove — (Email content only) Removes the attachment and allows the message to be sent to the recipient.




Quarantine — (Email content only) Send the email message to the Quarantine Server.

True or False? DLP and Gateway AV don't use the same scan engine

False - If you enable DLP and Gateway AV for the sameproxy action, the larger configured scan limit is used for both services.

What are the Intrusion Prevention Service scan modes.

Full Scan




IPS scans all packets for traffic handled by policies with IPS enabled. This mode is the most secure, but there isa trade-off with performance.




Fast Scan




IPS scans fewer packets to improve performance. This option greatly improves the throughput for scannedtraffic, but does not provide the comprehensive coverage of Full Scan mode. This is the default mode.

What are the Intrusion Prevention Service threat levels

Critical


High


Medium


Low


Information

What are the Intrusion Prevention Service actions

Allow




Allows the content, even if the it matches an IPS signature.




Drop




Drops the content and drops the connection. No information is sent to the sender.




Block




Blocks the packet, and adds the source IP address to the Blocked Sites list.

What threat levels does Intrusion Prevention Service drop traffic by default

Critical


High


Medium


Low

True or False? When you enable IPS, it is enabled for all policies by default.

True

What must you do to get Intrusion Prevention Service to scan HTTPS content

Enable deep packet inspection

When is it unnecessary to use Application Control

If you control both sides of the traffic flow




Policies that are restricted by a port and protocol that only allow a known service e.g. DNS, RDP

True or false? Gateway AntiVirus can detect viruses in password-protected ZIP files.

False

True or false? The Intrusion Prevention Service is only compatible with the HTTP and TCP proxies. It cannotdetect possible intrusions in the SMTP, POP3, DNS, or FTP proxies.

False

True or false? If you want to report on the usage of applications that are not blocked, you must enable logging ofallowed packets in each policy that has Application Control enabled.

True

True or false? If Gateway AV and DLP are both enabled for the same policy, the Gateway AV scan result actiontakes precedence over the DLP action.

True

What authentication servers foes Fireware XTM support?

Firebox-DB


Active Directory


LDAP (Lightweight Directory Access Protocol)


RADIUS


SecureID


VASCO

What are the 5 types of log messages

Traffic Log Messages


Alarm Log Messages


Event Log Messages


Debug Log Messages


Statistic Log Message

True or false? WSM Log Manager automatically saves the search queries you run.

False




You cannot save a search query to run it again later.

True or false? When you run a search query from WSM Log Manager, it applies to all the devices that areconnected to your Log Server.

False




You can only run a search query on one Firebox at a time.

True or false? From WSM Log Manager, you can export log messages for more than one Firebox at the sametime.

False




You can export the log messages for only one Firebox at a time.

True or false? You can use WSM Report Manager to generate an On-Demand Report about more than oneFirebox at the same time.

False




From WSM Report Manager, you can only generate an On-Demand report for one Firebox at a time.

True or false? From WSM Log Manager, you can save a search query for a specific Firebox to run it again for onlythat Firebox.

True




You can save a search query for a Firebox to run it again later for the same Firebox. You cannot save searchquery parameters to run the same search for a different Firebox.

True or false? You can use WSM Report Manager to configure any report and send it in an email.

False




You can run On-Demand and Per Client reports from WSM Report Manager and generate a PDF of each report,but WSM Report Manager cannot connect to your email program to open an email message and attach the PDFthe message.

True or false? To connect to WatchGuard WebCenter, use the IP address of your Firebox.

False




Use the IP address of your WSM Log Server or Report Server to connect to WatchGuard WebCenter over port4130.

True or false? You can email a PDF of a report directly from WSM Report Manager.

False




You can generate a PDF of a report from WSM Report Manager, but you must save it and attach it to an emailmessage in your own email editor.

True or false? To configure your Firebox to send log messages to Dimension, in the Logging Settings for yourFirebox, you add the IP address and encryption key for the Dimension Log Server, just as you would for a WSMLog Server.

True




The configuration settings to send log messages from your Firebox to a Dimension Log Server are the same asfor a WSM Log Server.

True or false? After you install Dimension and configure your devices to send log messages to Dimension, youmust wait 24–48 hours before you can see any reports in Dimension.

False




After you have installed Dimension and configured your devices to sent log messages to Dimension, you canview those log messages and see reports of the log message data, usually within five minutes.

True or false? You can only run a search of log messages in Dimension from the Log Search page.

False




You can run a search from both the Log Manager (simple search) and the Log Search (complex search) pages inDimension.

True or false? You can export log messages from Dimension to a CSV file.

True




You can export log messages for a single Firebox or a group of devices from Dimension to a CSV file.

True or false? You can create groups of Firebox devices in Dimension.

True




You can create groups of Firebox devices in Dimension that you can use to see log messages and reports formultiple devices at the same time.

True or false? When you view reports for groups of devices, data for each Firebox is included in a separatereport.

False




When you create a Device group in Dimension, data for all the devices in the group are included in one report.

True or false? You can only export report data from Dimension to a PDF file or CSV file if you create a reportschedule.

False




You can export reports from Dimension as a PDF or a CSV file when you view an automatically generated report.

What is Branch Office VPN (BOVPN)

An encrypted and authenticated connection between two networks, where data is sentthrough an untrusted network, such as the Internet. The BOVPN connection is also called a tunnel. The gateways,which are endpoints of the tunnel on both networks, send and receive VPN data.

What are the benefits of Branch Office VPN (BOVPN)

Privacy or confidentiality of the data — The VPN uses encryption to guarantee that traffic between the twoprivate networks is secret. An attacker who intercepts the traffic cannot understand it.




Data integrity — The VPN guarantees that the data that passes through it has not been changed after it wassent.




Data authentication — The VPN guarantees that data that passes through the tunnel actually comes from one ofthe two endpoints of the VPN, and not from some attacker on the Internet.




Direct private IP address to private IP address communication — The computers at the two officescommunicate as if they were not behind devices configured with Network Address Translation (NAT). The datatunnels through NAT for a transparent connection between the devices.

What are the 3 Branch Office VPN types (BOVPN)

Manual BOVPN gateway and associated tunnels




BOVPN virtual interface




Managed VPN tunnel

What is the "Managed VPN tunnel" BOVPN type?

A managed VPN tunnel is a BOVPN tunnel that you create between two centrally managed Firebox devices.From your WatchGuard Management Server, you can drag-and drop one managed device onto another manageddevice to quickly configure a VPN tunnel between the two devices, based on templates and VPN resourcesdefined on the Management Server. Managed VPN tunnels are not discussed in detail in this course, but use thesame security settings and protocols as a manual VPN tunnel.

What is the "BOVPN virtual interface" BOVPN type?

A BOVPN virtual interface is a manual BOVPN configuration option for a VPN between two Firebox devices thatuse Fireware v11.8 or higher. This type of VPN offers more flexibility in configuration, because the devicedecides whether to route a packet through the virtual interface tunnel based on the outgoing interface specifiedfor the packet. You can specify a BOVPN virtual interface as the destination for traffic in a policy. You can alsospecify a BOVPN virtual interface when you configure static routes, dynamic routing, and policy-based routing.You can select any internal or external interface as the gateway endpoint for a BOVPN virtual interface.

What is the "Manual BOVPN gateway and associated tunnels" BOVPN type?

You can manually create a BOVPN gateway and its associated tunnels. When you configure a manual BOVPNgateway, you can use a second Firebox as the other BOVPN gateway, or a third-party VPN device that supportsIPSec.




When you add a BOVPN gateway and tunnels to configure a BOVPN, you set both the source and destinationfor the traffic you want to send through the tunnel. The device routes a packet through the BOVPN tunnel if thesource and destination of the packet match a configured VPN tunnel route.

Can you use the Management Server to configure a BOVPN virtual interface

No

When would you use a Manual BOVPN?

For a VPN tunnel between a Firebox and a third-party device, youmust use a manual BOVPN.

When would you use a "BOVPN Virtual Interface"?

Use this type of VPN for a VPN tunnel between two Firebox devicesthat use Fireware XTM OS v11.8 or higher, if you want to separate therouting from the VPN security association.

When would you use a "Managed BOVPN"?

Managed BOVPN tunnels are useful if you want to create andmanage a large number of tunnels between Firebox devices managedby a WatchGuard Management Server.

What encryption algorithms do Fireware BOVPNs support

DES (Data Encryption Standard)


3DES (Triple-DES)


AES (Advanced Encryption Standard)

What authentication algorithms do Fireware BOVPNs support

SHA-2 (Secure Hash Algorithm 2)




SHA-2 is the most secure authentication algorithm supported, and it is the most computationally intensive.Fireware supports these types of SHA2:


SHA2-256 — Produces a 265-bit (32 byte) message digest


SHA2-384 — Produces a 384-bit (48 byte) message digest


SHA2-512 — Produces a 512-bit (64 byte) message digest


SHA-2 is not supported on XTM 21, 22, 23, 510, 520, 530, 515, 525, 535, 545, 810, 820, 830, 1050,and 2050 devices.




SHA-1 (Secure Hash Algorithm 1)


SHA1 produces a 160-bit (20 byte) message digest.




MD5 (Message Digest Algorithm 5)


MD5 produces a 128-bit (16 byte) message digest, which makes it faster than SHA1 or SHA2. This is the leastsecure algorithm.

What are the two VPN phases?

Phase 1 — The main purpose of Phase 1 is to set up a secure encrypted channel through which the two devicescan negotiate Phase 2. If Phase 1 fails, the devices cannot begin Phase 2.




Phase 2 — The purpose of Phase 2 negotiations is for the two VPN gateways to agree on a set of parametersthat define what traffic can go through the VPN tunnel, and how to encrypt and authenticate the traffic. Thisagreement is called a Security Association.

What happens during a "Phase 1 VPN Negotiation"

The devices exchange credentials




The devices identify each other




The VPN gateways decide whether to use Main Mode or Aggressive Mode for Phase 1 negotiations.




Main Mode ensures the identity of both VPN gateways, but can be used only if both devices have a static IPaddress.




Aggressive Mode is faster but less secure than Main Mode, because it requires fewer exchanges betweentwo VPN gateways. In Aggressive Mode, the exchange relies mainly on the ID types used in the exchangeby both VPN gateways. Aggressive Mode does not ensure the identity of the VPN gateway.




The VPN gateways agree on Phase 1 parameters.




The VPN gateways agree on Phase 1 Transform settings. The settings in the Phase 1 transform on each IPSecdevice must exactly match, or IKE negotiations fail.

What happens during a "Phase 2 VPN Negotiation"

The VPN gateways use the Phase 1 SA to secure Phase 2 negotiations.




The VPN gateways exchange Phase 2 identifiers (IDs).




The VPN gateways agree on whether to use Perfect Forward Secrecy (PFS).




The VPN gateways agree on a Phase 2 proposal.

What are the common reasons a BOVPN would fail?

Lack of connectivity between the external interfaces of both devices




Pre-shared key does not match




Mismatch in Phase1 or Phase 2 settings




For a manual BOVPN: incorrect IP addresses or subnet masks in the tunnel routes on either device

What are the two types of VPN diagnostic messages?

Errors — indicate the VPN failed because of a configuration or connection issue.




Warnings — indicate a that a VPN is down because of an abnormal condition, such as dead peer detection(DPD) failure.

True or False? The VPN Diagnostic Report temporarily increases the log level.

True

What does IKE stand for (related to VPNs)?

Internet Key Exchange

True or false? If you configure a VPN as a BOVPN virtual interface, the VPN on the remote VPN gateway mustalso be configured as a BOVPN virtual interface.

True

What is a VPN Tunnel?

A VPN tunnel is a secure connection between a mobile user and resources on your network. A VPN client on the remoteuser’s computer sends traffic for your network through the VPN tunnel. When your Firebox receives traffic through aVPN tunnel, it forwards that traffic to the correct devices.

What are the 4 types of Mobile VPN Supported?

Mobile VPN with PPTP




Mobile VPN with IPSec




Mobile VPN with SSL




Mobile VPN with L2TP, with IPSec enabled

What is the maximum VPN tunnels supported on Mobile VPN with PPTP?

50

What are the two ways a Mobile VPN client can route traffic to the Internet for Mobile VPN users

Split Tunnel VPN




Default Route VPN

What is the "Split Tunnel VPN"?

In a split tunnel VPN, the VPN client splits the traffic that is destined for your private network from traffic that isdestined for the Internet. Only traffic that is addressed to your private network goes through the VPN tunnel. Splittunneling provides better network performance, but less security because policies are not applied to the Internettraffic. Split tunneling is the default configuration. If you use split tunneling, we recommend that each clientcomputer have a software firewall.

What is the "Default Route VPN"?

In a default route VPN, all remote user Internet traffic is routed through the VPN tunnel to the Firebox before itgoes to the Internet. This enables the device to examine all traffic, and provides increased security, although ituses more processing power and bandwidth. Another detractor for default route VPN is that it can dramaticallyincrease latency for systems like VoIP.

When you enable Mobile VPN with SSL, Policy Manager creates two policies on the Firewall tab, what are these two policies?

WatchGuard SSLVPN — This SSLVPN policy allows connections from an SSL VPN client on UDP port 443.




Allow SSLVPN Users — This Any policy allows the groups and users you configure for SSL authentication toget access to resources on your network.

When you enable Mobile VPN with L2TP, Policy Manager creates two policies in the Firewall tab, what are these two policies?

WatchGuard L2TP — This L2TP policy allows connections from an L2TP client on UDP port 1701.




Allow L2TP Users — This Any policy allows the groups and users you configured for L2TP authentication to getaccess to resources on your network.

When you enable Mobile VPN with PPTP, Policy Manager creates one policy in the Firewall tab, what is this policy?

WatchGuard PPTP — This PPTP policy allows connections from a PPTP VPN client on TCP port 1723.

How do you download the SSL VPN client in your organisation?

http://[external interface IP address]/sslvpn.html

With Mobile SSL VPN what are the two auto reconnect options?

Auto reconnect after a connection is lost




This option enables the Automatically reconnect check box in the Mobile VPN with SSL client. The user canchoose whether to automatically reconnect.If you select the Force users to authenticate after a connection is lost check box, the user must type thepassword again for each reconnection.




Allow the Mobile VPN with SSL client to remember password




This option enables the Remember password check box in the Mobile VPN with SSL client. The user canchoose whether the client remembers the password.

True or false? If you use a third-party server for VPN authentication, that server must have a user group with aname that exactly matches the group name in the VPN configuration.

True

True or false? Split tunnel is more secure than default route VPN.

False

True or false? If you add a new Allowed Resource in a Mobile VPN with IPSec policy, that resource isautomatically added to the VPN configuration.

False

True or false? Mobile VPN with IPSec is the only VPN type that can use different VPN configurations fordifferent user groups at the same time.

True

Which VPN connection types can you configure in the native VPN client in Windows?

PPTP




L2TP

How do you get to the WebUI

http:/<firebox-ip-address>/:8080

True or false? You can save the Firebox configuration file to a local disk drive from the Web UI.

True

True or false? You must install WSM software to use the Web UI.

False