WatchGuard Firewall Tech Communication with My Colleagues

WatchGuard Firewall Tech Communication with My Colleagues  
1. SOC
a. What is the SOC
Security Operations Center

b. SOC Main components 
Firewall                                       WATCHGUARD/FORTINET
IPS/IDS                                        WatchGuard/ESET
Anti-Virus                                    ESET
Vulumblitis Management           QUALYS
 SIEM                                             Not have it, Will build       Syslog
2. Firewall Basic Management (WatchGuard)
 a. How to connect to Firewall
i. Web UI
ii. WatchGuard System Management APP

b. User Authentication
i. AD Authentication

c. Sub Services
Firewall 
GAV
IPS
WebBlocker
DLP
Application Control
Botnet Detection
SpamBlocker
Geolocation
APT Blocker
d. Network Setting information
i. Interfaces IP Address
ii. DNS information
iii. Trusted Network IP address
iv. NAT 
lets you stretch the number of computers able to work off of a publicly routable IP and hide the private IP
1) Statics---Port Forwarding
2) Dynamic---IP Masquerading
3) One-To-One
v. Routes
vi. Dynamic Routing
3. Firewall Policy Setting
 a. Why need Policy (Identify allowed connectivity)

b. The Priority Order of Firewall Rules. 
The rules are applied from top to bottom, and the first rule that matches the traffic overrides all the other rules below. 

c. Security Zones(Aliases)
i. External(Untrusted)
ii. Internal(Trusted)
iii. Optional(Some Brands have DMZ zone)
d. Policy Formulation CheckList
i. Disposition
ii. Protocol/port
iii. Source
iv. Destination
v. Packet filter and proxy
vi. Schedule
vii. Policy-based routing
viii. NAT
ix. Source IP
x. Traffic Management/QOS

For the next section.....

4. Firewall Log

5. Firewall WebBlocker

 6. Firewall Application Control

 7. TroubleShooting












Comments

Post a Comment

Popular posts from this blog

To Be A CyberMan: Installing PfSense on a WatchGuard Firebox

Image
OX01 Preface My company recently upgraded its firewall to FortiGate Firewall.  They eliminated 3 of the licenses expired WatchGuard Firebox Firewalls. The WatchGuard FireBox models are XTM5 Series, M400, and M470. I was wondering if I can install the opensource Firewall application such as PfSense on FireBox to use as Testing Lab Environment. 0X02 Information      XTM5 Series comes with a 1GB CF card, free space is not enough for the lastest Pfsense,  need to add additional Hard Disk as PfSense system booting drive.     M400 comes with a 4 GB CF card, can use CF card as a PfSense system booting drive.     M470 comes with mSTAT SSD.  can SSD as a PfSense system booting drive. 0X03 Installing PfSense on M400 1. Preparation:           WatchGuard Firebox M400 Appliance          A USB Flash Drive          A CF Card USB reader          A co...
Read more

How I passed the CSX Fundamentals within one month

Image
  How I passed the CSX Fundamentals within one month Hi Guys, My name is Trevor Shi. I just passed the CSX within one month. I would like to share some experience maybe it will help you guys to prepare the exam. One of the funny things was, I used one month to learn it. But I spent the other one month to book the exam. I re-booked 5 times of exam as ISACA PSI online exam application has lots of issues.  I met every situation you can imagine. The first-time ISACA website down, the second-time they canceled my booked without excuse, the third-time application couldn't open, and the Fourth time was my fault, I just missed the exam. Finally, I got this certificate. We had a small group named CyberRookie, It just like an unorganized cyber knowledge self-studying group, we are trying to be more organized. So t he purpose of this article is as a guideline of the CyberRookie Project CSX certification learning method . A. The Cybersecurity Fundamentals Certific...
Read more

To Be A CyberMan: The 0365 email/ADFS Troubleshooting - Http status 500 error

Image
 To Be A CyberMan: The O365 email/ADFS Troubleshooting - Http status 500 error    0x00: Preview Knowlege ADFS: Active Directory Federation Services (ADFS) is a Microsoft Single Sign-On (SSO) solution. It provides users with authenticated access to applications that are not capable of using Integrated Windows Authentication (IWA) through Active Directory (AD).   Reference: https://docs.microsoft.com/en-us/windows-server/identity/active-directory-federation-services   0x01: Symptoms Some users reported they were not able to log into the email from Web console, the error shows: HTTP status 500:internal server error   0x02: Troubleshooting We tested some accounts email, The issue only affected some of the user's web-based Outlook applications. So we sent the email to our outlook service provider, got confirmation that the outlook service is working. From the error message, we can see the error is the internal serv...
Read more