Intro WG Dimension v2-0-1

8/16/2019 Intro WG Dimension v2-0-1

1/137

Copyright ©2015 WatchGuard Technologies, Inc. All Rights Resered

WatchGuard Training

Introduction to

WatchGuard Dimension™ v2.0.1


2/137


WatchGuard Training

Introduction to Dimension

What is WatchGuard Dimension? Deploy WatchGuard Dimension

Set Up WatchGuard Dimension

Configure WatchGuard Dimension Use WatchGuard Dimension

Support WatchGuard Dimension

2


3/137


WatchGuard Training

What is Dimension?

!


4/137


WatchGuard Training

What is WatchGuard Dimension?

Secure and centralized logging, visibility, reporting, and

management for irebo! devices and WatchGuardservers" #e$ $ays to visualize net$or% data

" Dashboards $ith simple drill&do$n operation into log and reportinformation

" Customizable reports that can be emailed to different roles in theorganization

" Complements ire$are Web U' visibility tools for ire$are (Sv))*+*! and higher

" eports available after the first summary report period -.minutes/

" 0ll reports are on-demand all the time

"


5/137


WatchGuard Training

What is WatchGuard Dimension?

Cloud&ready zero&installation deployment

" Delivered as a virtual appliance for 1Si -*ova/ and 3yper&4-*vhd/

" uns on 56&bit 7inu!

" Driven by 8ostgreS97 :*2

" Web interface supports most des%top and mobile bro$sers

5


6/137


WatchGuard Training

Dimension Architecture

Log Collector

" eceives log messagesfrom irebo! devices

" 0ggregates data

Web Services

" Serves $eb applicationto users andadministrators

" 'nterface for devicemanagement and

visibility

#


7/137Copyright ©2015 WatchGuard Technologies, Inc. All Rights Resered

WatchGuard Training

Dimension Architecture

Dimension Server

" 8rovides 08' for logdata, provisioning,

maintenance, and

configuration

Database

" 8ersistent storage for; < 7og and report data

< Device configurationfiles

$



WatchGuard Training

Deploy Dimension

%



WatchGuard Training

Deployment e!uirements

WatchGuard Dimension is distributed as an *ova file for

installation on 4=$are 1Si .*!



WatchGuard Training

Deployment e!uirements

WatchGuard Dimension is available on the WatchGuard

$ebsite Software Downloads pages*)* 7og in to WatchGuard*com*2* Select Support Home** Clic% Software Downloads*

6* rom the Show downloads for drop&do$n list, selectDimension*.* Do$nload the current version of Dimension and the Release

Notes*

10



WatchGuard Training

Deployment "otes

@he Dimension 4= default data dis% size is 6AGB*

'f you use the built&in 8ostgreS97 database, the datadis% is fully reserved for the log database and the related

overhead space reuired by 8ostgreS97*

0fter the Dimension 4= is deployed, the data dis% size

cannot be reduced* @o limit the size to be less than 6AGB and avoid data

loss, you must remove and add 3ard dis% 2 again,

before you po$er on the 4= for the first time*

0fter your 4= is po$ered on, you see the '8 addressassigned to Dimension through D3C8*

11



WatchGuard Training

Deployment "otes

'f you do not have a

D3C8 server, youmust ma%e a console

connection to your

Dimension 4=, and

set a static '8 address* Use this '8 address to

ma%e an 3@@8S

connection to

Dimension and start

the Dimension Setup

Wizard*

12



WatchGuard Training

#et $p Dimension

1!



WatchGuard Training

Dimension e!uirements

WatchGuard Dimension supports these $eb bro$sers;

" irefo! v22 and higher " 'nternet 1!plorer : and higher

" Safari . and later

" Safari on i(S 5 and higher

" Chrome v2: and higher Note: The Dimension FireWatch feature requires browser versions that support HTM!"

>ou should be able to successfully use WatchGuard

Dimension on most mobile phone and tablet devices*

Connect to Dimension in a $eb bro$ser at

https#$$%dimension-&'-address(

1"


15/137


WatchGuard Training

WatchGuard Dimension #etup Wi%ard

0ccept the security

$arning to continueto connect to

Dimension*

15


16/137


WatchGuard Training


7og in $ith these

credentials;" User Name admin

" Password read$rite

1#


17/137


WatchGuard Training


=a%e sure you have

this information beforeyou start the

Dimension Setup

Wizard;

" 3ost name" '8v6 address andsettings for the 1thA

interface

" 0dministrator

passphrase" 7og 1ncryption Eey

)F


18/137


WatchGuard Training


Specify the host name

for Dimension Select the '8 address

method;

" Static

" D3C8 or a static '8 address,

$e recommend that

you specify an '8v6

address*

1%


19/137


WatchGuard Training


Select the location of

the Dimensiondatabase;" Built&in

" 1!ternal

1&

2A


20/137


WatchGuard Training


Specify $hether

Dimension has apublic '8 address or if

it is behind a #0@

device -such as a

gate$ay irebo!/

2A

2)


21/137


WatchGuard Training


Set the )dministrator

'assphrase to use toconnect to Dimension

and manage the

Dimension server*

@he )dministrator'assphrase must have

a minimum of +

characters*

2)

22


22/137


WatchGuard Training


Set the 7og 1ncryption

Eey*

22

2!


23/137


WatchGuard Training


evie$ and confirm

your settings forDimension*

2!

2"


24/137


WatchGuard Training

#end &og 'essages to Dimension

WatchGuard Dimension can accept log messages and

generate reports for any irebo! that runs ire$are (S* WatchGuard Dimension can also accept log messages

from a WatchGuard =anagement Server or 9uarantine

Server*

" When you configure the WatchGuard 7og Server settings foryour irebo!, specify the '8 address and 1ncryption Eey for yourinstance of Dimension*

" (n WatchGuard servers, use the same '8 address and1ncryption Eey in the 7ogging settings*

2"

25


25/137


WatchGuard Training


'n some environments, you might use #0@ for the

3@@8S and WatchGuard logging connections throughyour irebo!* @his changes the '8 address you use to

connect to WatchGuard Dimension and $here you send

WatchGuard logging connections*

25

25


26/137


WatchGuard Training


25

Enable Logging or! "eports Dashboards

Pac#et ilter $llowed Logs Web, 8ac%et ilter, @op Client,

0pplication Control

1!ecutive, @hreat =ap, ireWatch, 8olicy =ap

Pac#et ilter Denied Logs Web, 8ac%et ilter, Denied 8ac%et, @op

Client, 0pplication Control

Security, @hreat =ap, 8olicy =ap

$P% &loc#er 0dvance =al$are -08@/ Summary and

Detail reports, and ero&Day =al$are

-08@/ 8C' Compliance, 1!ecutive

Summary 8D

1!ecutive, Security, 8olicy =ap

'ntrusion Prevention Service '8S, Denied 8ac%et Security, @hreat =ap, 8olicy =ap

Log when configuration has changed 0uthentication, 0udit

$ll Pro(ies) Enable logging for reports G04, '8S, S80=, 0pplication Control 1!ecutive, Security, @hreat =ap, ireWatch, 8olicy =ap

H%%P Pro(ies) Enable logging for reports Web, irebo! Statistics, 1D 1!ecutive, Security, @hreat =ap, ireWatch, 8olicy =ap

%P Pro(ies) Enable logging for reports irebo! Statistics 1!ecutive, Security, @hreat =ap, ireWatch, 8olicy =ap

S*%P Pro(ies) Enable logging for reports S=@8, irebo! Statis tics 1!ecutive, Security, @hreat =ap, ireWatch, 8olicy =ap

P+P, Pro(ies) Enable logging for reports 8(8, irebo! Statistics 1!ecutive, Security, @hreat =ap, ireWatch, 8olicy =ap

Web&loc#er $ctions

Select Categories > Log this action

Web 0udit 1!ecutive, Security, @hreat =ap, ireWatch, 8olicy =ap

$n- alarms G04, 0larms

2$


27/137


WatchGuard Training

A(ter the Wi%ard ) &og In to Dimension

=ultiple super-

administrator users can be logged in at the

same time

=odes for

configuration pages;" 7oc%ed -read&only/

" Unloc%ed -read&$rite/

2$

2%


28/137


WatchGuard Training

*on(igure Dimension

2%

2&


29/137


WatchGuard Training

Administration

@he -0dministration/

drop&do$n list includes

menu options to

configure, manage,

and use Dimension;" =anage @as%s < Schedule eports

< Bac% Up Database

< estore Database

" Server =anagement" Database

" User =anagement

" System Settings

2&

A


30/137


WatchGuard Training

Administration ) &oc+ , $nloc+

(n the

$dministrationpages, you specify the

settings for your

instance of Dimension*

Before you can ma%echanges, you must

unloc% the Dimension

configuration*

0fter you complete

your changes, you

must loc% the

configuration*

!1


31/137


WatchGuard Training

#erver 'anagement ) #tatus

(n the Status page;

" 4ie$ the status of theDimension server

" Stop and start theDimension server

" 4ie$ the server C8U,

=emory, and DatabaseDis% usage details

" 0dd feature %eys forirebo! devices that run

ire$are (S v))*)A*A

or lo$er, that you $antto manage $ith

Dimension*

!2


32/137


WatchGuard Training

#erver 'anagement ) *on(iguration

(n the Configuration .

/eneral page, youconfigure these settings for

the Dimension server;

" 8ublic 9D# or '8 addressfor the public #0@ device

-such as a gate$ay irebo!/that Dimension is behind

" Specify the log datadeletion settings

" Specify the database size andautomatic bac% up settings

" Specify the database location

!!


33/137


WatchGuard Training


(n the Configuration

. 0isibilit- page, youcan change the 7og

1ncryption Eey for the

Dimension server

!"


34/137


WatchGuard Training



. Command page,you can specify the

number of device

configuration file

revisions and the

amount of storage in

=B that Dimension

saves for each irebo!

managed by

Dimension

!5


35/137


WatchGuard Training



. Notifications page,configure the settings

for email;

" Specify $hat types ofevent notifications are

sent;

< ailure 1vents

< Device or Server 1vent

" Specify the emailaddresses to send

notification messages toand from, the subHect of

notification messages,

and test the connection

!#


36/137


WatchGuard Training


(n the Configuration .

"eporting page, configurethe settings for reports;" 0dd Custom eport

@emplates for report 8Ds to

specify the;

< 3eader < ooter

< 7ogo

" Specify the @8 servers$here you can send reports

" Configure settings for ConnectWise 'ntegration

!$


37/137


WatchGuard Training



. Logging page;" 1nable logging for the

Dimension server*

" Select the Log Level for the log messages;

< 1rror < Warning

< 'nfo

< Debug


38/137

!&


39/137


WatchGuard Training

#erver 'anagement ) I- Address 'apping

1nable D-namic 'P

$ddress "esolution for devices $ith

dynamic '8 addresses*

0dd an '8

addressIname pair tothe Static 'P $ddress

*ap list for devices

$ith static '8

addresses*

"0


40/137


WatchGuard Training

#erver 'anagement ) Diagnostics

(n the Diagnostics

page, you can usethese diagnostic tools;" 8urge diagnostic log

messages

" 4ie$ 8rocess 7ist

" 4ie$ 7og =essages; < 7og Server

< 7og Collector

< Dimension Server

"1


41/137


WatchGuard Training

#ystem #ettings ) #tatus

(n the S-stem

Settings . Status page, you can;" evie$ Dimension

system and net$or%

settings

" =anage certificates < Generate a Web

Server CS

< 'mport a Web ServerCertificate

< =anage @rusted C0Certificates

"2


42/137


WatchGuard Training

#ystem #ettings ) #tatus" System =aintenance

< eboot < Upgrade

< estore

< Shut do$n'owers off the *M

" 4ie$ J log out

connected users

"!


43/137


WatchGuard Training

#ystem #ettings ) 'anage *A *erti(icates

(n the S-stem

Settings . Status page, Certificate

*anagement section,

select *anage

%rusted C$

Certificates*

" 'mport certificates

" 0iew certificates in thelist

" "emove certificatesfrom the list

""


44/137


WatchGuard Training

#ystem #ettings ) *on(iguration

(n the S-stem

Settings .Configuration page,

you can;

" Change the systeminterface and static

route settings

" 1nable Dimension tosend feedbac% to

WatchGuard

" Specify the domainsettings

" Specify the #@8settings and #@8

servers for Dimension

"5


45/137


WatchGuard Training

#ystem #ettings ) *on(iguration" 1nable Dimension to

send email notifications

and specify the email

server information and

credentials

" 1nable Dimension tocreate bac%up files of

log data on an S@8

server

"#


46/137


WatchGuard Training

#ystem #ettings ) Diagnostics

(n the S-stem

Settings .Diagnostics page,

you can run diagnostic

tas%s for the

Dimension operating

system, Dimension

server, and Dimension

email system*

"$


47/137


WatchGuard Training


+perating S-stem

tas%s;" 8ing, traceroute, D#S

loo%up

" System Diagnostics

" Support 0ccess for

Diagnostics" System 8ac%age

Update

" Status eport

"%


48/137


WatchGuard Training


Dimension Server

tas%s;" 8rocess 'nformation

" @as% 3istory

" 7og =essages

"&


49/137


WatchGuard Training


Email system tas%s;

" 1mail status" lush email ueue

Send all email messa+es in the queue

" 8urge 1mail ueueRemove all email messa+es in the

queue

" @est email" evie$ log messages

from the Dimension

email system

50


50/137


WatchGuard Training

Dataase ) #tatus

(n the Database .

Status page, you canmonitor the status of

the Dimension

database*

Database Status" Current database status" Stop J start the

database processes

51


51/137


WatchGuard Training

Dataase ) #tatus

Database &ac#up

" Create or restore abac%up file of the

database

" Does not includehistorical data

Log "ate" evie$ the last 26

hours of database

activity

52


52/137

Copyright ©2015 WatchGuard Technologies, Inc. All Rights ReseredWatchGuard Training

Dataase ) *on(iguration

(n the Database .

Configuration page,you can change the

location of the

Dimension database*" Built&in database

" 1!ternal 8ostgreS97database

5!


53/137


Dataase ) Diagnostics

(n the Database .

Diagnostics page,you can monitor the

status of the

Dimension database*" Database Process List

< See all the activedatabase processes

" Log *essages < 4ie$ the log

messages generated

each day

" Status "eport < See statistics for the

devices connected to

Dimension

5"


54/137


'anage Tas+s

rom the *anage

%as#s page, you canadd, edit, or remove

these tas%s;

" Schedule eports

" Bac% Up 3istorical Data

" estore 3istorical Data

Schedule reports to

generate repeatedly,

but bac% up J restore

of historical data is aone&time tas%

55


55/137


'anage Tas+s ) #chedule eports

eport Schedules

" Configuration loc%ed >ou can vie$ scheduled reports" Configuration unloc%ed >ou can add a ne$ report schedule,

and edit or remove scheduled reports

Before scheduled reports can be sent to a destination,

you must configure the settings in Dimension for that

destination;

" Send in email Email Settings -S-stem Settings . Configuration/

" Send to a directory %P Servers -Server *anagement . Configuration ."eporting/

" Send to ConnectWise ConnectWise Settings -Server *anagement .Configuration . "eporting/

5#


56/137



0dd a report schedule;

" Select $dd . Schedule"eports

Create Schedule .

Name 1 Description

settings;" Schedule #ame

" Description -optional/

+ h d l

5$


57/137



"esource Selection

" Devices; < 0ll Devices

< Specify Devices

" Servers; < 0ll Servers

< Specify Servers

+ # h d l

5%


58/137



Destination Selection

" =ust add at least onedestination for the

report

" Send reports in email

" Send reports to a

directory on an S@8server

" Send reports toConnectWise

' T + # h d l

5&


59/137



"eport Selection

" eport @ypes" @ime one

< Web&based reportsappear in the bro$ser

time zone*

" eport @emplate < Use any Custom@emplate

" eport (utput (ptions < Single

< Combined < Single J Combined

' T + # h d l

#0


60/137


'anage Tas+s ) #chedule eports" un eports

< Daily

< Wee%ly

< =onthly

< #o$ -un once/

" Start @ime

/ ti # t

#1


61/137


/ecutive #ummary eport

1!ecutive Summary

eport" Sent as a 8D file

" Specify a logo, header,and footer to customize

the report

W T ((i # t

#2


62/137


We Tra((ic #ummary eport

Web @raffic Summary

report" Sent as a 8D file

" Specify a logo, header,and footer to customize

the report

" eport includes the @opDomains chart $ith the

Web Categories -in a

pie chart/, and removes

any byte counts or

tabular information

' T + + $ i t i l D t

5


63/137


'anage Tas+s ) ac+ $p istorical Data

3istorical data includes, this information for the irebo!

devices, ireClusters, and WatchGuard servers that areconnected to Dimension;" Device information records

" 7og messages

" Summary report data

" Device health statistics

" =anaged 48# statistics

' T + + $ i t i l D t

56


64/137



Before you can bac% up the historical data in the

Dimension database, you must configure Dimension touse a remote bac%up server and then specify the

location of that remote server in the Database Bac%up

Settings*" Select $dministration . S-stem Settings . Configuration and

complete the "emote &ac#up settings*

' T + + $ i t i l D t

5.


65/137



0dd a tas% to bac% up

historical data;" Select $dd . &ac# Up

Historical Data

" Specify the %as# Nameand an optional

Description of the tas%" Specify the Start date

and End date for the

historical data to include

in the bac%up file

" Select $hether to senda notification to the

administrator $hen the

bac%up is created or

fails

' T + t i t i l D t

55


66/137


'anage Tas+s ) estore istorical Data

0dd a tas% to restore

historical data to theDimension database;" Select $dd . "estore

Historical Data

" Specify the %as# Name

and an optionalDescription of the tas%

" Specify the Start date and time and End date

and time for the

historical data to restoreto the database

'anage Tas+s estore istorical Data

5F


67/137


'anage Tas+s ) estore istorical Data " Select $hether to send

an email notification to

the administrator $hen

the bac%up file is

successfully restored or

$hen the restore fails

$ser 'anagement

#%


68/137


$ser 'anagement

(n the User

*anagement page,you can manage the

local users that can

connect to Dimension*

0dd users and assign

roles to the users to

specify $hat parts of

Dimension each user

can get access to*

$ser 'anagement

#&


69/137


$ser 'anagement

1nable Dimension to

connect to your 0ctiveDirectory server to get

user credentials and

group information*

$ser 'anagement

$0


70/137


$ser 'anagement

=anage Users and

Groups" 0dd, edit, or remove

users

" Specify roles for users

" Select devices for users

0ctive DirectorySettings

" 1nable 0ctive Directory 0uthentication

$ser 'anagement

$1


71/137


$ser 'anagement

Enable $ctive

Director-$uthentication" 1nable Dimension to

connect to your 0ctive

Directory server so you

can add users toDimension from your

0ctive Directory server*

" 7D08S must beenabled on your 0ctive

Directory server*

$ser 'anagement

$2


72/137


$ser 'anagement

Dimension includes these roles for role&based

administration that you can assign to local users;" User;

< 7ocal authentication

< 0ctive Directory User

< 0ctive Directory Group

" Devices; < 7ist of devices that send log messages to Dimension

" oles that apply to all devices; < Super 0dministrator -0ll access/

< eport 0dministrator -Schedule reports, manage groups, vie$ logs,

vie$ reports/" oles that can be applied to individual devices and groups;

< 4ie$ 7ogs

< 4ie$ eports

$ser 'anagement

$!


73/137


$ser 'anagement

ole policies function as they do in WS=;

" User K 7ist of roles K 7ist of Devices User authentication is similar to WS=;

" 7ocal user, 0D user, 0D Group

" 0D reuires D#S to resolve DCs by internal domain name

Built&in roles only" >ou cannot add custom roles

0pplied to a list of devices


74/137

$ser 'anagement

$5


75/137


$ser 'anagement

Select a role for the

user;" oles for $ll Devices; < Super $dministrator

< /lobal $dministrator

< /lobal *onitor

< "eport $dministrator < 0iew $ll Logs

< 0iew $ll "eports

$ser 'anagement

$#


76/137


$ser 'anagement" oles for Specific

Devices;

< Device $dministrator

< Device *onitor

< 0PN $dministrator

< 0PN *onitor

< 0iew Logs

< 0iew "eports

$ser 'anagement

$$


77/137


$ser 'anagement

Select devices for the

user;" 0dd any irebo! in the$vailable list to the

Selected list

" Use the Search te!t

bo! to find a irebo! inthe list of available

devices

F+


78/137


$se Dimension

$se WatchGuard Dimension

F:


79/137



WatchGuard Dimension is a virtual visibility and

management solution you can use to capture the logdata from your irebo! devices, ireClusters, and

WatchGuard servers, and manage your irebo! devices

and ireClusters*

=anagement from Dimension" @o use the Dimension management features, each irebo! or

ireCluster must have a feature %ey $ith the iveSecurit,

Service and Dimension ommand features enabled

" 0dd your irebo! devices and ireClusters to Dimension tocentrally manage and control the configurations and settings of

each irebo! device

" Create managed 48#s bet$een irebo! devices andireClusters managed by Dimension


+A


80/137



7ogging J eporting from Dimension

" @o use the logging J reporting features in Dimension, eachirebo! or ireCluster must have a feature %ey $ith the7iveSecurity Service feature enabled

" See log data in real&time

" @rac% traffic across your net$or%

" 4ie$ the source and destination of traffic" 4ie$ log message details of the traffic

" =onitor threats to your net$or%

" 4ie$ reports of the traffic

+)


81/137


'anagement 3ith Dimension


+2


82/137



0fter you add your irebo! devices and ireClusters to

Dimension, you can manage them $ith Dimension* =anage the device configuration file for each irebo! or

ireCluster

=anage 48# tunnels bet$een irebo! devices managed

by Dimension


83/137

'anagement 3ith Dimension ) Device+6


84/137


'anagement 3ith Dimension Device

'anagement

" esolve issuesidentified in Dashboard

pages, log messages,

and reports

lic. a lin. on a

Dashboard pa+e to openFireware Web /& and

resolve the issue

'anagement 3ith Dimension ) Device+.


85/137


'anagement 3ith Dimension Device

'anagement

Dimension stores theconfiguration files for

the irebo! devices

and ireClusters it

manages" 1ach time you changethe configuration file,

even if the changes are

made outside of

Dimension, a ne$revision is stored and

appears in the

Configuration Histor-

list*

'anagement 3ith Dimension ) 'anaged+5


86/137


'anagement 3ith Dimension 'anaged

4-"s

(n the 0PNs page,create managed hub&

and&spo%e 48#s

bet$een managed

devices Select Home . 0PNs

Clic% $dd to start the

reate *'N Wi0ard to

set up a managed48#

'anagement 3ith Dimension ) 'anaged+F


87/137



4-"s

Select the Hub Device" @his is a irebo!

managed by Dimension

Select a &+0PN %-pe

" %raditional &+0PN2"ecommended3

" 0irtual 'nterface&+0PN

'anagement 3ith Dimension ) 'anaged++


88/137


WatchGuard Training


4-"s

Specify a name for themanaged 48#

" @his is the name thatappears on the 0PNs

page, in the Dashboard

pages, and in thereports for 48#s

" >ou cannot change the0PN Name after the

48# is created

'anagement 3ith Dimension ) 'anaged+:


89/137


WatchGuard Training


4-"s

Specify the E(ternal'nterfaces to use for

the managed 48#

" >ou can add more thanone interface to use for

failover

" 'f you add more thanone e!ternal interface,

ma%e sure the first

interface in the list is the

primary e!ternal

interface of the irebo!

you selected as the 3ub

device

'anagement 3ith Dimension ) 'anaged:A


90/137


WatchGuard Training

a age e t t e s o a aged

4-"s

Specify the 0PN"esources to use for

the managed 48#

" Specify the '8addresses that the

Spo%e devices can use

to connect to tunnel

routes

" Specify the Direction ofthe traffic through the

B(48# tunnel

" -(ptional/ Enable 4)4N$%

'anagement 3ith Dimension ) 'anaged:)


91/137


WatchGuard Training

g g

4-"s

0fter you add the 3ubdevice to the 48#, you

can edit the 3ub

device settings to

configure the securitysettings for the 48#

Clic% Edit Hub

Settings

'anagement 3ith Dimension ) 'anaged:2


92/137


WatchGuard Training

g g

4-"s

Specify Phase 4Settings;

" Select $hether to useN$% %raversal and

specify the 5eep6alive

interval in seconds

" Select $hether to use'5E 5eep6$live and

configure the related

settings

" Select $hether to useDead Peer Detection

and configure the

related settings


93/137



94/137


WatchGuard Training

g g

4-"s

Specify Phase 7Settings;

" Enable PS and selecta Diffie&3ellman group

" Select an$uthentication method

" Select an Encr-ption method

" Select a orce #e-e(piration option;

< &- %ime -in hours/

< &- %raffic -in numberof %ilobytes sent

through the 48#/

'anagement 3ith Dimension ) 'anaged:.


95/137


WatchGuard Training

g g

4-"s

0fter you add the 3ubdevice to the 48#, add

one or more Spo%e

devices to the 48#

'n the Spo#es section,clic% $dd



96/137


WatchGuard Training

g g

4-"s

'n the $dd Spo#e/atewa- $izard,

select a irebo! to add

as the Spo%e device*

@his can be anyirebo! managed by

Dimension, e!cept for

the 3ub device*

'anagement 3ith Dimension ) 'anaged:F


97/137


WatchGuard Training

g g

4-"s

0dd the E(ternal'nterfaces on the

Spo%e device to use

for traffic through the

48# tunnel*" By default, the listincludes the e!ternal

interface configured on

the irebo! you

specified as the Spo%e

device*

'anagement 3ith Dimension ) 'anaged:+


98/137


WatchGuard Training

g g

4-"s

" 'f you add more thanone e!ternal interface to

the list, ma%e sure the

first interface in the list

is the primary e!ternal

interface on theirebo!*

'anagement 3ith Dimension ) 'anaged::


99/137


WatchGuard Training

g g

4-"s

Select the %unnel*ode;

" Specif- %raffic "outes+ver 0PN

2"ecommended3

" Send $ll %raffic +ver0PN

'anagement 3ith Dimension ) 'anaged)AA


100/137


WatchGuard Training

g g

4-"s

0dd routes to the"oute rom list;

" Specify the '8 addressof the e!ternal interface

on the Spo%e device

" Select the direction oftraffic over this '8

address;

< &i6directional2"ecommended3

< Hub6to6Spo#e < Spo#e6to6Hub

'anagement 3ith Dimension ) 'anaged)A)


101/137


WatchGuard Training

4-"s

" -(ptional/ Select theEnable 4)4 N$% chec%

bo! and type the host

address or net$or%

address to use


102/137

'anagement 3ith Dimension ) 'anaged)A


103/137


WatchGuard Training

4-"s

Select the irewallPolicies in your Spo%e

device configuration

file to apply to the

traffic through themanaged 48#;

" Default options; < $n- 2"ecommended3

@he default )n,

policy included in your

device configuration

file

'anagement 3ith Dimension ) 'anaged)A6


104/137


WatchGuard Training

4-"s

< None #o policy $illbe applied to the trafficthrough the managed

48#

" >ou can also selectanother fire$all policy

from your irebo!

configuration that

appears in the irewall

Policies list

'anagement 3ith Dimension ) 'anaged)A.


105/137


WatchGuard Training

4-"s

@he Spo%e deviceappears in the Hub

and Spo#e 0PN map

and in the Spo#es list;

" 3ub device ound" Spo%e device Suare

" 7ine bet$een iconssho$s the connection

status; < Solid 0ctive

< Dotted 'nactive

Spoke

!b

Inacti"e Connection


106/137

10$


107/137


WatchGuard Training

&ogging , eporting 3ith

Dimension

&ogging , eporting 3ith Dimension10%


108/137


WatchGuard Training

@o get the most out of the logging and reporting features

of Dimension, ma%e sure to;

" Select Enable logging for reports in pro!y actions on yourirebo! devices

" 1nable logging of )llowed 'ac.ets in all policies on your irebo!devices

" 1nable logging for Subscription Services and other features onyour irebo! devices

" Configure your irebo! devices and WatchGuard servers tosend all log messages to your Dimension server

&ogging , eporting 3ith Dimension10&


109/137


WatchGuard Training

When logging is enabled on your irebo!, and your

irebo! is configured to send log messages to

Dimension, you can see details from the log messages

in the Dimension dashboards and reports*

" Dashboards only include the $idgets for available data*

" eports only appear for available data*

&ogging , eporting 3ith Dimension110


110/137


WatchGuard Training

Logging Enabled

For… Dashboards Reports

Packet Filter Trafc

(Allowed)

'(ecutie, Threat )ap, *ireWatch, +olicy )ap We, +ac-et *ilter, Top Client, Application

Control

Packet Filter Trafc

(Denied)

ecurity, Threat )ap, +olicy )ap We, +ac-et *ilter, /enied +ac-et, Top

Client, Application Control

APT Blocker '(ecutie, ecurity, +olicy )ap A+T uary and /etail reports,

+CI Copliance, '(ecutie uary +/*

ntr!sion Pre"ention ecurity, Threat )ap, +olicy )ap I+, /enied +ac-et

#on$g!ration

changes

Authentication, Audit

All Pro%ies '(ecutie, ecurity, Threat )ap, *ireWatch,

+olicy )ap

GA, I+, +A), Application Control

&TTP Pro%ies '(ecutie, ecurity, Threat )ap, *ireWatch,

+olicy )ap

We, *ireo( tatistics, R'/

FTP Pro%ies '(ecutie, ecurity, Threat )ap, *ireWatch,

+olicy )ap

*ireo( tatistics

'TP Pro%ies '(ecutie, ecurity, Threat )ap, *ireWatch,+olicy )ap

)T+, *ireo( tatistics

PP* Pro%ies '(ecutie, ecurity, Threat )ap, *ireWatch,

+olicy )ap

+3+!, *ireo( tatistics

+ebBlocker Actions '(ecutie, ecurity, Threat )ap, *ireWatch,

+olicy )ap

We Audit

An, alar-s GA, Alars

/ecutive Dashoard111


111/137


WatchGuard Training

1!ecutive Dashboard

Widgets

" @op ero&Day =al$are-08@/

" @op Clients

" @op Domains

" @op U7 Categories" @op Destinations

" @op 0pplications

" @op 0pplicationCategories

" @op 8rotocols


112/137

#ecurity Dashoard11!


113/137


WatchGuard Training

Security Dashboard

Widgets

" @op Bloc%ed 0dvanced=al$are -08@/

" @op Bloc%ed Clients

" @op Bloc%ed

Destinations" @op Bloc%ed U7

Categories

" @op Bloc%ed 0pplications

" @op Bloc%ed 0pplicationCategories

" @op Bloc%ed 8rotocols

#ecurity Dashoard11"


114/137


WatchGuard Training

'8S Signatures

Gate$ay 0nti4irus Clic% a summary

$idget to e!pand it

and see more detail

Threat 'ap)).


115/137


WatchGuard Training

Denied 8ac%ets

-Bloc%ed/

'ntrusion 8revention

Service

Web @raffic

0pplication Control 0ll @raffic

5ireWatch))5


116/137


WatchGuard Training

Sho$s '8v6 J '8v5

addresses

Sort by;" Source

" Destination

" Domains

" 0pplication" Web 0udit

" 8rotocol

5ireWatch))F


117/137


WatchGuard Training

8ivot on;" Bytes

12nl, for pac.et filter

traffic for Fireware 2S

v33"4 or hi+her5

" Connections

3over for more detail;" ilter further " Sho$ connections

ull screen mode

-olicy 'ap))+


118/137


WatchGuard Training

'nteractive tool that

aggregates the traffic

through your irebo!

devices and sho$s the

traffic in a visualization

of the traffic flo$s*

@raffic flo$s appear asribbons that flo$

through the

connections the traffic

ma%es*

-olicy 'ap)):


119/137


WatchGuard Training

8olicy =ap sho$s the

number of flo$s,

bytes, and connections

that are included in the

traffic flo$*

-olicy 'ap120


120/137


WatchGuard Training

ilter 8olicy =ap on;" Subscription Services

activity

" 0pplication activitythrough policies

" 8olicies in use

" Users in policy flo$s" 8olicies that uses themost band$idth

" Connections bet$eenthe @rusted and

(ptional interfaces" 'nterfaces in use

" Connections bet$eenactive interfaces

-olicy 'ap121


121/137


WatchGuard Training

8ivot 8olicy =ap on;" Bytes

" Connections1Not available for the

Web )udit filter5

-olicy 'ap122


122/137


WatchGuard Training

See the traffic flo$

@he traffic flo$ ribbonpasses through the

connection columns in

the 8olicy =ap

-olicy 'ap)2


123/137


WatchGuard Training

See the traffic flo$

details

" #umber of connections

" ilter the 8olicy =ap onthe selected traffic flo$

" 4ie$ connections in

8olicy =ap for theselected traffic flo$

-olicy 'ap12"


124/137


WatchGuard Training

iltered vie$ of the

selected traffic flo$

-olicy 'ap125


125/137


WatchGuard Training

4ie$ connections from

the selected traffic flo$

&og 'anager12#


126/137


WatchGuard Training

7og messages stored

in U@C time

0ppears in your $eb

bro$serLs local time

&og #earch

12$


127/137


WatchGuard Training

un simple or comple!

search ueries to

refine log messages

for the selected

irebo!*

ilter search results by

log message type;" @raffic

" 0larm

" 1vent

" Diagnostic" Statistic

" 0ll

-er *lient eports

12%


128/137


WatchGuard Training

Summary J Detail

reports

'ncludes information

from pro!y log

messages about an

authenticated user,

host name, or an '8address

Detailed activity

summary for the

selected client and thetime range

-er *lient eports

12&


129/137


WatchGuard Training

Collapse and e!pand the selection criteria section*

Specify at least one of these options;" User name or 'D" '8 address

" 3ost name

or a Data 7oss 8revention report, you can also specify

these options;" 8olicy name

" ule name -reuired/

4ie3 eports

1!0


130/137


WatchGuard Training

(n the "eports tab for

a device, group, or

server, you can

e!pand a report type

and select many of the

same reports that are

available on yourWatchGuard eport

Server

4ie3 eports

1!1


131/137


WatchGuard Training

(n a report, select

options to pivot

on from the pivot

drop&do$n list

1!port the report to

a 8D file

$se Dimension in Another &anguage

1!2


132/137


WatchGuard Training

@he Dimension user interface is localized into these

languages;

" rench

" Spanish -7atin 0merica/

" Mapanese

" Eorean

" @raditional Chinese" Simplified Chinese

1!planatory te!t included in the 1!ecutive Summary and

Compliance reports is also localized, $hen you vie$

them in your $eb bro$ser, or generate a 8D from a$eb bro$ser vie$*

" 8D reports that are generated from a schedule do not includelocalized te!t*

1!!


133/137


WatchGuard Training

#upport WatchGuard

Dimension

Dimension #upport ) *onsole Access

1!"


134/137


WatchGuard Training

Console sho$s command line access

7og in $ith the w+support$readwrite credentials

" Change the pass$ord on initial login

" 0ccount restricted to only find or change the '8 address

@o set a static '8 address, use the command

wg8ip8addr9sh, located in

:opt:watchguard:dimension:bin*" or e!ample, to set a static '8 address of 4;79494?4 on

net$or% 4;7949?:7> $ith gate$ay 4;79494, type;

/opt/watchguard/dimension/bin/wg_ip_addr.sh -

i 192.168.24.101 -m 24 -g 192.168.24.1

" When given $ithout any options, or $ith the option 66help, thecommand displays help te!t*

Dimension #upport ) *onsole Access

1!5


135/137


WatchGuard Training

@o find the e!ternal '8 address, run the ifconfig

command*

@o find the 1thA '8 address and interface configuration

details, run the

ip addr show command*

@o find the route information for 1thA, run the ip route

show command*

Support access for diagnostics is available $ith a

connection restricted by a client&side certificate*

Dimension #upport ) 6no3n &imitations

C f

1!#


136/137


WatchGuard Training

Cannot import log files to Dimension

Certificates must use CS

" #o e!ternal private %ey

1!$


137/137

Than+ 7ou8

Intro WG Dimension v2-0-1

Documents

Transcript of Intro WG Dimension v2-0-1