WatchGuard Technologies FireboxTM System 4.6 User Manual
Setting up a drop-in network
36
The QuickSetup wizard also writes a basic configuration file called
wizard.cfg
to the hard disk of the Management Station. If you later want to expand
or change the basic Firebox configuration using Policy Manager, use
wizard.cfg
as
the base file to which you make changes.
You can run the QuickSetup wizard again at any time to a create new, basic
configuration file.
configuration file.
To run the QuickSetup wizard:
1
Complete the Network Configuration Worksheet.
A copy is included with the
Install Guide. It can also be found as a .pdf file in the WatchGuard
Documentation directory.
2
From the Windows Desktop, select Start => Programs => WatchGuard =>
QuickSetup Wizard.
QuickSetup Wizard.
You can also, from the Control Center, select LiveSecurity => QuickSetup Wizard
LiveSecurity => QuickSetup Wizard
LiveSecurity => QuickSetup Wizard
LiveSecurity => QuickSetup Wizard. The
QuickSetup wizard prompts for information about your network and security policy preferences.
Setting up a drop-in network
A drop-in network configuration is useful for situations where you can distribute
network address space across the Firebox interfaces. In a drop-in configuration, you
place the Firebox physically between the router and the LAN, without reconfiguring
any of the machines on the Trusted interface.
network address space across the Firebox interfaces. In a drop-in configuration, you
place the Firebox physically between the router and the LAN, without reconfiguring
any of the machines on the Trusted interface.
Characteristics of a drop-in configuration:
• A single network that is not subdivided into smaller networks; the network is
not subnetted.
• WatchGuard performs proxy ARP.
- The Firebox answers ARP requests for machines that cannot hear the
broadcasts.
- The Firebox can be placed in a network without changing default gateways
on the Trusted hosts. This is because the Firebox answers for the router, even
though the router cannot hear the Trusted host’s ARP requests.
though the router cannot hear the Trusted host’s ARP requests.
- To enable proxy ARP, you must assign the same IP address to all three
interfaces for the Firebox. This is the only supported address assignment in
drop-in configuration.
drop-in configuration.
• All Trusted computers must have their ARP caches flushed.
The QuickSetup wizard replaces the configuration file, writing over any prior
version. To make a backup copy of the configuration file on the flash disk, see
the Firebox System Area chapter in the
version. To make a backup copy of the configuration file on the flash disk, see
the Firebox System Area chapter in the
Reference Guide.
Documentation for running the QuickSetup wizard is contained in the
wizard’s on-panel instructions,
wizard’s on-panel instructions,
Install Guide, and Online Help.
When the wizard prompts you to enter monitoring (read-only) and
configuration (read-write) passphrases, use two completely different
passphrases.
configuration (read-write) passphrases, use two completely different
passphrases.