WatchGuard Technologies FireboxTM System 4.6 User Manual
Setting up proxy services
52
2
On the toolbar, click the Delete Service icon (it appears as an “X”).
You can also select Edit
=>
Delete. A verification alert appears.
3
Click Yes.
Policy Manager removes the service from the Services Arena.
4
Click File => Save => To Firebox to save your changes to the Firebox. Specify the
location and name of the new configuration file.
location and name of the new configuration file.
Setting up proxy services
The WatchGuard Firebox System uses a technology called “transparent proxies.”
Transparent proxies can be employed without any special third-party or proxy-aware
software, and are transparent to client programs. WatchGuard has application-
specific proxies for SMTP, FTP, and HTTP.
Transparent proxies can be employed without any special third-party or proxy-aware
software, and are transparent to client programs. WatchGuard has application-
specific proxies for SMTP, FTP, and HTTP.
Configuring an SMTP proxy service
The SMTP proxy limits several potentially harmful aspects of e-mail. The proxy scans
the content type and content disposition headers and matches them against a user-
definable list of known hostile signatures. E-mail containing suspect attachments is
blocked and replaced with messages indicating that this action has been taken.
the content type and content disposition headers and matches them against a user-
definable list of known hostile signatures. E-mail containing suspect attachments is
blocked and replaced with messages indicating that this action has been taken.
The list of disallowed signatures can be modified from the Content Types tab in the
SMTP Proxy dialog box. You do not have to reboot the Firebox when you make these
SMTP configuration changes.
SMTP Proxy dialog box. You do not have to reboot the Firebox when you make these
SMTP configuration changes.
The proxy also automatically disables nonstandard commands such as Debug, and
can limit message size and number of recipients. If the message exceeds preset limits,
the Firebox refuses the mail.
can limit message size and number of recipients. If the message exceeds preset limits,
the Firebox refuses the mail.
The Policy Manager uses separate dialog boxes for incoming and outgoing SMTP
rules. Because incoming messages pose a greater threat to your network than
outgoing ones, the dialog box for incoming SMTP has more controls and configurable
properties.
rules. Because incoming messages pose a greater threat to your network than
outgoing ones, the dialog box for incoming SMTP has more controls and configurable
properties.
Configuring the incoming SMTP proxy
Use the Incoming SMTP Proxy dialog box to set the incoming parameters of the
SMTP proxy. You must already have an SMTP Proxy service icon in the Services
Arena. From the Services Arena:
SMTP proxy. You must already have an SMTP Proxy service icon in the Services
Arena. From the Services Arena:
1
Double-click the SMTP Proxy icon to open the SMTP Proxy Properties dialog
box.
box.
2
Click the Properties tab.
When performing incoming, static NAT, internal hosts must point to the
internal IP address of the server, not the Firebox or public IP address.
Users should have their WINS, host file, or internal DNS set to resolve to
the internal IP of the server in question. For more information, see
“Configuring a service for incoming static NAT” on page 66.
internal IP address of the server, not the Firebox or public IP address.
Users should have their WINS, host file, or internal DNS set to resolve to
the internal IP of the server in question. For more information, see
“Configuring a service for incoming static NAT” on page 66.