WatchGuard x1000 用户指南
Chapter 11: Intrusion Detection and Prevention
184
WatchGuard Firebox System
To detect whether a man-in-the-middle attack is in
progress:
progress:
1
Bring up the user interface for the Certificate
Authority.
Authority.
The browser displays the fingerprint for the CA certificate.
2
Verify the certificate against the one displayed in
Firebox System Manager, Front Panel tab, as shown in
the following figure.
Firebox System Manager, Front Panel tab, as shown in
the following figure.
Blocking Sites
The Blocked Sites feature of the Firebox helps you prevent
unwanted contact from known or suspected hostile sys-
tems. After you identify an intruder, you can block all
attempted connections from them. You can also configure
logging to record all access attempts from these sources so
you can collect clues as to what services they are attempt-
ing to attack.
unwanted contact from known or suspected hostile sys-
tems. After you identify an intruder, you can block all
attempted connections from them. You can also configure
logging to record all access attempts from these sources so
you can collect clues as to what services they are attempt-
ing to attack.
A blocked site is an IP address outside the Firebox that is
prevented from connecting to hosts behind the Firebox. If
any packet comes from a host that is blocked, it does not
get past the Firebox.
prevented from connecting to hosts behind the Firebox. If
any packet comes from a host that is blocked, it does not
get past the Firebox.
There are two kinds of blocked sites: