Introduction to watchguard dimension
Download
1 / 58

Introduction to WatchGuard Dimension™ - PowerPoint PPT Presentation


  • 96 Views
  • Uploaded on

Introduction to WatchGuard Dimension™. Introduction to WatchGuard Dimension. What is WatchGuard Dimension? Deploy WatchGuard Dimension Configure WatchGuard Dimension Use WatchGuard Dimension Support WatchGuard Dimension. What is WatchGuard Dimension?. What is WatchGuard Dimension?.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Introduction to WatchGuard Dimension™' - nadine


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Introduction to watchguard dimension

Introduction to WatchGuard Dimension™


Introduction to watchguard dimension1
Introduction to WatchGuard Dimension

  • What is WatchGuard Dimension?

  • Deploy WatchGuard Dimension

  • Configure WatchGuard Dimension

  • Use WatchGuard Dimension

  • Support WatchGuard Dimension



What is watchguard dimension1
What is WatchGuard Dimension?

  • Secure and centralized logging, visibility, and reporting for XTM devices and WatchGuard servers

    • New ways to visualize network data

    • Dashboards with simple drill-down into detailed log and report information

    • Customizable reports that can be emailed to different roles in the organization

    • Complements Web UI visibility tools in XTM OS v11.8

    • Reports available after first summary report period (5 minutes)

    • All reports are ‘on demand’ all the time

  • Cloud-ready zero-installation deployment

    • Delivered as a virtual appliance for ESXi (.ova)

    • Running on 64-bit Linux

    • Driven by Postgres 9.2

    • Web interface supports most desktop and mobile browsers


What is dimension architecture
What is Dimension? — Architecture

  • Log Collector — Receives logs from devices, aggregates data

  • Web Services — Serves web application to users and administrators

  • Log Server — Provides API for log data, provisioning, and automated maintenance

  • Database — Persistent storage for log and report data



Deployment requirements
Deployment — Requirements

  • WatchGuard Dimension is distributed as an .ova file for installation on VMware ESXi 5.x.

    • Your ESXi host must support 64-bit guest operating systems

    • WatchGuard Dimension has been primarily tested on VMWareESXi hypervisors. It can also be installed in VMware Workstation, Player, Fusion environments, which is a great option for training and demonstration.

    • WatchGuard is not currently available on any non-VMware hypervisors.

  • WatchGuard Dimension is available on the Software Downloads pages with the downloads for XTM devices.

    • Log in to WatchGuard.com

    • Browse to Articles & Software

    • Filter by Software Downloads (excluding Articles and Known Issues)


Deployment
Deployment

  • After downloading the WatchGuard Dimension virtual appliance (.ova) connect to your ESXi host with vSphere.

  • From the File menu, select Deploy OVF Template.


Deployment1
Deployment

  • Browse to the downloaded WatchGuard Dimension OVA and select that as your source.


Deployment2
Deployment

  • Confirm the OVF Template Details and Accept the EULA.


Deployment3
Deployment

  • Choose a name and disk format for this VM.


Deployment4
Deployment

  • Map the virtual network adapter to the appropriate destination network.

  • Note:

    • WatchGuard Dimension’s network adapter defaults to DHCP.

    • You will need a DHCP server on the network for Dimension to receive an IP address and access the setup wizard web interface.


Deployment5
Deployment

  • Confirm the deployment settings.

  • Note the disk allocation defaults to 43GB.

    • 3GB for OS drive (disk 1)

    • 40GB for Data drive (disk 2)

  • Power on after deployment if youwant to keep the default settings.


Deployment6
Deployment

  • Changing the provisioned size of Hard disk 2 before boot (or reboot) will result in more storage for logging and reports.

  • Other defaults include:

    • 2GB of RAM

    • 2 CPUs (2 sockets, 1 core each)


Deployment7
Deployment

  • Notes:

    • The Dimension VM is deployed by default with a data disk size of 40GB.

    • The data disk is fully reserved for the log database and the related overhead space required by Postgres.

    • After the Dimension VM is deployed, the data disk size cannot be reduced.

    • To limit the size to be less than 40GB and avoid data loss, you must remove and re-add Hard disk 2 before you power on the VM for the first time.


Deployment8
Deployment

  • Once your VM is powered on, you see the IP address assigned to Dimension through DHCP.

  • Use this this IP address tomake an HTTPS connectionto Dimension and start theDimension Setup Wizard.



Configuration requirements
Configuration — Requirements

  • WatchGuard Dimension supports these web browsers:

    • Firefox v22 and later

    • Internet Explorer 9 and later

    • Safari 5 and later

    • Safari on iOS 6 and later

    • Chrome v29 and later

  • You should be able to successfully use WatchGuard Dimension on most mobile phone and tablet devices.

  • Connect to Dimension in a web browser at https://<dimension-IP-address>


Configuration setup wizard
Configuration — Setup Wizard

  • Accept the securitywarning to continue to connect to WatchGuard Dimension.


Configuration setup wizard1
Configuration — Setup Wizard

  • Log in with these credentials:

    • User Name: admin

    • Password: readwrite


Configuration setup wizard2
Configuration — Setup Wizard

  • Make sure you have this information before you start the Setup Wizard:

    • Host name

    • IPv4 address and settings for the eth0 interface

    • Administrator passphrase

    • Log Server Encryption Key


Configuration setup wizard3
Configuration — Setup Wizard

  • Specify the host namefor Dimension

  • Select the IP address method:

    • Static

    • DHCP

  • For a static IP address, we recommend that you specify an IPv4 address.


Configuration setup wizard4
Configuration — Setup Wizard

  • Set the Administrator Passphrase to use to connect to Dimension and manage the Dimension servers.

  • The Administrator Passphrase must have a minimum of 8 characters.


Configuration setup wizard5
Configuration — Setup Wizard

  • Set the Log ServerEncryption Key.


Configuration xtm devices
Configuration — XTM Devices

  • WatchGuard Dimension can accept log messages and generate reports for any device that runs Fireware XTM OS.

  • WatchGuard Dimension can also accept log messages from a WatchGuard Management Server or Quarantine Server.

    • On an XTM device, use the IP address and Encryption Key from WatchGuard Dimension when you configure the WatchGuard Log Server settings.

    • On WatchGuard servers, use the same IP address and Encryption Key in the Logging settings.

  • In some environments you may be NATing the HTTPS and WatchGuard Logging connections through your XTM device. This changes the IP address you use to connect to WatchGuard Dimension or where you send WatchGuard Logging connections.


Configuration after the wizard log in
Configuration — After the Wizard…Log In

  • Multiple “Super administrator users” can be logged in at the same time

  • Configuration pages have modes:

    • RO (Read-Only)

    • RW (Read-Write)


Configuration after the wizard manage services
Configuration — After the Wizard…Manage Services

  • The Manage Services drop-down list includes the menu options to configure settings for Dimension:

    • Schedule Reports

    • Manage the Log Server

    • Manage the Log Database

    • Manage user accounts

    • Configure System Settings


Configuration system settings
Configuration — System Settings

  • Configure System and Network settings

  • Manage certificates

  • System Maintenance

    • Reboot

    • Upgrade

    • Restore

      • Factory default!!!!

    • Diagnostic Tools

  • View Connected Users


Configuration user management
Configuration — User Management

  • Manage Users and Roles

    • Add, edit, or remove users

    • Apply roles:

      • RO – View-only

      • RW – Read-write

  • Active Directory Settings

    • Enable Active Directory Authentication

    • Specify an Active Directory Server


Configuration users
Configuration - Users

  • Add/Edit User:

    • Types:

      • Local

      • Active Directory

    • Specify password

    • Select Roles

    • Select Devices


Configuration users1
Configuration — Users

  • Role policy same as WSM

    • User + List of roles + List of Devices

  • User authentication similar to WSM:

    • Local user, AD user, AD Group

    • AD requires DNS to resolve DCs by internal domain name

  • Built-in roles only (no custom roles)

    • Super Administrator

      • Full access

    • Report Administrator

      • View logs

      • View reports

      • Manage scheduled reports and groups

    • View Logs

    • View Reports

  • Applied to a list of devices


Configuration logging server management
Configuration — Logging Server Management

  • On the Status page:

    • View the status of the Log Server

    • Stop and start theLog Server


Configuration logging server management1
Configuration — Logging Server Management

  • On the Configuration > General page, you configure these settings for the Log Server:

    • Change the Encryption Key

    • Specify the log data deletion settings

    • Back up and restore the Log Server database


Configuration logging server management2
Configuration — Logging Server Management

  • On the Configuration > Notifications page, configure the settings for email:

    • Failure Events

    • Device Events

    • Message Purge

  • Must be configured to sendscheduled reports


Configuration logging server management3
Configuration — Logging Server Management

  • On the Configuration > Notifications page, configure the settings for reports:

  • Report Customizationsare templates to apply toreport PDFs:

    • Header

    • Footer

    • Logo

  • Configure settings forConnectWise Integration


Configuration logging server management4
Configuration — Logging Server Management

  • On the Diagnostics page, you can use these diagnostic tools:

    • Purge diagnostic logs

    • Backup/Restore Log Serverdatabase

    • View Process List

    • View Log Server log messages

    • View Log Collector log messagess


Configuration schedule reports
Configuration — Schedule Reports

  • Report Schedules

    • RO — View only

    • RW — Add/Edit/Removescheduled reports

  • Before scheduled reports can be sent, an SMTP server must be configured in the Notificationssettings


Configuration schedule reports1
Configuration — Schedule Reports

  • Schedule General settings

    • Name

    • Descripton (optional)


Configuration schedule reports2
Configuration — Schedule Reports

  • Device Selection

    • Devices:

      • All Devices

      • Specify Devices

    • Servers:

      • All Servers

      • Specify Servers


Configuration schedule reports3
Configuration — Schedule Reports

  • Recipient Selection

    • Must add at least one recipient


Configuration schedule reports4
Configuration — Schedule Reports

  • Report Selection

    • Report Types

    • Timezone

      • For report display purposes only.Web-based reports appear in the browser/OS time zone.

    • Customization

    • Aggregation

      • Single (per device)

      • Combined (grouped devices)

    • Frequency


Configuration new summary reports
Configuration — New Summary Reports

  • Schedule two new Reports:

    • Executive Summary

    • Web Traffic Summary

  • Both new reports are available as scheduled reports that you can send to specific email addresses.

  • Both reports can use any Report Customization (report template) that you create.


Configuration executive summary report
Configuration — Executive Summary Report

  • Executive Summary report

    • Sent as a PDF file

    • Specify a logo, header, and footer to customize the report


Configuration web traffic summary report
Configuration — Web Traffic Summary Report

  • Web Traffic Summary report

    • Sent as a PDF file

    • Specify a logo, header, and footer to customize the report

    • Report includes the Top Domains chart with the Web Categories (in a pie chart), and removes any byte counts or tabular information



Use watchguard dimension1
Use WatchGuard Dimension

  • To get the most out of Dimension, make sure to:

    • Select Enable logging for reports in proxy actions on your XTM devices and WatchGuard Servers.

    • Enable logging of Allowed Packets in all policies.

    • Configure your XTM devices and WatchGuard servers to send all log messages to your Dimension Log Server.



Executive dashboard
Executive Dashboard

  • Top 10

    • Clients

    • Domains

    • URL Categories

    • Destinations

    • Applications

    • Application Categories

    • Protocols

  • Click a summary toexpand it and see more detail.


Security dashboard
Security Dashboard

  • Top 10 Blocked

    • Clients

    • Destinations

    • URL Categories

    • Applications

    • Application Categories

    • Protocols

  • IPS Signatures

  • Gateway Anti-Virus

  • Click a summary toexpand it and see moredetail.


Threat map
Threat Map

  • Denied Packets(Blocked)

  • Intrusion PreventionService

  • Web Traffic

  • Application Control

  • All Traffic


Firewatch
FireWatch

  • Sort by:

    • Source

    • Destination

    • Domains

    • Application

    • WebBlocker

    • Protocol

  • Pivot on:

    • Bytes (Not available for packet filter traffic prior to XTM OS v11.8)

    • Connections

  • Hover for more detail:

    • Filter further

    • Show connections


Log manager
Log Manager

  • Log messages stored in UTC time

  • Appears in your web browser’s local time


Log search
Log Search

  • Run simple or complex search queries to refine the log messages that appear for the selected XTM device.

  • Filter the search resultsby log message type:

    • Traffic

    • Alarm

    • Event

    • Diagnostic

    • Statistic

    • All


Other available reports
Other Available Reports

  • The same reports areavailable that werepreviously available on your WatchGuard Report Server

  • Select options to pivoton from the pivotdrop-down list

  • Export the report to a PDF file



Dimension support console access
Dimension Support — Console Access

  • vSphere console shows command line access

  • Login with wgsupport/readwrite (must change the password on initial login)

    • Account restricted to only change the IP address

    • To set a static IP address, use the command wg_ip_addr.sh, located in /opt/watchguard/dimension/bin. For example, to set a static IP address of 192.168.24.101 on network 192.168.24.0/24 with gateway 192.168.24.1, type:  /opt/watchguard/dimension/bin/wg_ip_addr.sh -i 192.168.24.101 -m 24 -g 192.168.24.1

    • When given without any options, or with the option --help, the command displays help text.

  • Support Access for Diagnostics is available with a connection restricted by a client-side certificate.


Dimension support known limitations
Dimension Support — Known Limitations

  • No external database

  • Local Backup/Restore

  • No host name resolution

  • Cannot import log files to Dimension

  • Certificates must use CSR

    • No external private key



ad