You are on page 1of 58

Introduction to WatchGuard Dimension

WatchGuard Training

Introduction to WatchGuard Dimension


What is WatchGuard Dimension?
Deploy WatchGuard Dimension Configure WatchGuard Dimension

Use WatchGuard Dimension


Support WatchGuard Dimension

WatchGuard Training

What is WatchGuard Dimension?

WatchGuard Training

What is WatchGuard Dimension?


Secure and centralized logging, visibility, and reporting for XTM devices and WatchGuard servers

New ways to visualize network data Dashboards with simple drill-down into detailed log and report information Customizable reports that can be emailed to different roles in the organization Complements Web UI visibility tools in XTM OS v11.8 Reports available after first summary report period (5 minutes) All reports are on demand all the time

Cloud-ready zero-installation deployment

Delivered as a virtual appliance for ESXi (.ova) Running on 64-bit Linux Driven by Postgres 9.2 Web interface supports most desktop and mobile browsers

WatchGuard Training

What is Dimension? Architecture


Log Collector Receives logs from devices, aggregates data Web Services Serves web application to users and administrators Log Server Provides API for log data, provisioning, and automated maintenance Database Persistent storage for log and report data

WatchGuard Training

Deploy WatchGuard Dimension

WatchGuard Training

Deployment Requirements
WatchGuard Dimension is distributed as an .ova file for installation on VMware ESXi 5.x.

Your ESXi host must support 64-bit guest operating systems WatchGuard Dimension has been primarily tested on VMWare ESXi hypervisors. It can also be installed in VMware Workstation, Player, Fusion environments, which is a great option for training and demonstration. WatchGuard is not currently available on any non-VMware hypervisors.

WatchGuard Dimension is available on the Software Downloads pages with the downloads for XTM devices.

1. Log in to WatchGuard.com 2. Browse to Articles & Software 3. Filter by Software Downloads (excluding Articles and Known Issues)

WatchGuard Training

Deployment
After downloading the WatchGuard Dimension virtual appliance (.ova) connect to your ESXi host with vSphere. From the File menu, select Deploy OVF Template.

WatchGuard Training

Deployment
Browse to the downloaded WatchGuard Dimension OVA and select that as your source.

WatchGuard Training

Deployment
Confirm the OVF Template Details and Accept the EULA.

WatchGuard Training

10

Deployment
Choose a name and disk format for this VM.

WatchGuard Training

11

Deployment
Map the virtual network adapter to the appropriate destination network. Note:

WatchGuard Dimensions network adapter defaults to DHCP. You will need a DHCP server on the network for Dimension to receive an IP address and access the setup wizard web interface.

WatchGuard Training

12

Deployment
Confirm the deployment settings. Note the disk allocation defaults to 43GB.

3GB for OS drive (disk 1) 40GB for Data drive (disk 2)

Power on after deployment if you want to keep the default settings.

WatchGuard Training

13

Deployment
Changing the provisioned size of Hard disk 2 before boot (or reboot) will result in more storage for logging and reports. Other defaults include:

2GB of RAM 2 CPUs (2 sockets, 1 core each)

WatchGuard Training

14

Deployment
Notes:

The Dimension VM is deployed by default with a data disk size of 40GB. The data disk is fully reserved for the log database and the related overhead space required by Postgres. After the Dimension VM is deployed, the data disk size cannot be reduced. To limit the size to be less than 40GB and avoid data loss, you must remove and re-add Hard disk 2 before you power on the VM for the first time.

WatchGuard Training

15

Deployment
Once your VM is powered on, you see the IP address assigned to Dimension through DHCP. Use this this IP address to make an HTTPS connection to Dimension and start the Dimension Setup Wizard.

WatchGuard Training

16

Configure WatchGuard Dimension

WatchGuard Training

17

Configuration Requirements
WatchGuard Dimension supports these web browsers:

Firefox v22 and later Internet Explorer 9 and later Safari 5 and later Safari on iOS 6 and later Chrome v29 and later

You should be able to successfully use WatchGuard Dimension on most mobile phone and tablet devices. Connect to Dimension in a web browser at https://<dimension-IP-address>

WatchGuard Training

18

Configuration Setup Wizard


Accept the security warning to continue to connect to WatchGuard Dimension.

WatchGuard Training

19

Configuration Setup Wizard


Log in with these credentials:

User Name: admin Password: readwrite

WatchGuard Training

20

Configuration Setup Wizard


Make sure you have this information before you start the Setup Wizard:

Host name IPv4 address and settings for the eth0 interface Administrator passphrase Log Server Encryption Key

WatchGuard Training

21

Configuration Setup Wizard


Specify the host name for Dimension Select the IP address method:

Static DHCP

For a static IP address, we recommend that you specify an IPv4 address.

WatchGuard Training

22

Configuration Setup Wizard


Set the Administrator Passphrase to use to connect to Dimension and manage the Dimension servers. The Administrator Passphrase must have a minimum of 8 characters.

WatchGuard Training

23

Configuration Setup Wizard


Set the Log Server Encryption Key.

WatchGuard Training

24

Configuration XTM Devices


WatchGuard Dimension can accept log messages and generate reports for any device that runs Fireware XTM OS. WatchGuard Dimension can also accept log messages from a WatchGuard Management Server or Quarantine Server.

On an XTM device, use the IP address and Encryption Key from WatchGuard Dimension when you configure the WatchGuard Log Server settings. On WatchGuard servers, use the same IP address and Encryption Key in the Logging settings.

In some environments you may be NATing the HTTPS and WatchGuard Logging connections through your XTM device. This changes the IP address you use to connect to WatchGuard Dimension or where you send WatchGuard Logging connections.

WatchGuard Training

25

Configuration After the WizardLog In


Multiple Super administrator users can be logged in at the same time Configuration pages have modes:

RO (Read-Only) RW (Read-Write)

WatchGuard Training

26

Configuration After the WizardManage Services


The Manage Services drop-down list includes the menu options to configure settings for Dimension:

Schedule Reports Manage the Log Server Manage the Log Database Manage user accounts Configure System Settings

WatchGuard Training

27

Configuration System Settings


Configure System and Network settings Manage certificates System Maintenance

Reboot Upgrade Restore


Factory default!!!!

Diagnostic Tools

View Connected Users

WatchGuard Training

28

Configuration User Management


Manage Users and Roles

Add, edit, or remove users Apply roles:


RO View-only RW Read-write

Active Directory Settings

Enable Active Directory Authentication Specify an Active Directory Server

WatchGuard Training

29

Configuration - Users
Add/Edit User:

Types:
Local Active Directory

Specify password Select Roles Select Devices

WatchGuard Training

30

Configuration Users
Role policy same as WSM

User + List of roles + List of Devices Local user, AD user, AD Group AD requires DNS to resolve DCs by internal domain name Super Administrator
Full access

User authentication similar to WSM:

Built-in roles only (no custom roles)

Report Administrator
View logs View reports Manage scheduled reports and groups

View Logs View Reports

Applied to a list of devices


WatchGuard Training 31

Configuration Logging Server Management


On the Status page:

View the status of the Log Server Stop and start the Log Server

WatchGuard Training

32

Configuration Logging Server Management


On the Configuration > General page, you configure these settings for the Log Server:

Change the Encryption Key Specify the log data deletion settings Back up and restore the Log Server database

WatchGuard Training

33

Configuration Logging Server Management


On the Configuration > Notifications page, configure the settings for email:

Failure Events Device Events Message Purge

Must be configured to send scheduled reports

WatchGuard Training

34

Configuration Logging Server Management


On the Configuration > Notifications page, configure the settings for reports: Report Customizations are templates to apply to report PDFs:

Header Footer Logo

Configure settings for ConnectWise Integration

WatchGuard Training

35

Configuration Logging Server Management


On the Diagnostics page, you can use these diagnostic tools:

Purge diagnostic logs Backup/Restore Log Server database View Process List View Log Server log messages View Log Collector log messagess

WatchGuard Training

36

Configuration Schedule Reports


Report Schedules

RO View only RW Add/Edit/Remove scheduled reports

Before scheduled reports can be sent, an SMTP server must be configured in the Notifications settings

WatchGuard Training

37

Configuration Schedule Reports


Schedule General settings

Name Descripton (optional)

WatchGuard Training

38

Configuration Schedule Reports


Device Selection

Devices:
All Devices Specify Devices

Servers:
All Servers Specify Servers

WatchGuard Training

39

Configuration Schedule Reports


Recipient Selection

Must add at least one recipient

WatchGuard Training

40

Configuration Schedule Reports


Report Selection

Report Types Timezone


For report display purposes only. Web-based reports appear in the browser/OS time zone.

Customization Aggregation
Single (per device) Combined (grouped devices)

Frequency

WatchGuard Training

41

Configuration New Summary Reports


Schedule two new Reports:

Executive Summary Web Traffic Summary

Both new reports are available as scheduled reports that you can send to specific email addresses. Both reports can use any Report Customization (report template) that you create.

WatchGuard Training

42

Configuration Executive Summary Report


Executive Summary report

Sent as a PDF file Specify a logo, header, and footer to customize the report

WatchGuard Training

43

Configuration Web Traffic Summary Report


Web Traffic Summary report

Sent as a PDF file Specify a logo, header, and footer to customize the report Report includes the Top Domains chart with the Web Categories (in a pie chart), and removes any byte counts or tabular information

WatchGuard Training

44

Use WatchGuard Dimension

WatchGuard Training

45

Use WatchGuard Dimension


To get the most out of Dimension, make sure to:

Select Enable logging for reports in proxy actions on your XTM devices and WatchGuard Servers. Enable logging of Allowed Packets in all policies. Configure your XTM devices and WatchGuard servers to send all log messages to your Dimension Log Server.

WatchGuard Training

46

Use WatchGuard Dimension


Log Messages
Packet Filter Allowed Logs

Reports Web, Packet Filter, Top Client, Application Control Web, Packet Filter, Denied Packet, Top Client, Application Control IPS, Denied Packet Authentication, Audit GAV, IPS, SPAM, Application Control Web, Firebox Statistics, RED Firebox Statistics SMTP, Firebox Statistics POP3, Firebox Statistics GAV, Alarms

Dashboards Executive, Threat Map, FireWatch Security, Threat Map Security, Threat Map

Packet Filter Denied Logs Intrusion Prevention Logs Log when configuration has changed

All Proxies: Enable logging for reports

Executive, Security, Threat Map, FireWatch Executive, Security, Threat Map, FireWatch Executive, Security, Threat Map, FireWatch Executive, Security, Threat Map, FireWatch Executive, Security, Threat Map, FireWatch

HTTP Proxies: Enable logging for reports

FTP Proxies: Enable logging for reports

SMTP Proxies: Enable logging for reports

POP3 Proxies: Enable logging for reports Any alarms


WatchGuard Training

47

Executive Dashboard
Top 10

Clients Domains URL Categories Destinations Applications Application Categories Protocols

Click a summary to expand it and see more detail.

WatchGuard Training

48

Security Dashboard
Top 10 Blocked

Clients Destinations URL Categories Applications Application Categories Protocols

IPS Signatures Gateway Anti-Virus Click a summary to expand it and see more detail.

WatchGuard Training

49

Threat Map
Denied Packets (Blocked) Intrusion Prevention Service Web Traffic Application Control All Traffic

WatchGuard Training

50

FireWatch
Sort by:

Source Destination Domains Application WebBlocker Protocol Bytes


(Not available for packet filter traffic prior to XTM OS v11.8)

Pivot on:

Connections Filter further Show connections


51

Hover for more detail:

WatchGuard Training

Log Manager
Log messages stored in UTC time Appears in your web browsers local time

WatchGuard Training

52

Log Search
Run simple or complex search queries to refine the log messages that appear for the selected XTM device. Filter the search results by log message type:

Traffic Alarm Event Diagnostic Statistic All

WatchGuard Training

53

Other Available Reports


The same reports are available that were previously available on your WatchGuard Report Server Select options to pivot on from the pivot drop-down list Export the report to a PDF file

WatchGuard Training

54

Support WatchGuard Dimension

WatchGuard Training

55

Dimension Support Console Access


vSphere console shows command line access Login with wgsupport/readwrite (must change the password on initial login)

Account restricted to only change the IP address To set a static IP address, use the command wg_ip_addr.sh, located in /opt/watchguard/dimension/bin. For example, to set a static IP address of 192.168.24.101 on network 192.168.24.0/24 with gateway 192.168.24.1, type: /opt/watchguard/dimension/bin/wg_ip_addr.sh i 192.168.24.101 -m 24 -g 192.168.24.1 When given without any options, or with the option --help, the command displays help text.

Support Access for Diagnostics is available with a connection restricted by a client-side certificate.

WatchGuard Training

56

Dimension Support Known Limitations


No external database Local Backup/Restore No host name resolution Cannot import log files to Dimension Certificates must use CSR

No external private key

WatchGuard Training

57

Thank You!

WatchGuard Training

58

You might also like