Security Services

Start Omhoog

Security Services

Basic Security Services Advanced Security Services
Intrusion Prevention

Identifies direct attacks on your network applications or operating system.

Includes a set of signatures associated with specific commands or text found in commands that could be harmful.

Scan modes:

  • Full Scan: Scans all packets
  • Fast Scan: Scans fewer packets
  • Implementation:

  • Enabled for all policies by default
  • Can be disabled for selective policies
  • Possible to configure exceptions
  • For a HTTPS proxy policy, enable a HTTPS proxy action


    Reputation Enabled Defense

    Uses cloud-based WatchGuard reputation servers that assign a reputation score between 1 and 100 to every URL. When a user goes to a website, RED sends the requested web address (or URL) to the WatchGuard reputation server. The WatchGuard server responds with a reputation score for that URL. Based on the reputation score, and on locally configured thresholds, RED determines whether the Firebox should drop the traffic, allow the traffic and scan it locally with Gateway AV, or allow the traffic without a local Gateway AV scan. This increases performance, because Gateway AV does not need to scan URLs with a known good or bad reputation.



    WebBlocker uses a database of websites, organized into categories based on their content. You configure WebBlocker to control which website categories your users can connect to. When a user on your network browses the Internet, the Firebox automatically checks the WebBlocker Server to see if the site is allowed. If the site is on the deny list, the user receives a message that the site is not available. You can enable a cache of WebBlocker entries, and set the cache size and expiration date.


    Uses anti-spam technology from CYREN (formerly Commtouch) to block spam at your Internet gateway. spamBlocker looks for patterns in spam traffic, instead of the contents of individual email messages. Because it uses a combination of rules, pattern matching, and sender reputation, it can find spam in any language, format, or encoding method.

    Works with SMTP, POP3, and IMAP proxy policies to examine up to 20,000 bytes of each inbound email message. You can configure the Firebox to take any of the following actions when spamBlocker determines that an email message processed by the SMTP proxy is spam:

  • Deny Stops the spam email message from being delivered to the email server. The Firebox sends this message to the sending email server: Delivery not authorized, message refused.
  • Add subject tag Identifies the email message as spam or not spam and allows spam email messages to go to the mail server. See the subsequent section for more information on spamBlocker tags.
  • Allow Allows spam email messages to go through the Firebox without a tag.
  • Drop Drops the connection immediately. Unlike the Deny option, the Firebox does not give any SMTP error messages to the sending server.
  • Quarantine Sends the message classified as spam to a Quarantine Server.
  • If you use spamBlocker with the POP3 or IMAP proxy, you have only two actions to choose from: Add Subject Tag and Allow. You cannot use the Quarantine Server with the POP3 or IMAP proxy.


  • DNS: you must configure at least one DNS server so the Firebox can resolve the IP addresses of the CYREN servers. If you do not do this, spamBlocker will not operate.
  • Tags: the Firebox can add spamBlocker tags to the subject line of the email message. You can also configure spamBlocker to customize the tag that it adds. This example shows the subject line of an email message that was classified as spam. The tag added is the default tag: ***SPAM***.
  • Categories: spamBlocker puts potential spam email messages into two categories based on the classification of the mail envelope.
  • Confirmed Spam
  • Bulk
  • Suspect
  • Exceptions: If you know the address of the sender, you can configure the device with an exception that tells it not to examine messages from that source address or domain.
  • spamBlocker does not detect spam in outgoing SMTP email. To prevent spam from originating from your network and conserve network resources, you should disable email relay functionality on your email server and enable email relay protection to inbound email using the incoming SMTP proxy action.

    Gateway Antivirus

    Identifies viruses and trojans brought into your network through email, web browsing, TCP connections, or FTP downloads.


    Applicaton Control

    Monitor and control the use of web-based applications on your network.

    For example you can:

  • Block YouTube, Skype, and QQ
  • Block P2P applications for users who are not part of the management team
  • Allow the marketing department to use social networking sites such as Facebook and Twitter
  • Allow use of Windows Live Messenger for instant messaging, but disallow file transfer over Windows Live Messenger
  • Limit the use of streaming media application to specific hours n Report on the use (or attempted use) of applications by any individual in the company
  • Limit the bandwidth used by certain applications with traffic management
  • Implementation:

  • Per-Application Action
  • Default Action
  • For a HTTPS proxy policy, enable content inspection in the HTTPS proxy action

    Network Discovery


    APT Blocker

    Identifies advanced malware brought into your network through email, web browsing, or FTP traffic.


    Data Loss Prevention

    Scans content for specific patterns and compares the content to signatures that leaves your network. It does not scan files and messages that come in to your network from an external location.

    Examples of content control rules:

  • Bank routing numbers
  • Confidential document markers
  • Medical patient forms
  • National identification numbers
  • Social security numbers
  • Drivers license numbers
  • Postal addresses
  • Telephone numbers
  • Scan text from:

  • Adobe PDF, RTF
  • Microsoft PowerPoint 2000-2010
  • Microsoft Excel 2000-2010
  • Microsoft Word 2000- 2010
  • Microsoft Project 2000- 2010
  • Microsoft Visio 2000- 2010
  • Microsoft Outlook .MSG
  • Microsoft Outlook Express .EML
  • OpenOffice Calc
  • LibreOffice Calc
  • OpenOffice Impress
  • OpenOffice Writer
  • LibreOffice Impress
  • LibreOffice Writer
  • HTML
  • Configurable components:

  • Sensors: two built-in sensors (JIPAA, pCI)
  • Actions: select action to take for DLP violations.
  • Settings: configure the scan limit, which controls how much of a file or object to scan
  • You can enable DLP for the SMTP, FTP and HTTP proxy actions.

    The Gateway AV scan result action takes precedence over the DLP action

    Threat Detection and Response

    Uses a threat feed, heuristic analysis, and a malware verification service to identify security incidents and assigns a Threat Score to rank the severity of the threats.

    Configurable components:

  • Threat Detection and Response Account: cloud-based service hosted by Watchguard.
  • Firebox: reports security events to your TDR account when connections are blocked by APT Blocker, Gateway AntiVirus, Botnet Detection, Reputation Enabled Defense, or the Blocked Sites list.
  • Host Sensors: monitors files, processes, registry keys and network connections on the host.





    Access Portal