Evil_TTL> show | s

WatchGuard Startup Overview

Category:WatchGuard -> XTM

Ok, I got a brand new XTM 5 Series WatchGuard firewall and only a couple of days to satisfy my curiosity. First of all it supports three administrative interfaces:

1. Command Line Interface (CLI). Which is pretty obvious.
2. Web Interface. Just point your browser to the management IP address of the firewall and access it by using HTTPS protocol at port 8080.
3. WatchGuard System Manager (WSM). WSM is a centralised management software.

Console settings:

Baud Rate — 115200
Data Bits — 8
Stop Bits — 1
Parity — No
Flow Control — None 

There are 2 users available from the start: admin and status. The default passwords are readwrite and readonly respectively.

Let’s check what their privileges are in detail:

XTM_5_Series loginstatus
Password
:
--
-- 
WatchGuard Firebox Operating System Software.
-- 
Fireware XTM Version 11.6.5
-- Supporthttps://www.watchguard.com/support/supportLogin.asp
-- Copyright (c1996-2011 by WatchGuard TechnologiesInc.
--
WG>?
Exec commands:
  
diagnose    Display internal diagnostic information
  
exit        Exit from the EXEC
  export      Export information to external platform
  help        Description of the interactive help system
  history     Display the command history 
list with line numbers
  no          Negate a command 
or set its defaults
  ping        Send 
echo messages
  show        Show running system information
  sysinfo     Display system information
  traceroute  Trace route to destination
  who         Show who is logged on

WG
>


WatchGuard-XTM loginadmin
Password
readwrite
--
-- 
WatchGuard Firebox Operating System Software.
-- 
Fireware XTM Version 11.6.5
-- Supporthttps://www.watchguard.com/support/supportLogin.asp
-- Copyright (c1996-2011 by WatchGuard TechnologiesInc.
--

[code]WG#?
Privilege commands:
  
arp               Manipulate the system ARP cache
  backup            Backup previous software release 
or configuration
  cert
-request      Certificate request
  checksum          The checksum of all the packages installed on appliance
  clock             Manage the system clock
  configure         Enter configuration mode
  debug
-cli         Configure debugging options
  diagnose          Display internal diagnostic information
  dnslookup         Look up domain name
  
exit              Exit from the EXEC
  export            Export information to external platform
  fips              FIPS mode setting
  help              Description of the interactive help system
  history           Display the command history 
list with line numbers
  import            Import information from external platform
  mgmt
-user-unlock  Unlock a locked management account
  no                Negate a command 
or set its defaults
  password          Change the current administrators password
  ping              Send 
echo messages
  policy
-check      Policy check
  reboot            Reboot system
  restore           Appliance software image
  show              Show running system information
  shutdown          Shutdown this WatchGuard appliance
  sync              Sync info from live security server
  sysinfo           Display system information
  tcpdump           Dump traffic on a network
  traceroute        Trace route to destination
  upgrade           Upgrade software release with dl file
  usb               USB drive
  vpn
-tunnel        Encrypted virtual connection
  who               Show who is logged on 

Before doing any configuration manipulations, check sysinfo for OS version. If OS version is old there might be some features missing like link-aggregation command mode which is available only in Fireware XTM v11.7 and higher.

WG#show sysinfo
--
-- 
System Information
--
system name         WatchGuard-XTM
system model        
XTM515
contact             
system contact
location            
system location
system time         
08:04:34GMT 08/29/2013
up time             
0 days 0 hours 16 minutes 59 seconds
serial number       
80BE05699xxxx
version             
11.6.5.B364214
cpu utilization     
0%(1 min)  0%(5 min)  0%(15 min)
memory usage        2029600 kB(total)  1574988 kB(free)  454612 kB(used)
time zone           GMT+0:00 Greenwich Mean Time 

Some features are subscription dependent and activated by importing feature keys manually or automatically from the official web resource. To list current features issue show feature command.

WG#sh features
--
-- 
Total 22 Feature(s)
--
Feature                  Capacity  Status    Expiration
MODEL                    XTM515    Disabled  Never
AUTHENTICATED_USER       500       Enabled   Never
BGP                      0         Enabled   Never
BOVPN_TUNNEL             65        Enabled   Never
FIRECLUSTER              0         Enabled   Never
FW_RULE                  0         Enabled   Never
FW_SPEED                 2000      Enabled   Never
FW_USERS                 0         Enabled   Never
LOAD_BALANCE             0         Enabled   Never
MUVPN_USER               75        Enabled   Never
OSPF                     0         Enabled   Never
POLICY_ROUTING           0         Enabled   Never
QOS                      100       Enabled   Never
SERVER_LOAD_BALANCING    0         Enabled   Never
SESSION                  80000     Enabled   Never
SSLVPN_USER              65        Enabled   Never
L2TP_USER                65        Enabled   Never
VLAN                     100       Enabled   Never
VPN_SPEED                250       Enabled   Never
WAN_FAILOVER             0         Enabled   Never
LINK_AGGREGATION         0         Enabled   Never
XTM_PRO                  0         Enabled   Never 

You can check some global settings by using show global-setting command.

WG#show global-setting
--
-- 
TCP Settings
--
TCP SYN checking                              Enable
MSS adjustment                                
automatic
--
-- 
ICMP Error Messages Setting
--
allow specified ICMP error messages:
   (
1): fragmentation-required
   
(2): time-exceeded
   
(3): network-unreachable
   
(4): host-unreachable
   
(5): port-unreachable
   
(6): protocol-unreachable
denied specified ICMP error messages
:
--
-- 
Traffic management and QoS
--
Enable all traffic management and QoS featuresDisabled
--
-- 
WEB UI Properties
--
WebUI port                                    8080
--
--
Auto reboot setting
--
Auto reboot                                   Disabled
reboot the firebox at
Hour                                          
0
Minute                                        
0
--
--
TCP settings
--
TCP connection idle timeout                   0day(s)  1hour(s)  0minute(s)  0second(s)
TCP close timeout                             0day(s)  0hour(s)  0minute(s)  10second(s)
TCP time-wait timeout                         0day(s)  0hour(s)  2minute(s)  0second(s)
--
--
UDP settings
--
UDP idle timeout                              0day(s)  0hour(s)  0minute(s)  30second(s)
UDP stream timeout                            0day(s)  0hour(s)  3minute(s)  0second(s)
WG

Interface configuration output:

WG#sh interface
--
-- Interface 
Properties
-- Type:  TR trustedEX externalOP optionalVL vlanBR bridgeCL clusterNA not apply
--
physical interface count 7
licensed 
interface count 7
--
-- Interface 
Address Status
--
Enabled If-#  Name                    Address    Type/MTU  Status IP-Assignment IP-Node-Type
 
yes    0    External                0.0.0.0/0  EX/1500   down   DHCP          IPv4 Only
 yes    1    Trusted                10.0.1.1
/24 TR/1500   down   static        IPv4 Only
 yes    2    Optional
-1             10.0.2.1/24 OP/1500   down   static        IPv4 Only
 yes    3    Optional
-2             10.0.3.1/24 OP/1500   down   static        IPv4 Only
 yes    4    Optional
-3             10.0.4.1/24 OP/1500   down   static        IPv4 Only
 yes    5    Optional
-4             10.0.5.1/24 OP/1500   down   static        IPv4 Only
 yes    6    Optional
-5             10.0.6.1/24 OP/1500   down   static        IPv4 Only

WG
#show interface 0
--
-- Interface 
Properties <Interface 0>
-- 
re-authre-authentication
--
enabled                       yes
IP node type                  
IPv4 Only
link status                   
down
interface number              0
interface name                External
interface type                external
mac address                   
00:90:7f:9d:dc:fa
IP
-Assignment                 DHCP
DHCP host ip                  
0.0.0.0
DHCP host id                  
:
DHCP host name                :
DHCP lease time               [not specified]
--
-- 
Advanced Settings
--
MTU                           1500
link speed                    
auto-negotiation
address group                 
[disable]
blocked ip notification       
disable
anti spoof                    
match interface type
anti ip
/port scan             enable
DoS prevention                
enable
DF bit                        
copy
Qos max
-link-bandwidth        0
Qos marking type              
Precedence
Qos marking method            
Preserve
Qos marking priority          
No_Priority
VPN minimum Path MTU          
576
VPN learned Path MTU life time
600


WG
#show interface 1
--
-- Interface 
Properties <Interface 1>
-- 
re-authre-authentication
--
enabled                       yes
IP node type                  
IPv4 Only
link status                   
down
interface number              1
interface name                Trusted
interface type                trusted
mac address                   
00:90:7f:9d:dc:fb
ip address                    
10.0.1.1/24
--
-- 
Advanced Settings
--
MTU                           1500
link speed                    
auto-negotiation
address group                 
[disable]
blocked ip notification       
disable
anti spoof                    
match interface
anti ip/port scan             disable
DoS prevention                
enable
DHCP service                  
DHCP server
DHCP server leasing time      
(hours)
DHCP server IP range(s)       : 10.0.1.2 10.0.1.254
DHCP domain name              
:
DF bit                        copy
Qos max
-link-bandwidth        0
Qos marking type              
Precedence
Qos marking method            
Preserve
Qos marking priority          
No_Priority


WG
#show interface 2
--
-- Interface 
Properties <Interface 2>
-- 
re-authre-authentication
--
enabled                       yes
IP node type                  
IPv4 Only
link status                   
down
interface number              2
interface name                Optional-1
interface type                optional
mac address                   
00:90:7f:9d:dc:fc
ip address                    
10.0.2.1/24
--
-- 
Advanced Settings
--
MTU                           1500
link speed                    
auto-negotiation
address group                 
[disable]
blocked ip notification       
disable
anti spoof                    
match interface
anti ip/port scan             disable
DoS prevention                
enable
DHCP service                  
disable
DF bit                        
copy
Qos max
-link-bandwidth        0
Qos marking type              
Precedence
Qos marking method            
Preserve
Qos marking priority          
No_Priority 

And the one you might be interested in for a start is how to change user’s password on WatchGuard:

WG#password
User(admin/status): admin
New Password:
Retype New Password:
WG

That’s it for now. There are more overview articles in Category:WatchGuard.

By privilege15