• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 369
  • Last Modified:

web site logging and policy on branch offices with edge devices and x750e

I'm upgrading an old x700 with a new x750e device. Currently I have 4 branch offices that connect into my office via VPN over dsl, T1 and cable. All my branch offices are on edge devices. Is there a way I can setup the x750e device or the edge devices so I can view the web logs for web traffic. I want to track internet usage and I know how to do it with the x750e box but I'm not sure about the edge devices. I guess I could route all the web traffic through my main site but my main site is only on a T1. I'd rather have some of the sites use their faster connection for web browsing and maybe log to my 750e device. Is this possible?
 If I let the brach offices use their edge devices for the next hop to the web instead going over the VPN to my site then out to the web, is it possible to use the policy's of the x750e for blocking things like internet radio and all the other crap my users do.

Appreciate any help
  • 2
1 Solution
You need to configure WSEP loggingon each of the Edge devices tolog to a primary WSEP log sever at your main sit.  WSEP is a component of Watchguard System Manager.All that is required,once set up is for the relevant port to be open(not an issue with VPN) and the IP address and log passphrase.

You will need to log outgoing HTTP traffic on your edge devices.

I have experienced all sorts of problems when forcing all web traffic through a central Firebox.  The main one is due to packet fragmentation- HTTP traffic through the proxy ont he main fireboxcore was fine, but HTTPS, etc... didn't work.

The other problem is that your remote fireboxes will only be contactable if the tunnel is up.  This can cause problems troubleshooting connections, etc...
As for blocking internet radio, etc...all you can do with the dge is purchase web blocker and use this to restrict access. If you are running WSM at your main site, you can centrally cotrol the edge policy, otherwise, you will need to update each edge individually.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

We Need Your Input!

WatchGuard is currently running a beta program for our new macOS Host Sensor for our Threat Detection and Response service. We're looking for more macOS users to help provide insight and feedback to help us make the product even better. Please sign up for our beta program today!

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now