As you get started with Dimension it is important to understand:
Appliances supported for logging and reporting
WatchGuard Dimension can accept log messages and generate reports for any appliance that runs
Fireware v11.x or higher that has a current Support subscription. Dimension can also accept log
messages for WatchGuard System Manager Management Server and Quarantine Server. You must
make sure that Dimension can resolve and connect to services.watchguard.com for support
subscription verification for any Firebox running v11.11 or earlier. Dimension will not accept log
messages for any Firebox or XTM device that does not have an active Support subscription (a 30-day
grace period is provided before log messages are refused).
Appliances supported by Dimension Command for centralized management
WatchGuard Dimension can centrally manage any Firebox that runs Fireware v11.10.1 or higher that
has a current Support subscription and a feature key that includes Dimension Command. Dimension
Command licenses can be purchased through authorized WatchGuard resellers.
Deploying Dimension behind a Firebox
To provide an extra layer of security to your Dimension system, you can deploy your instance of
Dimension behind a Firebox. When you configure the settings for this Firebox, make sure that it meets
several key requirements, as defined here. It is especially important that Dimension is configured to
resolve DNS and make successful HTTPconnections to services.watchguard.com and to the Ubuntu
repository server. Dimension is based on Ubuntu Linux. Your Dimension system must be able to resolve
DNS and make periodic HTTPrequests to the Ubuntu servers to check for updates to the Linux OS to
correct security and system stability issues. The Ubuntu domains are:
If you use a Firebox with restrictive HTTP proxy settings, you may need to create an HTTPproxy
exception to allow Dimension to reach these addresses, or create packet filter policies to specifically
allow traffic between Dimension and *.ubuntu.com and Dimension and services.watchguard.com.
Using Dimension Command through a firewall
If your instance of Dimension is behind a firewall (Firebox or another NAT device), before you add your
Firebox to Dimension for management, make sure the firewall is set for correct port-forwarding to
Dimension, and then make sure your Dimension instance is configured to use the fully qualified domain
name (or external IPaddress)of the firewall in the Public Accessibility settings. For more information
about how to configure Public Accessibility settings for Dimension, go here.
2 WatchGuard Technologies, Inc.