Contents

Related Topics

Configure a Firebox as a Managed Device

If your Firebox has a dynamic IP address, or if your WSM Management Server cannot connect to it for another reason, you can manually configure the Firebox as a managed device before you add it to the Management Server. You can then Add Managed Devices to the Management Server. You can also configure your Firebox to be managed by an instance of Dimension. For complete instructions, see Add a Firebox to Dimension for Management.

If your Management Server is not behind a gateway Firebox, you must configure the firewall that is between the Management Server and the Internet to allow connections to the Management Server public IP address over TCP ports 4110, 4112, and 4113.

For more information about the gateway Firebox, see About the Gateway Firebox.

Edit the WatchGuard Policy

You can now add the device to your Management Server configuration as described in Add Managed Devices to the Management Server. When you add this device to the Management Server configuration, the Management Server automatically connects to the static IP address and configures the device as a managed device. 

Set Up the Managed Device

If your Firebox has a dynamic IP address, or if the Management Server cannot find the IP address of the Firebox for any reason, you can use this procedure to prepare your Firebox to be managed by the Management Server.

To manage your Firebox with WatchGuard Dimension, you must complete this procedure to specify your instance of Dimension to manage the Firebox, instead of the WSM Management Server, and then import the management settings file (.WGD file). For more information about the .WGD file, see Add a Firebox to Dimension for Management.

The Firebox that protects your Management Server (the gateway Firebox) automatically monitors all ports used by the Management Server and forwards any connection on these ports to the configured Management Server. When you use the Management Server Setup Wizard, the wizard adds a WG-Mgmt-Server policy to your configuration to handle these connections. If you did not use the Management Server Setup Wizard on the Management Server, or if you skipped the Gateway Firebox step in the wizard, you must manually add the WG-Mgmt-Server policy to the configuration of your gateway Firebox. When you add this policy, communication to the Management Server over TCP ports 4110, 4112, and 4113 is automatically allowed.

If your Management Server is not behind a gateway Firebox, make sure to configure the firewall that is between the Management Server and the Internet to allow connections to the Management Server public IP address over TCP ports 4110, 4112, and 4113.

When you configure your Firebox as a managed device, you must include the contents of the Management Server CA certificate in the Managed Device settings. The Management Server CA certificate is available through CA Manager. If you use Fireware Web UI to configure the Managed Device settings, you can copy and paste the contents of the CA certificate from CA Manager when you configure the Firebox. If you use Policy Manager to configure the Managed Device settings, you must import the Management Server CA Certificate from the CA-Admin.pem file when you configure the Firebox. When you connect to the Management Server in WSM, the CA-Admin.pem file is saved to your computer in this directory: C:\Users\<your user name>\Documents\My WatchGuard\certs\<Management Server IP address>.

For more information about how to find the Management Server CA Certificate, see Manage Certificates on the Management Server.

Configure Your Firebox for Management by a WSM Management Server

You can configure the Managed Device settings for your Firebox from Fireware Web UI or Policy Manager.

When you save the configuration to the Firebox, the Firebox is enabled as a managed device. The managed device tries to connect to the IP address of Dimension, or of the Management Server on TCP port 4110. Management connections are allowed from the Management Server to this managed device.

You can now add the Firebox to your Management Server configuration, as described in Add Managed Devices to the Management Server.

You can also use WSM to configure the management mode for your Firebox, as described in About Centralized Management Modes.

After you have configured your Firebox as a managed device, if your Firebox is in a remote location behind a third-party NAT gateway, you can configure a Management Tunnel to enable contact with the Firebox. For more information, see Configure Management Tunnels.

Configure Your Firebox for Management by Dimension

Before you enable your Firebox to be managed by your instance of Dimension, you must download the .WGD file for your Firebox from your instance of Dimension. For instructions to generate and download the .WGD file for your Firebox, see Add a Firebox to Dimension for Management.

Configure a Deployed Remote Device for a Management Tunnel over SSL

To enable a Management Tunnel over SSL for a remote Firebox that is already deployed to a remote location behind a third-party NAT device, you can connect directly to the remote device to manually configure the Managed Device Settings for the remote device. This option is useful when the remote Firebox cannot contact the Management Server through the Management Tunnel over SSL because the connection is blocked by the third-party NAT device.

Before you complete the steps in this procedure to configure your remote device for a Management Tunnel over SSL, you must add your device to the Management Server. For more information, see Configure Management Tunnels.

You can also use Policy Manager or the WatchGuard Command Line Interface to configure the remote device for a Management Tunnel over SSL. For more information, see:

See Also

Set Device Management Properties

About the Device Management Page

About Centralized Management Modes

About the Gateway Firebox

Give Us Feedback     Get Support     All Product Documentation     Technical Search