About the Gateway Firebox
The gateway Firebox is the Firebox that helps protect your Management Server from the Internet. When you set up your Management Server, you choose whether to use a gateway Firebox. We recommend that you always use a gateway Firebox.
When you add an IP address for your gateway Firebox, the wizard does three things:
- Uses the IP address that you specify to configure the gateway Firebox to allow connections to the Management Server.
The Management Server policy is automatically added to the configuration file. This policy opens TCP ports 4110, 4112, and 4113 to allow connections to the Management Server.
If you do not type an IP address for the gateway Firebox, you must configure the firewall that is between the Management Server and the Internet to allow connections to the Management Server on TCP ports 4110, 4112, and 4113.
- If you have an earlier version of WatchGuard System Manager, and have a Firebox configured as a DVCP server, the wizard gets the DVCP server information from the gateway Firebox and applies these settings to your Management Server.
- The wizard sets the IP address for the Certificate Revocation List (CRL).
After the Management Server is set up, the devices you add as managed clients use this IP address to connect to the Management Server. This IP address must be the public IP address your Management Server shows to the Internet.
If you do not specify an IP address, the wizard uses the current IP address on the computer where your Management Server is installed for the CRL IP address. If this is not the IP address your computer shows to the Internet because it is behind a device that does NAT (Network Address Translation), you must change the CRL to use the public IP address of your Management Server. If you use a gateway Firebox that does NAT, make sure that it is the same version as your Management Server. For example, if your Management Server is v11.5.x, your gateway Firebox with NAT must be v11.5.x or higher.
For more information, see Update the Management Server with a New Gateway Address.