Add a Policy for TDR Host Sensor Traffic

When you enable TDR on your Firebox, the Firebox configuration must include a policy to allow Host Sensors on your network to connect to your TDR account. If your Firebox runs Fireware v11.12.1 or higher, when you enable TDR, the required policy is automatically added.

About The WG-TDR-Host-Sensor Policy

When you enable Threat Detection and Response in Fireware v11.12.1 and higher, the WatchGuard Threat Detection and Response policy is automatically added to the configuration. This WG-TDR-Host-Sensor packet filter policy allows TCP traffic on port 443 from the alias Any-Trusted to the FQDNs for both TDR regions. To allow traffic from Host Sensors on the Optional networks, you can edit this policy to add the alias Any-Optional or add a specific interface name to the From list.

If your Firebox runs Fireware v11.12 or lower, when you enable TDR from Policy Manager or Fireware Web UI, you must manually add a policy that allows connections from your network to the FQDN for your TDR account.

Manually Add a Policy to Allow Host Sensor Traffic

If your Firebox runs Fireware v11.12.1 or higher, to allow Host Sensor connections from the trusted network, add the WG-TDR-Host-Sensor packet filter policy.

If your Firebox runs Fireware v11.12, add an HTTPS packet filter policy with these settings:

  • Connections are — Allowed
  • From — Any-Trusted, Any-Optional (or the location where your Host Sensors are installed)
  • To — FQDNs tdr-hsc-na.watchguard.com and tdr-hsc-eu.watchguard.com

If you want to allow connections only to the FQDN for your TDR account, you can find the FQDN in the TDR web UI.

For TDR to effectively correlate network events with host sensor events, we recommend that you also enable proxy policies and services on the Firebox. For more information, see Configure Proxy Policies for TDR.

Give Us Feedback     Get Support     All Product Documentation     Technical Search