Applies To: FireCloud Total Access
With FireCloud Total Access, you can set up a FireCloud Virtual Gateway to give users access to local resources on the company network without a VPN.
To do this, you must:
- Install a FireCloud Gateway on your network (the Gateway establishes a connection between FireCloud and your network).
- Configure a private resource for each local resource that you want to allow remote FireCloud users to have access to on your network, such as a printer or an SMB share.
- Add your private resources to FireCloud access rules to give users access to those resources.
When you deploy a FireCloud Gateway, you must have ports TCP 443 and UDP 4501 open for the Gateway to connect to FireCloud. The Gateway uses port 443 to authenticate to FireCloud and port 4501 to establish the tunnel that FireCloud uses to connect users to the private resources behind the Gateway.
You can install FireCloud Virtual gateways on Hyper-V, VMware, and Proxmox hypervisors.
Configure a Virtual Gateway
To configure a FireCloud Virtual Gateway
- Log in to WatchGuard Cloud.
- From the navigation menu, select Configure > FireCloud. If you have a Service Provider account, you must select an account from Account Manager.
- On the Configuration page, click the Private Resources widget.
- Click Add FireCloud Gateway.
- Select Virtual Gateway.
- Click Next.
- Enter a Name for your Gateway.
- For IP Address Configuration, select whether you want to give the Gateway a static or DHCP IP address.
- If you use a static IP address:
- In the Network IP Address text box, enter the static IP address that you will assign the FireCloud Gateway.
- In the Network Gateway text box, enter the IP address of the default gateway for your network.
- Enter the IP address of a DNS Server, such as the public Google DNS server 8.8.8.8.
- Click Next.
- Select the type of environment you want to deploy the FireCloud Gateway on, either Hyper-V, VMware ESXi, or Proxmox.
For Hyper-V, FireCloud supports only Hyper-V generation 1 virtual machines.
- Click Next.
- Click Download Gateway Files. When the download completes, extract the files from the downloaded .zip folder. You will have a .ISO file and either an .OVA file (ESXi and Proxmox) or a .VHDX file (Hyper-V).
- Complete the steps to deploy the FireCloud Gateway in your selected environment. Leave the WatchGuard Cloud tab open so that you can test the connection to the Gateway after setup.
Deploy a FireCloud Virtual Gateway on Hyper-V
To deploy a FireCloud Virtual Gateway on Hyper-V:
- Log in to the Hyper-V server.
- Open the Hyper-V console.
- Select New > Virtual Machine.
The New Virtual Machine Wizard opens. - Name the virtual machine. Click Next.
- Select Generation 1. Click Next.
- Assign memory to the machine. We recommend at least 512 MB.
- Click Next.
- For Configure Networking, from the Connection drop-down list, select your network adapter that provides Internet access to your virtual machine. Click Next.
- For Connect Virtual Hard Disk, select Use an existing virtual hard disk.
- Click Browse and select the hard disk image file (.VHDX) you downloaded.
- Click Next.
- Click Finish.
- After the virtual machine is created, right click the virtual machine and select Settings.
- For Hardware, select the DVD Drive.
- For the DVD drive media, select Image file.
- Click Browse and select the image file (.ISO) you downloaded.
- Click Apply, then click OK.
- Power up the virtual gateway from the mounted .ISO file (this is the DVD drive you added).
- In WatchGuard Cloud, click Test Connection to make sure that the FireCloud Gateway can connect to WatchGuard Cloud.
- Click Finish.
- After you deploy the FireCloud Gateway, the next step is to configure the private resources that you want to give remote users access to. For detailed steps to configure private resources, go to Add Private Resources in FireCloud.
Deploy a FireCloud Virtual Gateway on ESXi
To deploy a FireCloud Virtual Gateway on ESXi:
- In a new browser tab, go to https://ESXi_Host/UI and connect to the VMware host client. Replace ESXi_Host with the FQDN or IP address of your ESXi host.
- Upload the .ISO file to the data store.
- Create and deploy a virtual machine from the downloaded .OVA file.
- Edit the settings for your virtual machine and add a CD/DVD drive device.
- Associate the CD/DVD drive you added with the .ISO file you uploaded to the data store.
- Power on the virtual machine from the mounted .ISO file (this is the CD/DVD drive you added). Wait for the Gateway to install and connect to FireCloud.
- In WatchGuard Cloud, click Test Connection to make sure that the FireCloud Gateway can connect to WatchGuard Cloud.
- Click Finish.
- After you deploy the FireCloud Gateway, the next step is to configure the private resources that you want to give remote users access to. For detailed steps to configure private resources, go to Add Private Resources in FireCloud.
Deploy a FireCloud Virtual Gateway on Proxmox
To deploy a FireCloud Virtual Gateway on Proxmox:
- Connect to ProxMox.
- Go to Datacenter > Storage.
- Select Local and click Edit.
The Edit Directory window opens. - From the Content drop-down list, select Disk Image and Import.
- Click OK.
- For your server, go to local > Import. This is local, not local-vm.
- Click Upload and select the Virtual Gateway file.
- In ProxMox, double-click the Virtual Gateway file.
- Click Import.
- For your server, go to local > ISO images. This is local, not local-vm.
- Click Upload and select the .ISO image for the Virtual Gateway.
- Select the Virtual Gateway and go to Hardware.
- Click Add > CD/DVD Drive.
The Add window opens. - Select Use CD/DVD disc image file (iso).
- From the Storage drop-down list, select local.
- From the ISO image drop-down list, select the Virtual Gateway .ISO file that you uploaded.
- Click Add.
- Power on the Virtual Gateway.