Applies To: FireCloud Total Access
With FireCloud Total Access, you can give remote FireCloud users access to local resources on the company network, such as a printer or an SMB share, without the use of a VPN. To do this, you install a FireCloud Gateway on your network, and then configure a private resource in FireCloud for each resource that you want to give remote users access to.
You must set up a FireCloud Gateway before you can add private resources. For detailed steps to install a Gateway, go to About FireCloud Virtual Gateways.
FireCloud Private Resource Connection Overview
This section explains the connection flow when a FireCloud user connects to a private resource on your network.
- User connects to FireCloud and authenticates.
- Connection Manager establishes a WireGuard tunnel to the nearest WatchGuard point of presence (PoP).
- FireCloud runs scanning services, such as Intrusion Prevention Service.
- FireCloud passes the connection out to the Internet.
- When a user must pass traffic or connect to a private resource:
- FireCloud routes the connection from the PoP through a WireGuard tunnel that connects the PoP and the FireCloud Gateway on your network.
- FireCloud routes the connection from the FireCloud Gateway to the appropriate resource on your network.
Configure Private Resources
In FireCloud, private resources are the local resources on your company network that you want to allow remote users to connect to. You might configure a private resource for RDP, web access to a device or server, or a SQL server.
Before you can configure private resources, you must configure and deploy a FireCloud Gateway. For detailed steps to do this, go to About FireCloud Virtual Gateways.
To add a private resource in FireCloud:
- Log in to WatchGuard Cloud.
- From the navigation menu, select Configure > FireCloud. If you have a Service Provider account, you must select an account from Account Manager.
- On the Configuration page, click Private Resources.
- Select a Gateway to show the list of resources associated with that Gateway, then click Add Resource.
- Enter a Name for your resource.
- In the FQDN text box, specify an FQDN that FireCloud can use to connect to this resource. FireCloud uses this FQDN to resolve connections to private resources while users are connected to FireCloud. This is typically a private FQDN, such as example.com, and does not have to be resolvable.
You cannot use FQDNs that have uppercase letters.
- In the IP Address text box, enter the internal IP address of the resource.
- In the Protocol drop-down list, select the protocol used to connect to this resource.
The Port text box appears. - In the Port text box, enter the port used to connect to this resource with the previously selected protocol. For example, if you want to give RDP access you could select the TCP protocol and port 3389.
- Click Save.
- To allow users to connect to the new private resource, add the private resource to your existing access rules, or add new access rules for this private resource. Access rules specify which private resources users have access to. For more information, go to FireCloud Access Rules.
When you configure access rules, we recommend that you only add each group to a single access rule. If a group belongs to multiple access rules, FireCloud only applies the access rule with the highest priority. This can prevent access to private resources if an access rule with private resources has a lower priority than another access rule for the same groups.