Install the WebBlocker Server on VMware

The WebBlocker Server is distributed as an OVA file for installation on VMware ESXi. WatchGuard recommends that you use the VMware vSphere Client to provision and install the OVA file.

For information about VMware ESXi system requirements, see the Operating System Requirements page of the WebBlocker Server Release Notes.

Before You Begin

Before you can deploy the WebBlocker Server OVA file and set up your WebBlocker Server VM:

Configure an ESXi host where you can deploy your WebBlocker Server VM.
Download the WebBlocker Server OVA file to install WebBlocker Server on your ESXi host.
On the WatchGuard Software Downloads page, click Firebox and XTM, click WebBlocker Server, and download the watchguard-webblocker_[version].ova file.
If you want to use a DHCP server to get the initial IP address for WebBlocker Server, you must have a DHCP server configured in the network you choose for the WebBlocker Server virtual machine. You can also manually set a static IP address for the WebBlocker Server.

Install the WebBlocker Server Virtual Machine

To deploy the WebBlocker Server VM:

Open VMware vSphere Client and connect to your ESXi host.
Select your datacenter.
Select Actions > Deploy OVF Template.
The Select an OVF Template page opens.
Browse to the location of the watchguard-webblocker_[version].ova file you downloaded from the Software Downloads page. Click Next.
The Select a Name and Folder page opens.
In the Virtual Machine Name text box, type a name for your WebBlocker Server install.
In the Select a Location for the Virtual Machine tree, select a location for your WebBlocker Server install. Click Next.
The Select a Compute Resource page opens.
Select a cluster, host resource pool, or vApp as a destination compute resource. Click Next.
The Review Details page opens.
Review the template details and click Next.
The License Agreements page opens.
Select the I Accept All License Agreements check box. Click Next.
The Select Storage page opens.
Select a storage location for the configuration and disk files. Click Next.
The Select Networks page opens.

You can select any option to provision your disk, but WatchGuard recommends that you select Thick Provision Lazy Zeroed. This is the default option, provides more predictable performance, and enables the VM to increase the disk size as necessary.

On the Select Networks page, select the destination network for the virtual machine. Click Next.
The Ready to Complete page opens.

If you want to use DHCP to get the WebBlocker Server IP address, make sure you select a network with a DHCP server.

Verify your settings and click Finish.
Your new WebBlocker Server VM shows in the vSphere Client list.

When you deploy the OVF template to install the WebBlocker Server VM, the template automatically configures the amount of system memory for the VM. If you manually change the system memory value in the VM settings, make sure to specify a value of 2GB or higher.

Find the External IP Address

If the external network has a DHCP server, the WebBlocker Server external interface is automatically assigned an IP address. This is the IP address you use to connect to WebBlocker Server and run the Setup Wizard.

To use the command line to find the IP address for WebBlocker Server:

From the Virtual Machines list, select the WebBlocker Server VM.
Right-click the WebBlocker Server VM and select Connect.
At the login prompt, type wgsupport. Press Enter.
At the passphrase prompt, type readwrite. Press Enter.
This is the default admin account passphrase. A prompt to change the password opens.
Type the current passphrase (readwrite) for the wgsupport account.
Type the new passphrase to use for the wgsupport account. Press Enter.
Retype the new passphrase. Press Enter.
The passphrase is changed and WebBlocker Server system information opens.
To show the IP address for the external interface, type ifconfig or ip addr. Press Enter.
The IP address for the external interface opens.
To log out, type exit. Press Enter.

Set a Static IP Address for the WebBlocker Server

If you do not have a DHCP server, you must set a static IP address for the WebBlocker Server external interface. This is the IP address you use to connect to WebBlocker Server and run the Setup Wizard. To set a static IP address you make a console connection to the WebBlocker Server with the wgsupport credentials and specify the IP address for the Eth0 interface.

The first time you make a console connection to WebBlocker Server, you must change the default password for the wgsupport user.

The command tool that you use to change the IP address is in the /opt/watchguard/webblocker/bin directory. To change the IP address, you must specify this directory, run the wg_ip_addr.sh command, and type the new IP address and default gateway for the interface.

To make a console connection to WebBlocker Server and configure a static IP address:

From the Virtual Machines list, select the WebBlocker Server VM.
Right-click the WebBlocker Server VM and select Connect.
At the login prompt, type wgsupport. Press Enter.
At the passphrase prompt, type readwrite. Press Enter.
This is the default admin account passphrase. A prompt to change the password opens.
Type the current passphrase (readwrite) for the wgsupport account.
Type the new passphrase to use for the wgsupport account. Press Enter.
Retype the new passphrase. Press Enter.
The passphrase is changed and WebBlocker Server system information opens.
To set the static IP address for WebBlocker Server, at the command line, type:

/opt/watchguard/webblocker/bin/wg_ip_addr.sh -i <IP address> -m <mask> -g <gateway>

For example, to configure WebBlocker Server with a static IP address of 203.0.113.201/24 and a gateway of 203.0.113.1, type:

/opt/watchguard/webblocker/bin/wg_ip_addr.sh -i 203.0.113.201 -m 24 -g 203.0.113.1

Press Enter.

For more information about console connections to WebBlocker Server, go to Console Access to the WebBlocker Server.

Run the WebBlocker Server Setup Wizard