To allow connections to WatchGuard Endpoint Security products through the Firebox, add WebBlocker exceptions and blocked sites exceptions for these URLs:
Domain Name Rules
In addition, we recommend you configure proxies with domain name rules to allow connections to required domains. For more information, see HTTPS-Proxy: Domain Name Rules.
All traffic to WatchGuard Endpoint Security services uses TCP port 443 (HTTPS, websocket) or 80 (HTTP). Configure your Firebox to allow outbound connections on these ports.