About Factory-Default Settings

The term factory-default settings refers to the configuration on a new Firebox when you first receive it. You can also reset a Firebox to factory-default settings as described in Reset a Firebox.

For a Firebox M5600, you must install an interface module in slot A before you start the Firebox with factory-default settings.

Default Network and Device Management Settings

Default network interface settings:

  • Interface 0 is enabled as an external interface, as a DHCP client.
  • Interface 1 is enabled as a trusted interface, with the IP address, and DHCP server is enabled.
  • All other interfaces are enabled as optional interfaces, with the IP addresses 10.0.x.1/24 (where x is the interface number), DHCP server is disabled
  • Interface 32 is enabled as a trusted interface, with the IP address, and DHCP server is enabled (Firebox M5600 only)

Wireless settings:

For wireless Firebox models that run Fireware v12.5.3 or higher, you can use Wi-Fi to connect to the Firebox for setup. Use these default Wi-Fi settings:

  • SSID — Firebox model name and the last three octets of the wireless MAC address
    (for example: T35-W-A1:B2:C3)
  • Password — Firebox serial number, including the dash. The Wi-Fi password is case-sensitive.

If your Firebox ships with Wi-Fi enabled, the default Wi-Fi settings are on an attached sticker. To make a Wi-Fi connection, scan the QR code or use the printed SSID and Wi-Fi key.

Web UI Management Port:

  • The default port for connections to Fireware Web UI is port 8080.
  • To connect to Fireware Web UI on Interface 1, browse to
  • To connect to Fireware Web UI on Interface 32, browse to

Default Device Management user accounts and credentials:

  • Device Administrator role with read-write access
    • User name: admin
    • Passphrase: readwrite
  • Device Monitor role with read-only access
    • User name status
    • Passphrase: readonly

When you run the Web Setup Wizard or WSM Quick Setup Wizard, you can change the network settings and set new passphrases for the Device Management accounts.


Feature Key

When the Firebox starts with factory-default settings, it automatically attempts to download the device feature key from WatchGuard. For the automatic device feature key download to succeed:

  • Interface 0 must be connected to a network with a DHCP server that can assign an interface IP address
  • Interface 0 must be connected to a network with Internet access
  • The Firebox must already be registered to your account on the WatchGuard website

The Firebox must have a feature key so that you can configure all features and licensed subscription services. If the Firebox does not have a feature key, it allows only one outgoing connection from the trusted network. If the Firebox cannot automatically download the feature key, you can add it when you run the Web Setup Wizard or WSM Quick Setup Wizard.

Default Policies and Settings

Before you run the setup wizard the default policies allow:

  • Management connections to the Firebox from trusted and optional networks
  • TCP and UDP traffic from trusted and optional networks to the external network
  • Ping traffic from trusted and optional networks to any destination

Setup Wizards

After you start a Firebox with factory-default settings, you must connect to the Firebox on Interface 1 or Interface 32 and run the Web Setup Wizard or WSM Quick Setup wizard to create a basic configuration. The default policies and services that the setup wizards configure depend on the version of Fireware installed on the Firebox.

After you run the setup wizards, only interfaces 0, 1, and 32 (for M5600) are enabled. In the WSM Quick Setup Wizard, you can optionally enable optional interface 2. All other interfaces are disabled.

For more information, see Setup Wizard Default Policies and Settings