About Factory-Default Settings
The term factory-default settings refers to the configuration on a new Firebox when you first receive it. You can also reset a Firebox to factory-default settings as described in Reset a Firebox.
For a Firebox M5600, you must install an interface module in slot A before you start the Firebox with factory-default settings.
Default Network and Device Management Settings
Default network interface settings:
- Interface 0 is enabled as an external interface, as a DHCP client.
- Interface 1 is enabled as a trusted interface, with the IP address 10.0.1.1/24, and DHCP server is enabled.
- All other interfaces are enabled as optional interfaces, with the IP addresses 10.0.x.1/24 (where x is the interface number), DHCP server is disabled
- Interface 32 is enabled as a trusted interface with the IP address 10.0.32.1, and DHCP server is enabled (Firebox M5600 and M5800 only)
- Interface 24 is enabled as a trusted interface with the IP address 10.0.24.1, and DHCP server is enabled (Firebox M4800 only)
Wireless settings:
For wireless Firebox models that run Fireware v12.5.3 or higher, you can use Wi-Fi to connect to the Firebox for setup. Use these default Wi-Fi settings:
- SSID — Firebox model name and the last three octets of the wireless MAC address
(for example: T35-W-A1:B2:C3) - Password — Firebox serial number, including the dash. The Wi-Fi password is case-sensitive.
If your Firebox ships with Wi-Fi enabled, the default Wi-Fi settings are on an attached sticker. To make a Wi-Fi connection, scan the QR code or use the printed SSID and Wi-Fi key.
Web UI Management Port:
-
- To connect to Fireware Web UI on Interface 1, browse to https://10.0.1.1:8080.
- To connect to Fireware Web UI on Interface 32, browse to https://10.0.32.1:8080.
- To connect to Fireware Web UI on Interface 24, browse to https://10.0.24.1:8080.
Default Device Management user accounts and credentials:
- Device Administrator role with read-write access
- User name: admin
- Passphrase: readwrite
- Device Monitor role with read-only access
- User name status
- Passphrase: readonly
When you run the Web Setup Wizard or WSM Quick Setup Wizard, you can change the network settings and set new passphrases for the Device Management accounts.
Feature Key
When the Firebox starts with factory-default settings, it automatically attempts to download the device feature key from WatchGuard. For the automatic device feature key download to succeed:
- Interface 0 must be connected to a network with a DHCP server that can assign an interface IP address
- Interface 0 must be connected to a network with Internet access
- The Firebox must already be registered to your account on the WatchGuard website
The Firebox must have a feature key so that you can configure all features and licensed subscription services. If the Firebox does not have a feature key, it allows only one outgoing connection from the trusted network. If the Firebox cannot automatically download the feature key, you can add it when you run the Web Setup Wizard or WSM Quick Setup Wizard.
Default Policies and Settings
Before you run the setup wizard the default policies allow:
- Management connections to the Firebox from trusted and optional networks
- TCP and UDP traffic from trusted and optional networks to the external network
- Ping traffic from trusted and optional networks to any destination
Setup Wizards
After you start a Firebox with factory-default settings, you must connect to the Firebox on Interface 1 or Interface 32 and run the Web Setup Wizard or WSM Quick Setup wizard to create a basic configuration. The default policies and services that the setup wizards configure depend on the version of Fireware installed on the Firebox.
After you run the setup wizards, only interfaces 0, 1, 32 (for M5600 and M5800), and 24 (for M4800) are enabled. In the WSM Quick Setup Wizard, you can optionally enable optional interface 2. All other interfaces are disabled.
For more information, go to Setup Wizard Default Policies and Settings.