If you use RapidDeploy from the Management Server, you can no longer activate your Fireboxes from the WatchGuard Deployment Center (www.watchguard.com). Now, before you import a CSV file with details of your devices and Management Server to the Deployment Center, you must first activate any unactivated devices on the WatchGuard website (myproducts.watchguard.com/activate).
WatchGuard RapidDeploy is a quick and efficient process to deploy Fireboxes in remote locations where you might not have trained IT staff present to help with the initial configuration of your Firebox. With RapidDeploy from the Management Server, you can send new Fireboxes to remote locations around the world, before you have configured each Firebox.
You can only deploy Fireboxes that are registered with your WatchGuard account with RapidDeploy from the Management Server. If a Firebox is registered with another WatchGuard account, before you can deploy that Firebox with RapidDeploy from the Management Server, you must change the registration of that Firebox to your WatchGuard account.
For RapidDeploy from the Management Server, you must have:
- One or more Fireboxes with Fireware OS v11.6.3 or higher that have already been activated on the WatchGuard web site (myproducts.watchguard.com/activate).
- One or more WatchGuard Management Servers v11.6.3 or higher
The initial RapidDeploy procedure is a two-part process:
- You add information to the WatchGuard Deployment Center for your Management Servers and the Fireboxes you want to register and deploy remotely.
- A remote user connects each Firebox to power and to the Internet. Each Firebox automatically contacts the Deployment Center for an initial, base configuration file with information about the Management Server, and then contacts the Management Server for additional configuration.
For more information about how to use the WatchGuard Deployment Center after you have completed the initial RapidDeploy process (as described in this topic), go to About the Deployment Center & RapidDeploy from the Management Server.
This diagram of the RapidDeploy process illustrates the steps that occur at the different points of each part of the process.
1 — From WatchGuard System Manager, register your Management Server at www.watchguard.com. Log in to the WatchGuard Deployment Center to verify your Management Server registration was successful.
2 — In the Deployment Center, import your Firebox list CSV file and register the devices. Make sure your new Fireboxes are already activated on the WatchGuard web site (myproducts.watchguard.com/activate) before you import the file.
3 — Connect the Firebox to power and to the Internet. The Firebox contacts the Deployment Center to download a basic configuration file with the Management Server information.
4 — The Firebox contacts the Management Server. The Management Server contacts the Deployment Center to verify that the Firebox has been registered with a valid feature key and assigned to the Management Server.
5 — In the Deployment Center, verify the deployment status of each Firebox to see which devices have been sent a basic configuration file.
After the RapidDeploy procedure is complete, and your Fireboxes have contacted your Management Server, you must connect to the devices and complete the network configuration for each device. You can follow the usual network configuration and Centralized Management processes to configure the network settings, change to Fully Managed Mode, and apply a Device Configuration Template to each Firebox. For more information, go to Common Interface Settings, Change the Centralized Management Mode, and Apply Device Configuration Templates to Managed Devices.
The default user account passphrases (admin and status device management user accounts) for your Fireboxes are randomly generated when the Fireboxes are registered with RapidDeploy. Because you cannot get the passphrases from the Fireboxes, we recommend that you change the passphrases when you complete the configuration settings for these devices. For more information about how to set the default user account device management passphrases for your Fireboxes, go to Manage Users and Roles on Your Firebox.
Register Your Management Server
Before you can use RapidDeploy for your Fireboxes, you must connect to your Management Server in WSM with an administrator account, and register your Management Server with the WatchGuard Deployment Center.
Before you register your Management Server for RapidDeploy, make sure the Management Server has a public routable IP address. This IP address must be the first IP address in the Mangement Server Certificate Revocation list. If the public IP address is not the first IP address in the Certificate Revocation list, your Fireboxes will not be able to connect to the Management Server for RapidDeploy.
To register your Management Server for RapidDeploy:
- Open WSM and connect to your Management Server.
- Select File > RapidDeploy > Management Server Registration.
Or, from the Management Server page, in the RapidDeploy section, select Management Server Registration.
The Register Management Server to RapidDeploy dialog box appears.
- Select the Enable RapidDeploy check box.
The Username and Password text boxes are enabled. - In the Username and Password text boxes, type the credentials of a user in your WatchGuard account.
The WatchGuard Account you use to register the Management Server must not have MFA enabled.
- Click OK.
Your WatchGuard account user name appears in the RapidDeploy section of the Management Server page.
When you register your Management Server, it contacts the WatchGuard Deployment Center and is added to the Registered Management Servers list. In addition to the WatchGuard account credentials you specified, the IP address of the Management Server (the first IP address in the CRL distribution list), and the Management Server certificate are stored in the Deployment Center for each Management Server you register.
After your Management Server is registered, you can complete the RapidDeploy procedure for the Fireboxes you want to remotely deploy. Before you start the RapidDeploy procedure, make sure you verify that your Management Server registration with the Deployment Center was successful.
For detailed steps to verify that your Management Server has registered with the Deployment Center, and for instructions to complete the RapidDeploy activation procedure for your Fireboxes, go to About the Deployment Center & RapidDeploy from the Management Server.
When the Firebox is registered and receives its basic configuration file from the Deployment Center, the configuration file includes all the information for the Management Server, so the Firebox can contact the Management Server to be managed.
- When the Firebox contacts the Management Server for the first time, it is automatically added to the Unknown Devices folder in the Devices list.
- The Management Server contacts the Deployment Center to verify that the Firebox is registered, gets information about the Firebox, and the device is moved to the New Devices folder in the Management Server tree.
- If the Management Server does not have the information for a Firebox you registered with RapidDeploy, you can refresh the Unknown Devices folder to prompt the Management Server to check in with the Deployment Center and get the most recent information about your registered Fireboxes. You can then move the Firebox to any other folder in the Devices tree on your Management Server, but you cannot add devices to the Unknown Devices folder.
For more information about device folders, go to Use Device Folders.
Change Your Management Server Registration
From WatchGuard System Manager, you can change the WatchGuard account user credentials that your Management Server uses to connect to the WatchGuard Deployment Center. You can also disable RapidDeploy for your Management Server, but this does not remove the Management Server from the Deployment Center Registered Management Servers list. Instead, when you disable RapidDeploy, the WatchGuard account credentials are removed from your Management Server so it can no longer contact the Deployment Center.
To change the WatchGuard account user credentials for your Management Server:
- Select File > RapidDeploy > Management Server Registration.
Or, from the Management Server page, in the RapidDeploy section, select Management Server Registration.
The Register Management Server to RapidDeploy dialog box appears. - In the Username and Password text boxes, type the new credentials to use to log in to the WatchGuard account.
- Click OK.
To disable RapidDeploy for your Management Server:
- Select File > RapidDeploy > Management Server Registration.
Or, from the Management Server page, in the RapidDeploy section, select Management Server Registration.
The Register Management Server to RapidDeploy dialog box appears. - Clear the Enable RapidDeploy check box.
- Click OK.
The WatchGuard Account Username is removed from the RapidDeploy section on the Management Server page, and the Management Server can no longer contact the Deployment Center.
Launch the WatchGuard Deployment Center
From WatchGuard System Manager, you can launch the WatchGuard Deployment Center to verify the status of your Management Server registration and complete the RapidDeploy procedure to register and deploy your Fireboxes.
To launch the Deployment Center:
- Open WSM and connect to your Management Server.
- Select File > RapidDeploy > Deployment Center.
Or, from the Management Server page, in the RapidDeploy section, select Deployment Center.
The WatchGuard Deployment Center launches in your default web browser.
Create Device Configuration Templates