Introduction to Firebox Cloud
About Firebox Cloud
Firebox Cloud brings the proven features and services of the Firebox to the Amazon Web Services (AWS) and Microsoft Azure cloud computing platforms. Firebox Cloud uses the same powerful Fireware OS and most of the same subscription services available on other Firebox models. You can use Firebox Cloud to protect servers deployed on your private cloud, and you can use it as a secure VPN endpoint for connections to resources on your virtual network.
For greater visibility into the status of traffic and security on your virtual network, you can use WatchGuard Dimension to monitor Firebox Cloud. The Firebox Cloud BYOL license also includes a license for WatchGuard Cloud. After you activate a WatchGuard Cloud BYOL license, you can add the Firebox Cloud instance to your WatchGuard Cloud account.
Firebox Cloud is available for AWS and Microsoft Azure cloud computing platforms.
Firebox Cloud Use Cases
You can use Firebox Cloud to protect any virtual network on AWS or Azure. These use cases describe some of the ways you can use Firebox Cloud to add security to your virtual network.
Protect Virtual Servers
To provide protection to one or more virtual servers that are accessible from the Internet, you can install a Firebox Cloud instance. Your instance of Firebox Cloud is then the gateway for inbound connections to your servers from the internet. You configure policies and security services on your instance of Firebox Cloud to control traffic to your virtual servers.
For a summary of how to configure policies and services on Firebox Cloud for inbound connections to a protected web server, go to Use Firebox Cloud to Protect a Web Server.
Branch Office VPN
You can configure your Firebox Cloud as a branch office VPN (BOVPN) gateway endpoint so you can maintain a secure VPN connection between your virtual network resources and other networks protected by a Firebox or compatible VPN gateway endpoint. You can also configure your Firebox Cloud as a BOVPN over TLS Server or Client. Firebox Cloud supports all the same VPN features as other Firebox models.
Mobile VPN Gateway
You can also enable Firebox Cloud to accept VPN connections from SSL, IPSec, IKEv2, and L2TP mobile VPN clients, and configure policies to control user and group access to your protected AWS network resources.
About Microsoft Azure
Microsoft Azure is Microsoft's cloud computing platform that provides data management, compute, networking and performance services at a variable cost based on the resources you use. If you are new to Azure, you must understand the Azure terms and concepts in this section before you deploy Firebox Cloud.
Virtual Network (Vnet)
An Azure Virtual Network is a logically isolated private virtual network environment in the Azure cloud. Firebox Cloud, and the virtual servers it protects, are all virtual machines that you deploy in a Virtual Network.
Virtual Machine Image (VHD)
A VHD file is a virtual hard disk image that contains a VM image. Firebox Cloud is distributed as a VHD file that you can use to deploy one or more Firebox Cloud instances.
Microsoft Azure Storage is a Microsoft-managed cloud service that provides storage. The Firebox Cloud VHD is stored in a container in your Storage Account.
A manageable item available through Azure. For example, a virtual machine, storage account, and virtual machine are each resources.
A group of Azure resources that you manage as a group. When you add a storage account, you specify the resource group it belongs to. Each resource can belong to only one group.
An Azure template is a JSON file that defines the resources and settings required to deploy an application. To deploy Firebox Cloud, you fill out the required settings and specify required resources defined in the Firebox Cloud template.
VM ID (Instance ID)
The VM ID, or instance ID, is a unique identifier associated with an Azure virtual machine instance. For Firebox Cloud you use the instance ID to activate your Firebox Cloud license on the WatchGuard website. The Instance ID is also the default admin passphrase you use to connect to Firebox Cloud to run the setup wizard.
Regions and Availability Zones
Microsoft Azure has several regions around the world. Each region contains several Availability Zones. You must specify the region when you deploy a Firebox Cloud instance.
Amazon Web Services (AWS) is a flexible, on-demand, cloud services platform that provides compute power, networking, database storage, and other services at a variable cost based on the resources you use. If you are new to AWS, you must understand the AWS terms and concepts in this section before you deploy Firebox Cloud.
Amazon Virtual Private Cloud (VPC)
An Amazon VPC is a logically isolated private virtual network environment in the AWS cloud. Firebox Cloud, and the virtual servers it protects, are all virtual machines that you deploy in a VPC.
Amazon Elastic Compute Cloud (EC2)
Amazon EC2 is a virtual server hosting service that provides scalable computing capacity in the AWS cloud
Amazon Machine Image (AMI)
An AMI is a virtual machine template that you use to deploy a virtual server in AWS. Firebox Cloud is delivered as an .AMI file that you use to deploy Firebox Cloud in your AWS VPC.
To launch one or more EC2 instances, you use an .AMI file. Each instance is a copy of the .AMI that runs as a virtual server. When you launch a new instance, you select the instance type, which determines the amount of CPU, storage, and network capabilities assigned to the instance. Firebox Cloud runs as an EC2 instance in your Amazon VPC. Each instance has a unique Instance ID.
Elastic IP Address (EIP)
An Elastic IP address is a static public IP address that you can assign to an EC2 instance. First, you allocate an Elastic IP address to a VPC, and then you associate it with an EC2 instance in the VPC. For Firebox Cloud, you allocate an Elastic IP address for the external interface.
The security group is a virtual firewall that controls which inbound and outbound traffic is allowed to reach the associated instances. In the security group, you define rules that control what traffic to allow. When you launch an instance, you must specify at least one security group.
AWS Regions and Availability Zones
AWS has multiple AWS Regions. Each region contains several Availability Zones. A VPC can contain subnets in different Availability Zones.