Introduction to FireboxV and XTMv
You can now manage a FireboxV configuration from WatchGuard Cloud. For more information, see Add FireboxV to WatchGuard Cloud (Cloud-Managed).
Models and Licensing
FireboxV and XTMv devices are licensed in several different models, which provide different levels of scalability and performance:
|FireboxV models||XTMv Models|
Small Office Edition
Medium Office Edition
Large Office Edition
When you activate your FireboxV or XTMv device, a feature key is generated. The feature key adds a device serial number and enables the Fireware capabilities for the licensed FireboxV model or XTMv model. The feature key is installed on the FireboxV or XTMv virtual machine during setup.
For a comparison of the features and capabilities of each FireboxV and XTMv model, see the Products section of the WatchGuard web site at www.watchguard.com.
WatchGuard FireboxV system requirements:
- VMware ESXi 6.0, 6.5, 6.7, or 7.0
- Windows Server or Hyper-V Server 2012 R2, 2016, or 2019
- Linux KVM (Supported in Fireware v12.6.2 or higher)
WatchGuard XTMv system requirements:
- VMware ESXi 5.0, 5.1, 5.5, or 6.0
- Windows Server or Hyper-V Server 2012, R2, or 2016
Fireware OS Limitations
FireboxV and XTMv use the same Fireware OS and support the same features and subscription services as other Firebox models, with the exception of a few features that are hardware-dependent.
XTMv devices do not support Fireware v12.2 or higher.
Fireware features not supported on FireboxV and XTMv include:
- Active/active FireCluster in VMware ESXi (FireCluster is not supported at all for Hyper-V or KVM )
- Bridge mode network configuration
- Hardware diagnostics CLI commands
- Automatically save a support snapshot to a USB drive
- Automatically restore a saved backup image from a USB drive
RapidDeploy configuration is not supported on FireboxV and XTMv.
Virtual Switch Configuration
To work correctly, some Fireware networking features require that you configure the virtual switch on your network in promiscuous mode. These features are:
- Drop-in mode network configuration
- Network bridge
- Mobile VPN with SSL, with the Bridged VPN Traffic setting
To use these features in an ESXi environment, configure the vSwitch to operate in promiscuous mode.
Virtual switches in Microsoft Hyper-V do not support promiscuous mode, so these features are not supported in a Hyper-V environment.
To use multiple VLANs on a single interface in an ESXi environment, configure the VSwitch for the VLAN interface to use VLAN ID 4095 (All).
FireCluster vSwitch Configuration
There are additional switch requirements for an active/passive FireCluster in an ESXi environment:
- Configure the vSwitch that connects to the FireCluster management interface to operate in promiscuous mode
- Configure any vSwitch that connects to a FireCluster external interface to accept MAC address changes
For detailed steps to set up two FireboxV or XTMv devices as a FireCluster, see Configure a FireCluster on VMware ESXi