Introduction to FireboxV and XTMv

FirewareV and XTMv are Firebox models designed to run in the VMware ESXI or Microsoft Hyper-V environment. FireboxV can also run in the Linux KVM environment. These models use the same Fireware OS and management software as other Fireboxes. You can use WatchGuard System Manager, Fireware Web UI, and the Command Line Interface (CLI) to manage a FireboxV or XTMv virtual machine just as you manage any other Firebox.

You can now manage a FireboxV configuration from WatchGuard Cloud. For more information, see Add FireboxV to WatchGuard Cloud (Cloud-Managed).

Models and Licensing

FireboxV and XTMv devices are licensed in several different models, which provide different levels of scalability and performance:

FireboxV models XTMv Models




Extra Large

Small Office Edition

Medium Office Edition

Large Office Edition

Datacenter Edition

When you activate your FireboxV or XTMv device, a feature key is generated. The feature key adds a device serial number and enables the Fireware capabilities for the licensed FireboxV model or XTMv model. The feature key is installed on the FireboxV or XTMv virtual machine during setup.

For a comparison of the features and capabilities of each FireboxV and XTMv model, see the Products section of the WatchGuard web site at

Hypervisor Compatibility

WatchGuard FireboxV system requirements:

  • VMware ESXi 6.0, 6.5, 6.7, or 7.0
  • Windows Server or Hyper-V Server 2012 R2, 2016, or 2019
  • Linux KVM (Supported in Fireware v12.6.2 or higher)

WatchGuard XTMv system requirements:

  • VMware ESXi 5.0, 5.1, 5.5, or 6.0
  • Windows Server or Hyper-V Server 2012, R2, or 2016

Fireware OS Limitations

FireboxV and XTMv use the same Fireware OS and support the same features and subscription services as other Firebox models, with the exception of a few features that are hardware-dependent.

XTMv devices do not support Fireware v12.2 or higher.

Fireware features not supported on FireboxV and XTMv include:

  • Active/active FireCluster in VMware ESXi (FireCluster is not supported at all for Hyper-V or KVM )
  • Bridge mode network configuration
  • Hardware diagnostics CLI commands
  • Automatically save a support snapshot to a USB drive
  • Automatically restore a saved backup image from a USB drive

RapidDeploy configuration is not supported on FireboxV and XTMv.

Virtual Switch Configuration

To work correctly, some Fireware networking features require that you configure the virtual switch on your network in promiscuous mode. These features are: 

  • Drop-in mode network configuration
  • Network bridge
  • Mobile VPN with SSL, with the Bridged VPN Traffic setting

To use these features in an ESXi environment, configure the vSwitch to operate in promiscuous mode.

Virtual switches in Microsoft Hyper-V do not support promiscuous mode, so these features are not supported in a Hyper-V environment.

To use multiple VLANs on a single interface in an ESXi environment, configure the VSwitch for the VLAN interface to use VLAN ID 4095 (All).

FireCluster vSwitch Configuration

There are additional switch requirements for an active/passive FireCluster in an ESXi environment:

  • Configure the vSwitch that connects to the FireCluster management interface to operate in promiscuous mode
  • Configure any vSwitch that connects to a FireCluster external interface to accept MAC address changes

For detailed steps to set up two FireboxV or XTMv devices as a FireCluster, see Configure a FireCluster on VMware ESXi