Run the WSM Quick Setup Wizard

The Quick Setup Wizard runs as a Windows application to set up a Firebox with a basic configuration. The setup wizard helps you configure basic network and administrative settings and automatically configures security policies and licensed security services with recommended settings.

For more information about policies and services the Quick Setup Wizard configures, go to Setup Wizard Default Policies and Settings.

When you run the Quick Setup Wizard you can get help on most steps from within the setup wizard. For more information about specific steps, go to Related Topics Link IconQuick Setup Wizard Help Topics

Before You Begin

Before you start the Quick Setup Wizard, make sure you:

  • Activate your Firebox on the WatchGuard website and get the feature key.
  • Download the latest WSM and Fireware installation files from the WatchGuard website ( to your management computer.
  • Install WSM and Fireware software on your management computer.
  • Configure the management computer with a static IP address on the same network as the trusted interface of your device. Or, configure the management computer to accept an IP address assigned with DHCP.

For a Firebox M5600 or M5800, make sure that an interface module is installed in slot A when you start the Firebox with factory-default settings. For more information, go to About Modular Interfaces.

Start the Quick Setup Wizard

  1. Use an Ethernet cable to connect interface 1 of your Firebox to your computer, or connect to the management interface.
    • For a Firebox M5600 or M5800, connect your computer to the management interface, interface 32.
    • For a Firebox M4800, connect your computer to the management interface, interface 24.

For wireless Firebox models that run Fireware v12.5.3 or higher, you can use Wi-Fi to connect to the Firebox for setup. Use these default Wi-Fi settings:

  • SSID — Firebox model name and the last three octets of the wireless MAC address
    (for example: T35-W-A1:B2:C3)
  • Password — Firebox serial number, including the dash. The Wi-Fi password is case-sensitive.

If your Firebox ships with Wi-Fi enabled, the default Wi-Fi settings are on an attached sticker. To make a Wi-Fi connection, scan the QR code or use the printed SSID and Wi-Fi key.

  1. From the Windows Start Menu, select All Programs > WatchGuard System Manager > Quick Setup Wizard.
    Or, from WatchGuard System Manager, select Tools > Quick Setup Wizard.
    The Quick Setup Wizard starts.
  2. Complete the setup wizard steps to set up your Firebox with a basic configuration. The steps include:

Identify and discover your device

Follow the instructions for the Quick Setup Wizard to discover your Firebox. The wizard uses UDP multicast to find the connected Firebox. You might need to select your Firebox model or reconnect the Ethernet cable. After the wizard discovers the Firebox, you give it a name that identifies this device in WatchGuard System Manager, log files, and reports.

Select a setup procedure

Select whether you want to install Fireware and create a new configuration, or if you want to only create a new configuration for your Firebox.

Configure the external interface

You can configure the external interface with a static IP address, or you can configure it to use an IP address assigned with DHCP or PPPoE. You must also add an IP address for the default gateway of the Firebox. This is the IP address of your gateway router.

Configure the internal interfaces

Select the IP addresses to use for the trusted and optional interfaces.

If you configure the external interface with a static IP address, you can select the option to use the same IP address for the trusted interface. This configures the Firebox in drop-in mode.

For more information about drop-in mode, go to Drop-In Mode.

In Fireware v12.10.2 or higher, the Quick Setup Wizard enables DHCP server on internal interfaces by default.

Enable the wireless access point (wireless models only)

For wireless Firebox models, you can enable the built-in wireless access point to enable Wi-Fi access to the trusted network. You set the SSID and passphrase for Wi-Fi connections to the trusted network. The Wi-Fi passphrase must be at least eight characters long. The wizard configures a network bridge between the wireless access point and the trusted interface.

Wireless configuration in the Quick Setup Wizard is supported in WatchGuard System Manager v12.5.3 and higher.

Add a feature key

If the Firebox could not connect to WatchGuard to automatically download a feature key, you can add it in the wizard. Follow the instructions to download the feature key from the WatchGuard website, or browse to the location of the feature key file you previously downloaded. If you do not provide a feature key, the setup wizard cannot enable licensed subscription services.

WARNING: Device functionality is limited until you apply a feature key. Without a feature key, the Firebox allows only one user to access the Internet. If the Firebox does not have a feature key, the Quick Setup Wizard cannot configure licensed subscription services.

Configure subscription services

The setup wizard shows you a list of licensed services from the feature key. The wizard automatically enables the listed services with recommended settings. For WebBlocker, the wizard recommends content categories to block, and you can change these settings in the setup wizard.

Configure Log Server (Optional)

Configure the Firebox to send log messages to the WatchGuard Log Server.

Configure Management Server settings (Optional)

Configure the Firebox to communicate with a WatchGuard Management Server.

Enable remote management (Optional)

Enable remote management if you want to manage this Firebox through the external interface.

If you select the option to enable Remote Management of your Firebox, make sure that you read and follow the guidelines in the Remote Management Best Practices Knowledge Base article.

Create Firebox passphrases

Set new passphrases for the status (read-only) and admin (read/write) built-in user accounts. Both passphrases must be at least eight characters long, and they must be different from each other.

Caution: To keep your device secure, make sure you do not use the default passphrases for the admin account (readwrite) and status account (readonly). We recommend you specify unique passphrases for each Firebox you manage and change them frequently.

  1. Click Finish to close the setup wizard.
    The setup wizard saves the basic configuration to the Firebox and to a local configuration file.

After the Setup Wizard Finishes

After you use the setup wizard, your Firebox:

  • Allows outbound FTP, Ping, DNS, TCP, and UDP connections.
  • Blocks all unrequested traffic from the external network.
  • Monitors connections for outgoing FTP, HTTP, and HTTPS traffic.
  • Uses licensed security services to protect the internal network.

For details about the default policies and services, go to Setup Wizard Default Policies and Settings.

The Firebox uses the interface IP addresses and administrative passphrases you specified. If you enable wireless, the setup wizard configures a trusted network bridge. The bridge uses the trusted network settings you configured in the setup wizard.

WARNING: If you disable the default trusted bridge, you lose your connection to the Firebox. Before you disable the trusted bridge, configure another trusted network interface that you can connect to.

After you create the basic configuration you can edit the device configuration to further customize the settings.