Run the Web Setup Wizard

You use the Web Setup Wizard to set up a Firebox with a basic configuration. The Web Setup Wizard automatically configures the Firebox for mixed routing mode. The setup wizard helps you configure basic network and administrative settings and automatically configures security policies and licensed security services with recommended settings.

The default policies and services that the setup wizard configures depend on the version of Fireware installed on the Firebox.

  • In Fireware v11.12 and higher, the Web Setup Wizard creates proxy policies and automatically enables most licensed subscription services with recommended settings.
  • In Fireware v11.11.x and lower, the Web Setup Wizard creates packet filter policies and does not enable licensed subscription services.

For more information about policies and services the Web Setup Wizard configures, see Setup Wizard Default Policies and Settings.

For a video demonstration of the Web Setup Wizard, see the Web Setup Wizard video tutorial (15 minutes).

To use the Web Setup Wizard, you must make a direct network connection to the Firebox and use a web browser to start the wizard. When you connect to the device, it uses DHCP to send a new IP address to your computer.

Before you start the Web Setup Wizard, make sure you:

  • Activate your device on the WatchGuard website
  • Save a copy of your Firebox feature key in a text file on your computer

Connect to Fireware Web UI

  1. Use an Ethernet cable to connect interface 1 of your Firebox to your computer. For a Firebox M5600, connect to interface 32.
  2. Use an Ethernet cable to connect interface 0 to a router or network that provides Internet access. This is the external interface. The external interface automatically uses DHCP to request an IP address on the network it connects to.
  3. Connect the power cord to the Firebox power input and to a power source.
  4. Start the Firebox in factory-default mode. A new Firebox automatically starts in this mode.
    For more information, see Reset a Firebox.
  5. Make sure your computer is configured to accept a DHCP-assigned IP address.

If your computer runs Windows 7:

  • In the Windows Start menu, select Control Panel > Network and Internet > Network and Sharing > Change Adapter Settings > Local Area Connection.
  • Click Properties.
  • Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
  • Make sure Obtain an IP Address Automatically is selected.

For more detailed instructions, see Identify Your Network Settings.

  1. If your browser uses an HTTP proxy server, you must temporarily disable the HTTP proxy setting in your browser.

For more information, see Disable the HTTP Proxy in the Browser.

  1. Open your web browser and go to For a Firebox M5600, go to
    A security certificate notification appears in the browser.
  1. When you see the certificate warning, click Continue. Add an exception if your browser requires it.
    The certificate warning appears because the Firebox uses a certificate signed by the WatchGuard Certificate Authority, which is not in the list of trusted authorities on your browser.

This warning appears each time you connect to the Firebox unless you permanently accept the certificate, or generate and import a certificate for the device to use. For more information, see About Certificates.

  1. Log in with the default administrator account credentials:
    User Nameadmin
    The Web Setup Wizard starts.
  1. Complete the wizard.

The Web Setup Wizard includes the steps to set up the device with a basic configuration. On any wizard page, to see more information about how to complete the current step, click More Information. The exact set of steps that the wizard presents depends on the version of Fireware installed on the Firebox.

If you leave the Web Setup Wizard idle for 15 minutes or more, you must go back to Step 3 and start again.

The Web Setup Wizard helps you to complete these steps:

Select a configuration type

Select whether to create a new configuration or restore a configuration from a saved backup image.

License agreement

Accept the End-User License Agreement.

Restore a Firebox Backup Image

If you selected the option to restore a configuration from a saved backup image, select a backup image file to restore to the Firebox.

Admin credentials are stored in the backup image file. Make sure that you know the admin passphrase at the time the backup image was created before you restore the backup. If you do not know the admin passphrase, you will not be able to log in to the Firebox after the backup image is restored.

The choices are:

  • Import and restore a backup image from a file — Select a backup image file saved on your computer or network, and type the password that was used to encrypt the file.
  • Restore a backup image file saved on the Firebox or USB drive — Select a backup image file that is saved on the Firebox (Fireware 12.2.1 and higher only) or a backup image stored on the USB drive that is connected to the Firebox (Fireware 12.3 and higher only). If you select a backup image stored on the USB drive, type the password that was used to encrypt the file.

Backup images saved on the Firebox appear in the Available backup images list only if you used the CLI command restore factory-default without the all option to reset the Firebox. All other methods used to reset the Firebox automatically delete all backup images saved on the Firebox.

After the backup image restores, the Firebox reboots and the Fireware Web UI Login page appears.

Configure the External Interface

Select and configure the method you want your device to use to set an external IP address. The choices are:

  • DHCP — Type the DHCP identification as supplied by your ISP.
  • PPPoE — Type the PPPoE information as supplied by your ISP.
  • Static — Type the static IP address and gateway IP address, as supplied by your ISP.

For more information about these methods, see Configure an External Interface.

Configure DNS and WINS Servers (Optional)

Configure the Domain DNS and WINS server addresses you want the Firebox to use.

Configure the Trusted Interface

Type the IP address of the trusted interface. (Optional) If you want the Firebox to assign IP addresses to computers that connect to the trusted network, you can enable the DHCP server and assign a range of IP addresses on the same subnet as the interface IP address.

Create passphrases for your device

Set new passphrases for the status (read only) and admin (read/write) built-in user accounts.

Enable remote management (Optional)

Enable remote management if you want to manage this Firebox through the external interface.

Add device information

You can type a device name, location, and contact information to save management information for this device. By default, the device name is set to the model number of your Firebox. We recommend that you choose a unique name that you can use to easily identify this Firebox, especially if you use remote management. The location and contact information are optional.

Set the Time Zone

Select the time zone where the Firebox is located.

Activation: Add the Firebox feature key

The Web Setup Wizard can use one of three methods to apply a feature key to your device:

Automatic Activation — If the Firebox has been previously activated, the wizard automatically retrieves the device feature key from the WatchGuard website when the it starts with factory-default settings. If automatic activation is successful, the wizard does not show a page for the activation step. Automatic activation is not possible for FireboxV or XTMv,

Online Activation — If the Firebox has not yet been activated, you can use Online Activation in the wizard to activate the device in your account on the WatchGuard website. The device then automatically retrieves and applies the feature key to the device. To use Online Activation, your device must have a connection to the Internet.

Manual Activation — If you previously activated your Firebox and have a copy of the feature key on your computer, you can choose to skip online activation, and instead paste the text of the feature key into the wizard.

If the Firebox does not have an Internet connection when you run the wizard, you can also choose to skip activation entirely and apply the feature key later. For more information about how to apply the feature key outside the wizard, see Get a Firebox Feature Key.

Device functionality is limited until you apply a feature key. Without a feature key, the Firebox allows only one user to access the Internet. If the Firebox does not have a feature key, the Web Setup Wizard cannot configure licensed subscription services.

Subscription Services and WebBlocker settings

For a Firebox that uses Fireware v11.12 or higher, the setup wizard shows you a list of licensed services from the feature key. The wizard automatically enables the listed services with recommended settings. For WebBlocker, the wizard recommends content categories to block, and you can change these settings in the wizard.


After you review and apply your configuration settings, the Firebox saves the configuration.

After the Wizard Finishes

After you complete the wizard, the Firebox is set up with a basic configuration that allows outbound TCP, UDP, and ping, traffic, and blocks all unrequested traffic from the external network. It also uses the interface IP addresses and administrative passphrases you specified. The default policies and services enabled by the wizard depend on the version of Fireware the Firebox uses. For details about the default policies and services, see Setup Wizard Default Policies and Settings.

If your Firebox uses Fireware v11.11.x or lower, the Web Setup Wizard does not enable subscription services, even if they are licensed in the feature key. To enable the security services and proxy policies with recommended settings, upgrade the Firebox to Fireware v11.12 or higher, reset it to factory-default settings, and then run the Web Setup Wizard again.

You can log in to Fireware Web UI using the user name admin, and the configuration passphrase you set in the Wizard.

If you change the IP address of the trusted interface, you must change your network settings on your computer to make sure your IP address matches the subnet of the trusted network before you connect to the device. If you use DHCP, use the ipconfig/release and ipconfig/renew commands on your computer to force it to request a new IP address, or restart your computer. If you use static addressing, see Use a Static IP Address.

After you create the basic configuration you can edit the device configuration to further customize the settings.  

If You Have Problems with the Wizard 

If you leave the Web Setup Wizard idle for 15 minutes or more, the wizard times out, and you must use the same steps to log in and start it again.

For other problems with the wizard, it can help to clear the browser cache before you try again. To clear the cache in Internet Explorer select Tools > Internet Options > Delete > History.

See Also

Reset a Firebox

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search