From WatchGuard Server Center, you can add or remove a license key, configure device monitoring settings, specify log level and log audit settings, and manage the TLS settings for your WatchGuard Management Server.
- In the Servers tree, select Management Server.
- Select the Server Settings tab.
The Server Settings page appears.
- Configure settings for your Management Server, as described in the next sections.
- Click Apply to save your changes.
Add or Remove a Management Server License
To add a Management Server license:
- In the License Keys text box, type or paste the Management Server license key.
- Click Add.
The license key appears in the License Keys list.
To remove a Management Server license key:
- In the License Keys list, select the license key to remove.
- Click Remove.
For more information on Management Server license keys, go to Find Your Management Server License Key.
Configure Device Monitoring Settings
You can configure the Management Server to monitor the connection status of your managed devices, send a notification message when a managed device is out of contact with the server, and select whether to send an email notification when the configuration file for a managed device is updated.
Enable device health monitoring
Select this check box to enable the Management Server to monitor the connection status of your managed devices.
In the Launch factor text box, type the number of times a device can fail to contact the server before a notification message is sent.
Send an email notification when a device does not contact the server
Select this check box to enable the Management Server to send a notification message when a managed device is out of contact with the Management Server for the specified launch factor interval.
Send an email notification when a device configuration file is changed.
Select this check box to enable the Management Server to send a notification message when the configuration file for a fully managed device is updated.
Send an email notification when a device with a dynamic IP address contacts the server with a new IP address
Select this check box to enable the Management Server to send a notification message when a managed device with a dynamic IP address contacts the Management Server for the first time after the IP address of the device changes.
For information about how to specify where notification messages are sent, go to Configure Logging Settings for Your WatchGuard Servers.
The WatchGuard Management Server currently only supports sending logs to Dimension.
Control Configuration Change Settings
You can set several global configuration parameters to control the log messages sent from the Management Server to a log server (Dimension), and control which versions of TLS are used for management connections.
Set the log level for Management Server log messages to Debug
Select this check box to set the diagnostic log level to Debug for all log messages from the Management Server.
To configure additional logging settings for the Management Server, select the Logging tab. For more information, go to Configure Logging Settings for the Management Server.
Log audit information at startup
Select this check box if you want the Management Server to collect log information on managed devices, VPN resources, VPN firewall policy templates, security templates or Device Configuration Templates, and managed VPN tunnels when they start up. You must select this check box to get accurate information in Report Manager for managed Fireboxes.
Disable TLS 1.0 (Fireware 12.9 and lower)
Select this check box to make sure your Management Server does not accept connections from your Fireboxes that use the TLS v1.0 protocol.
Your Management Server can use TLS v1.0, v1.1, or v1.2 for connections from your Fireboxes. If your Management Server does not manage Fireboxes that use the TLS v1.0 protocol, you can disable TLS v1.0 in your Management Server settings. Fireboxes that run Fireware v11.8 or higher do not use the TLS v1.0 protocol. If you change the TLS setting on your Management Server, you must restart your Management Server.
In Fireware v12.10 and higher, Fireboxes use TLS v1.3 to connect to the Management Server by default. TLS v1.2 is also supported.
Configure Settings for the Management Server
Configure Logging Settings for the Management Server
Configure the Certificate Authority on the Management Server
Configure Active Directory Authentication for the Management Server