Enable TDR on Your Firebox
To detect indicators of threats on your network, the Threat Detection and Response subscription service collects and analyzes forensic data from the Firebox and from hosts on your network. For more information, see About TDR.
Get your TDR Account UUID
Before you can enable Threat Detection and Response on a Firebox, you must know your Threat Detection and Response Account UUID.

- Log In to the TDR Web UI as an Administrator or Analyst.
- Select Devices / Users > Firebox.
The Account UUID appears at the top of the page.
- Copy the Account UUID.

- Log In to TDR in WatchGuard Cloud.
- Select Monitor > Threat Detection.
- In the Devices / Users section, select Firebox.
The Account UUID appears at the top of the page.
- Copy the Account UUID.
Enable Threat Detection and Response
To enable Threat Detection and Response on the Firebox, you must add the Account UUID to your Firebox configuration.

- Select Subscription Services > Threat Detection.
- Select the Enable Threat Detection & Response check box.
- In the Account UUID text box, paste your Account UUID.
- Click Save.
- To see the status of the connection from the Firebox to TDR, select Dashboard > Front Panel.
The connection status appears in the Servers list.

- Select Subscription Services > Threat Detection.
- Select the Enable Threat Detection & Response check box.
- In the Account UUID text box, paste your Account UUID.
- Click OK.
- Save the configuration to the Firebox.
- To see the status of the connection from the Firebox to TDR, open Firebox System Manager and select the Status Report tab.
For information about how to see the status of the Firebox connection in your TDR account, see See Firebox Status in TDR.
FQDNs for TDR Connections from the Firebox
The Firebox uses one of these FQDNs to connect to TDR:
- For the Americas account region: tdr-fbla-na.watchguard.com
- For the Europe account region: tdr-fbla-eu.watchguard.com
- For the Asia Pacific account region: tdr-fbla-ap.watchguard.com
If your Firebox is behind another firewall, make sure the firewall allows connections from the Firebox to the FQDN for your TDR region on TCP port 4115.
Enable TDR Host Sensor Enforcement
In Fireware v12.5.4 or higher, you can enable Host Sensor Enforcement, which limits mobile VPN connections to devices that meet these requirements:
- TDR Host Sensor must be running on the host, and the Firebox must be able to communicate with TDR Host Sensor over TCP port 33000.
- TDR Host Sensor on the host must be associated with a TDR account UUID specified in the Host Sensor Enforcement settings.
- (Optional) The host has the specified Windows or macOS operating system version, or a later version.
For more information, see About TDR Host Sensor Enforcement.