Enable TDR on Your Firebox

To detect indicators of threats on your network, the Threat Detection and Response subscription service collects and analyzes forensic data from the Firebox and from hosts on your network. For more information, see About TDR.

Before you can enable Threat Detection and Response on your Firebox, your Firebox must run Fireware v11.12 or higher and must have the Threat Detection and Response subscription service enabled in the feature key. For more information, see:

Get your TDR Account UUID

Before you can enable Threat Detection and Response on a Firebox, you must know your Threat Detection and Response Account UUID.

  1. Log In to the TDR Web UI as an Administrator or Analyst.
  2. Select Devices / Users > Firebox.
    The Account UUID appears at the top of the page.

Screen shot of the Account UUID in the Firebox Configuration page

  1. Copy the Account UUID.
  1. Log in to WatchGuard Cloud with your WatchGuard Cloud credentials.
  2. Select Monitor > Threat Detection.
  3. In the Devices / Users section, select Firebox.
    The Account UUID appears at the top of the page.

Screen shot of the Account UUID in the Firebox Configuration page

  1. Copy the Account UUID.

Enable Threat Detection and Response

To enable Threat Detection and Response on the Firebox, you must add the Account UUID to your Firebox configuration.

  1. Select Subscription Services > Threat Detection.

Screen shot of the Threat Detection & Response page in Fireware Web UI

  1. Select the Enable Threat Detection & Response check box.
  2. In the Account UUID text box, paste your Account UUID.
  3. Click Save.
  4. To see the status of the connection from the Firebox to TDR, select Dashboard > Front Panel.
    The connection status appears in the Servers list.

Screen shot of the Front Panel dashboard with Threat Protection status shown

  1. Select Subscription Services > Threat Detection.

Screen shot of the Threat Detection & Response page in Policy Manager

  1. Select the Enable Threat Detection & Response check box.
  2. In the Account UUID text box, paste your Account UUID.
  3. Click OK.
  4. Save the configuration to the Firebox.
  5. To see the status of the connection from the Firebox to TDR, open Firebox System Manager and select the Status Report tab.

Screen shot of Firebox System Manager Status Report tab, TDR section

For information about how to see the status of the Firebox connection in your TDR account, see See Firebox Status in TDR.

FQDNs for TDR Connections from the Firebox

The Firebox uses one of these FQDNs to connect to TDR:

  • For the Americas account region: tdr-fbla-na.watchguard.com
  • For the Europe account region: tdr-fbla-eu.watchguard.com
  • For the Asia Pacific account region: tdr-fbla-ap.watchguard.com

If your Firebox is behind another firewall, make sure the firewall allows connections from the Firebox to the FQDN for your TDR region on TCP port 4115.

Enable TDR Host Sensor Enforcement

In Fireware v12.5.4 or higher, you can enable Host Sensor Enforcement, which limits mobile VPN connections to devices that meet these requirements:

  • TDR Host Sensor must be running on the host, and the Firebox must be able to communicate with TDR Host Sensor over TCP port 33000.
  • TDR Host Sensor on the host must be associated with a TDR account UUID specified in the Host Sensor Enforcement settings.
  • (Optional) The host has the specified Windows or macOS operating system version, or a later version.

For more information, see About TDR Host Sensor Enforcement.

Quick Start — Set Up TDR