Enable TDR on Your Firebox

To detect indicators of threats on your network, the Threat Detection and Response subscription service collects and analyzes forensic data from the Firebox and from hosts on your network. For more information, see About TDR.

Before you can enable Threat Detection and Response on your Firebox, your Firebox must run Fireware v11.12 or higher and must have the Threat Detection and Response subscription service enabled in the feature key. For more information, see:

Get your TDR Account UUID

Before you can enable Threat Detection and Response on a Firebox, you must know your Threat Detection and Response Account UUID.

To find your Account UUID:

  1. Log In to the TDR Web UI as an Administrator or Analyst.
  2. Select Devices > Firebox.
    The Account UUID appears at the top of the page.

Screen shot of the Account UUID in the Firebox Configuration page

  1. Copy the Account UUID.

Enable Threat Detection and Response

To enable Threat Detection and Response on the Firebox, you must add the Account UUID to your Firebox configuration.

For information about how to see the status of the Firebox connection in your TDR account, see See Firebox Status in TDR.

FQDNs for TDR Connections from the Firebox

The Firebox uses one of these FQDNs to connect to TDR:

  • For the Americas account region: tdr-fbla-na.watchguard.com
  • For the Europe account region: tdr-fbla-eu.watchguard.com
  • For the Asia Pacific account region: tdr-fbla-ap.watchguard.com

If your Firebox is behind another firewall, make sure the firewall allows connections from the Firebox to the FQDN for your TDR region on TCP port 4115.

Quick Start — Set Up TDR