Enable TDR on Your Firebox

To detect indicators of threats on your network, the Threat Detection and Response subscription service collects and analyzes forensic data from the Firebox and from hosts on your network. For more information, see About TDR.

Before you can enable Threat Detection and Response on your Firebox, your Firebox must run Fireware v11.12 or higher and must have the Threat Detection and Response subscription service enabled in the feature key. For more information, see:

Get your TDR Account UUID

Before you can enable Threat Detection and Response on a Firebox, you must know your Threat Detection and Response Account UUID.

Enable Threat Detection and Response

To enable Threat Detection and Response on the Firebox, you must add the Account UUID to your Firebox configuration.

For information about how to see the status of the Firebox connection in your TDR account, see See Firebox Status in TDR.

FQDNs for TDR Connections from the Firebox

The Firebox uses one of these FQDNs to connect to TDR:

  • For the Americas account region: tdr-fbla-na.watchguard.com
  • For the Europe account region: tdr-fbla-eu.watchguard.com
  • For the Asia Pacific account region: tdr-fbla-ap.watchguard.com

If your Firebox is behind another firewall, make sure the firewall allows connections from the Firebox to the FQDN for your TDR region on TCP port 4115.

Enable TDR Host Sensor Enforcement

In Fireware v12.5.4 or higher, you can enable Host Sensor Enforcement, which limits mobile VPN connections to devices that meet these requirements:

  • TDR Host Sensor must be running on the host, and the Firebox must be able to communicate with TDR Host Sensor over TCP port 33000.
  • TDR Host Sensor on the host must be associated with a TDR account UUID specified in the Host Sensor Enforcement settings.
  • (Optional) The host has the specified Windows or macOS operating system version, or a later version.

For more information, see About TDR Host Sensor Enforcement.

Quick Start — Set Up TDR