Enable TDR on Your Firebox
To detect indicators of threats on your network, the Threat Detection and Response subscription service collects and analyzes forensic data from the Firebox and from hosts on your network. For more information, see About TDR.
Get your TDR Account UUID
Before you can enable Threat Detection and Response on a Firebox, you must know your Threat Detection and Response Account UUID.
To find your Account UUID:
- Log In to the TDR Web UI as an Administrator or Analyst.
- Select Devices > Firebox.
The Account UUID appears at the top of the page.
- Copy the Account UUID.
Enable Threat Detection and Response
To enable Threat Detection and Response on the Firebox, you must add the Account UUID to your Firebox configuration.
- Select Subscription Services > Threat Detection.
- Select the Enable Threat Detection & Response check box.
- In the Account UUID text box, paste your Account UUID.
- Click Save.
- To see the status of the connection from the Firebox to TDR, select Dashboard > Front Panel.
The connection status appears in the Servers list.
- Select Subscription Services > Threat Detection.
- Select the Enable Threat Detection & Response check box.
- In the Account UUID text box, paste your Account UUID.
- Click OK.
- Save the configuration to the Firebox.
- To see the status of the connection from the Firebox to TDR, open Firebox System Manager and select the Status Report tab.
For information about how to see the status of the Firebox connection in your TDR account, see See Firebox Status in TDR.
FQDNs for TDR Connections from the Firebox
The Firebox uses one of these FQDNs to connect to TDR:
- For the Americas account region: tdr-fbla-na.watchguard.com
- For the Europe account region: tdr-fbla-eu.watchguard.com
If your Firebox is behind another firewall, make sure the firewall allows connections from the Firebox to the FQDN for your TDR region on TCP port 4115.