Contents

Configure a Firewall Policy for TDR Traffic

When you enable TDR on your Firebox, the Firebox configuration must include a policy to allow the Host Sensors on your network to connect to your TDR account.

About the WG-TDR-Host-Sensor Policy Template

When you enable Threat Detection and Response in Fireware v11.12.1 and higher, the WatchGuard Threat Detection and Response policy is automatically added to the configuration. This policy uses the WG-TDR-Host-Sensor packet filter policy template which allows TCP traffic on port 443 from the alias Any-Trusted to the FQDNs for both TDR regions. To allow traffic from Host Sensors on the Optional networks, you can edit this policy to add the alias Any-Optional or add a specific interface name to the From list.

If your Firebox runs Fireware v11.12 or lower, when you enable TDR from Policy Manager or Fireware Web UI, you must manually add a policy that allows connections from your network to the FQDN for your TDR account.

Manually Add a Policy to Allow Host Sensor Traffic

If your Firebox runs Fireware v11.12.1 or higher, to allow Host Sensor connections from the trusted network, add the WG-TDR-Host-Sensor packet filter policy to your configuration. This policy is automatically added when you enable TDR on the Firebox.

If your Firebox runs Fireware v11.12, manually add an HTTPS packet filter policy with these settings:

  • Connections are — Allowed
  • From — Any-Trusted, Any-Optional (or the location where your Host Sensors are installed)
  • To — FQDNs tdr-hsc-na.watchguard.com and tdr-hsc-eu.watchguard.com

If you want to allow connections only to the FQDN for your TDR account, you can find the FQDN in the TDR web UI, and add it to the packet filter policy.

Add FQDNs for TDR Sandbox Analysis, AD Helper, and Research Data

It might be necessary to add other FQDNs as destinations in the WG-TDR-Host-Sensor or other HTTPS packet filter policy to allow Host Sensors and AD Helper to connect to the TDR cloud.

You must add these FQDNs only if your Firebox has an HTTPS proxy policy with these certificate validation options enabled in the content inspection settings:

  • Use OCSP to validate certificates
  • If a certificate cannot be validated, the certificate is considered invalid

In Fireware 12.4 and later, these FQDNs are automatically added as destinations in the WG-TDR-Host-Sensor policy that is created when you enable TDR.

To allow TDR Host Sensors to execute the Sandbox File action, add these FQDNs as destinations in the WG-TDR-Host-Sensor policy:

tdr-frontline-na.watchguard.com

tdr-frontline-eu.watchguard.com

To allow AD Helper to connect to the TDR cloud, add these FQDNs as destinations in the WG-TDR-Host-Sensor policy:

tdr-adhh-na.watchguard.com

tdr-adhh-eu.watchguard.com

To allow TDR Host Sensors to send data that is used by WatchGuard for research, add this FQDN as a destination in the WG-TDR-Host-Sensor policy:

tdr-rdp-na.watchguard.com

Enable Proxy Policies and Services

For TDR to effectively correlate network events with Host Sensor events, we recommend that you also enable proxy policies and services on the Firebox. For more information, see Configure Proxy Policies for TDR.

See Also

About TDR Account Regions

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search