Add a FireCluster to WatchGuard Cloud

Applies To: Locally-managed Fireboxes

To enable WatchGuard Cloud on a FireCluster, you add both Fireboxes to your WatchGuard Cloud account as a cluster.

Before You Begin

Make sure the FireCluster has a license for Total Security Suite or Basic Security Suite.

  • For an active/active cluster, both members must have a license
  • For an active/passive cluster, only one member must have a license

For detailed information about FireCluster licenses, see About Feature Keys and FireCluster.

Fireboxes activated by a Service Provider appear in the Service Provider inventory in WatchGuard Cloud. Before you can add a Firebox or FireCluster to WatchGuard Cloud you must allocate the device to the Subscriber account. For more information, see Allocate Fireboxes.

Make sure your FireCluster runs Fireware v12.4 or higher. If necessary, upgrade your FireCluster before you add it to WatchGuard Cloud.

For an active/passive FireCluster, make sure that you know the device serial numbers. To add the second member of an active/passive FireCluster, you must specify the serial number of the second member.

Make sure you have administrative access to the FireCluster. To enable WatchGuard Cloud on the FireCluster you must copy a Verification Code from your WatchGuard Cloud account and use Policy Manager or Fireware Web UI to paste it into the configuration of the FireCluster.

Add a FireCluster

To add a FireCluster to WatchGuard Cloud:

  1. Log in to your WatchGuard Cloud Subscriber account.
  2. Click Add Device.
    A list of activated devices appears.

Screen shot of the Add Device page

  1. Click Add FireCluster.

Screen shot of the Add Devices page with no FireCluster member selected

  1. Select the Name of the first cluster member from the list.

Screen shot of the Add Device page with one FireCluster member added

  1. Specify the second cluster member.
    • For an active/active FireCluster, select the second member from the list.
    • For an active/passive FireCluster, type the serial number of the second member.

For an active/passive FireCluster, the second device does not appear in the list of devices to add because it does not have its own license for Total Security Suite or Basic Security Suite.

Screen shot of the Add Devices page with both cluster members selected

  1. Click Add FireCluster.
    The Verification Code page opens.

Screen shot of the Add Verification Code page for a FireCluster

  1. To copy the Verification Code, click Copy Code.
  2. Open the FireCluster configuration in Policy Manager or Fireware Web UI and paste the Verification Code to enable WatchGuard Cloud. For more information, see Enable WatchGuard Cloud on the FireCluster.
  3. Click Done.
    The FireCluster is added to the list of devices.

Enable WatchGuard Cloud on the FireCluster

To connect a locally managed Firebox or FireCluster to WatchGuard Cloud, you must open the Firebox configuration in Policy Manager or Fireware Web UI and enable WatchGuard Cloud.

  1. Open the device configuration in Fireware Web UI.
  2. Select System > WatchGuard Cloud.
  3. Select the Enable WatchGuard Cloud check box.
    If your Firebox requires a Verification Code to register with WatchGuard Cloud, the Verification Code text box appears.

Screen shot of the WatchGuard Cloud configuration in Fireware Web UI

  1. If required, in the Verification Code text box, paste the Verification Code you copied from WatchGuard Cloud.

In Fireware v12.5.3 and higher, the Verification Code is required only for Firebox T10, T30, T50, T70, M200, M300, M400, M500, M440, M4600, and M5600, and for any active/passive FireCluster. If the Firebox does not require a Verification Code to register, the Verification Code text box does not appear and you do not have to paste the code.

  1. Click Save.
    The Firebox connects to WatchGuard Cloud to register. After successful registration, the WatchGuard Cloud Registration Status updates to Registered.

Screen shot of the WatchGuard Cloud configuration page after successful registration

  1. Open the device configuration in Policy Manager.
  2. Select Setup > WatchGuard Cloud.
  3. Select the Enable WatchGuard Cloud check box.

Screen shot of the WatchGuard Cloud configuration dialog box in Policy Manager

  1. Click OK.
  2. Select File > Save > To Firebox.
  3. Type the Administrator Passphrase.
    If the Firebox requires a Verification Code to register with WatchGuard Cloud, the Register Firebox dialog box opens.

Screen shot of the Register Firebox dialog box in Policy Manager

  1. If required, in the Verification Code text box, paste the Verification Code you copied from WatchGuard Cloud.

In Fireware v12.5.3 and higher, the Verification Code is required only for Firebox T10, T30, T50, T70, M200, M300, M400, M500, M440, M4600, and M5600, or for any active/passive FireCluster. If the Firebox does not require a Verification Code to register, the Register Firebox dialog box does not appear and you do not have to paste the code.

  1. Click OK.

Verify the FireCluster Connection to WatchGuard Cloud

After you enable WatchGuard Cloud on a Firebox, verify the FireCluster status in WatchGuard Cloud.

To see device connection status from WatchGuard Cloud:

  1. Log in to your WatchGuard Cloud Subscriber account.
  2. Select Monitor > Devices.
  3. Select the FireCluster.
    The Device Summary shows the connection status of both cluster members.

Screen shot of device status for an active/passive FireCluster

The expected status of cluster members depends on the cluster type:

Active/Passive FireCluster

Only the cluster master connects to WatchGuard Cloud. The status of the cluster master is Connected. The status of the backup master is Never Connected or Not Connected.

Active/Active FireCluster

Both cluster members connect to WatchGuard Cloud. The status of both members is Connected. To determine which Firebox serial number corresponds to the cluster master or backup master, connect to Fireware Web UI and select System Status > FireCluster. Or, in WatchGuard System Manager, connect to the cluster and expand the Cluster section.

The member number indicates the order in which you added the Fireboxes to WatchGuard Cloud. Member1 is the first Firebox added to WatchGuard Cloud. Member2 is the second Firebox added to WatchGuard Cloud.

You can also connect to Fireware OS on your locally-managed FireCluster to verify the connection to WatchGuard Cloud. For more information, see WatchGuard Cloud Status on the Firebox.

View FireCluster Status Information

After your FireCluster connects to WatchGuard Cloud, you can view different types of information about the cluster:

Manage a FireCluster

For information about how to upgrade, reboot, or fail over a locally-managed FireCluster in WatchGuard Cloud, see:

See Also

About FireCluster in WatchGuard Cloud

Manage FireCluster Logging in WatchGuard Cloud

Remove a FireCluster from WatchGuard Cloud

Troubleshoot Firebox Connections to WatchGuard Cloud