Firebox Feature Comparison — Locally-Managed and Cloud-Managed

Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes

WatchGuard Cloud provides a single user interface where you can monitor and configure all your WatchGuard products and services, and a multi-tier architecture that makes it easy to manage inventory across your accounts.

When you can add a Firebox or FireCluster to WatchGuard Cloud, you can do so as either a locally-managed or cloud-managed device.

Both locally-managed and cloud-managed devices in WatchGuard Cloud can use monitoring and reporting features, perform system actions such as upgrades and reboots, and send incident data to ThreatSync — the difference is where you manage the device configuration and the configuration features that are available.

Cloud-Managed Device

You manage the Firebox configuration in WatchGuard Cloud. For more information, see Manage the Firebox Configuration in WatchGuard Cloud Help.

Cloud-managed Fireboxes are automatically added to WatchGuard Cloud for visibility and reporting, so you can monitor live status and see log messages and reports.

MSPs can create Firebox configuration templates and use them to quickly apply configuration settings to multiple devices across multiple managed accounts.

You can manage authentication domains and certificates at the account level and share them across devices.

Locally-Managed Device

You manage the Firebox configuration in WSM, Fireware Web UI, or the Command Line Interface. For more information, see Fireware Help.

You can add the locally-managed Firebox to WatchGuard Cloud for visibility and reporting.

We strongly recommend that you add all locally-managed Fireboxes to WatchGuard Cloud for visibility and reporting, so you can monitor live status, see log messages and reports, easily upgrade firmware, and benefit from platform features such as ThreatSync.

The Firebox features that you can configure depend on the tool you use to manage your device. To determine whether to use local management or cloud management, review the information in these sections:

For information on how to move a device from local management to cloud management, see Change a Locally-Managed Firebox to Cloud Management.

Firebox Features Supported by Different Management Tools

Several management tools are available to configure your Firebox. However, different management tools support different Firebox features.

This table compares the Firebox features you can configure with different management tools:

Product Feature WatchGuard Cloud
(Cloud-Managed Firebox)		 WatchGuard System Manager Tools
(Locally-Managed Firebox)		 Fireware Web UI
(Locally-Managed Firebox)
Firewall Policy
Port/Protocol and Source/Destination Firewall Rules
Predefined Packet Filter Service List
First Run/Last Run Policies × ×
Traffic Types Combined in One Firewall Policy × ×
Explicit Proxy ×
Scheduled Policies ×
Zero-Touch Deployment/RapidDeploy
Policy Tags and Categories ×
Browser SafeSearch ×
Google for Business ×
YouTube Enforcement Level ×
Safeguarding Reports × ×
Proxy-specific Controls
Header Length and Fields ×
Content Types and Body Content Types ×
Maximum URL Length ×
Range Requests ×
Cookies ×
Web Cache Server ×
Email: Maximum Recipients ×
Email: Maximum Size/Line Length/Header ×
STARTTLS ×
Sender From/To Rules ×
Custom Deny and Warn Pages ×
Logging and Notification
WatchGuard Cloud
Syslog
Dimension
Syslog/Dimension Configuration in Templates ×
SNMP
Netflow ×
TLS Decryption and Inspection
Inspect by URL Category
Manage TLS Exception List
Import Certificate
Enforce TLS Versions ×
Inbound Inspection ×
SSL Offloading ×
PFS Cipher Setting ×
Third-party Integrations & API Support
API for Blocked Sites/IP Address
API for Exceptions
API for Device Information × ×
API for Account Creation × ×
Connectwise
Autotask
Tigerpaw ×
FireCluster Configuration
Active/Passive ×
Active/Active × ×
View Cluster Status
Alerts and Log Messages on Failover
Cluster Diagnostics
Upgrade Cluster Firmware
Multi-Firebox Management
Templates for Firewall Rules ×
Template Inheritance ×
One to Many Mapping ×
Many to One Mapping ×
Firmware Upgrades ×
Alias in Templates ×
Role-based Access Control ×
Networking
Static NAT
Dynamic NAT
1-to-1 NAT ×
DHCP Server and Options
DNS Settings for DHCP
Dynamic DNS
IPv6
Integrated Wi-Fi Configuration on Wireless Firebox Models
Gateway Wireless Controller (GWC) ×
Use Wireless as External Interface on -W Models ×
Rogue Access Point Detection ×
Hotspot/Guest Access ×
Dynamic Routing ×
Link Aggregation ×
Multi-WAN
SD-WAN
Dynamic Path - Jitter, Packet Loss, Latency
Link Monitoring - Ping, DNS, TCP
Failback - Immediate, Gradual, No Failback
Load Sharing (Round-Robin)
Traffic Management
Guarantee/Restrict Bandwidth
Apply to All Policies, Per Policy, Per IP Address
Forward / Reverse
Apply to Applications and Application Categories
QoS
QoS Marking
Traffic Priority
Quotas ×
Mobile VPN
Mobile VPN with IKEv2
Mobile VPN with SSL
Custom Networks for Mobile VPN with SSL ×
Mobile VPN with L2TP ×
Mobile VPN with IPSec ×
Network Access Enforcement (Endpoint)
Branch Office VPN
Firebox to Firebox - IKEv2 Routed
Firebox to Third-Party - IKEv2 Routed
BOVPN Over SSL ×
Firebox to Third-Party - IPSec ×
Policy-Based VPNs ×
DF Bit and MTU per VPN
Multiple External Interfaces for BOVPNs to Third-Party Endpoints ×
Domain User as Endpoint ID for BOVPNs to Third-Party Endpoints ×
1-to-1 NAT through BOVPN
Security Services
Blocked Ports
Blocked Sites
Manage Auto-Blocked Ports ×
Manage Auto-Blocked Sites ×
Intrusion Prevention Service (IPS)
- IPS Signature Exceptions
- Signature Updates through Proxy Server ×
Application Control
WebBlocker
- URL Filtering by Policy
- Alarm by Category
- Warn
- On-Premises WebBlocker Server ×
- Password Override ×
spamBlocker
Gateway AntiVirus
Geolocation
Botnet Protection
APT Blocker
- Select Server Region ×
DNSWatch
IntelligentAV
Visibility in WatchGuard Cloud
Network Discovery × ×
Access Portal ×
Data Loss Prevention ×
EDR Core
ThreatSync
Default Threat Protection
Default Packet Handling
Authentication
Firebox Database
RADIUS
Active Directory
Authentication Domains × ×
SSO
AuthPoint Integration (no RADIUS)
Terminal Services ×
General Settings
NTP Servers
Device Feedback
Fault Reports
Certificate Management
Proxy Authority Certificates
VPN Certificates
Certificate Signing Requests
Web Server Certificates
Troubleshooting Tools
Interface Status
Ping
TCP Dump
nslookup
Download Support.TGZ File

For information on the Firebox security features available with a Standard Support, Basic Security Suite, or Total Security Suite license, go to Security Services on WatchGuard.com.

WatchGuard Cloud Features Supported by Fireboxes

You can add both locally-managed and cloud-managed devices to WatchGuard Cloud.

This table shows the WatchGuard Cloud features supported by locally-managed and cloud-managed Fireboxes that you add to WatchGuard Cloud:

WatchGuard Cloud Features Cloud-Managed Locally-Managed
Manage Firebox configuration settings, such as policies, security services, VPNs, and more. ×
Manage FireCluster configurations ×
Initiate FireCluster system actions (upgrade firmware, reboot, and failover)
Configure shared device settings in templates ×
Schedule and deploy changes to device settings ×
Revert to a previously deployed configuration ×
Monitor live status (network status, routes, VPNs, users, FireCluster, etc.)
View log messages and reports
Upgrade firmware
Manage Firebox backups ×
Reboot the Firebox
Send incident data to ThreatSync

Related Topics

About WatchGuard Cloud

Features and Benefits of Firebox Management in WatchGuard Cloud (KB article)

Get Started — Add a Device to WatchGuard Cloud

Change a Locally-Managed Firebox to Cloud Management

Upgrade Firmware in WatchGuard Cloud

Reboot a Firebox

Manage Firebox Backup Images in WatchGuard Cloud

Live Status Reporting for Fireboxes and FireClusters

About Firebox Security Services Settings

About FireCluster in WatchGuard Cloud