Contents

Troubleshoot Firebox Connections to WatchGuard Cloud

When you enable WatchGuard Cloud on a Firebox, the Firebox connects to WatchGuard Cloud to register. Firebox registration happens only once, to associate the Firebox with your WatchGuard Cloud account. After successful registration, the Firebox sends log messages and device status to WatchGuard Cloud.

This topic describes how to troubleshoot issues with Firebox registration and connections to WatchGuard Cloud.

See the Firebox Connection Status

You can see the Firebox connection status in WatchGuard Cloud Device Manager. For more information, see WatchGuard Cloud Device Summary.

Screen shot of the connection status for a Firebox that is not connected

The connection status indicates whether the Firebox is connected to your WatchGuard Cloud account. It can be one of these values:

Never Connected — The Firebox has never connected to WatchGuard Cloud.

Connected — The Firebox is connected to WatchGuard Cloud.

Not Connected — The Firebox is not connected to WatchGuard Cloud.

Inactive — The Firebox is inactive. For more information, see Inactive Devices and Data Retention.

If the device status is not Connected, the Firebox is not connected to WatchGuard Cloud. To troubleshoot the issue you must connect to the Firebox and get more information. For more information, see See WatchGuard Cloud Status on the Firebox.

Troubleshoot Registration Errors

When you enable WatchGuard Cloud, your Firebox connects to WatchGuard Cloud on HTTPS port 443 to register. To register to your WatchGuard Cloud account the Firebox sends the WatchGuard Cloud Verification Code. A problem with the connection or the Verification Code can cause a registration error.

If the Firebox could not register to your WatchGuard Cloud account:

  • WatchGuard Cloud status on the Firebox is Failed Registration.
  • Firebox status in WatchGuard Cloud is Never Connected.

To resolve a Firebox registration failure:

  • Make sure your Firebox can make outbound connections on HTTPS port 443.
  • Make sure the Verification Code on the Firebox matches the code generated in WatchGuard Cloud. Each Verification Code is for a specific Firebox, and expires after 30 days. To make sure that the Verification Code matches, you can regenerate the Verification Code and paste it into the Firebox configuration. For more information, see Regenerate the Firebox Verification Code.

If your Firebox was previously connected to WatchGuard Cloud, and you remove it from your WatchGuard Cloud account, you must upgrade the Firebox to Fireware v12.4.1 or higher before you can add a new Verification Code to the Firebox .

Troubleshoot Connection Errors

After the Firebox is registered, it connects to WatchGuard Cloud to send log messages and device status. The port the Firebox uses to connect to WatchGuard Cloud after registration depends on the Fireware version:

  • In Fireware v12.0.x – v12.2.x it connects on TCP port 8883
  • In Fireware v12.3 or higher it connects on TCP port 443

WatchGuard Cloud connection status appears in the Front Panel in Firebox System Manager and Fireware Web UI.

If the Firebox is registered but cannot connect to WatchGuard Cloud:

  • WatchGuard Cloud status on the Firebox is Connection Failed.
  • Firebox status in WatchGuard Cloud Device Manager is Offline.

If the Firebox connection failed:

See WatchGuard Cloud Status in the Firebox Status Report

You can see information that is useful for troubleshooting in the Status Report on the Firebox.

To see the Firebox Status Report:

  1. Connect to the Firebox with Firebox System Manager.
  2. Select the Status Report tab.
    WatchGuard Cloud status information appears in the WatchGuard Cloud Status section.

Screen shot of the Status Report for a Firebox that is connected to WatchGuard Cloud

WatchGuard Cloud Status for a Firebox that is connected to WatchGuard Cloud with logging enabled

The WatchGuard Cloud Status section includes this information:

registration_status

Indicates whether the Firebox successfully registered with WatchGuard Cloud. It can have one of these values:

  • 0 — Not registered
  • 1 — Registration failed
  • 2 — Registered

enabled

Indicates whether WatchGuard Cloud is enabled on the Firebox. It can have one of these values:

  • 0 — Not enabled
  • 1 — Enabled

connected

Indicates whether the Firebox is connected to WatchGuard Cloud. It can have one of these values:

  • 0 — Not connected
  • 1 — Connected

server

The FQDN and port of the WatchGuard Cloud server.

api_endpoint

The FQDN of the Firebox API endpoint.

logging_enabled

Indicates whether logging is enabled for this device in WatchGuard Cloud. It can have one of these values:

  • 0 — Disabled
  • 1 — Enabled

management_enabled

Indicates whether Firebox management from WatchGuard Cloud is enabled. The value is always 0 (Disabled). Firebox management from WatchGuard Cloud is not yet supported.

See Also

About WatchGuard Cloud

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search