Configure Firewall Policies in WatchGuard Cloud

Applies To: Cloud-managed Fireboxes

This feature is only available to participants in the WatchGuard Cloud Beta program.

Firewall policies control when a cloud-managed Firebox allows or denies connections. The Firebox matches each connection to a policy based on the traffic source, destination, and traffic type.

See Firewall Policies

To see configured Firewall policies, open the Firewall Policies in the Device Configuration.

To see the Firewall policies, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select the cloud-managed Firebox.
  3. Click Device Configuration.
  4. Click the Firewall Policies tile.
    The Firewall Policies page opens.

Screen shot of the Firewall Policies page with the default Outgoing policy

Policies are listed in priority order. For each connection, the Firebox applies the highest priority policy that matches the connection source, destination, and traffic type. For more information about policy priority, see Firewall Policy Priority.

Add a Firewall Policy

To create new rules for specific types of traffic through the Firebox, you can add firewall policies to the Firebox configuration. After you add or update a policy, you must deploy the configuration to the Firebox for your changes to take effect.

For information about best practices for firewall policy configuration, see Firewall Policies Best Practices.

To add a firewall policy, from WatchGuard Cloud:

  1. On the Firewall Policies page, click Add Firewall Policy.
    The Add Firewall Policy page opens.

Screen shot of the Add Firewall Policy page, policy types selection

  1. Select the policy type. For information about policy types, see Firewall Policy Types.
  2. Click Next.
    Settings for the selected policy type open.

Screen shot of the Add Outbound Policy page

  1. In the Name text box, type a name for this policy.
  2. From the Action drop-down list, select the policy action:
    • Allow — Allows traffic that matches the policy settings.
    • Deny — Denies traffic that matches the policy settings.
  3. Configure other policy settings described in these topics:
  4. To save configuration changes to the cloud, click Save.

Edit a Policy

You can update any policy that you added.

You cannot remove or disable System policies. The only System policies you can edit are the WatchGuard Threat Detection and Response and WatchGuard Cloud policies.

To edit a policy, from WatchGuard Cloud:

  1. On the Firebox Device Configuration page, click the Firewall Policies tile.
    The Firewall Policies page opens.
  2. Click the policy name.
  3. Edit the policy settings.
  4. Click Save.
    The change is saved to the Firebox configuration in the cloud,
  5. For the updated policy to take effect on the Firebox, you must deploy the configuration update to the Firebox. For more information, see Manage Firebox Configuration Deployment.

Delete a Policy

To remove a policy from the configuration, you can delete it.

To delete a policy, from WatchGuard Cloud: 

  1. On the Firebox Device Configuration page, click the Firewall Policies tile.
    The Firewall Policies page opens.
  2. In the row for the policy you want to delete, click .
  3. To confirm the deletion, click Delete.
    The policy is deleted from the Firebox configuration in the cloud.
  4. To remove the policy from the Firebox, you must deploy the configuration update to the Firebox. For more information, see Manage Firebox Configuration Deployment.

Disable a policy

You can disable a policy so that it does not apply to traffic through the Firebox.

To disable a policy, from WatchGuard Cloud:

  1. On the Firebox Device Configuration page, click the Firewall Policies tile.
    The Firewall Policies page opens.
  2. Click the policy name.
  3. To disable or enable the policy, click the toggle next to the policy name.
  4. Click Save.
    The policy remains in the Firebox configuration but is disabled.
  5. For the change to take effect on the Firebox, you must deploy the configuration update to the Firebox. For more information, see Manage Firebox Configuration Deployment.

See Also

Firewall Policy Types