Default Firewall Policies

Applies To: Cloud-managed Fireboxes

This feature is only available to participants in the WatchGuard Cloud Beta program.

For a cloud-managed Firebox, default Core policies allow outbound connections from internal and guest networks to external networks.

Screen shot of default policies on a Firebox with a guest network

When you add a cloud-managed Firebox to WatchGuard Cloud, two default Core policies are automatically added to the configuration.

Outgoing

This Outbound policy allows connections from internal networks to external networks and also enables all security services.

Default policy settings:

  • Source — Any-Internal (a built-in alias for all internal networks)
  • Traffic Types — Web, FTP, All TCP and UDP, Ping
  • Decrypt HTTPS Traffic — Disabled
  • Destination — Any-External (a built-in alias for all external networks)
  • Security Services — All security services are enabled

Guest

This Outbound policy allows connections from the guest network to external networks and also enables all security services. The Guest policy does not allow users on the guest network to connect to internal networks.

Default policy settings:

  • Source — Guest  network
  • Traffic Types — Web, FTP, All TCP and UDP, Ping
  • Decrypt HTTPS Traffic — Disabled
  • Destination — Any-External (a built-in alias for all external networks)
  • Security Services — All security services are enabled

You can edit these policies or create your own. For best practices, see Firewall Policies Best Practices.

The Firebox also has System policies, which are not editable, and are hidden by default. For more information, see System Firewall Policies.

See Also

Configure Firewall Policies in WatchGuard Cloud

Configure Firebox Aliases

Firewall Policy Types