Connect the Firebox for RapidDeploy

For a Firebox to download a configuration file from RapidDeploy, the external interface (interface 0), must have an IP address that it can use to connect to the Internet. You can configure a Firebox external interface to use DHCP or PPPoE to get an IP address, or you can configure a static IP address.


A Firebox that starts with factory-default settings uses DHCP to request an IP address for interface 0. If the Firebox receives an IP address and can connect to WatchGuard, it downloads and applies the RapidDeploy configuration file automatically.

Static or PPPoE

If the remote Firebox cannot use DHCP to get an IP address, you can configure the Firebox to use a static IP address or use PPPoE to get an IP address.

There are two ways to change interface 0 settings for RapidDeploy:

Use the Web Setup Wizard

You can use the Web Setup Wizard to configure network settings for your Firebox to connect and download the RapidDeploy configuration. Interface settings you configure in the Web Setup Wizard override the interface 0 configuration in the RapidDeploy configuration file.

The RapidDeploy option is available in the Web Setup Wizard for Fireboxes that run Fireware v12.5.3 or higher.

For more information, see Run the Web Setup Wizard.

Use a file on a USB drive

You can use a file on a USB drive to configure the device to either use a static IP address or use PPPoE to get an IP address. You can also use the file on the USB drive to specify a different interface number to configure as the external interface. To configure your device to use one of these options, you create a CSV (comma-separated values) file on a USB drive, and then connect the USB drive to the USB port on the device before you power it on.

For more information about how to create the CSV file and save it to the USB drive, see Use a USB Drive to Configure Interface Settings.

Connect and Power On

To use RapidDeploy for a new Firebox, you must connect and power on the device. The steps to connect your device depend on whether or not you created a CSV file to configure the external interface of the device.

If you do not want to use a CSV file to configure the external interface:

  1. Use an Ethernet cable to connect interface 0 on the device to the switch or router that connects to the Internet.
    The Quick Start Guide that ships with the device includes a diagram that shows how to complete this connection.
  2. Power on the Firebox.

If you have saved a CSV file for RapidDeploy on a USB drive:

  1. Connect the USB drive that contains the CSV file to the USB port on the Firebox.
  2. Use the included green Ethernet cable to connect the external interface specified for this device in the CSV file to the switch or router that connects to the Internet.
  3. Connect power to the device and power it on.

To use RapidDeploy to configure a Firebox that has been previously configured, you must reset the device to factory-default settings. The steps to complete this procedure depend on the device model. For more information, see Reset a Firebox.

When a Firebox starts with factory-default settings, it automatically performs these steps:

  1. The Firebox attempts to use DHCP or the CSV file on the USB drive to set the IP address for the external interface. The external interface is always interface 0 unless a different interface number is specified in the CSV file.

If the Firebox cannot use the configuration from the CSV file, the device saves a file that describes the error in the top-level directory on the USB drive. For more information, see Use a USB Drive to Configure Interface Settings.

  1. The Firebox tries to contact WatchGuard to see if a configuration file is available for RapidDeploy. If RapidDeploy is enabled, the device automatically downloads the configuration file, the device feature key, and administrative passphrases.
  2. The Firebox compares the downloaded configuration file version to the version of Fireware OS that is installed on the device.
  • If the configuration file version is higher than 11.4 and is not higher than the version of Fireware OS installed on the device, the device uses the configuration file.
  • If the device cannot use the configuration file, it keeps all factory-default settings, except the status and admin Device Management user account passphrases, which are set to the passphrases specified when RapidDeploy was enabled.

If the Firebox cannot connect to the WatchGuard website (for example, if the device is not assigned a dynamic IP address, or the external interface does not have a connection to the Internet), the device keeps all factory-default settings, including the passphrases.

After you connect the device, you can:

If the Firebox cannot download the RapidDeploy configuration file, you can connect to the Firebox and use the Web Setup Wizard to configure connection settings for RapidDeploy. For more information, see Run the Web Setup Wizard.

Connect other Networks to the Device

After you use RapidDeploy from the WatchGuard website to configure the device at the remote site, use the Ethernet cables to connect the other configured Firebox interfaces to local network devices as required for your network configuration.