After you enable RapidDeploy, the Product Details page on the WatchGuard website shows whether the Firebox requested the configuration file for RapidDeploy. You can use the information in the status message to get more information if you have any issues with RapidDeploy. The status message appears at the bottom of the RapidDeploy section.
Status messages can include:
The device has not yet contacted WatchGuard to request this configuration file.
This message indicates that the WatchGuard server has not received a request for the file from the Firebox.
This message indicates the time that the Firebox contacted WatchGuard to request the file. WatchGuard does not verify that the Firebox successfully downloaded and installed the file.
For RapidDeploy QuickStart or an uploaded RapidDeploy file, the status message shows the version of Fireware OS installed on the Firebox, and the version of Fireware OS the configuration file was created for.
For RapidDeploy from a Management Server, the status message shows the version of Fireware OS installed on the Firebox.
Troubleshoot Configuration File Retrieval
If the status message indicates that the Firebox has not yet contacted WatchGuard to request the configuration file, and you have already followed the instructions in Connect the Firebox for RapidDeploy, make sure the external interface of the Firebox is connected to a network device with Internet access. If your Firebox uses DHCP to get an IP address for interface 0, verify that the network your Firebox connects to has a DHCP server.
Then, try again:
- Connect Interface 0 to a network with Internet access and a DHCP server.
A local DHCP server is not required if you use a CSV file on the USB drive to configure Interface 0.
- Restart the Firebox with factory-default settings:
- For a new Firebox, power off and then power on the Firebox.
- For a previously configured Firebox, reset the Firebox to factory-default settings. For more information, see Reset a Firebox.
- Make sure the Firebox has a reliable power source and Internet connection while the configuration file download is in progress.
- If the Firebox is connected to a network that does not use DHCP, you can use the Web Setup Wizard to configure network settings for your Firebox to connect for RapidDeploy. For more information, see Run the Web Setup Wizard.
The RapidDeploy option is available in the Web Setup Wizard for Fireboxes that run Fireware v12.5.3 or higher.
Troubleshoot Configuration File Compatibility
After the Firebox requests the file from the WatchGuard website, the RapidDeploy status message on the Product Details page shows the time and date the Firebox requested the file, the version of Fireware OS on the Firebox, and the version of Fireware OS the configuration file was created for.
Example RapidDeploy status message:
The configuration file was sent to 203.0.113.100 at 10/7/2014 4:05:43 PM UTC. Fireware XTM 11.8.2 is installed. The configuration file was created for Fireware XTM 11.8.2.
After the Firebox downloads the configuration file, the passphrases on the Firebox are changed to the passphrases you specified when you enabled RapidDeploy, even if RapidDeploy is not successful.
The RapidDeploy status message does not indicate whether RapidDeploy was successful. It does provide some information about the version of Fireware OS currently on the device, and the configuration file version in the uploaded file. You can compare the two versions in this status message to understand more about the RapidDeploy status.
If the configuration file version is too low or too high
If the version in the configuration file is lower than Fireware v11.4.0, or higher than the version of Fireware OS installed on the Firebox, RapidDeploy fails, and the Firebox starts with factory-default settings, except for the device passphrases, which are changed to the passphrases you configured when you enabled RapidDeploy.
If the configuration file version is lower than or equal to the installed OS version
If the configuration file version is lower than or equal to the version of Fireware OS installed on the Firebox, RapidDeploy might have been successful. For information about how to verify whether RapidDeploy was successful, see Verify RapidDeploy Success.
It is also possible that RapidDeploy failed. Even if you upload a configuration file with a version number that exactly matches the OS version installed on the Firebox, the configuration file could contain some XML code that is not supported by the OS version on the Firebox. This could occur if you use a newer version of Policy Manager to save the configuration file. If you used Policy Manager to save the configuration to the file you uploaded, make sure the version of WatchGuard System Manager you use is not higher than the OS version installed on the Firebox that the configuration file is for.
If the Firebox requested the RapidDeploy file, but RapidDeploy did not succeed, you can create and upload a new configuration file. Make sure that you do not save the file with a version of Policy Manager that is higher than the version of Fireware OS on the Firebox. For more information, see Create a Configuration File for RapidDeploy.
After you upload a new configuration file for RapidDeploy, restart the remote Firebox with factory-default settings. The Firebox automatically downloads the updated configuration file from WatchGuard. For more information about how to connect and restart the Firebox, see Connect the Firebox for RapidDeploy.