Install the WatchGuard Agent and Connection Manager on Mobile Devices

Applies To: FireCloud Internet Access, FireCloud Total Access

Some of the features described in this help topic are only available to participants in the WatchGuard Beta program. To try FireCloud with this feature, join the WatchGuard Beta test community.

For mobile devices, FireCloud uses the WatchGuard Mobile Security app (mobile version of the WatchGuard Agent) to deploy and manage the Connection Manager.

The FireCloud Connection Manager is currently only available for iOS devices.

If you want to install FireCloud on a mobile device that already has the WatchGuard Mobile Security app installed for another product, such as Endpoint Security, you can configure a WatchGuard Agent deployment to install FireCloud. For more information, go to Configure WatchGuard Agent Deployment in WatchGuard Cloud.

The WatchGuard MDM solution requires use of the Apple Push Notification service. Before you begin, configure FireCloud to use the Apple Push Notification service. Complete the steps in Manage the Apple Push Certificate

To deploy the WatchGuard Mobile Security app (used to install the WatchGuard Connection Manager):

Log in to WatchGuard Cloud and go to Configure > FireCloud.
Select Endpoint Installation.
The Endpoint Installation page opens.
Click Add Endpoint.
Select the operating system for the endpoint where you want to install the agent.
From the Add Computers to this Group drop-down list, select the group you want to add the mobile device to.
For endpoints with an Endpoint Security license, the security policies assigned to a computer depend on the group it belongs to. For information about groups for endpoints with an Endpoint Security license, go to Manage Computers and Devices in Groups in Endpoint Security.
Use one of these methods to send the installation profile to the target iOS devices:
QR Code
To use a QR code to send the installation profile, scan the code with the device camera. The device shows the message, This website is trying to download a configuration profile. Do you want to allow this?.
Email
To send an email message with the installation profile download link to the target user, click Send URL by Email. When the device user clicks the link, the device shows the message, This website is trying to download a configuration profile. Do you want to allow this?. The target user clicks Yes to download and install the app.
On the mobile device, open Settings.
Tap Profile Downloaded.
Tap Install.
Complete the instructions and accept all confirmation messages.
When prompted to install the WatchGuard Mobile Security app, tap Install.
Open the app after it installs.
When the WatchGuard Mobile Security app prompts you to install FireCloud, tap Install FireCloud. This opens the App Store so you can install the FireCloud app.
Install the FireCloud mobile app.
In your browser, for step 3 on the Endpoint Installation page in the FireCloud UI, copy the account code and download the certificate. You need both of these to set up FireCloud on your iOS device.
Install the FireCloud certificate on your mobile device.
1. Download or send the FireCloud certificate to your mobile device. We recommend these methods to get the certificate:
  - Email the certificate to yourself and download the attachment from your mobile device. If you cannot send or receive the certificate file, you might need to zip the file before you send it.
  - Log in to WatchGuard Cloud on your mobile device and go to Configure > FireCloud > Endpoint Installation > Add Endpoint to download the certificate directly on your mobile device.
  - Upload the certificate to a file share and then download the certificate on your mobile device.
  - Use a mac computer to airdrop the certificate file to your mobile device.
2. Open the certificate file. You should see a prompt that says Profile Downloaded.
3. Tap the Profile Downloaded prompt. You can also go to Settings > General >VPN and Device Management.
4. Open the downloaded profile and tap Install. If necessary, enter your device passcode.
5. Tap Install again to confirm.
6. To trust the certificate go to Settings > General > About > Certificate Trust Settings and enable full trust for the installed certificate. Tap Continue when prompted.
When you open the FireCloud app, you are prompted to enter your account code from Step 15. You are also prompted to make sure the certificate is installer.
Accept the prompt to allow notifications. This permission is optional. FireCloud does not currently have any mobile notifications.
Log in with your FireCloud user account.
After you log in, the FireCloud app downloads the necessary VPN settings. You receive a system prompt to allow this. When this is done, FireCloud establishes a WireGuard tunnel to the nearest WatchGuard point of presence (PoP).
To make sure that the FireCloud status is sent to WatchGuard Cloud, open the WatchGuard Mobile Security app again at least five minutes after you install the FireCloud mobile app.

After the FireCloud mobile app is set up and you are logged in, your device is protected by FireCloud and you can use your mobile device to connect to your FireCloud private resources.

Your device will remain connected to FireCloud even if you turn off or restart the device. If you close the FireCloud app while you are connected to FireCloud, a VPN icon appears in the status bar to indicate that the connection is ongoing. This is a system icon, not a FireCloud icon.

Disconnect from FireCloud

In some cases, you might need to disconnect from FireCloud. For example, you might have to disconnect when you need to connect to a VPN.

To temporarily disconnect from FireCloud, you can tap the FireCloud icon at the top of the screen. Tap the icon again to reconnect.

The FireCloud access rule that applies to your user group determines if you can manually disconnect from FireCloud

Install the WatchGuard Agent and Connection Manager on Mobile Devices

Disconnect from FireCloud

Related Topics