Applies To: FireCloud Internet Access
This topic describes common problems and solutions for FireCloud.
Installation Issues
If you experience issues when you try to run the WatchGuard Agent MSI file:
- Make sure that your computer does not have Panda Endpoint Security products installed. You cannot install the WatchGuard Connection Manager on computers that have Panda Endpoint Security products installed. The WatchGuard Connection Manager is only compatible with WatchGuard Endpoint Security products. If you have Panda Endpoint Security products and want to try FireCloud, contact your WatchGuard sales representative and ask about migration to WatchGuard Endpoint Security.
The WatchGuard Connection Manager has been automatically removed from your computers, but the WatchGuard Agent remains installed. When you attempt to install the Connection Manager again, the installation is successful but the Connection Manager is not installed.
- When your FireCloud license or trial expires, the WatchGuard Agent uninstalls the WatchGuard Connection Manager on all devices associated with your account. When your account becomes licensed again, the WatchGuard Agent automatically installs the WatchGuard Connection Manager.
The WatchGuard Connection Manager does not support Windows servers or computers that use ARM processors.
Connection Issues
FireCloud access rules do not apply to traffic when you connect to your corporate network or you are behind a firewall, and the Connection Manager status is yellow or red.
- When your computer is connected to FireCloud, your firewall configuration affects how your traffic is handled. FireCloud uses UDP port 4500 to communicate with WatchGuard points of presence (PoP).
- If port 4500 is open when connected to your corporate network, the connection manager continues to pass traffic through FireCloud.
- If port 4500 is blocked when connected to your corporate network, the client connection to FireCloud fails to open and the client passes traffic as it normally does when connected to the corporate network. However, the WatchGuard Connection Manager continually attempts to connect to the FireCloud PoP while behind the firewall.
- If your computer is behind a firewall, we recommend that you have port 4500 open. FireCloud uses this port for communication.
FireCloud does not work when you are behind a Firebox. The Connection Manager appears to establish a tunnel, but no traffic passes and the Connection Manager icon becomes red.
- If your computer is behind a Firebox with Application Control enabled (default configuration), Application Control blocks WireGuard, which causes FireCloud to not work. You must configure an Application Control action on the Firebox to allow WireGuard. Use these settings to configure the Application Control action on your Firebox:
- Application: WireGuard VPN Protocol (in the Tunneling and Proxy Services category)
- Set the Action for All Behaviors: Allow
Contact Support
If you experience problems with FireCloud, and cannot find the information you need in this topic, contact Support Information.
When you contact technical support, you will be asked for basic information about your FireCloud devices and FireCloud account. Make sure you have this information ready:
- Description of the problem.
- Screenshots of the error or affected configuration.
- Run PSInfo to collect and save a .7Z file with support-related information about the affected computer. For more information, go to Get Started with PSInfo.
- Enable support access for your WatchGuard Cloud account. For more information, go to Support Access to WatchGuard Cloud Accounts.
Troubleshoot WatchGuard Endpoint Security Software Installation Errors
WatchGuard Agent MSI Install Issues with WatchGuard Endpoint Security