About Firebox WatchGuard Cloud Licenses

To add a Firebox to WatchGuard Cloud, the Firebox must have an active subscription that includes WatchGuard Cloud.

The Firebox Cloud Hourly license does not include support for WatchGuard Cloud. For more information, see Firebox Cloud License Options.

License Activation

Both the Total Security Suite and Basic Security Suite include a subscription for WatchGuard Cloud. The subscription enables the Firebox to send log messages to WatchGuard Cloud, and determines the default retention period for Firebox data in WatchGuard Cloud.

  • Total Security Suite includes WatchGuard Cloud with 30 days of data retention
  • Basic Security Suite includes WatchGuard Cloud with 1 day of data retention

There is no separate activation to enable WatchGuard Cloud. If your Firebox has Total Security Suite or Basic Security Suite, it has a license for WatchGuard Cloud.

To increase the data retention period for a Firebox in WatchGuard Cloud, you can activate a Data Retention license and assign it to the Firebox in your WatchGuard Cloud account. For more information, see About Data Retention Licenses.

WatchGuard Cloud in the Feature Key

When you add a Firebox to WatchGuard Cloud, you must use Fireware Web UI or Policy Manager to enable the feature in the Firebox configuration. The Firebox feature key determines whether you can enable WatchGuard Cloud on the Firebox.

To enable WatchGuard Cloud, the feature key on the Firebox must have Live Security or Support, and Cloud Visibility or Dimension Basic. For information about how to see the feature key on your Firebox, see About Feature Keys.

If you activated your Basic Security Suite or Total Security Suite subscription before the release of Device Visibility support in WatchGuard Cloud, you might need to synchronize the feature key on the Firebox to add Dimension Basic. For more information, see Get a Firebox Feature Key.

Renewals and Expiration

The expiration date of the Dimension Basic license controls whether the Firebox sends log messages to WatchGuard Cloud and whether WatchGuard Cloud continues to store data for the Firebox. To renew WatchGuard Cloud, you must renew your Total Security Suite or Basic Security Suite license. For more information about what happens when a WatchGuard Cloud license with a Data Retention license expires, see WatchGuard Cloud and Data Retention License Expiration.

If the Total Security Suite or Basic Security Suite license for a cloud-managed Firebox expires, a seven-day grace period starts.

To avoid loss of data, we recommend that you renew the Total Security Suite or Basic Security Suite subscription before the subscription expires.

During the grace period, the Firebox continues to send log messages to WatchGuard Cloud. Log and report data remains in WatchGuard Cloud for the default data retention period associated with the subscription (30 days for TSS or 1 day for BSS).

After the grace period and default data retention period (37 days or 8 days):

  • The Firebox no longer communicates with WatchGuard Cloud.
  • The Firebox connection status in WatchGuard Cloud is Not Connected.
  • You can use Fireware Web UI to modify the Firebox configuration locally.

We recommend that you assign a Data Retention license to a Firebox to extend the data retention period. If the Firebox has a Data Retention license, historical log and report data remain in WatchGuard Cloud for the number of days provided by the Data Retention license. For more information, see Manage Data Retention Licenses.

After the license for a cloud-managed Firebox expires, to continue to manage your Firebox in WatchGuard Cloud, you must renew your license. When you do this, the Firebox automatically reconnects to WatchGuard Cloud.

If you choose not to renew your Total Security Suite or Basic Security Suite license, you can manage the Firebox locally. We recommend that you remove the Firebox from WatchGuard Cloud. When you manage your Firebox locally with an expired feature key:

  • The Firebox retains its configuration.
  • Web traffic fails if web blockers are enabled with the default setting to deny outbound web traffic.
  • Subscription services no longer work.

FireCluster License Requirements

Some of the features described in this topic are only available to participants in the WatchGuard Cloud Beta program. If a feature described in this topic is not available in your version of WatchGuard Cloud, it is a beta-only feature.

FireCluster license requirements for WatchGuard Cloud are the same as for other subscription services. To enable WatchGuard Cloud on a FireCluster, the FireCluster must have a Total Security Suite or Basic Security Suite subscription.

  • A locally-managed or cloud-managed active/passive FireCluster requires a subscription for only one member.
  • A locally-managed active/active FireCluster requires a subscription for both members.

For information about how to see the licensed features on your FireCluster, see About Feature Keys and FireCluster.

See Also

About WatchGuard Cloud

About Feature Keys