Firebox Monitoring and Configuration Features

Applies To: Cloud-managed Fireboxes, Locally-managed Fireboxes

In WatchGuard Cloud, you can add a Firebox as a locally-managed or cloud-managed device.

The monitoring and configuration features available in WatchGuard Cloud depend on whether the Firebox is cloud-managed or locally-managed:

  • Cloud-managed Fireboxes — You manage the device configuration in WatchGuard Cloud. For more information, see Manage the Firebox Configuration. You can also monitor live status, and see log messages and reports for cloud-managed devices in WatchGuard Cloud.
  • Locally-managed Fireboxes — You manage the device configuration in WSM, Fireware Web UI, or the Command Line Interface. For more information, see Fireware Help. In WatchGuard Cloud, you can monitor live status, and see log messages and reports for locally-managed devices you add to WatchGuard Cloud.

If you previously configured a FireCluster, you can add it to WatchGuard Cloud. The FireCluster remains locally managed, which means you must log in to the FireCluster locally to manage the Fireware and FireCluster configurations. However, you can view cluster-related logs and upgrade, reboot, or fail over the cluster in WatchGuard Cloud. For more information, see About FireCluster in WatchGuard Cloud.

This table lists WatchGuard Cloud features and indicates whether they support locally-managed and cloud-managed devices. For information on unsupported features for cloud-managed devices, see Unsupported Features for Cloud-Management.

WatchGuard Cloud Functionality Locally-Managed Cloud-Managed

Configure Firebox settings, including:

  • Firewall
  • VPN
  • Networking
  • Authentication
  • System settings
  • Log server


Configure security settings, including:

  • Content scanning
  • Network blocking
  • Exceptions
  • Geolocation
  • Content filtering
  • TLS decryption
Configure shared device settings in templates  
Schedule and deploy changes to device settings  
Revert to a previously deployed configuration  
Monitor live status (network status, routes, VPNs, users, etc.)
View log messages and reports
Upgrade firmware
Manage Firebox backups  
Reboot the Firebox
View log messages for a FireCluster  
Upgrade firmware for a FireCluster  
Reboot a FireCluster  
Fail over an active/passive FireCluster  

Unsupported Features for Cloud-Management

A cloud-managed Firebox supports configuration of the most secure and most frequently used Fireware features. It does not support every feature that is configurable for a locally-managed Firebox. We do not plan to add the detailed options that are available in proxy actions today for locally-managed devices, such as HTTP header requests and HTTP responses.

WatchGuard will regularly add more features to WatchGuard Cloud. For information about upcoming features, see this knowledge base article: WatchGuard Cloud Features for Firebox Configuration.

WatchGuard Cloud does not support policy management of these legacy features:

  • Data Loss Prevention
  • Mobile Security

WatchGuard Cloud does not support these older cryptography and VPN standards:

  • IKEv1 (IPSec) VPNs
  • L2TP VPNs

WatchGuard Cloud will also not support SIP and H.323 Application Layer Gateways (ALG) for added security checks for these VoIP and communication protocols.

WatchGuard Cloud does not support Gateway Wireless Controller for management of wireless access points or configuration of multicast routing settings for networks or BOVPN tunnels.

See Also

About WatchGuard Cloud

Add a Device to WatchGuard Cloud

Upgrade Firmware from WatchGuard Cloud

Reboot a Firebox

Manage Firebox Backup Images in WatchGuard Cloud

Monitor Live Status for Fireboxes and FireClusters

About Firebox Security Services Settings