In WatchGuard Cloud, you can add a Firebox as a locally-managed or cloud-managed device.
The monitoring and configuration features available in WatchGuard Cloud depend on whether the Firebox is cloud-managed or locally-managed:
- Cloud-managed Fireboxes — You manage the device configuration in WatchGuard Cloud. For more information, see Manage the Firebox Configuration. You can also monitor live status, and see log messages and reports for cloud-managed devices in WatchGuard Cloud.
- Locally-managed Fireboxes — You manage the device configuration in WSM, Fireware Web UI, or the Command Line Interface. For more information, see Fireware Help. In WatchGuard Cloud, you can monitor live status, and see log messages and reports for locally-managed devices you add to WatchGuard Cloud.
If you previously configured a FireCluster, you can add it to WatchGuard Cloud. The FireCluster remains locally managed, which means you must log in to the FireCluster locally to manage the Fireware and FireCluster configurations. However, you can view cluster-related logs and upgrade, reboot, or fail over the cluster in WatchGuard Cloud. For more information, see About FireCluster in WatchGuard Cloud.
This table lists WatchGuard Cloud features and indicates whether they support locally-managed and cloud-managed devices. For information on unsupported features for cloud-managed devices, see Unsupported Features for Cloud-Management.
|WatchGuard Cloud Functionality||Locally-Managed||Cloud-Managed|
Configure Firebox settings, including:
Configure security settings, including:
|Configure shared device settings in templates|
|Schedule and deploy changes to device settings|
|Revert to a previously deployed configuration|
|Monitor live status (network status, routes, VPNs, users, etc.)|
|View log messages and reports|
|Manage Firebox backups|
|Reboot the Firebox|
|View log messages for a FireCluster|
|Upgrade firmware for a FireCluster|
|Reboot a FireCluster|
|Fail over an active/passive FireCluster|
A cloud-managed Firebox supports configuration of the most secure and most frequently used Fireware features. It does not support every feature that is configurable for a locally-managed Firebox. We do not plan to add the detailed options that are available in proxy actions today for locally-managed devices, such as HTTP header requests and HTTP responses.
WatchGuard will regularly add more features to WatchGuard Cloud. For information about upcoming features, see this knowledge base article: WatchGuard Cloud Features for Firebox Configuration.
WatchGuard Cloud does not support policy management of these legacy features:
- Data Loss Prevention
- Mobile Security
WatchGuard Cloud does not support these older cryptography and VPN standards:
- IKEv1 (IPSec) VPNs
- L2TP VPNs
WatchGuard Cloud will also not support SIP and H.323 Application Layer Gateways (ALG) for added security checks for these VoIP and communication protocols.
WatchGuard Cloud does not support Gateway Wireless Controller for management of wireless access points or configuration of multicast routing settings for networks or BOVPN tunnels.