Applies To: Cloud-managed Fireboxes
WatchGuard Cloud enables you to simply set up your devices, and to configure security and manage networking across multiple Fireboxes with templates. This management interface is best used to configure Fireboxes that protect clients with content scanning, network blocking, and content filtering security services.
With a cloud-managed Firebox, you can define networks with multiple WAN links, SD-WAN, static and dynamic NAT, and VLANs. You can connect sites securely with Branch Office VPNs, and enable remote users to connect with an IKEv2 VPN or SSL VPN. You can also set up user authentication with the local Firebox database or RADIUS. Support for Active Directory authentication is coming soon.
WatchGuard Cloud is not yet suited to set up firewalls that protect inbound connections to servers.
WatchGuard will regularly add more features to WatchGuard Cloud. For information about upcoming features, see this knowledge base article: WatchGuard Cloud Features for Firebox Configuration.
To add a Firebox as a cloud-managed device:
- It must run Fireware v12.5.7 or higher.
When you add a Firebox as a cloud-managed device, it automatically upgrades to the Fireware version that is required for cloud management.
- You must start your Firebox with factory-default settings. For the steps to reset your Firebox, see Reset a Firebox.
You cannot migrate an existing configuration from a locally-managed Firebox into WatchGuard Cloud.
Set Up a Cloud-Managed Firebox
Follow these steps to set up a cloud-managed Firebox.
For a new Firebox, activate the Firebox in your WatchGuard account.
To activate your Firebox:
- Open a web browser and go to www.watchguard.com/activate.
- Log in to your WatchGuard account.
- On the Activate Products page, type the Firebox serial number. Make sure to include any hyphens.
- Click Continue.
- Type a friendly name to identify the Firebox in your account.
If you are a WatchGuard Service Provider, your activated Fireboxes appear in the Service Provider Inventory in WatchGuard Cloud. Before you can add the Firebox to WatchGuard Cloud, you must allocate the Firebox to your own account or an account you manage.
To allocate the Firebox:
- Log in to your WatchGuard Cloud Service Provider account at cloud.watchguard.com.
- From Account Manager, select My Account.
- Select Inventory.
The Overview page for your Service Provider inventory opens.
- From the Inventory menu, in the Firebox section, select Unallocated.
A list of all unallocated Fireboxes appears.
- Click the Name of the Firebox you want to allocate.
The Allocation Details page opens.
- From the Allocated To drop-down list, select the account to allocate this device to.
This can be your own account or any managed account.
- In the Allocation Expiration text box, type or select the expiration date for this device allocation.
Format the date as YYYY-MM-DD.
- Click Save.
The device is removed from the Unallocated list and is added to the Allocation list for the account you selected.
For more details about Firebox inventory management, see Firebox Allocation.
To add your Firebox to WatchGuard Cloud as a cloud-managed device:
- Log in to WatchGuard Cloud at cloud.watchguard.com.
- If you are a service provider, select the account you allocated the device to.
- Select Configure > Devices.
- To see the activated Fireboxes available to add, click Add Device.
- Click the Name of the Firebox you want to add or click .
A confirmation dialog box opens.
- Click Add Device.
The Add Device to WatchGuard Cloud page opens.
- Select Cloud-Managed.
- Configure the Firebox settings for the initial configuration. When you add a device, you configure these settings:
- Firebox name
- Time Zone
- External network settings (DHCP, Static, or PPPoE)
- Passwords for Firebox admin and status user accounts
- Wireless networks (wireless Firebox models only)
For more information about these settings, see Add a Cloud-Managed Firebox to WatchGuard Cloud.
- On the last page of the Add Device wizard, review the steps to connect the Firebox.
If the Connection Type is Static IP or PPPoE, you must complete additional steps to configure the Firebox to connect.
- Click Done.
After you add the cloud-managed Firebox, the initial configuration is immediately deployed to the cloud, and is ready for the Firebox to download.
You can see the deployment status and view the configuration report on the Deployment History page. Until the Firebox connects to WatchGuard Cloud for the first time, the deployment status is Waiting for Initial Connection.
To open the Deployment History:
- Select the Firebox.
- Select Deployment History.
If you want to update the configuration settings before the device connects, you can go to the Device Configuration page to edit the configuration.
If you deploy updated configuration settings before the initial connection, the status of the initial deployment changes to Skipped, and the Firebox downloads the most recently deployed configuration.
For more information about configuration deployment, and the Deployment History, see:
After you add and configure the Firebox in WatchGuard Cloud, you are ready to connect the Firebox so that it can download its configuration.
Connect the Firebox to a network with reliable Internet access. The steps to set up and connect the Firebox depend on how the Firebox gets an IP address for the external interface.
To connect a Firebox that can use DHCP to get an IP address:
- Connect interface 0 to the network.
- Start the Firebox with factory-default settings.
The Firebox automatically tries to connect to WatchGuard Cloud to download its configuration.
For steps to reset the Firebox to factory-default settings, see Reset a Firebox.
If your Firebox cannot get an address through DHCP, you can use the Web Setup Wizard to configure connection settings, or you can use the connection settings file.
To use the Web Setup Wizard:
- Connect Firebox interface 0 to a network with Internet access.
- Start the Firebox with factory-default settings.
- Connect Firebox interface 1 to your computer.
- Open a web browser and go to https://10.0.1.1:8080.
- Log in with the user name admin and the passphrase readwrite.
- Select Cloud-Managed as the configuration method.
- Configure external network settings required for the Firebox to connect to your network.
The Firebox uses these settings to connect to the local network, and then connects to WatchGuard Cloud to download its configuration.
For information about how to use the connection settings file to set up your Firebox, see Use a USB Drive to Configure Interface Settings.
After you connect the Firebox, verify the deployment status. After the device downloads the initial configuration, the Deployment History shows the status Succeeded.
You can also see Firebox connection status and other summary information on the Device Summary page and Live Status pages.
For more information, see