Configure Firebox System Settings

For a cloud-managed Firebox, system settings include:

  • Firebox Name
  • Time Zone
  • NTP Servers
  • Device Feedback
  • TCP MTU Probing

For a cloud-managed FireCluster, system settings include:

  • FireCluster Name
  • Time Zone
  • NTP Servers
  • Device Feedback
  • FireCluster Settings (Identification, Interface, and Communication Settings)
  • TCP MTU Probing

On the Device Configuration page for a cloud-managed Firebox or FireCluster, the Settings tile shows a summary of configured system settings.

Screen shot of the Settings tile on the Device Configuration page

Screen shot of the FireCluster Settings tile on the Device Configuration page

When you add a Firebox to WatchGuard Cloud as a cloud-managed device, you configure the Firebox name and time zone. Three NTP servers are automatically added.

Firebox devices also return detailed device feedback by default. For information on how to configure device feedback settings, see Configure Device Feedback Settings.

To see and update FireCluster settings for a cloud-managed FireCluster, see Edit the FireCluster Settings.

To see and update the device settings for a Firebox: 

  1. In WatchGuard Cloud, select Configure > Devices.
  2. Select the cloud-managed Firebox.
  3. Click Device Configuration.
  4. Click the Settings tile.
    The Settings page opens.

Screen shot of the Device Settings page

  1. In the Name text box, edit the Firebox name.
  2. From the Time Zone drop-down list, select the time zone at the location where the Firebox is installed.
  3. On the NTP Servers tab, type the addresses of up to three NTP servers.
  4. (Optional) On the Networking tab, enable TCP MTU Probing.

When you enable this global option, the Firebox can automatically change the size of its data packets to make sure that PMTU discovery succeeds and to avoid reduced performance caused by fragmentation. For example, you might enable TCP MTU Probing in these cases:

  • You have a slow PPPoE connection and require smaller packets to optimize performance.
  • You want to make sure that clients on your network can access the Internet through a zero-route BOVPN tunnel on this Firebox even if the Path Maximum Transmission Unit (PMTU) discovery process cannot complete. For example, if a remote router drops a packet but does not send an ICMP Destination Unreachable or ICMP Fragmentation Needed response to the Firebox, an ICMP black hole occurs and the PMTU process cannot complete. If you enable TCP MTU probing, an ICMP black hole does not affect traffic through the zero-route BOVPN.
  1. If you enable TCP MTU Probing, select one of these options:
    • Always Enabled
    • Enable Only When ICMP Network Issues are Detected — Automatically enable TCP MTU Probing only when an ICMP error message is dropped and the PMTU discovery process cannot complete. After the problem resolves, TCP MTU Probing remains enabled.

Screen shot of the TCP MTU Probing setting

  1. To save configuration updates to the cloud, click Save.

Related Topics

Add a Cloud-Managed Firebox to WatchGuard Cloud

Add a Cloud-Managed FireCluster

Configure Device Feedback Settings

Configure Log Server Settings for Cloud-Managed Fireboxes