Allocate Fireboxes

Some of the features described in this topic are only available to participants in the WatchGuard Cloud Beta program. If a feature described in this topic is not available in your version of WatchGuard Cloud, it is a beta-only feature.

Fireboxes activated by a Service Provider appear in the Service Provider Inventory in WatchGuard Cloud. After you allocate a Firebox to a Subscriber account, the device appears in the list of devices you can add to that account. As a Service Provider, you can allocate devices to your account or any account you manage.

You can edit the allocation of a device that you allocate to a Subscriber account. When you edit the allocation of a device, you can reallocate the device to a different account. This action deallocates the device from the original account, and reallocates it to an account that you specify.

You allocate devices from the Inventory page in WatchGuard Cloud. The Overview > Inventory page for your Service Provider account shows a summary of the users and devices in your inventory.

In the Overview > Inventory > Summary page, the Fireboxes section shows this information:

  • Next License Expiration — Next Firebox license expiration date
  • Unallocated Fireboxes — Number of unallocated Fireboxes in your account
  • Allocated Fireboxes — Number of Fireboxes currently allocated to managed accounts
  • Total Fireboxes — Number of Fireboxes in your account that have a WatchGuard Cloud license
  • Data Retention Licenses — Number of Data Retention licenses in your account

Screenshot of Overview

If you manage a delegated account, the Overview > Inventory > Summary page does not include any inventory that the delegated account activated. To view the inventory activated by the delegated account, you must select the account in Account Manager.

When you allocate or reallocate a device to an account, you can specify an allocation expiration date. Set the allocation expiration to any date that helps you manage the business relationship with your customer. The allocation expiration date does not affect the operation of the Firebox and is not related to expiration of the Firebox feature key or services. When the allocation expires, the Firebox continues to operate with full functionality.

As a Service Provider, you can:

Allocate an Unallocated Device to an Account

An unallocated device is a device in your Service Provider account that is not allocated to a Subscriber account. Before you can add a device to a Subscriber account, you must allocate it to the account. For information about how to add an allocated device to WatchGuard Cloud, go to Get Started — Add a Device to WatchGuard Cloud.

To allocate a device to an account:

  1. Log in to your WatchGuard Cloud Service Provider account.
  2. From Account Manager, select Overview.
  3. Select Inventory.
    The Overview page for your Service Provider inventory opens.
  4. In the Firebox section, select Unallocated.
    A list of all unallocated Fireboxes shows.

Screen shot of Inventory, Firebox > Unallocated page

  1. To allocate a Firebox to an account, click the Name of the Firebox.
    The Allocation Details page opens.

Screen shot of WatchGuard Cloud, Inventory > Firebox > Allocation details

  1. From the Allocated To drop-down list, select the account to allocate this device to.
    This can be your own account or any managed account.
  2. (Optional) To specify an expiration date:
    1. Select Custom.
    2. Select an expiration date in the calendar.
  1. Click Save.
    The device is removed from the Unallocated list and is added to the Allocation list for the account you selected.

Edit Device Allocation Details

You can edit the allocation for an allocated Firebox. To edit the allocation details of a device:

  1. From Account Manager, select Overview.
  2. Select Inventory.
    The Overview page for your Service Provider Inventory opens.
  3. In the Firebox section, select Allocation.
    By default, the Allocation page shows the summary of allocated devices by account name.
  4. From the drop-down list, select By Device.
    The allocation summary list changes to list all allocated devices.
  5. Select a device to edit.
    The Allocation Details for the device appear.

Screen shot of WatchGuard Cloud Firebox Allocation summary page

When you edit the allocation for an allocated Firebox, you can perform these actions:

Deallocate the Firebox

This action removes the device from the account and returns it to your unallocated Firebox inventory. To deallocate a Firebox, on the Allocation Details page, click Deallocate Firebox.

Reallocate to a different Subscriber account

This action deallocates the device from the original account and reallocates it to a Subscriber account you specify. For more information, go to the Reallocate a Device to a Different Account section in this topic.

Change the allocation expiration

You can change the allocation expiration date. This has no effect on the operation of the device and does not change the reports and log message data available for the device in the account. The allocation expiration is only to help you manage the account.

View the Allocation Summary

When you select the top-level folder for your Service Provider account, you can view and manage the Firebox inventory by account or by device.

To view a summary of Firebox allocation, by account:

  1. From Account Manager, select Overview.
  2. Select Inventory.
    The Overview page for your Service Provider inventory opens.
  3. In the Firebox section, select Allocation.
    By default, the Firebox Allocation page shows an overview of the number of devices allocated to each account.

Screen shot of WatchGuard Cloud Firebox Allocation summary page

  1. To view the list of devices allocated to an account, click the Account Name.
    In Account Manager, the account is selected, and the Allocation list shows the Fireboxes allocated to the account.

Screen shot of WatchGuard Cloud Firebox Allocation for a managed account

To view a summary of Firebox allocations, by device:

  1. From Account Manager, select Overview.
  2. Select Inventory.
    The Overview page for your Service Provider Inventory opens.
  3. In the Firebox section, select Allocation.
    By default, the Allocation page shows the summary of allocated devices by account name.
  4. From the drop-down list, select By Device.
    The allocation summary list changes to list all allocated devices.

Screen shot of the allocation summary by device name

Reallocate a Device to a Different Account

When you edit the allocation of a device to a Subscriber account, you can reallocate the device to a different account. You can reallocate the device between Subscriber accounts only.

When you reallocate a cloud-managed device and do not keep the configuration, the device becomes a locally-managed device and uses the last deployed configuration. For more information about reallocating a cloud-managed device and keeping the configuration, go to the Reallocate a Cloud-Managed Device to a Different Account and Keep the Configuration section of this topic.

If you deallocate a Firebox from an account, or reallocate it to a different account, the device is no longer associated with the original account. Log message and report data are no longer available unless the Firebox has a Data Retention license assigned to it. For more information, go to Allocate Data Retention Licenses.

As a Service Provider, you can:

Reallocate a Device to a Different Account

When you reallocate a device to a different Subscriber account, the Firebox is added to the new account as a locally-managed Firebox.

When you reallocate a locally-managed device, this is the only available reallocation option.

You might reallocate a device when you want to:

  • Reallocate a device to another account you manage.
  • Correct an incorrect allocation of a device.
  • Reallocate devices to reorganize your accounts.

When you reallocate a cloud-managed device and do not keep the configuration:

  • The cloud-managed device is no longer cloud-managed.
  • The device becomes a locally-managed device and uses the last deployed configuration.

To reallocate a device to a different Subscriber account, from WatchGuard Cloud:

  1. Log in to your WatchGuard Cloud Service Provider account.
  2. From Account Manager, select Overview.
  3. Select Inventory.
    The Summary page for the account opens.
  4. In the Firebox section, select Allocation.
    The Firebox Allocation page shows an overview of the number of devices allocated to each account.
  5. To view the list of devices allocated to an account, click the Account Name.
    In Account Manager, the account is selected, and the Allocation list shows the Fireboxes allocated to that account.
  6. Click a device Name.
    The Allocation Details page for the device opens.

Screen shot of WatchGuard Cloud Firebox Allocation summary page

  1. Click Reallocate to a Different Subscriber Account.
    The reallocation options for the Firebox appear.

Screen shot of device details

  1. From the Reallocate To drop-down list, select an account.
  2. Select Do Not Keep Configuration.

The Do Not Keep Configuration and Keep Configuration options do not show when you reallocate a locally-managed device.

  1. (Optional) To specify an expiration date:
    1. From Expiration, select Custom.
    2. Select an expiration date from the Date calendar.
  1. Click Reallocate.
    The Reallocate Device dialog box opens.
  2. Click Reallocate.
    When the reallocation completes, the device shows in the allocation overview page of the Subscriber account.

Screen shot of the device allocation

Reallocate a Cloud-Managed Device to a Different Account and Keep the Configuration

When you reallocate a cloud-managed device to a different account and keep the configuration, the device keeps the last deployed configuration. The device and configuration are cloud-managed from the new account.

You might reallocate a cloud-managed device and keep the configuration when you want to:

  • Reallocate a device to another account you manage and keep the device configuration.
  • Create a device configuration in one account and then reallocate the device and configuration to a different account.
  • Correct an incorrect allocation of a device and keep the configuration.
  • Reallocate devices to reorganize your accounts.

When you reallocate a cloud-managed device and keep the configuration:

  • The device remains cloud-managed.
  • You can keep the configuration of a cloud-managed Firebox, FireboxV, or Firebox Cloud device.
  • You can reallocate a device between Subscriber accounts only.

You cannot keep the configuration of a cloud-mananged FireCluster.

When you reallocate a cloud-managed device and keep the configuration, WatchGuard Cloud cannot keep this information:

  • Deployment history
  • Log history

In addition, WatchGuard Cloud cannot keep these configuration settings for the device:

  • Subscriber-level Firebox templates
  • BOVPNs
  • AuthPoint authentication server
  • Shared authentication domains, users, and groups
  • Access Point VPNs
  • FireCluster configuration

You must remove these configuration settings before you reallocate the device. You can recreate the settings after reallocation is complete.

For more information, go to the Additional Steps after Reallocation section of this topic.

In Fireware v12.10.x and higher, reallocation might take 5 minutes or more. In Fireware v12.9.x and lower, reallocation might take 18 minutes or more. Audit logs for the device can also take some time to appear.

To reallocate a device to a different account and keep the configuration:

  1. Log in to your WatchGuard Cloud Service Provider account.
  2. From Account Manager, select Overview.
  3. Select Inventory.
    The Summary page for the account opens.
  4. In the Firebox section, select Allocation.
    The Firebox Allocation page shows an overview of the number of devices allocated to each account.
  5. To view the list of devices allocated to an account, click the Account Name.
    In Account Manager, the account is selected, and the Allocation list shows the Fireboxes allocated to that account.
  6. Click a device Name.
    The Allocation Details page for the device opens.

Screen shot of device options page

  1. Click Reallocate to a Different Subscriber Account.
    The reallocation options for the Firebox appear.

Screen shot of the device configuration page

  1. From the Reallocate To drop-down list, select an account.
  2. Select Keep Configuration.

Screen shot of the device Keep Configuration page

  1. (Optional) To specify an expiration date:
    1. From Expiration, select Custom.
    2. Select an expiration date from the Date calendar.
  1. Click Reallocate.
    The Reallocate Device dialog box opens.

Screen shot of the reallocate device dialog box.

  1. Click Reallocate.
    A progress bar appears.

Screen shot of the device reallocation progress bar

  1. When the reallocation completes, a Successfully Reallocated the Device message appears. Click Done.

Screen shot of the device reallocated successfully page

  1. The device is reallocated to the new account and keeps the configuration.

Screen shot of the device in the new account

For a cloud-managed device, each deployment creates a configuration file for the device, and each configuration has a version number. The Deployment History page of the reallocated device now contains an initial deployment entry for the reallocation. This entry is the same as the last deployment entry for the device from the previous account. For more information, go to View the Device Configuration Report.

Screen shot of the device deployment history

Additional Steps after Reallocation

After you reallocate a device to a different account and keep the configuration, not all information and configuration settings are kept.

To complete device setup after reallocation, review these areas:

Deployment history

WatchGuard Cloud cannot keep the deployment history of a device.

Log and report history

WatchGuard Cloud cannot keep the log and report data of a device. The log and report data is immediately removed when you reallocate the device, even if you allocate the device back to the original account.

Subscriber-level Firebox templates

WatchGuard Cloud cannot keep Firebox template configuration settings unless the same template is available in the new account. For information about how to manage templates in WatchGuard Cloud, go to About Firebox Templates.

BOVPNs

WatchGuard Cloud cannot keep BOVPN configuration settings. To use a BOVPN tunnel on the device in the new account, you must reconfigure the BOVPN. For information about how to reconfigure a BOVPN, go to Manage BOVPNs for Cloud-Managed Fireboxes.

AuthPoint authentication server

WatchGuard Cloud cannot keep AuthPoint authentication server configuration settings. For information about how to reconfigure an AuthPoint authentication server, go to About AuthPoint.

Shared authentication domains, users, and groups

WatchGuard Cloud cannot keep shared authentication domains, users, and group configuration settings. For information about how to reconfigure these settings, go to Add Users, Groups, and Devices to an Authentication Domain.

Access Point VPNs

WatchGuard Cloud cannot keep access Access Point VPN configuration settings. For information about how to reconfigure these settings, go to Configure an Access Point VPN.

FireClusters

WatchGuard Cloud cannot keep the configuration settings of a cloud-managed FireCluster. For information about how to reconfigure these settings, go to Add a Cloud-Managed FireCluster.

Related Topics

Allocate Data Retention Licenses

Get Started — Add a Device to WatchGuard Cloud