About FireCloud Firebox Gateways

Applies To: FireCloud Total Access

With FireCloud Total Access, you can set up a Firebox as a FireCloud Gateway to give users access to local resources on the company network without a VPN. With a Firebox Gateway, FireCloud runs as a service that is already installed on the Firebox, so configuration is minimal, and you do not have to deploy the gateway the way you do with a FireCloud Virtual Gateway.

To set up a Firebox Gateway, you must:

  • Deploy a Firebox (if you do not have one already set up).
  • Configure the Firebox Gateway in the FireCloud management UI. No configuration is necessary on the Firebox.
  • Configure a private resource for each local resource that you want to allow remote FireCloud users to have access to on your network, such as a printer or an SMB share.
  • To give users access to those resources, add your private resources to FireCloud access rules.

When you complete the Gateway setup, the Firebox connects to FireCloud. FireCloud builds a WireGuard tunnel to the Firebox so that remote users can connect to private resources behind the Firebox. In addition, a new internal policy called Dynamic Policy: firecloud is created on the Firebox to handle traffic from FireCloud users.

Your FireCloud access rules apply to traffic from FireCloud users. For example, to implement content filtering, configure it in FireCloud, not on the Firebox.

Firebox Requirements

These are the requirements to use a Firebox as a FireCloud Gateway:

  • Supported Firebox models and Fireware versions:
    • Fireware v2026.2 or higher – T115-W, T125, T145, T185, M295, M395, M495, M595, M695
    • Fireware v12.12 or higher – T25, T45, T85, M290, M390, M590, M690, M4800, M5800, Mx850, FireboxV, Firebox Cloud
  • Your Firebox must have a valid license (Standard Support, Basic Security Suite, or Total Security Suite).
  • The Firebox must be added to WatchGuard Cloud. It can be a cloud-managed Firebox or a locally-managed Firebox with cloud reporting.
  • You must have a FireCloud Total Access license.

Configure a Firebox Gateway

To configure a Firebox Gateway:

  1. Log in to WatchGuard Cloud.
  2. From the navigation menu, select Configure > FireCloud. If you have a Service Provider account, you must select an account from Account Manager.
  3. On the Configuration page, click the Private Resources widget.
  4. Click Add FireCloud Gateway.
  5. Select Firebox Gateway.
  6. Click Next.
  7. Enter a Name for your Gateway.
  8. From the list of Fireboxes, select a Firebox to use as your FireCloud Gateway. The list shows only the Fireboxes in your account that meet the requirements.
  9. Click Next.
  10. Click Finished.
  11. After you set up the Firebox Gateway, configure the private resources that you want to give remote users access to. For detailed steps to configure private resources, go to Add Private Resources in FireCloud.

Related Topics

About FireCloud Gateways

About FireCloud Virtual Gateways

Add Private Resources in FireCloud