About RapidDeploy from the Management Server

WatchGuard RapidDeploy is a quick and efficient process to deploy Fireboxes in remote locations where you might not have trained IT staff present to help with the initial configuration of your Firebox. With RapidDeploy from the Management Server, you can send new Fireboxes that have not been activated to remote locations around the world, before you have configured each Firebox.

You can only deploy Fireboxes that are registered with your WatchGuard account with RapidDeploy from the Management Server. If a Firebox is registered with another WatchGuard account, before you can deploy that Firebox with RapidDeploy from the Management Server, you must change the registration of that Firebox to your WatchGuard account.

For RapidDeploy, you must have:

• One or more Fireboxes with Fireware OS v11.6.3 or higher, that have not already been activated
• One or more WatchGuard Management Servers v11.6.3 or higher

The initial RapidDeploy procedure is a two-part process:

1. You add information to the WatchGuard Deployment Center for your Management Servers and the Fireboxes you want to activate remotely.
2. A remote user connects each Firebox to power and to the Internet. Each Firebox automatically contacts the Deployment Center for an initial, base configuration file with information about the Management Server, and then contacts the Management Server for additional configuration.

For more information about how to use the WatchGuard Deployment Center after you have completed the initial RapidDeploy process (as described in this topic), see About the Deployment Center & RapidDeploy from the Management Server.

This diagram of the RapidDeploy process illustrates the steps that occur at the different points of each part of the process.

1 — From WatchGuard System Manager, register your Management Server with the WatchGuard Portal. Log in to the WatchGuard Deployment Center to verify your Management Server registration was successful.

2 — In the Deployment Center, import your Firebox list CSV file and activate the devices.

3 — Connect the Firebox to power and to the Internet. The Firebox contacts the Deployment Center to download a basic configuration file with the Management Server information.

4 — The Firebox contacts the Management Server. The Management Server contacts the Deployment Center to verify that the Firebox has been activated and assigned to it.

5 — In the Deployment Center, verify the deployment status of each Firebox to see which devices have been sent a basic configuration file.

After the RapidDeploy procedure is complete, and your Fireboxes have contacted your Management Server, you must connect to the devices and complete the network configuration for each device. You can follow the usual network configuration and Centralized Management processes to configure the network settings, change to Fully Managed Mode, and apply a Device Configuration Template to each Firebox. For more information, see Common Interface Settings, Change the Centralized Management Mode, and Apply Device Configuration Templates to Managed Devices.

Because the default user account passphrases (admin and status device management user accounts) for your Fireboxes are randomly generated when the Fireboxes are activated with RapidDeploy, and because you cannot get the passphrases from the Fireboxes, we recommend that you change the passphrases when you complete the configuration settings for these devices. For more information about how to set the default user account device management passphrases for your Fireboxes, see Manage Users and Roles on Your Firebox.

Register Your Management Server

Before you can use RapidDeploy for your Fireboxes, you must connect to your Management Server in WSM with an administrator account, and register your Management Server with the WatchGuard Deployment Center.

Before you register your Management Server for RapidDeploy, make sure the Management Server has a public routable IP address. This IP address must be the first IP address in the Mangement Server Certificate Revocation list. If the public IP address is not the first IP address in the Certificate Revocation list, your Fireboxes will not be able to connect to the Management Server for RapidDeploy.

To register your Management Server for RapidDeploy:

1. Open WSM and connect to your Management Server.
2. Select File > RapidDeploy > Management Server Registration.
   Or, from the Management Server page, in the RapidDeploy section, select Management Server Registration.
   The Register Management Server to RapidDeploy dialog box appears.

3. Select the Enable RapidDeploy check box.
   The Username and Password text boxes are enabled.
4. In the Username and Password text boxes, type your WatchGuard Portal account credentials.
5. Click OK.
   Your WatchGuard account user name appears in the RapidDeploy section of the Management Server page.

When you register your Management Server, it contacts the WatchGuard Deployment Center and is added to the Registered Management Servers list. In addition to the WatchGuard Portal account credentials you specified, the IP address of the Management Server (the first IP address in the CRL distribution list), and the Management Server certificate are stored in the Deployment Center for each Management Server you register.

After your Management Server is registered, you can complete the RapidDeploy procedure for the Fireboxes you want to remotely deploy. Before you activate your Fireboxes with the RapidDeploy procedure, make sure you verify that your Management Server registration with the Deployment Center was successful.

For detailed steps to verify that your Management Server has registered with the Deployment Center, and for instructions to complete the RapidDeploy activation procedure for your Fireboxes, see the Deployment Center Help on the WatchGuard website.

When the Firebox is activated and receives its basic configuration file from the Deployment Center, the configuration file includes all the information for the Management Server, so the Firebox can contact the Management Server to be managed. When the Firebox contacts the Management Server for the first time, it is automatically added to the Unknown Devices folder in the Devices list. The Management Server contacts the Deployment Center to verify that the Firebox has been activated, gets information about the Firebox, and the device is moved to the New Devices folder in the Management Server tree. If the Management Server does not have the information for a Firebox you activated with RapidDeploy, you can refresh the Unknown Devices folder to prompt the Management Server to check in with the Deployment Center and get the most recent information about your registered Fireboxes. You can then move the Firebox to any other folder in the Devices tree on your Management Server, but you cannot add devices to the Unknown Devices folder.

For more information about device folders, see Use Device Folders.

Change Your Management Server Registration

From WatchGuard System Manager, you can change the WatchGuard Portal user credentials that your Management Server uses to connect to the WatchGuard Deployment Center. You can also disable RapidDeploy for your Management Server, but this does not remove the Management Server from the Deployment Center Registered Management Servers list. Instead, when you disable RapidDeploy, the WatchGuard Portal account credentials are removed from your Management Server so it can no longer contact the Deployment Center.

To change the WatchGuard Portal user credentials for your Management Server:

1. Select File > RapidDeploy > Management Server Registration.
   Or, from the Management Server page, in the RapidDeploy section, select Management Server Registration.
   The Register Management Server to RapidDeploy dialog box appears.
2. In the Username and Password text boxes, type the new credentials to use to log in to the WatchGuard Portal.
3. Click OK.

To disable RapidDeploy for your Management Server:

1. Select File > RapidDeploy > Management Server Registration.
   Or, from the Management Server page, in the RapidDeploy section, select Management Server Registration.
   The Register Management Server to RapidDeploy dialog box appears.
2. Clear the Enable RapidDeploy check box.
3. Click OK.
   The WatchGuard Portal Username is removed from the RapidDeploy section on the Management Server page, and the Management Server can no longer contact the Deployment Center.

Launch the WatchGuard Deployment Center

From WatchGuard System Manager, you can launch the WatchGuard Deployment Center to verify the status of your Management Server registration and complete the RapidDeploy procedure to activate your Fireboxes.

To launch the Deployment Center:

1. Open WSM and connect to your Management Server.
2. Select File > RapidDeploy > Deployment Center.
   Or, from the Management Server page, in the RapidDeploy section, select Deployment Center.
   The WatchGuard Deployment Center launches in your default web browser.

See Also

Create Device Configuration Templates

About Centralized Management Modes

Add Managed Devices to the Management Server

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.