Contents

Related Topics

Deploy Firebox Cloud on Microsoft Azure

Before you can create a Firebox Cloud virtual machine, you must create a Microsoft Azure account. When you set up your account, you specify billing information and the credentials you use to connect to the Microsoft Azure portal. Firebox Cloud requires a storage account. You can create a storage account before you deploy Firebox Cloud, or you can create one as part of the deployment.

Identify Your Firebox Cloud Model

You can purchase a Firebox Cloud license for one of four models. The model determine the maximum number of Azure CPU cores that Firebox Cloud uses. In the Microsoft Azure marketplace, WatchGuard provides four Firebox Cloud solution templates, one for each Firebox Cloud model. To deploy Firebox Cloud with the appropriate resources, you must select the Firebox Cloud solution template that matches the license you purchased.

For more information about license options, see Firebox Cloud License Options.

Create a Key Pair for SSH Authentication

For each Firebox Cloud instance, generate an SSH-2 RSA public key / private key pair. You can use a tool such as puttygen, or ssh-keygen command in Linux to generate the key pair.

  • Use the public key when you deploy your Firebox Cloud instance.
  • Use the private key for ssh connections to the Fireware command line interface (CLI) for your Firebox Cloud instance.

To use the puttygen utility to generate an SSH-2 RSA key pair:

  1. Download and install the PuTTYgen utility available from www.putty.org.
  2. Start PuTTYgen.
  3. Click Generate.
  4. Move the mouse over the blank area to generate some randomness.
    PuTTYgen uses the mouse movements as input to generate the key pair.

Screen shot of the PuTTY Key Generator

  1. To save the generated public key to a file, click Save public key.
  2. (Optional) Specify a passphrase to protect the private key file.
  3. To save the generated private key to a file, click Save private key.

Deploy Firebox Cloud

To create the Firebox Cloud instance:

  1. Log on to the Azure portal with your Microsoft Azure account credentials.
  2. Click New.
    The Azure Marketplace appears.
  3. In the Search text box, type Firebox Cloud.
    WatchGuard Firebox Cloud template appear for Small, Medium, Large, and Extra Large Firebox Cloud licenses.
  4. Select the Firebox Cloud template that matches your Firebox Cloud license.
  5. Click Create.
    The template configuration steps appear.

Screen shot of the Firebox Cloud template steps in Microsoft Azure

  1. In the Basics step, specify basic information about where to deploy your virtual machine.

Subscription

The name of the Azure subscription where the virtual machine and resources are stored. This is the account that Microsoft bills for VM use and storage.

Resource group

The resource group for this Firebox Cloud instance. All objects, such as networks and interfaces, and data for the Firebox Cloud instance will be associated with this group. You can select an existing resource group or create a new one.

Location

The Azure region for this Firebox Cloud instance.

  1. In the VM Name and Key Data step, specify virtual machine configuration details.

VM Name

The name for the Firebox Cloud virtual machine in the Azure portal.

Size

The VM size. The recommended VM size is automatically selected based on the Firebox Cloud template you selected. The VM size controls the maximum number of CPUs your Firebox Cloud license supports.

SSH public key

The public key for this Firebox. You can use a tool such as puttygen, or ssh-keygen command in Linux to generate the key pair. You must use the private key associated with this public key to connect to the Firebox Cloud CLI.

Storage account

The name of the storage account to store boot diagnostic log files. The storage account you select must not be in another resource group in your subscription. Boot diagnostic log files contain information that can help WatchGuard support troubleshoot issues.

  1. In the Network step, specify required network configuration information.

Virtual network

The name of the virtual network to use for this Firebox Cloud. You can select an existing network or create a new one. If you create a new one, you specify the address space. The address space must have a /16 netmask.

Subnets

Select the subnets to use for the External (Public) and Trusted (Private) networks.

Public IP address

Select or create a public IP address to use for your Firebox Cloud external interface. For a new public IP address, specify a name, and select whether the public IP address is static or dynamic.

Domain name label

Specify the DNS label for the Firebox Cloud public IP address. It must be all lowercase letters or numbers.

  1. In the Summary step, review the information, and correct any errors.
  2. In the Buy step, review the terms and conditions and click Create.
    The deployment starts.

After the deployment is completed, you can go to the resource group or pin the VM to the Microsoft Azure dashboard.

Find the Instance ID (VM ID)

After you deploy your Firebox Cloud instance, you must find the Instance ID, also known as the VM ID. You will need this to activate your license, and to log in to the Fireware Web UI to run the Firebox Cloud Setup Wizard. You can find the instance ID in the name of the storage container for boot diagnostic logs.

To find the Firebox Cloud Instance ID:

  1. In the Azure left navigation menu, select Storage accounts.
  2. Click the name of the storage account associated with your Firebox Cloud instance.
  3. In the Blob Service list, select Containers.
  4. Find the boot diagnostic container.The name of the boot diagnostic container is in the format:
    <bootdiagnostics>-<vmname>-<vmid>
    For example:
    bootdiagnostics-fbcloud-11111111-2222-3333-4444-f86331913a6d
  5. Copy the VMID at the end of the container name.

You must have this instance ID to activate your Firebox Cloud license and to run the Firebox Cloud Setup Wizard.

Activate your Firebox Cloud License

For Firebox Cloud with a BYOL license, you must activate the Firebox Cloud serial number in the WatchGuard portal. Before you can activate Firebox Cloud, you must have the Firebox Cloud serial number you received from WatchGuard and you must know the Firebox Cloud Instance ID.

To activate your Firebox Cloud license:

  1. Go to www.watchguard.com.
  2. Click Support.
  3. Click Activate Products.
  4. Log in to your WatchGuard Customer or Partner portal account. If you do not have an account, you can create one.
  5. If necessary, navigate to the Support Center and select My WatchGuard > Activate Product.
  6. When prompted, provide your Firebox Cloud serial number and Instance ID.
  7. When activation is complete, copy the feature key and save it to a local file.

Run the Firebox Cloud Setup Wizard

After you deploy Firebox Cloud, you can connect to Fireware Web UI through the public IP address to run the Firebox Cloud Setup Wizard. You use the wizard to set the administrative passphrases for Firebox Cloud.

To run the Firebox Cloud Setup Wizard:

  1. Connect to Fireware Web UI for your Firebox Cloud with the public IP address:
    https://<eth0_public_IP>:8080
  2. Log in with the default Administrator account user name and passphrase:
    • User name — admin
    • Passphrase — The Firebox Cloud Instance ID

    The Firebox Cloud Setup Wizard welcome page appears.

  3. Click Next.
    The setup wizard starts.
  4. Review and accept the End-User License Agreement. Click Next.

Screen shot of the Create passphrases step in the Web Setup Wizard

  1. Specify new passphrases for the built-in status and admin user accounts.
  2. Click Next.
    The configuration is saved to Firebox Cloud and the wizard is complete.

Connect to Fireware Web UI

To connect to Fireware Web UI and administer Firebox Cloud:

  1. Open a web browser and go to the public IP address for your instance of Firebox Cloud at:
    https://<eth0_public_IP>:8080
  2. Log in with the admin user account. Make sure to specify the passphrase you set in the Firebox Cloud Setup Wizard.

By default, Firebox Cloud allows more than one user with Device Administrator credentials to log in at the same time. To prevent changes by more than one administrator at the same time, the configuration is locked by default. To unlock the configuration so you can make changes, click the Locked icon.

If you prefer to allow only one Device Administrator to log in at the same time, select System > Global Settings and clear the Enable more than one Device Administrator to log in at the same time check box.

Microsoft Azure automatically terminates your management connection to Firebox Cloud after 30 minutes of inactivity. To avoid unexpected disconnection of your management session, do not set the Management Session Idle Timeout in the Fireware Authentication > Settings page to a value higher than 30 minutes.

Add the Feature Key

If you have received or downloaded the Firebox Cloud feature key to a local file, in the Feature Key Wizard select Yes I have a local copy of the feature key and paste the feature key into the wizard.

If you activated a Firebox Cloud license in the WatchGuard portal, your feature key is available directly from WatchGuard. You must add this feature key to the Firebox Cloud configuration to enable all functionality and configuration options on Firebox Cloud.

After you add the feature key, Firebox Cloud automatically reboots with a new serial number.

To add the feature key, from Fireware Web UI:

  1. Select System > Feature Key.
    The Feature Key Wizard page appears.

Screen shot of the Feature Key Wizard welcome page

  1. To unlock the configuration file, click the Locked icon.
  2. To download and install the feature key, click Next.
  3. On the Summary page, verify that your feature key was successfully installed.
    When your feature key has been installed, Feature Key Retrieval Success appears on the Summary page.

Screen shot of the Feature Key wizard Summary page

  1. Click Next.
    The wizard completes and Firebox Cloud reboots with a new serial number.

Next Steps

After you run the setup wizard and add the feature key you can log in to Fireware Web UI and configure the settings for your Firebox Cloud.

Enable Feature Key Synchronization

To enable Firebox Cloud to automatically check for feature key updates when services are about to expire:

  1. Select System > Feature Key.
  2. Select the Enable automatic feature key synchronization check box.
  3. Click Save.

Configure Firebox Cloud to Send Feedback to WatchGuard

To enable your Firebox Cloud to send feedback to WatchGuard:

  1. Select System > Global Settings.
  2. Select the Send device feedback to WatchGuard check box.
  3. Select the Send Fault Reports to WatchGuard daily check box.

Configure Firewall Policies and Services

Configure policies and services as you would for any other Firebox.

Firebox Cloud does not support every feature described in Fireware Help. For a summary of the differences between Firebox Cloud and other Firebox models, see Firebox Cloud Feature Differences.

Give Us Feedback     Get Support     All Product Documentation     Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.