Contents

Related Topics

Enable TDR on Your Firebox

To detect indicators of threats on your network, the Threat Detection and Response subscription service collects and analyzes forensic data from the Firebox and from hosts on your network. For more information, see About Threat Detection and Response.

Before you can enable Threat Detection and Response on your Firebox, your Firebox must run Fireware v11.12 or higher and must have the Threat Detection and Response subscription service enabled in the feature key. For more information, see:

Get your TDR Account UUID

Before you can enable Threat Detection and Response on a Firebox, you must know your Threat Detection and Response Account UUID.

To find your Account UUID:

  1. Log in to the TDR web UI as a user with Operator credentials.
  2. Select Devices > Firebox.
    The Account UUID appears at the top of the page.

Screen shot of the Account UUID in the Firebox Configuration page

  1. Copy the Account UUID.

Enable Threat Detection and Response

To enable Threat Detection and Response on the Firebox, you must add the Account UUID to your Firebox configuration.

To enable Threat Detection and Response, from Fireware Web UI:Closed
  1. Select Subscription Services > Threat Detection.

Screen shot of the Threat Detection & Response page in Fireware Web UI

  1. Select the Enable Threat Detection & Response check box.
  2. In the Account UUID and Confirm text boxes, paste your Account UUID.
  3. Click Save.
  4. To see the status of the connection from the Firebox to TDR, select Dashboard > Front Panel.
    The connection status appears in the Servers list.

Screen shot of the Front Panel dashboard with Threat Protection status shown

To enable Threat Detection and Response, from Policy Manager:Closed
  1. Select Subscription Services > Threat Detection.

Screen shot of the Threat Detection & Response page in Policy Manager

  1. Select the Enable Threat Detection & Response check box.
  2. In the Account UUID and Confirm text boxes, paste your Account UUID.
  3. Click OK.
  4. Save the configuration to the Firebox.
  5. To see the status of the connection from the Firebox to TDR, open Firebox System Manager and select the Status Report tab.

For information about how to see the status of the Firebox connection in your TDR account, see See Firebox Status in TDR.

FQDNs for TDR Connections from the Firebox

The Firebox uses one of these FQDNs to connect to TDR:

  • For the Europe account region: tdr-eu-fbla.watchguard.com
  • For the Americas account region: tdr-na-fbla.watchguard.com

If your Firebox is behind another Firewall, make sure the firewall allows connections from the Firebox to the FQDN for your TDR region on TCP port 4115.

Configure Firewall Policies on Your Firebox

When you enable Threat Detection and Response in Fireware v11.12.1 and higher, the WatchGuard Threat Detection and Response policy is automatically added to the configuration. This WG-TDR-Host-Sensor packet filter policy enables Host Sensors on the trusted network to connect to your TDR account.

If your Firebox runs Fireware v11.12 or lower, when you enable TDR from Policy Manager or Fireware Web UI, you must manually add this policy. For information about how to create this policy, see Configure a Firewall Policy for TDR Traffic.

After you enable Threat Detection and Response, make sure you that you configure the firewall policies on your Firebox to inspect network traffic, generate log messages, and allow connections from Host Sensors.  For more information, see Configure Proxy Policies for TDR.

Give Us Feedback     Get Support     All Product Documentation     Technical Search

© 2018 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, WatchGuard Dimension, Firebox, Core, Fireware, and LiveSecurity are registered trademarks or trademarks of WatchGuard Technologies in the United States and/or other countries.