Change a Locally-Managed Firebox to Cloud Management
Applies To: Locally-managed Fireboxes
This feature is only available to devices that are actively connected to WatchGuard Cloud as a locally-managed device. For information on how to add a new device to WatchGuard Cloud, go to Add a Cloud-Managed Firebox to WatchGuard Cloud.
In WatchGuard Cloud, you can monitor live status, and see log messages and reports for locally-managed devices you add to WatchGuard Cloud. When a Firebox is cloud-managed, you manage the configuration in WatchGuard Cloud.
You can change a locally-managed Firebox to cloud management. If you currently manage the device configuration in WSM, Fireware Web UI, or the Command Line Interface, your configuration is replaced with the cloud-managed configuration you should customize to meet your network requirements. The original configuration remains on the Firebox until you deploy the cloud-managed configuration.
For best practices on how to change your locally-managed Firebox to cloud management, go to the Firebox Migration to Cloud Management Guide.
For information about the configuration features available in WatchGuard Cloud, go to Firebox Feature Comparison — Locally-Managed and Cloud-Managed.
To change a locally-managed Firebox to cloud management, you must:
- Save the most recent locally-managed configuration
Before you deploy your cloud-managed configuration, we strongly recommend that you use WSM or Fireware Web UI to create a backup image of the locally-managed device. This enables you to restore it later if you want to remove the device from cloud management.
- Change the device from locally-managed to cloud-managed
- Customize the default configuration for your device in WatchGuard Cloud
- Deploy the cloud-managed configuration (The original configuration remains on the Firebox until you deploy the cloud-managed configuration.)
You can import some of the configuration settings from your existing locally-managed device to a cloud-managed device. For information about how to import configuration settings from your locally-managed Firebox, go to Import Configuration Settings From a Locally-Managed Firebox.
Change a Device from Local Management to Cloud Management
Before you change to cloud management, make sure that the Firebox is connected to WatchGuard Cloud as a locally-managed device. The Firebox must run Fireware v12.5.7 or Fireware v12.6.4 or higher. For more information about Fireware cloud-management requirements, go to Fireware Requirements.
When you change a locally-managed Firebox to cloud management, you can create a new configuration or copy configuration settings from an existing cloud-managed device. For information about how to copy configuration settings to a locally-managed Firebox, go to Copy Configuration Settings from a Cloud-Managed Device.
To change a device to cloud management:
- Save the most recent locally-managed configuration.
- Log in to your WatchGuard Cloud account.
- For Service Provider accounts, from Account Manager, select My Account.
- Select Configure > Devices.
- Select the device you want to change.
The Device Settings page opens. - In the Cloud Management section, click Change to Cloud Management.
- Confirm that you want to change to cloud management.
The Add Device wizard opens. You can no longer make configuration changes to the Firebox through WatchGuard Systems Manager (Policy Manager) or the Fireware Web UI.
- Enter a new name for the device, if required.
- Select an appropriate Time Zone for the device.
- Click Next.
- Select the Connection Type.
- Click Next.
- Set the Status and Admin passwords for WatchGuard Cloud management.
- Click Next.
When you click Next, the local Status and Admin credentials update to the cloud-managed credentials you specified. - To configure the device in WatchGuard Cloud, click Next.
The Device Configuration page opens.
The device is now in a Staged deployment status. For more information, go to the See the Deployment Status section of Manage Device Configuration Deployment.
- Review the default configuration and make changes as necessary.
The local configuration remains in place until you deploy the cloud-managed configuration. Make sure to configure your internal interface, network settings, and VPN , if applicable, in the cloud-managed configuration before you deploy it. Only Eth0 is configured automatically. If you require more than one external interface or the external interface is physically connected to another port, you should manually configure the interface before you schedule the deployment. - Deploy the configuration.
For more information, go to Manage Device Configuration Deployment.
WatchGuard Cloud automatically creates a deployment history of all scheduled deployments. The new cloud-managed configuration replaces the locally-managed configuration on the Firebox.
Manage the Firebox Configuration
Configure Cloud-Managed Fireboxes
Firewall Policies Best Practices
Video tutorial: Change to Cloud-Management