Add Managed Devices to the Management Server

You can use your WatchGuard Management Server to manage your Fireboxes. You can manage a device with a dynamic IP address if you used Policy Manager to configured it as a managed client. If your device has multiple external interfaces, do not change the interface configuration after you add the device to the Management Server.

The Management Server does not support IPv6 addresses for Firebox management. The gateway Firebox must have an IPv4 address that is accessible by the managed Firebox devices (for the NAT configuration in the Setup Wizard), and the IP addresses used by the Firebox to connect to the Management Server must also be IPv4 addresses.

From WatchGuard System Manager (WSM):

  1. To connect to the Management Server, click the Connect to Server icon .
    Or, select File > Connect to Server.
    Or, right-click anywhere in the window and select Connect to > Server.
    The Connect to Management Server dialog box opens.
  2. Type or select the IP address of the Management Server and type the configuration passphrase.
  3. Click Login.
    The Management Server page opens.

Screen shot of the WatchGuard System Manager Device Management tab

  1. Click the Add Policy icon to add a device.
    Or, on the Management Server page, in the Summary section, click Add Device.
    The Add Device Wizard starts.
  2. Click Next.
    The first configuration screen opens.

Screen shot of the Add Device Wizard dialog box

  1. Select an option:
    • I know the device's current IP address
    • I don't know the device's current dynamically allocated IP address
  2. Follow the instructions for the option you selected.

To troubleshoot issues when you add a managed device, go to Troubleshoot Management Server Connections to a Firebox.

If You Know the Current IP Address of the Device

  1. Type the Hostname/IP Address, Status Passphrase, and Configuration Passphrase for the device.
    If you select a device that is already managed by another server, a warning message appears. To overwrite the other configuration and add this device to this Management Server, click Yes.
  2. Click Next.
    The wizard performs device discovery.
  3. To use a name other than the default name, type a Device Name for the device.
  4. Select the Device Type from the drop-down list.
  5. Type and confirm the Shared Secret.
    The name and shared secret you type here must match the name and shared secret you give the device when you enable it as a managed client.
  6. Click Next.
  7. Type and confirm the Status Passphrase and the Configuration Passphrase. Click Next.
  8. Select the tunnel authentication method for the device. Click Next.
    The Configure the Device page opens.
  9. Click Next.
    The Add Device Wizard is complete page opens.
  10. Review the information for your device. Click Close.
    The Add Device Wizard closes and the device shows in WSM in the correct device category in the Summary list and in the Devices list.

If You Do Not Know the IP Address of the Device

After you complete the wizard, you can manually configure the device for management. When the device is configured for management, it contacts the Management Server.

For more information, go to Configure a Firebox as a Managed Device and follow the procedure in the Set Up the Managed Device section.

  1. Click Next.
    The wizard does not perform device discovery and the Enter the Managed Device Settings page opens.
  2. To use a name other than the default name, type a Device Name for the device.
  3. Select the Device Type from the drop-down list.
  4. Type and confirm the Shared Secret.
    The name and shared secret you type here must match the name and shared secret you give the device when you enable it as a managed client.
  5. Click Next.
  6. Type and confirm the Status Passphrase and the Configuration Passphrase. Click Next.
    The Select the Tunnel Authentication Method page opens.
  7. Select the tunnel authentication method for the device. Click Next.
    The Configure the Device page opens.
  8. Click Next.
    The Add Device Wizard is complete page opens.
  9. Click Close.
    The Add Device Wizard closes and the device appears in WSM in the correct device category in the Summary list and in the Devices list.

If there is a lot of network traffic when the wizard tries to connect to the device, the SSL connection times out. Complete the wizard again when the network is less busy.

Troubleshoot Management Server Connections to a Firebox

If your Firebox has a dynamic IP address, or if your WSM Management Server cannot connect to it for another reason, you can manually configure the Firebox as a managed device before you add it to the Management Server.

  • If your Management Server is not behind a gateway Firebox, you must configure the firewall that is between the Management Server and the Internet to allow connections to the Management Server public IP address over TCP ports 4112 and 4113.
  • To connect to a managed Firebox, you must be able to reach the managed Firebox from your local computer on TCP ports 4105, 4117, and 4118.

For more information, go to Configure a Firebox as a Managed Device.

Related Topics

About Centralized Management Modes

Use Device Folders