Add a Locally-Managed FireCluster to WatchGuard Cloud
Applies To: Locally-managed Fireboxes
If you add a locally-managed FireCluster to WatchGuard Cloud, you can monitor the FireCluster in WatchGuard Cloud. You can also upgrade, reboot, and fail over the FireCluster in WatchGuard Cloud.
You continue to use WatchGuard System Manager, Fireware Web UI, or the CLI to manage all other FireCluster functionality.
You can change a locally-managed FireCluster to cloud management. After you change to cloud management, you must use WatchGuard Cloud for all FireCluster management. For information about cloud-managed FireClusters, go to Add a Cloud-Managed FireCluster.
This topic describes how to:
- Understand FireCluster requirements
- Add a locally-managed FireCluster
- Enable WatchGuard Cloud on the FireCluster
- Verify the FireCluster Connection to WatchGuard Cloud
- Monitor a FireCluster
- Manage a FireCluster
- Change the Management Type
Before You Begin
Fireboxes activated by a Service Provider appear in the Service Provider inventory in WatchGuard Cloud. Before you can add a Firebox or FireCluster to WatchGuard Cloud, you must allocate the device to the Subscriber account. For more information, go to Allocate Fireboxes.
Add a Locally-Managed FireCluster
To add a locally-managed FireCluster to WatchGuard Cloud:
- Log in to your WatchGuard Cloud Subscriber account.
- Click Add Device.
A list of activated devices appears.
- Click Add FireCluster.
- Select the Name of the first cluster member from the list.
- Specify the second cluster member.
- For an active/active FireCluster, select the second member from the list.
- For an active/passive FireCluster, type the serial number of the second member.
For an active/passive FireCluster, the second device does not appear in the list of devices to add if it does not have its own license for Total Security Suite, Basic Security Suite, or Standard Support. Fireboxes with a Standard Support license must also have Fireware v12.9 or higher and a feature key with a valid CLOUD_CONNECT entry. A Firebox T15, T35, T55, or T70 with Standard Support cannot connect to WatchGuard Coud. For more information, go to About Firebox WatchGuard Cloud Licenses.
- Click Add FireCluster.
The Verification Code page opens.
- To copy the Verification Code, click Copy Code.
- Open the FireCluster configuration in Policy Manager or Fireware Web UI and paste the Verification Code to enable WatchGuard Cloud. For more information, go to Enable WatchGuard Cloud on the FireCluster.
- Click Done.
The FireCluster is added to the list of devices.
Enable WatchGuard Cloud on the FireCluster
To connect a locally-managed Firebox or FireCluster to WatchGuard Cloud, you must open the Firebox configuration in Policy Manager or Fireware Web UI and enable WatchGuard Cloud.
- Open the device configuration in Fireware Web UI.
- Select System > WatchGuard Cloud.
- Select the Enable WatchGuard Cloud check box.
If your Firebox requires a Verification Code to register with WatchGuard Cloud, the Verification Code text box appears.
- If required, in the Verification Code text box, paste the Verification Code you copied from WatchGuard Cloud.
In Fireware v12.5.3 and higher, the Verification Code is required only for Firebox T70, M4600, and M5600, and for any active/passive FireCluster. If the Firebox does not require a Verification Code to register, the Verification Code text box does not appear and you do not have to paste the code.
- Click Save.
The Firebox connects to WatchGuard Cloud to register. After successful registration, the WatchGuard Cloud Registration Status updates to Registered.
- Open the device configuration in Policy Manager.
- Select Setup > WatchGuard Cloud.
- Select the Enable WatchGuard Cloud check box.
- Click OK.
- Select File > Save > To Firebox.
- Type the Administrator Passphrase.
If the Firebox requires a Verification Code to register with WatchGuard Cloud, the Register Firebox dialog box opens.
- If required, in the Verification Code text box, paste the Verification Code you copied from WatchGuard Cloud.
In Fireware v12.5.3 and higher, the Verification Code is required only for Firebox T70, M4600, and M5600, or for any active/passive FireCluster. If the Firebox does not require a Verification Code to register, the Register Firebox dialog box does not appear and you do not have to paste the code.
- Click OK.
Verify the FireCluster Connection to WatchGuard Cloud
After you enable WatchGuard Cloud on a Firebox, verify the FireCluster status in WatchGuard Cloud.
To see device connection status from WatchGuard Cloud:
- Log in to your WatchGuard Cloud Subscriber account.
- Select Monitor > Devices.
- Select the FireCluster.
The Device Summary shows the connection status of both cluster members.
The expected status of cluster members depends on the cluster type:
Active/Passive FireCluster
Only the cluster master connects to WatchGuard Cloud. The status of the cluster master is Connected. The status of the backup master is Never Connected or Not Connected.
Active/Active FireCluster (Locally-managed FireClusters only)
Both cluster members connect to WatchGuard Cloud. The status of both members is Connected. To determine which Firebox serial number corresponds to the cluster master or backup master, connect to Fireware Web UI and select System Status > FireCluster. Or, in WatchGuard System Manager, connect to the cluster and expand the Cluster section.
The member number indicates the order in which you added the Fireboxes to WatchGuard Cloud. Member1 is the first Firebox added to WatchGuard Cloud. Member2 is the second Firebox added to WatchGuard Cloud.
You can also connect to Fireware OS on your locally-managed FireCluster to verify the connection to WatchGuard Cloud. For more information, go toWatchGuard Cloud Status on the Firebox.
If the Firebox has never connected to WatchGuard Cloud, the Device Settings page shows the number of days left to connect your device before the verification code expires. If the verification code is expired, you can regenerate it. For information about how to regenerate the code, go to Regenerate the Firebox Verification Code.
Monitor a FireCluster
You can monitor the status and activity of your FireCluster in WatchGuard Cloud. For more information, go to Monitor Devices in WatchGuard Cloud.
Manage a FireCluster
For information about how to upgrade, reboot, or fail over a locally-managed FireCluster in WatchGuard Cloud, go to:
- Upgrade a FireCluster in WatchGuard Cloud
- Reboot a Cluster Member in WatchGuard Cloud
- Fail Over a FireCluster in WatchGuard Cloud
You must continue to use WatchGuard System Manager or Fireware Web UI to manage the FireCluster configuration.
To initiate FireCluster system actions in WatchGuard Cloud, cluster members must run Fireware v12.7.1 or higher (or v12.5.8 or higher for T35 Fireboxes). To upgrade a cluster from lower Fireware versions, you must use Policy Manager or Fireware Web UI. After the upgrade, you can upgrade, reboot, and fail over the cluster in WatchGuard Cloud. For information about cluster upgrades in Policy Manager and Fireware Web UI, go to Upgrade Fireware OS for a FireCluster.
Change the Management Type
After you add a locally-managed FireCluster to WatchGuard Cloud, you can change the management type to cloud-managed. For more information, go to Change the FireCluster Management Type.
About FireCluster in WatchGuard Cloud
Manage FireCluster Logging in WatchGuard Cloud