Add a Locally-Managed Firebox to WatchGuard Cloud

Applies To: Locally-managed Fireboxes

If you manage your Firebox configuration locally with Fireware Web UI, Policy Manager, or the Management Server, you can add it to WatchGuard Cloud for reporting. WatchGuard Cloud uses log messages from the Firebox to generate over 100 dashboards and reports. WatchGuard Cloud does not disrupt logging to other destinations, such as Dimension.

To use WatchGuard Cloud for monitoring and reporting, you must:

  1. (For Service Providers) Allocate the Firebox to a Subscriber account
  2. Add the Firebox to your WatchGuard Cloud account
  3. Enable WatchGuard Cloud in the Firebox configuration

After you enable WatchGuard Cloud on the Firebox, the Firebox sends log messages to your WatchGuard Cloud account. From WatchGuard Cloud you can monitor device status, run reports, and see Firebox event notifications.

Before You Begin

Before you add a locally-managed Firebox to WatchGuard Cloud, make sure that:

  • You have activated the Firebox at www.watchguard.com.

    Fireboxes activated by a Service Provider appear in the Service Provider inventory in WatchGuard Cloud. Before you can add a Firebox or FireCluster to WatchGuard Cloud you must allocate the device to the Subscriber account. For more information, go to Allocate Fireboxes.

  • The Firebox has a current Standard Support license (Fireware v12.9 or higher), or a Total Security or Basic Security Suite subscription.
  • The Firebox has the latest feature key synchronized.
  • You have administrative access to the Firebox.

To enable WatchGuard Cloud on the Firebox you might need to copy and paste a verification code from your WatchGuard Cloud account to the Firebox configuration. The verification code is unique to each Firebox and expires after 30 days.

If your Firebox has a TPM (Trusted Platform Module) chip, and runs Fireware v12.5.3 or higher, the Firebox uses TPM to register with WatchGuard Cloud.

For an active/passive locally-managed FireCluster, you must always paste the verification code into the Firebox configuration, regardless of Firebox model.

To add a FireCluster, you must copy and paste the verification code, regardless of the Firebox model or the version of Fireware the Firebox was manufactured with. The verification code is required for the FireCluster to register with WatchGuard Cloud. For more information about how to add a FireCluster, see Locally-Managed and Cloud-Managed FireClusters.

Add a Device

To add a Firebox to WatchGuard Cloud:

  1. Log in to your WatchGuard Cloud account.
  2. For Service Provider accounts, from Account Manager, select My Account.
  3. Select Manage > Devices or Configure > Devices.
  4. Click Add Device.
    A list of activated Fireboxes opens. If you do not see the device, make sure the Firebox is allocated to a Subscriber account.

Screen shot of the Add Device list

To add a FireCluster to WatchGuard Cloud, select Add FireCluster. For more information, see Locally-Managed and Cloud-Managed FireClusters.

  1. Click the Name of the Firebox you want to add or click . Tip!
    A confirmation dialog box opens.
  2. Click Add Device.
    The Add Device page opens.

Screen shot of the Add Device page with the Local Management option selected

  1. Select Local Management.
  2. Click Next.
    The verification code appears.

When you add a Firebox manufactured with Fireware v12.3.1 or higher to WatchGuard Cloud, this page also includes the option: Setup with RapidDeploy. For more information, see RapidDeploy from WatchGuard Cloud.

Screen shot of the step to copy the Verification Code

  1. To copy the verification code, click Copy Code.
  2. To enable WatchGuard Cloud on the Firebox, open the Firebox configuration in Policy Manager or Fireware Web UI, enable WatchGuard Cloud, and paste the verification code, if required. For more information, see Enable WatchGuard Cloud on the Firebox.
  3. Click Done.
    The Firebox is added to the list of devices in WatchGuard Cloud.

Enable WatchGuard Cloud on the Firebox

After you add your Firebox to WatchGuard Cloud, enable WatchGuard Cloud on the Firebox.

If your Firebox has a TPM (Trusted Platform Module) chip, and runs Fireware v12.5.3 or higher, the Firebox uses TPM to register with WatchGuard Cloud.

For an active/passive locally-managed FireCluster, you must always paste the verification code into the Firebox configuration, regardless of Firebox model.

To connect a locally-managed Firebox or FireCluster to WatchGuard Cloud, you must open the Firebox configuration in Policy Manager or Fireware Web UI and enable WatchGuard Cloud.

  1. Open the device configuration in Fireware Web UI.
  2. Select System > WatchGuard Cloud.
  3. Select the Enable WatchGuard Cloud check box.
    If your Firebox requires a Verification Code to register with WatchGuard Cloud, the Verification Code text box appears.

Screen shot of the WatchGuard Cloud configuration in Fireware Web UI

  1. If required, in the Verification Code text box, paste the Verification Code you copied from WatchGuard Cloud.

In Fireware v12.5.3 and higher, the Verification Code is required only for Firebox T70, M4600, and M5600, and for any active/passive FireCluster. If the Firebox does not require a Verification Code to register, the Verification Code text box does not appear and you do not have to paste the code.

  1. Click Save.
    The Firebox connects to WatchGuard Cloud to register. After successful registration, the WatchGuard Cloud Registration Status updates to Registered.

Screen shot of the WatchGuard Cloud configuration page after successful registration

  1. Open the device configuration in Policy Manager.
  2. Select Setup > WatchGuard Cloud.
  3. Select the Enable WatchGuard Cloud check box.

Screen shot of the WatchGuard Cloud configuration dialog box in Policy Manager

  1. Click OK.
  2. Select File > Save > To Firebox.
  3. Type the Administrator Passphrase.
    If the Firebox requires a Verification Code to register with WatchGuard Cloud, the Register Firebox dialog box opens.

Screen shot of the Register Firebox dialog box in Policy Manager

  1. If required, in the Verification Code text box, paste the Verification Code you copied from WatchGuard Cloud.

In Fireware v12.5.3 and higher, the Verification Code is required only for Firebox T70, M4600, and M5600, or for any active/passive FireCluster. If the Firebox does not require a Verification Code to register, the Register Firebox dialog box does not appear and you do not have to paste the code.

  1. Click OK.

Verify the Connection Status

After you enable a device in WatchGuard Cloud, verify the connection status in WatchGuard Cloud or on the Firebox. For more information, see:

For information about how to troubleshoot registration and connection errors, see Troubleshoot Firebox Connections to WatchGuard Cloud.

Related Topics

About Firebox WatchGuard Cloud Licenses

About WatchGuard Cloud