Configure an RMA Replacement for a Cloud-Managed Firebox
Applies To: Cloud-managed Fireboxes
If your Firebox hardware fails during the warranty period, WatchGuard might replace it with an RMA (Return Merchandise Authorization) unit of the same model. When you exchange a Firebox for an RMA replacement, WatchGuard Customer Care transfers the licenses from the original device serial number to the new device serial number. All the features that were licensed to the original device are transferred to the replacement device.
WatchGuard automatically allocates the RMA replacement device to the same WatchGuard Cloud account as the original cloud-managed device.
Caution: When you return a Firebox, return only the defective product. You should keep any expansion modules, and keep all of the original manuals, cables, cords, and disks, as we do not ship these with the replacement product.
Configure the Replacement Device
To automatically configure the replacement device with the same settings as the original device, add it to the same WatchGuard Cloud account as the original cloud-managed device.
Before you begin:
- Remove the cables from the old Firebox that you plan to replace.
- Remove any expansion modules from the old Firebox and install them on the replacement Firebox.
To configure the replacement cloud-managed device:
- Log in to WatchGuard Cloud.
- If you are a Service Provider, select the same account where the original cloud-managed device was added.
- Select Configure > Devices.
- Click Add Device.
- Select the replacement device.
The Add Device Wizard automatically copies the configuration from the original device to the new device, and immediately deploys the configuration for the replacement device to download. In the Deployment History, the deployment description is: Applying config from RMA'd device (serial number). - Follow the steps on the last page of the Add Device wizard, to connect the replacement Firebox to your network.
The Firebox connects to WatchGuard Cloud and downloads its configuration.
If the configuration automatically copied from the original device to the RMA replacement device includes a BOVPN, the peer endpoint device shows a message about undeployed BOVPN changes. This message appears because the BOVPN configuration now references the RMA replacement device instead of the original device. You must deploy these changes on the peer endpoint device.
When you add a replacement cloud-managed device, the Deployment History for the replacement device includes a copy of any configuration previously deployed to the original device. You can revert the replacement device to a previous configuration version.
To manually revert to a previous configuration version that includes a BOVPN, the current configuration must not include a BOVPN. After you revert, the BOVPN tunnel rejoins if you did not remove the BOVPN configuration on the peer endpoint Firebox. If you made any deployments on the peer endpoint Firebox after you returned the defective Firebox, but before you added the RMA replacement Firebox, you must schedule a deployment on the peer endpoint Firebox if you see a message about undeployed BOVPN changes.
Data Retention for the Inactive Device
After you add an RMA replacement device to WatchGuard Cloud, the status of the original device changes to Inactive. Data for the inactive device remains available in WatchGuard Cloud until the data retention period ends. For more information, see Inactive Devices and Data Retention.
Update Mobile VPN with IKEv2 Profiles
If you use Mobile VPN with IKEv2 with the Firebox, make sure you generate new profiles and install them on your clients after you add the replacement Firebox. For more information, go to Configure Client Devices for Mobile VPN with IKEv2.