Manage Device Configuration Deployment

Applies To: Cloud-managed Fireboxes, WatchGuard Cloud-managed Access Points

When you save configuration changes for a cloud-managed device, the configuration settings are stored in WatchGuard Cloud.

For initial deployment of a device in the factory-default state, when it first connects to WatchGuard Cloud, it receives the WatchGuard defined initial configuration. The device receives the initial configuration as part of the first deployment, or, when a template is applied to the device before deployment of the initial configuration, the initial configuration is skipped and included as part of the subsequent configuration update.

Scheduled Deployments

To create a configuration update for the device to download, you must schedule a deployment. You can schedule a deployment from the Deployment History page or from the message banner.

When you schedule a deployment, you can choose to deploy the current configuration immediately (Deploy Now), or specify a future date and time for the deployment. At the specified time, WatchGuard Cloud creates a configuration update for the device to download.

At the scheduled deployment time:

  • WatchGuard Cloud creates a configuration update that contains all device configuration settings saved as of the deployment date and time.
  • WatchGuard Cloud saves the configuration update to a cloud location where the device can connect to download it.
  • WatchGuard Cloud notifies the device that a new configuration is ready to download.
  • If the device is connected to WatchGuard Cloud, it immediately tries to download and apply the configuration update.

If the device is not connected to WatchGuard Cloud at the scheduled deployment time, the device downloads and applies the configuration update the next time it connects.

Shared Configuration Deployments

There are three types of deployments that happen automatically when you make changes or deploy a shared configuration:

When you add, edit, or delete a BOVPN for a cloud-managed Firebox, WatchGuard Cloud immediately creates and deploys a configuration update for the cloud-managed Fireboxes. The automatic deployment contains the configuration settings from the last deployed configuration with the BOVPN settings added.

For more information about VPN configuration, see Manage BOVPNs for Cloud-Managed Fireboxes.

If you use templates to configure shared settings for multiple cloud-managed Fireboxes, WatchGuard Cloud automatically deploys a template update to subscribed devices.

There are two types of template deployments:

  • Template subscription update — You changed which templates a Firebox subscribes to
  • Template update — You deployed changes to a template the Firebox subscribes to

Template deployments do not deploy other saved, undeployed changes for subscribed devices.

For more information about template deployment, see Deploy Firebox Templates.

If you use sites to configure shared settings for multiple cloud-managed access points, WatchGuard Cloud can automatically deploy a site update to subscribed devices, or you can schedule the deployment for a future date and time to avoid potential disruption.

There are three types of site deployments:

  • Site subscription update — You changed which site an access point subscribes to
  • Site update — You deployed changes to a site the access point subscribes to
  • VPN update — You deployed site changes that contain an Access Point VPN configuration. In this case, it also automatically deploys to the Firebox that is configured for the VPN.

Site deployments do not deploy other saved, undeployed changes for subscribed devices.

For more information about site deployment, go to Deploy an Access Point Site.

See the Deployment Status

From the Deployment History page, you can see information about previous deployments and create or update a scheduled deployment.

To open the Deployment History page:

  1. In WatchGuard Cloud, select Configure > Devices.
  2. Select the cloud-managed device.
  3. Click Deployment History.

For each deployment, the Deployment History page shows this information:

  • Version — The configuration version. For a deployment that includes shared settings, a label might appear after the version number:
  • TEMPLATE — A deployment created when an operator deployed an update to a template configuration. Point to the label to display the name of the template configuration that was applied.
  • Deployed — The date and time the configuration was created (the scheduled deployment time).
  • Operator — The operator who scheduled the deployment.
  • Description — The description of the deployed configuration version.
  • Status — The status of whether the device successfully downloaded and applied the deployed configuration update:
  • Staged — The configuration update was created and is ready for deployment to a cloud-managed device. WatchGuard Cloud holds the configuration update until deployment. This status shows for devices that you change from locally-managed to cloud-managed until you deploy the configuration.
  • Succeeded — The device successfully downloaded and applied the configuration update.
  • Waiting for initial connection —The configuration update was created and is ready for the device to download and apply. This status appears for a cloud-managed device that has not yet connected to WatchGuard Cloud to download the configuration.
  • Waiting for Device — The configuration update was created and is ready for the device to download and apply. This could happen if the device is not connected to WatchGuard Cloud at the deployment date and time.
  • Skipped — The deployed configuration was superseded by a later deployment. If a previous deployment had the status Waiting for Device, and you deploy a newer configuration update, the status of the previous deployment changes from Waiting for Device to Skipped.

    • If the device is in factory-default state when it first connects to WatchGuard Cloud and there is a template applied to the device, the initial configuration is Skipped and included as part of the subsequent configuration update.

  • Failed — The device could not download or apply the deployed configuration. This could happen, for example, if something between the cloud-managed device and WatchGuard Cloud blocks DNS or other traffic required for the device to connect to download the configuration.
  • Applied —The date and time the device applied the configuration.

To compare configuration versions to see what changed between them, click Compare Versions. For more information, see Compare Configuration Versions.

To see more details about deployment status, click the link in the Status column for that deployment.

To see a report of all settings in a deployed configuration, click the version number. Or, click and select View Configuration Report. For more information, see View the Device Configuration Report.

Undeployed Saved Changes

If configuration changes were saved to the cloud after the last deployed configuration, the top of the Deployment History page shows that you have undeployed saved changes.

From the Deployment History page, you can:

  • Schedule a deployment.
  • Update a scheduled deployment.
  • Delete a scheduled deployment.
  • View the pending changes compared to the last deployment.
  • Revert changes saved since the last deployment.
  • Compare configuration versions.

The options available depend on whether a deployment is scheduled.

If there are saved changes but no deployment is scheduled

The Deployment History shows that you have undeployed saved changes.

Screen shot of the Pending Changes section when a deployment is not scheduled

  • To view the pending changes in the undeployed configuration compared to the current deployed configuration, click View Pending Changes.
  • To revert changes saved since the last deployment, click Revert Undeployed Changes.
  • To schedule a new deployment, click Schedule Deployment.
  • To compare the undeployed pending changes to the current deployed configuration, click Compare Versions. If there are no pending changes, you can compare the last two deployed configurations.

If a deployment is already scheduled

The Deployment History shows the date and time for the scheduled deployment.

Screen shot of the Pending Changes section when a deployment is scheduled

  • To view the pending changes in the undeployed configuration compared to the current deployed configuration, click View Pending Changes.
  • To update the scheduled deployment, click Update Scheduled Deployment.
  • To cancel the scheduled deployment, click Delete Scheduled Deployment.

Deployment Message Banners

When the device has undeployed changes saved to the cloud by any operator, the Device Configuration pages show a message banner. In the message banner, you can click a link to schedule or update a deployment.

If no deployment is currently scheduled, you can click the link to schedule a deployment.

Screen shot of the notification banner when there are undeployed saved changes

If a deployment is already scheduled, you can click the link to update the schedule.

Screen shot of the message banner when a deployment is scheduled

Schedule a Deployment

You can schedule a deployment from the message banner or the Deployment History page. When you schedule a deployment, you choose whether to deploy the currently saved configuration immediately, or to schedule the deployment for a future date and time. If you schedule a deployment for a future date and time, the deployed configuration will include all changes saved to the cloud as of the scheduled deployment time.

  1. On the Deployment History page or in the message banner, click Schedule Deployment.
    The Schedule Deployment dialog box opens.

Screen shot of the Schedule Deployment settings

  1. In the Schedule Deployment dialog box, select Deploy changes now.
  2. In the Description text box, type a description for this deployment.
  3. Click Deploy.
    A confirmation message opens.
  1. Click Close.

  1. On the Deployment History page or in the message banner, click Schedule Deployment.
    The Schedule Deployment dialog box opens.
  2. In the Schedule Deployment dialog box, select Schedule Deployment.

Screen shot of the Schedule Deployment settings with the Date and Time settings

  1. Type or select the Date and Time to schedule the deployment.
    The time is based on a 24-hour clock.
  2. In the Description text box, type a description for this deployment.
  3. Click Add.
    A confirmation message opens, with the date and time of your scheduled deployment.
  1. Click Close.

Update a Scheduled Deployment

You can update a scheduled deployment any time before the scheduled time for the deployment.

To edit the scheduled deployment, use one of these methods: 

  • On the Deployment History page, click Update Scheduled Deployment.
  • In the message banner, click Update.

Screen shot of the Schedule Deployment settings

  1. In the Schedule Deployment dialog box, select Deploy changes now.
  2. Click Deploy.
    A confirmation message opens.
  3. Click Close.

  1. In the Schedule Deployment dialog box, edit the Date and Time to schedule the deployment.
    The time is based on a 24-hour clock.
  2. Click Update.
    A confirmation message opens, with the updated date and time of your scheduled deployment.
  3. Click Close.

Delete a Scheduled Deployment

You can delete a scheduled deployment any time before the scheduled time for the deployment. When you delete a scheduled deployment, it does not affect the device configuration saved in the cloud.

To delete a scheduled deployment:

  1. On the Deployment History page, click Delete Scheduled Deployment.
    A confirmation message opens.
  2. To confirm that you want to delete this deployment, click Delete.
    The top of the page updates to show that you have undeployed saved changes.

Audit Trail Report

You can also view an Audit Trail Report that shows information about Firebox configuration deployment changes. The Audit Trail Report is available for both cloud-managed and locally-managed Fireboxes. For more information, go to Audit Trail Report.

Related Topics

Revert to a Previous Device Deployment

View the Device Configuration Report

Compare Configuration Versions