Add FireboxV to WatchGuard Cloud (Cloud-Managed)

Applies To: Cloud-managed Fireboxes

To manage a FireboxV configuration from WatchGuard Cloud, you must add the virtual Firebox to WatchGuard Cloud as a cloud-managed device and then upload a payload to the device.

Before You Begin

Before you add a FireboxV device to WatchGuard Cloud, make sure that:

  • You have activated the Firebox in your WatchGuard account.
  • The Firebox has a valid Standard Support license (Fireware v12.9 or higher), or a current Total Security or Basic Security Suite subscription.
  • The Firebox is allocated to a Subscriber account (Service Providers only). For more information, see Allocate Fireboxes.

Your operator role determines what you can see and do in WatchGuard Cloud. Your role must have the Devices permissions to view or configure this feature. For more information, go to Manage WatchGuard Cloud Operators and Roles.

To add a FireboxV device as a cloud-managed device, it must meet these requirements:

For a FireboxV device to successfully connect to WatchGuard Cloud as a cloud-managed device, it must run Fireware v12.7.1 or higher.

The version of Fireware originally manufactured on the device appears in the Device Information section of the Product Details page in the WatchGuard website.

If your Firebox uses a lower version of Fireware, you must first set up the Firebox as a locally-managed device and upgrade it to Fireware to v12.7.1 or higher before you can add it as a cloud-managed device. For information about Fireware upgrade methods, see Firebox Upgrade, Downgrade, and Migration.

If you previously configured the FireboxV device as a locally-managed device, you must reset it to factory-default settings before it can connect to WatchGuard Cloud as a cloud-managed device. For the steps to reset your Firebox, see Reset a Firebox.

Add a Cloud-Managed FireboxV to WatchGuard Cloud

When you add a FireboxV device to WatchGuard Cloud as a cloud-managed device, you configure the device name, time zone, external network settings, and device passwords. Other device settings are automatically configured with secure defaults.

To add a FireboxV device to WatchGuard Cloud as a cloud-managed device:

  1. Log in to your WatchGuard Cloud account.
  2. For Service Provider accounts, from Account Manager, select My Account.
  3. Select Manage > Devices or Configure > Devices.
  4. Click Add Device.
    A list of activated Fireboxes opens.
  5. Click the Name of the FireboxV device you want to add or click .
    A confirmation dialog box opens.
  6. Click Add Device.
    The Add Device to WatchGuard Cloud page opens.

Screen shot of the Add Device page with the Cloud Management option selected

  1. Select Cloud Management.
  2. Click Next.
  3. Configure Firebox system settings:
    • Name — The name to identify the Firebox in WatchGuard Cloud.
    • Time Zone — The time zone of the location where the Firebox is installed.
    • Device Folder — Select the folder that you want to add your device to. Device Folders help you to see status and summarized data for groups of devices.
      If you only have one root folder, the folder list does not appear.

Screen shot of the Device Name and Time Zone settings

  1. Click Next.
  2. Select the Connection Type for the Firebox external interface. Select and configure one of these options:

DHCP

Select this option to configure the Firebox to use DHCP to request an IP address on the external network.

Screen shot of the External Network settings, DHCP

If you select DHCP, there are no other network settings to configure.

Static IP

Select this option to configure the Firebox to use a static IP address on the external network.

Screen shot of the External Network settings, Static IP

If you select Static IP, configure the Firebox external network IP address and netmask, a network gateway on the same subnet, and the IP address for a public DNS server.

PPPoE

Select this option to configure the Firebox to use PPPoE to get an IP address on the external network.

Screen shot of the External Network settings, PPPoE

If you select PPPoE, configure the user name and password, and select whether to obtain an IP address automatically or to configure a specific IP address.

  1. Click Next.
  2. Set FireboxV device passwords for connections to Fireware Web UI on the Firebox. Device passwords must be 8-32 characters long, and must contain uppercase and lowercase letters, at least one number, and at least one symbol.

The admin password you specify here is used to encrypt the payload. You must specify the same admin password when you upload the payload in the Fireware Web Setup Wizard.

Caution: To keep your device secure, make sure you do not use the default passphrases for the admin account (readwrite) and status account (readonly). We recommend you specify unique passphrases for each Firebox you manage and change them frequently.

For a cloud-managed Firebox, you can use Fireware Web UI to recover the Firebox connection to WatchGuard Cloud. You cannot use Fireware Web UI to modify the Firebox configuration.

  1. Click Next.
  2. Click Download Payload.
    A dialog box opens for you to save the payload file to your default download folder in your browser. The package has a TGZ extension. For example, package_FVE1028C0754 .

Screen shot of the Download Payload page in the Add Device Wizard

Record the location where you saved the payload file. In the next section, you will upload the payload in the Fireware Web UI to connect your FireboxV to WatchGuard Cloud.

Screen shot of the Completed Download Payload page in the Add Device Wizard

Your device is now added to WatchGuard Cloud, but not yet connected. You must now upload the payload to your FireboxV device in the Fireware Web UI.

Upload the Payload and Connect the Firebox

Before you can manage your FireboxV device in WatchGuard Cloud, you must upload the payload you downloaded in WatchGuard Cloud.

The payload includes:

  • Verification code
  • Admin and status passwords
  • Initial configuration
  • Feature key

To upload the payload and connect your FireboxV device to WatchGuard Cloud:

  1. Open a web browser and go to https://<Firebox IP address>:8080.
    A security certificate notification appears in the browser. Click continue or add an exception.
  2. Log in with the user name admin and the passphrase readwrite.
    The Web Setup Wizard opens.
  3. Select Enable cloud management and accept the End User License Agreement.

Screen shot of the Welcome Web Setup Wizard page

  1. Click Next.
  2. Upload the payload to the device.
    1. Type the admin password you created in the Add Device Wizard in WatchGuard Cloud. This password is used to decrypt the payload.
    2. Click Browse, navigate to the location where you saved the payload, and select the payload file.

Screen shot of the Upload Payload page in the Web Setup Wizard

  1. Click Next.
    The payload file uploads and applies changes to the Firebox. When the process finishes, you see a message.

Screen shot of the Upload Payload complete page in the Web Setup Wizard

Verify the FireboxV Status

After you upload the payload and connect the FireboxV in the Fireware Web UI, log in to WatchGuard Cloud to verify the device connection status and other summary information on the Device Settings page and Live Status pages in WatchGuard Cloud.

For more information, see

Related Topics

About WatchGuard Cloud

Recover the Firebox Connection to WatchGuard Cloud

Add a Cloud-Managed Firebox to WatchGuard Cloud

Add Firebox Cloud to WatchGuard Cloud (Cloud-Managed)

Copy Configuration Settings from a Cloud-Managed Device