Copy Configuration Settings from a Cloud-Managed Device

Applies To: Cloud-managed Fireboxes

When you add a Firebox to WatchGuard Cloud as a cloud-managed device, you can copy some of the configuration settings from an existing cloud-managed Firebox to the new device.

You might want to copy a configuration from another cloud-managed device when you:

  • Upgrade to a newer device that has similar capabilities.
  • Switch to a backup device, sometimes referred to as a cold spare, that is usually the same model as the device it replaces and is a backup device.

When you use WatchGuard Cloud to copy a configuration from an existing cloud-managed device to the new device, make sure you understand these limitations:

  • You can only copy between cloud-managed devices.
  • You can only copy between cloud-managed devices that have the same valid security subscription license. For more information about security subscription licenses and their grace periods, go to WatchGuard Cloud and Data Retention License Expiration.
    For example, if a device has a Total Security Suite subscription, you can only copy configuration settings to another device with a Total Security Suite subscription.
  • You can only copy between cloud-managed devices that are not part of the inventory of a delegated tier-1 Subscriber account.
  • You can only copy a FireboxV device configuration to another FireboxV device.
  • You can only copy a FireCluster configuration to another FireCluster device.
  • You can only copy a Firebox Cloud appliance configuration to another Firebox Cloud appliance.

Unsupported Configuration Settings

WatchGuard Cloud cannot copy these configuration settings from a cloud-managed Firebox to a new device:

  • Device passwords
  • BOVPNs
  • Device-level certificates:
    • TLS decryption
    • Mobile VPN with IKEv2
    • Root or intermediate CA certificates for VPN peer verification

For more information, go to the Additional Copy Configuration Steps section of this topic.

Copy Configuration Settings from a Cloud-Managed Device

The steps to copy configuration settings depend on the type of Firebox you want to copy settings from.

Before you begin, review the requirements to add a cloud-managed Firebox to WatchGuard Cloud. For more information, go to the Before You Begin section of Add a Cloud-Managed Firebox to WatchGuard Cloud.

To copy configuration settings from a cloud-managed Firebox:

  1. Reset the new Firebox to factory-default settings. For more information, go to Reset a Firebox.
  2. Log in to your WatchGuard Cloud account.
  3. Select Configure > Devices.
  4. Click Add Device.
    A list of activated Fireboxes shows. If the device you want does not show, make sure it is allocated to the account.
  5. Click the Name of the device you want to add or click .
    A confirmation dialog box opens.
  6. Click Add Device.
    The Add Device to WatchGuard Cloud page opens.
  7. From the Device Management drop-down list, select Cloud Management.

Screenshot of the Add Device page with the Cloud Management option selected

  1. Click Next.
  2. Select Copy a configuration from another cloud-managed Firebox.

Screenshot of the copy a configuration option

  1. Click Next.
    The Select the Firebox Configuration to Copy page opens.

Screenshot of the Device Name and Time Zone settings

  1. From the list of cloud-managed Fireboxes, select a Firebox to copy configuration settings from.
    If your account only has one folder, the folder list does not show

Only devices with a compatible configuration to copy show in the list of Fireboxes.

  1. Click Next.
    The Begin Setting Up Your Firebox page opens.

Screenshot of the Device Name and Time Zone settings

  1. In the Device Name text box, type a name to identify the Firebox in WatchGuard Cloud.
  2. From the Time Zone drop-down list, select the time zone of the location where you install the Firebox.
  3. Click Next.
    The Set the Status and Admin Passwords page opens.
  4. Set Firebox device passwords for connections to the local Fireware Web UI on the Firebox.

Device passwords must be 8-32 characters long and contain upper and lowercase letters, at least one number, and at least one symbol. You cannot copy the passwords from the source device.

Screenshot of the password fields

You can use the local Fireware Web UI to recover the connection between a cloud-managed Firebox and WatchGuard Cloud. You cannot use Fireware Web UI to modify the Firebox configuration.

  1. Click Next.
    The page shows a progress bar.

Screenshot of the Connect Your Device progress bar

  1. When the copy process completes, the Connect Your Device page lists the steps that you might have to take to configure the new Firebox.

Screenshot of the Connect Your Device page

  1. Click Done.

After you copy a configuration to a new device, you might have to complete additional steps to finish device setup. For more information, go to the Additional Copy Configuration Steps section of this topic.

  1. Before you can manage your Firebox in WatchGuard Cloud, you must connect the Firebox to a network with reliable Internet access. For more information, go to the Connect the Firebox section of Add a Cloud-Managed Firebox to WatchGuard Cloud.

Before you begin, review the requirements to add a cloud-managed FireboxV to WatchGuard Cloud. For more information, go to the Before You Begin section of Add FireboxV to WatchGuard Cloud (Cloud-Managed).

To copy configuration settings from a cloud-managed FireboxV:

  1. Reset the new FireboxV to factory-default settings. For more information, go to Reset a Firebox.
  2. Log in to your WatchGuard Cloud account.
  3. Select Configure > Devices.
  4. Click Add Device.
    A list of activated FireboxVs shows. If the device you want does not show, make sure it is allocated to the account.
  5. Click the Name of the device you want to add or click .
    A confirmation dialog box opens.
  6. Click Add Device.
    The Add Device to WatchGuard Cloud page opens.

Screenshot of the Add Device page with the Cloud Management option selected

  1. From the Device Management drop-down list, select Cloud Management.
  2. Click Next.
  3. Select Copy a configuration from another cloud-managed Firebox.

Screenshot of the copy a configuration option

  1. Click Next.
    The Select the Firebox Configuration to Copy page opens.

Screenshot of the Device Name and Time Zone settings

  1. From the cloud-managed Firebox tree, select a FireboxV to copy a configuration from.
    If your account only has one root folder, the folder list does not show.

Only a device that is compatible to copy from shows in the cloud-managed Firebox tree.

  1. Click Next.
    The Begin Setting Up Your Firebox page opens.

Screenshot of the Device Name and Time Zone settings

  1. In the Device Name text box, type a name to identify the Firebox in WatchGuard Cloud.
  2. From the Time Zone drop-down list, select the time zone of the location where you install the Firebox.
  3. Click Next.
    The Set the Status and Admin Passwords page opens.
  4. Set Firebox device passwords for connections to Fireware Web UI on the Firebox.

Device passwords must be 8-32 characters long and contain upper and lowercase letters, at least one number, and at least one symbol. You cannot copy the passwords from the source device.

Screenshot of the password fields

You can use Fireware Web UI to recover the connection between a cloud-managed Firebox and WatchGuard Cloud. You cannot use Fireware Web UI to modify the Firebox configuration.

  1. Click Next.
    The page shows a copying configuration progress bar.

Screenshot of the Connect Your Device progress bar

  1. When the copy process completes, the Connect your Device page opens. Click Download Payload.
    A dialog box opens for you to save the payload file to your default downloads folder in your browser. The package has a .TGZ extension.

Screenshot of the Connect Your Device page

  1. The Connect Your Device page lists the steps you might have to take to complete the copy. Click Done.
  2. Before you can manage your FireboxV device in WatchGuard Cloud, you must upload the payload you downloaded to WatchGuard Cloud. For more information, go to the Upload the Payload and Connect the Firebox section of Add FireboxV to WatchGuard Cloud (Cloud-Managed).

Screenshot of the Connect Your Device page

After you copy a configuration to a new device, you might have to take steps to complete device setup. For more information, go to the Additional Copy Configuration Steps section of this topic.

Before you begin, review the requirements to add a cloud-managed Firebox Cloud to WatchGuard Cloud. For more information, go to the Before You Begin section of Add Firebox Cloud to WatchGuard Cloud (Cloud-Managed).

To copy configuration settings from a cloud-managed Firebox Cloud device:

  1. Reset the new Firebox Cloud device to factory-default settings. For more information, go to Reset a Firebox.
  2. Log in to your WatchGuard Cloud account.
  3. Select Configure > Devices.
  4. Click Add Device.
    A list of activated Fireboxes shows. If the device you want does not show, make sure it is allocated to the account.
  5. Click the Name of the device you want to add or click .
    A confirmation dialog box opens.
  6. Click Add Device.
    The Add Device to WatchGuard Cloud page opens

Screenshot of the Add Device page with the Cloud Management option selected

  1. From the Device Management drop-down list, select Cloud Management.
  2. Click Next.
  3. Select Copy a configuration from another cloud-managed Firebox.

Screenshot of the copy a configuration option

  1. Click Next.
    The Select the Firebox Configuration to Copy page opens.

Screenshot of the Device Name and Time Zone settings

  1. From the cloud-managed Firebox tree, select a Firebox Cloud device to copy a configuration from.
    If your account only has one root folder, the folder list does not show.

Only a device that is compatible to copy from shows in the cloud-managed Firebox tree.

  1. Click Next.
    The Begin Setting Up Your Firebox page opens.

Screenshot of the Device Name and Time Zone settings

  1. In the Device Name text box, type a name to identify the Firebox Cloud device in WatchGuard Cloud.
  2. From the Time Zone drop-down box, select the time zone of the location where you install the Firebox Cloud device.
  3. Click Next.
    The Set the Status and Admin Passwords page opens.
  4. Set Firebox Cloud device passwords for connections to Fireware Web UI on the Firebox.

Device passwords must be 8-32 characters long and contain upper and lowercase letters, at least one number, and at least one symbol. You cannot copy the passwords from the source device.

Screenshot of the password fields

You can use Fireware Web UI to recover the connection between a cloud-managed Firebox Cloud device and WatchGuard Cloud. You cannot use Fireware Web UI to modify the FireboxV configuration.

  1. Click Next.
    The page shows a copying configuration progress bar.

Screenshot of the Connect Your Device progress bar

  1. When the copy process completes, the Connect Your Device page opens. Click Download Payload.
    A dialog box opens for you to save the payload file to your default download folder in your browser. The package has a TGZ extension.

Screenshot of the Connect Your Device page

  1. The Connect Your Device page lists the steps you might have to take to complete the copy. Click Done.
  2. Before you can manage your Firebox Cloud device in WatchGuard Cloud, you must upload the payload you downloaded in WatchGuard Cloud. For more information, go to the Upload the Payload and Connect the Firebox section of Add Firebox Cloud to WatchGuard Cloud (Cloud-Managed).

Screenshot of the Connect Your Device page

After you copy a configuration to a new device, you might have to take steps to complete device setup. For more information, go to the Additional Copy Configuration Steps section of this topic.

Before you begin, review the requirements to add a cloud-managed FireCluster to WatchGuard Cloud. For more information, go to the Before You Begin section of Add a Cloud-Managed FireCluster.

To copy configuration settings from a cloud-managed FireCluster:

  1. Reset both new Fireboxes to factory-default settings. For more information, go to Reset a Firebox.
  2. Log in to your WatchGuard Cloud Subscriber account.
  3. Select Configure > Devices.
  4. Click Add Device.
  5. Click Add FireCluster.
    The selection page for the first FireCluster member opens. A list of activated Fireboxes shows. If the device you want does not show in the list, review the requirements in Before You Configure a Cloud-Managed FireCluster in WatchGuard Cloud.
  6. To add the first FireCluster member, click a Firebox name.
    The selection page for the second FireCluster member opens.
  7. To add the second FireCluster member, do one of the following:
    • Enter the serial number of the second FireCluster member and click Add.
    • From the list of devices, click a Firebox name.
      Selected FireCluster members appear next to the device list.
  1. Click Add FireCluster.
    The Your FireCluster was added to WatchGuard Cloud confirmation page opens.

Screenshot of the Add Device page with the Cloud Management option selected

  1. From the FireCluster Management drop-down list, select Cloud Management.
  2. Click Next.
  3. Select Copy a configuration from another cloud-managed FireCluster.

Screenshot of the copy a configuration option

  1. Click Next.
    The Select the FireCluster Configuration to Copy page opens.
  2. From the cloud-managed tree, select a FireCluster to copy a configuration from.
    If your account only has one root folder, the folder list does not show.

Screenshot of the Device Name and Time Zone settings

  1. From the cloud-managed tree, select a FireCluster to copy a configuration from.
    If your account only has one root folder, the folder list does not show.

Only a FireCluster that is compatible to copy from shows in the cloud-managed FireCluster tree.

  1. Click Next.
    The Begin Setting Up Your FireCluster page opens.

Screenshot of the Device Name and Time Zone settings

  1. In the FireCluster Name text box, type a name to identify the FireCluster in WatchGuard Cloud.
  2. In the Member1 Name text box, type a name to identify the first FireCluster member in WatchGuard Cloud.
  3. In the Member2 Name text box, type a name to identify the second FireCluster member in WatchGuard Cloud.
  4. From the Time Zone drop-down list, select the time zone of the location where you install the Firebox.
  5. Click Next.
    The Set the Status and Admin Passwords page opens.
  6. Set FireCluster device passwords for connections to Fireware Web UI on the FireCluster.

Device passwords must be 8-32 characters long and contain upper and lowercase letters, at least one number, and at least one symbol. You cannot copy the passwords from the source device.

Screenshot of the password fields

You can use Fireware Web UI to recover the connection between a cloud-managed FireCluster and WatchGuard Cloud. You cannot use Fireware Web UI to modify the FireCluster configuration.

  1. Click Next.
    The page shows a copying configuration progress bar.

Screenshot of the Connect Your Device progress bar

  1. When the copy process completes, the Connect Your Device page lists the steps you might have to take to complete the copy.

Screenshot of the Connect Your Device page

  1. Click Done.
  2. Before you can manage your FireCluster device in WatchGuard Cloud, you must plug in and power on the FireCluster.

After you copy a configuration to a new device, you might have to take steps to complete device setup. For more information, go to the Additional Copy Configuration Steps section of this topic.

Additional Copy Configuration Steps

After you copy configuration settings to a new device, you might have to take these steps to complete device setup:

Configure device-level certificates

WatchGuard Cloud cannot copy device-level certificates. You must configure these certificates on the new device:

For more information about how to configure certificates on the device, go to Certificates.

Reconfigure BOVPNs

WatchGuard Cloud cannot copy BOVPN settings to the new Firebox. To use a BOVPN between devices, you must reconfigure the BOVPN. For information about how to reconfigure a BOVPN, go to Manage BOVPNs for Cloud-Managed Fireboxes.

Wireless interface settings for internal or guest networks

In some cases, WatchGuard Cloud cannot copy wireless interface settings for internal or guest networks. You might have to configure wireless interface settings on the new device. For information about how to configure wireless interfaces on the new device, go to Configure Firebox Wireless.

  • If the source device is a wireless Firebox but the destination device is not a wireless Firebox, the copy configuration process does not copy wireless settings.
  • If the source device is not a wireless Firebox but the destination device is a wireless Firebox, the copy configuration wizard opens a page to configure wireless settings.
  • If the source device is a wireless Firebox and the destination device is a wireless Firebox, the copy configuration process copies the wireless settings.

For information about how to configure wireless interfaces on the new device, go to Configure Firebox Wireless.

Network interfaces

When you copy a configuration to a device with fewer network interfaces, you might have to review and configure network configuration settings that apply to the interfaces on the new Firebox.

For example, you might have to:

Verify Device Status

After you connect the device to a network, verify the device connection status and other summary information on the Device Summary page and Live Status page.

For more information, go to:

Related Topics

Recover the Firebox Connection to WatchGuard Cloud

Add FireboxV to WatchGuard Cloud (Cloud-Managed)

Add Firebox Cloud to WatchGuard Cloud (Cloud-Managed)

Quick Start — Set Up a Cloud-Managed Firebox