Configure Firewall Policies in WatchGuard Cloud
Applies To: Cloud-managed Fireboxes
Firewall policies control when a cloud-managed Firebox allows or denies connections. The Firebox matches each connection to a policy based on the traffic source, destination, and traffic type.
See Firewall Policies
To see configured Firewall policies, open the Firewall Policies in the Device Configuration.
To see the Firewall policies, from WatchGuard Cloud:
- Select Configure > Devices.
- Select the cloud-managed Firebox.
- Click Device Configuration.
- Click the Firewall Policies tile.
The Firewall Policies page opens.
Policies are listed in priority order. For each connection, the Firebox applies the highest priority policy that matches the connection source, destination, and traffic type. For more information about policy priority, see Firewall Policy Priority.
Add a Firewall Policy
To create new rules for specific types of traffic through the Firebox, you can add firewall policies to the Firebox configuration. After you add or update a policy, you must deploy the configuration to the Firebox for your changes to take effect.
For information about best practices for firewall policy configuration, see Firewall Policies Best Practices.
To add a firewall policy, from WatchGuard Cloud:
- On the Firewall Policies page, click Add Firewall Policy.
The Add Firewall Policy page opens.
- Select the policy type. For information about policy types, see Firewall Policy Types.
- Click Next.
Settings for the selected policy type open.
- In the Name text box, type a name for this policy.
- From the Action drop-down list, select the policy action:
- Allow — Allows traffic that matches the policy settings.
- Deny — Denies traffic that matches the policy settings.
- Configure other policy settings described in these topics:
- To save configuration changes to the cloud, click Save.
Edit a Policy
You can update any policy that you added.
To edit a policy, from WatchGuard Cloud:
- On the Firebox Device Configuration page, click the Firewall Policies tile.
The Firewall Policies page opens. - Click the policy name.
- Edit the policy settings.
- Click Save.
The change is saved to the Firebox configuration in the cloud, - For the updated policy to take effect on the Firebox, you must deploy the configuration update to the Firebox. For more information, see Manage Device Configuration Deployment.
Delete a Policy
To remove a policy from the configuration, you can delete it.
To delete a policy, from WatchGuard Cloud:
- On the Firebox Device Configuration page, click the Firewall Policies tile.
The Firewall Policies page opens. - In the row for the policy you want to delete, click .
- To confirm the deletion, click Delete.
The policy is deleted from the Firebox configuration in the cloud. - To remove the policy from the Firebox, you must deploy the configuration update to the Firebox. For more information, see Manage Device Configuration Deployment.
Disable a Policy
You can disable a policy so that it does not apply to traffic through the Firebox.
You cannot remove System policies, and you can only disable or edit specific System policies. For more information about which System policies you can disable or edit, see System Firewall Policies.
To disable a policy, from WatchGuard Cloud:
- On the Firebox Device Configuration page, click the Firewall Policies tile.
The Firewall Policies page opens. - Click the policy name.
- To disable or enable the policy, click the toggle next to the policy name.
- Click Save.
The policy remains in the Firebox configuration but is disabled. - For the change to take effect on the Firebox, you must deploy the configuration update to the Firebox. For more information, see Manage Device Configuration Deployment.