Create a Configuration File for RapidDeploy
The configuration file you create for RapidDeploy is a standard device configuration file, and is stored as an XML file. To create a compatible configuration file, you save a configuration file from a source device, and then upload it to the Product Details page of a target device for use with RapidDeploy.
- Target device — The device that receives a configuration through RapidDeploy.
- Source device — The device that you use to create a configuration for RapidDeploy of the target device.
To use a configuration file for RapidDeploy, the target Firebox and the configuration file must meet these requirements:
- The target device must support RapidDeploy.
- The device model in the configuration file must match the target device.
- The configuration file must be compatible with the version of Fireware OS on the target device.
- The configuration must not include Firebox-DB local users.
- For RapidDeploy from WatchGuard Cloud:
- WatchGuard Cloud must be enabled in the configuration file.
- The configuration file must be saved for Fireware v12.3.1 or higher, but not a higher version than the Firebox was manufactured with.
For more information about RapidDeploy from WatchGuard Cloud, see RapidDeploy from WatchGuard Cloud.
Verify Network Interfaces
Check the number of network interfaces (including network module interfaces) on the source and target Firebox to make sure they match.
If the target Firebox model has fewer interfaces than your source Firebox, when you save the configuration to the new Firebox, the process removes any network interfaces that are not physically available on the new Firebox.
These issues might occur when the process removes interfaces:
- You might lose a configured network that used a removed interface.
- You might lose a BOVPN gateway that uses an IP address associated with a removed interface.
- You might have issues with Mobile VPN, SD-WAN, multi-WAN, or a FireCluster that used a removed interface.
To correct these issues, configure the feature to use an available interface.
Before You Begin
Before you create a configuration file for RapidDeploy of a device, log in to your account on the WatchGuard website, activate the new device (if necessary), and look at the Product Details page to see information about the target device.
- If the Firebox is not yet activated, activate the device and any add-on features on the WatchGuard website.
For more information, see Get a Firebox Feature Key. - From the Manage Products page in your WatchGuard account, in the Network Security section, click View Products.
- From the list, select the product you want to configure.
The Product Details page for the product appears. - Click Go to RapidDeploy.
- If you want to use Policy Manager to configure separately purchased add-on features, such as security services, in Policy Manager, download the device feature key. Policy Manager requires the feature key to enable configuration of the licensed upgrades or services.
- To activate add-on features purchased separately, in the WatchGuard Support Center, click Activate a Product. For more information, see Activate a Device or Service at WatchGuard.com.
- To get the feature key for your device, on the Product Details page, click Get Feature Key. For more information, see About the Product Details Page.
- To activate add-on features purchased separately, in the WatchGuard Support Center, click Activate a Product. For more information, see Activate a Device or Service at WatchGuard.com.
Create the Configuration File
It is important that the configuration file you create for RapidDeploy is for the same device model and OS version as the target device.
The Firebox rejects a RapidDeploy configuration file if the configuration file is not compatible with a higher software version than the version of Fireware currently installed on the Firebox.
There are two methods you can use to create a compatible configuration file for RapidDeploy:
Option 1: Use Policy Manager to create and save the configuration file for a specific Fireware version.
You can use Policy Manager to create and save a configuration file for a specific Fireware version.
The option to save a configuration file for a specific version of Fireware is supported in WatchGuard System Manager v12.0.1 and higher.
- Use Policy Manager to create a configuration file for the target device model.
- Configure the settings you want the target device to use.
- To configure security services on the target device, add the feature key you downloaded from the Product Details page.
- To save a configuration file for a specific Fireware version, select File > Save > As Version.
- Specify the Fireware OS version for the configuration file. The version you specify must be in the range of versions in the configured OS Compatibility settings. For information about compatibility settings, see Configure Fireware OS Compatibility.
- Click OK. If any feature in the configuration is not compatible with the version you specify, Policy Manager shows an error message about what you must change before you can save the configuration as the specified version.
- To upload this file to the Product Details page for the target device, click Set Up RapidDeploy.
Option 2: Use Fireware Web UI to save the configuration to a local file
For this option, you must be able to connect to the Web UI of a source device that is the same model as the target device. The source device must use a version of Fireware OS that is the same as or lower than the Fireware OS version on the target device.
- Use any version of Policy Manager or use Fireware Web UI to configure the source device with the settings you want the target device to use.
- In Fireware Web UI, select System > Configuration File > Download the Configuration File.
The configuration file from the device is saved to a compressed local file. - Unzip the compressed file to extract the configuration file.
WARNING: If you open the saved file in Policy Manager to examine it, do not save the file from Policy Manager. Policy Manager can add XML code to the configuration file for features not supported by older OS versions. This can cause RapidDeploy to fail.
Upload the Configuration File
After you save the configuration file, you can upload it for RapidDeploy.
For information about how to upload the configuration file for RapidDeploy from the WatchGuard website, see Upload a Configuration File for RapidDeploy.
If your Firebox was manufactured with Fireware v12.3.1 or higher, you can upload the configuration file for RapidDeploy from WatchGuard Cloud. For more information, see RapidDeploy from WatchGuard Cloud.