Subscribe a Firebox to a Template

Applies To: Cloud-managed Fireboxes

Some of the features described in this topic are only available to participants in the WatchGuard Cloud Beta program. If a feature described in this topic is not available in your version of WatchGuard Cloud, it is a beta-only feature.

To configure multiple cloud-managed Fireboxes with a standard set of policies and services, you can create a template. After you create the template, you can subscribe Fireboxes to the template. Devices allocated to accounts below more than one Service Provider can subscribe to templates from any tier above them. For information about how to create templates, go to Manage Firebox Templates.

When you subscribe or unsubscribe a Firebox from a template, the template is immediately deployed to the cloud for the Firebox to download. Each time you deploy an update to a template, subscribed Fireboxes receive a template deployment.

A template deployment to a Firebox contains the settings from the most recently deployed configuration version for that device, with an update only to the template settings.

For more information about template deployment, go to Deploy Firebox Templates.

Verify Supported Features on Firebox Template Deployment

On template deployment, WatchGuard Cloud verifies that the Fireware version on the Firebox supports the features enabled in the template configuration, and enables you to upgrade the Fireware version if required. This verification makes sure that the Firebox can subscribe to a template only if the Fireware version supports the features in the template, and offers steps to correct the template deployment if the Fireware version does not support the feature.

To subscribe a Firebox to a template, you must upgrade the Fireware version or change the configuration when the Firebox:

  • Runs a Fireware version that does not support a feature in the template. You must upgrade the Fireware version of the Firebox to support the feature. If no Fireware upgrade that supports the feature is available for your Firebox model, you must remove the feature from the template.

Screen shot of device Fireware upgrade UI

  • Runs a Fireware version that does not support a feature in the template because the feature is deprecated. You must remove the deprecated feature from the template.

Screen shot of device Fireware upgrade UI for deprecated features

When you select to upgrade the Fireware version, WatchGuard Cloud immediately upgrades the Fireware version of the Firebox to the latest version available for the Firebox model. If you are part of the WatchGuard Cloud Beta program, the Fireware version upgrades to the latest beta version, if applicable.

Feature support verification starts with the AuthPoint feature, which was introduced in Fireware v12.7.

Subscribe a Firebox to a Template

To subscribe a Firebox to a template, use one of these methods:

To subscribe a device to one or more templates at the same time, edit the templates in the Device Configuration.

To subscribe a Firebox to templates, from WatchGuard Cloud:

  1. Select Configure > Devices.
  2. Select a cloud-managed Firebox.
  3. Select Device Configuration.
  4. Select the Firebox Templates tile.
    The Firebox Templates page opens.

  1. To select templates to subscribe the Firebox to, click Add Template.
    The Add Template page opens. Inherited templates show an Inherited label next to the template name. You cannot edit an inherited template.

  1. Select the check box for each template you want to subscribe the Firebox to.
  2. Click Add.
    The Firebox Templates page opens.
  3. To change the template order, click the move handle for a template and drag it up or down in the list.

Template order matters only if the Firebox subscribes to more than one template with Content Scanning or Network Blocking enabled. For these services, the Firebox uses the settings from the first template in the list that has each service configured. For more information, go to About Firebox Templates.

  1. Click Save.
    The wizard determines the Fireware version on the Firebox and if you must upgrade to support features in the template. If a Fireware version upgrade is not necessary, the template is immediately deployed to the cloud for devices to download.

Screen shot of add template and devcie Fireware check UI

  1. If the Fireware version check determines that a feature in the template is not supported by the current Fireware version on the Firebox, you have the option to upgrade so that it supports the feature.

Screen shot of Schedule Deployment and Fireware upgrade required UI

If the Fireware version on the Firebox cannot support a feature and an applicable upgrade is not available, you are prompted to remove the feature from the template instead.

  • To upgrade, click Save and Upgrade Now.
    WatchGuard Cloud immediately upgrades the Fireware version of the Firebox to the latest version available for the Firebox model. After the upgrade takes place, the Firebox restarts, and the template is deployed to the Firebox.

If you selected to upgrade the Fireware version, you can review the upgrade progress from Device Settings.

  • To refuse the Fireware version upgrade, click Cancel. No configuration update or deployment takes place. You can remove the Fireware-dependent feature from the deployment and try again.
  1. Click Close.

To subscribe one or more Fireboxes to a template at the same time, edit the Subscribed Devices for in the Firebox template configuration.

To subscribe Fireboxes to a template, from WatchGuard Cloud:

  1. If you are a Service Provider, select a subscriber account.
  2. Select Configure > Firebox Templates.
    The Firebox Template page for the selected account opens. Inherited templates show an Inherited label next to the template name. You cannot edit an inherited template.
  3. To open the template, select the template name.
    The Configuration Details page opens.
  4. Select the Subscribed Devices tab.
    The Subscribed Devices tab shows a list of all devices subscribed to the template.

  1. To select devices to subscribe to this template, click Select Devices.
    The Select Devices page opens. This list shows all devices in the currently selected account that do not already subscribe to this template.

The Select Devices option is not available for templates in a Service Provider account. To update subscribed devices for a template, you must select a Subscriber account.

  1. Select the check box next to each device you want to subscribe to this template.
  2. Click Save.
    The wizard determines the current Fireware version of each selected device and if they support the features in the template. If a Fireware version upgrade is not necessary, the template is immediately deployed to the cloud for selected devices to download.
  3. If the Fireware version check determines that a feature in the template is not supported by the current Fireware version on a Firebox, you have the option to upgrade so that it supports the feature.

Screen shot of Select Devices and Fireware upgrade required UI

If the Fireware version on a Firebox cannot support a feature and an applicable upgrade is not available, you are prompted to remove the feature from the template instead.

  • To upgrade, click Upgrade Now and Subscribe.
    WatchGuard Cloud immediately upgrades the Fireware version of a Firebox to the latest version available for the Firebox model. After the upgrade takes place, the Firebox restarts, and the template is deployed to the Firebox.

If you selected to upgrade the Fireware version, you can review the upgrade progress from Device Settings.

  • To refuse the Fireware version upgrade, click Cancel. No configuration update or deployment takes place. You can remove the Fireware-dependent feature from the deployment and try again.
  1. Click Close.

Related Topics

About Firebox Templates

Video tutorial: Cloud-Managed Firebox Templates