Firebox Management in WatchGuard Cloud Release Notes

New Features

Link Aggregation (Beta)

With this feature, you can configure a link aggregation group (LAG) for a cloud-managed Firebox in WatchGuard Cloud. A LAG is a group of interfaces that work together as a single, logical interface.

To learn more or to report an issue, go to the WatchGuard Cloud Firebox Management Beta test community.

Resolved Issues

• The option to revert undeployed changes for Firebox templates in WatchGuard Cloud is now re-enabled. [FCCM-8886]
• Geolocation source and destination data (geo_src and geo_dst) now correctly appear in traffic logs and searches. [FCCM-9519]
• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes. [FCCM-9318]

New Features

Redirect Unauthenticated Users to the Authentication Portal

With this feature, you can enable a Firebox to redirect unauthenticated users to the Authentication Portal before they can connect to the Internet. You can automatically send users to the Authentication Portal and define a URL to redirect users to a specific page after authentication.

For more information, go to Enable the Authentication Portal on the Firebox in WatchGuard Cloud Help.

Resolved Issues

• A fix was made so you can now change the report selection for a newly scheduled report. [FCCM-9152]
• When you view different accounts from Account Manager, the Cyclops Blink Detector widget is no longer duplicated on the Dashboard page. [FCCM-9372]
• Minor updates and bug fixes. [FCCM-9314]

New Features

Fireware v12.11

Fireware v12.11 firmware is publicly available for Fireboxes in WatchGuard Cloud. This release includes a number of new features and enhancements. For more information, go to What's New in Fireware in Help Center.

Firebox Authentication with SAML

This feature enables you to integrate a Firebox that runs Fireware v12.11 with a SAML IdP, such as Microsoft Entra ID (formerly Azure AD), and use SSO and SAML for authentication.

For more information, go to Add an Authentication Domain to a Firebox in WatchGuard Cloud Help.

Send Threat Telemetry to WatchGuard

On the Device Configuration > Settings page for a cloud-managed Firebox that runs Fireware v12.11, the Device Feedback tab now includes a Send Threat Telemetry to WatchGuard check box.

For more information, go to Configure Device Feedback Settings in WatchGuard Cloud Help.

Resolved Issues

• This release resolves a display issue with the Firewall Policies page for devices that subscribe to multiple Firebox templates. [FCCM-9306]
• An error no longer occurs when you add a DNS Server with an IP address that starts or ends with a space. [FCCM-8795]
• Minor updates and bug fixes.

New Features

Redirect Unauthenticated Users to the Authentication Portal (Beta)

With this feature, you can enable a Firebox to redirect unauthenticated users to the Authentication Portal before they can connect to the Internet. You can automatically send users to the Authentication Portal and define a URL to redirect users to a specific page after authentication.

To learn more or to report an issue, go to the WatchGuard Cloud Firebox Management Beta test community.

Resolved Issues

• When you configure or update a device policy, an error no longer occurs when you reference a nested alias in a Service Provider template. [FCCM-8903]
• Minor updates and bug fixes.

Resolved Issues

• Tier-n Subscriber accounts that have inherited Firebox templates from accounts that are two or more account levels above them can now see and subscribe to the inherited templates. [FCCM- 9320]
• Minor updates and bug fixes. [FCCM-9113]

New Features

Firebox Templates for Delegated Accounts

With this feature, delegated accounts can now subscribe their Fireboxes to templates inherited from a Service Provider account with delegated access.

Resolved Issues

• German translations of network statuses are now correct on the Live Status > Networks page in WatchGuard Cloud. [FCCM- 9223]
• FireCluster member licenses now synchronize correctly in WatchGuard Cloud. [FCCM-9012]
• Incorrect modem types no longer show on the Networks page in WatchGuard Cloud. [FCCM- 9172]
• An error no longer occurs when you use a static IPv6 address to create a BOVPN to a gateway endpoint. [FCCM-9178]
• IP Address Lookup on the Live Status > Geolocation > Diagnostics page no longer returns an invalid address error when you search by IPv6 address. [FCCM- 8808]
• Minor updates and bug fixes. [FCCM-9115]

Resolved Issues

• Minor updates and bug fixes.

New Features

WebBlocker Override

With this feature, you can enable and configure WebBlocker override on cloud-managed Fireboxes. WebBlocker override allows users to enter a password or their user group credentials to get temporary access to websites that WebBlocker blocks.

Firebox Templates for Delegated Accounts (Beta)

With this feature, delegated accounts can subscribe their Fireboxes to templates inherited from a Service Provider account with delegated access.

To learn more or to report an issue, go to the WatchGuard Cloud Firebox Management Beta test community.

Resolved Issues

• You can now correctly use the 169.254.0.0/16 network when you set up FireCluster member addresses. [WIFI-9805]
• Minor updates and bug fixes.

New Features

Captive Portal for Fireboxes

With this feature, you can enable a portal to restrict network client access to Internet and network resources until a client completes a captive portal splash page. For more information, go to the Configure a Captive Portal for a Firebox.

Send Threat Telemetry to WatchGuard (Beta)

On the Device Configuration > Settings page for a cloud-managed Firebox, the Device Feedback tab now includes a Send Threat Telemetry to WatchGuard check box. When this feature is enabled, WatchGuard collects threat telemetry from the Firebox to investigate detected threats and conduct analysis of the current threat landscape.

To learn more or to report an issue, go to the Fireware v12.11 Beta test community.

Resolved Issues

• The Add Device Wizard no longer requests an external interface configuration for Firebox Cloud deployments with Azure. [FCCM-8909]
• Minor updates and bug fixes.

New Features

WebBlocker Override (Beta)

With this feature, you can enable and configure WebBlocker override on cloud-managed Fireboxes. WebBlocker override allows users to enter a password or their user group credentials to get temporary access to websites that WebBlocker blocks.

To learn more or to report an issue, go to the WatchGuard Cloud Firebox Management Beta test community.

Resolved Issues

• Minor updates and bug fixes.

New Features

Firebox Authentication with SAML (Beta)

New Fireware v12.11 beta firmware is available in WatchGuard Cloud. This beta release includes the Firebox Authentication with SAML feature. The feature enables you to integrate a Firebox with a SAML IdP, such as Microsoft Entra ID (formerly Azure AD), and use SSO and SAML for authentication. To learn more or to report an issue, go to the Fireware v12.11 Beta test community.

Captive Portal for Fireboxes (Beta)

With this feature, you can enable a portal to restrict network client access to Internet and network resources until a client completes a captive portal splash page. To learn more or to report an issue, go to the WatchGuard Cloud Firebox Management Beta test community.

Resolved Issues

• Minor updates and bug fixes.

Enhancements

• In a Geolocation action, you can now select countries to block from an interactive map. [FCCM-8910]

Resolved Issues

• When your web browser is set to the German language, an error no longer occurs when you export a Per Client report. [FCCM-8617]
• Minor updates and bug fixes.

Resolved Issues

• Payload download errors no longer occur when you use the Add Device wizard to add a FireboxV FireCluster to WatchGuard Cloud. [FCCM-8929]
• Minor updates and bug fixes.

Resolved Issues

• When you configure AuthPoint as an authentication domain for a FireCluster, AuthPoint now shows on the Device Configuration > Authentication Domains page. [FCCM-8730]
• Minor updates and bug fixes. [FCCM-8887, FCCM-8908]

Enhancements

• You can now specify a maximum of 50 devices in requests to enable, disable, and deploy global exceptions for these endpoints:
  • POST /v1/commands/{accountid}/global_exceptions/enable
  • POST /v1/commands/{accountid}/global_exceptions/disable
  • POST /v1/commands/{accountid}/deployments

• API responses are updated for these endpoints:
  • POST /{v1}/commands/{accountid}/deployments
  • GET /{v1}/commands/{accountid}/transactions
  • GET /{v1}/commands/{accountid}/transactions/{objectid}
  • PUT /{v1}/commands/{accountid}/transactions/{objectid}
  • DELETE /{v1}/commands/{accountid}/transactions/{objectid}

For more information, go to Firebox Management API.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

New Features

Enhanced Template Deployment

With this feature, you can view and filter the template deployment information of cloud-managed devices. You can now use tiles to filter devices by template deployment status. For more information, go to Deploy Firebox Templates.

Resolved Issues

• When you use the Add Device wizard, an internal server error no longer occurs when you enable wireless settings for the internal and guest networks of a device. [FCCM-8680]
• Minor updates and bug fixes.

Resolved Issues

• KCSiE alert notification emails now use the correct event date. [FCCM-8560]
• Minor updates and bug fixes. [FCCM-8533]

Resolved Issues

• The Configuration Report of a device now includes the Decrypting HTTPS Traffic status. [FCCM-8532]
• Minor updates and bug fixes.[FCCM-8606]

Resolved Issues

• Minor updates and bug fixes.

New Features

Block Failed Logins

New Fireware v12.10.4 firmware is available in WatchGuard Cloud. This release includes the Block IP Addresses with Consecutive Failed Logins feature. When this feature is enabled, the Firebox temporarily blocks an IP address after a specified number of consecutive failed authentication attempts to the Firebox login pages within the specified time period.

For more information, go to Configure Block Failed Login Attempts.

Resolved Issues

• Minor updates and bug fixes. [FCCM-8528]

New Features

Dynamic Routing for Cloud-Managed Fireboxes

With this feature, you can configure dynamic routing for all supported dynamic routing protocols and access diagnostic tools for troubleshooting. For more information, go to Configure Firebox Dynamic Routing.

Resolved Issues

• When you add a traffic shaping rule with content filtering and then try to edit the rule, the traffic shaping UI no longer shows a WebBlocker category ID is missing error. [FCCM-8538]
• The Log Manager timeslice analysis chart now shows the correct log count. [FCCM-7715]
• Minor updates and bug fixes.

New Features

Block Failed Logins (Beta)

New Fireware v12.10.4 beta firmware is available in WatchGuard Cloud. This beta release includes the Block IP Addresses with Consecutive Failed Logins feature. When this feature is enabled, the Firebox temporarily blocks an IP address after a specified number of consecutive failed authentication attempts to the Firebox login pages within the specified time period.

To learn more about this feature, go to the Fireware v12.10.4 Beta test community.

Resolved Issues

• Minor updates and bug fixes.

New Features

Dynamic Routing for Cloud-Managed Fireboxes (Beta)

With this feature, you can configure dynamic routing for all supported dynamic routing protocols and access diagnostic tools for troubleshooting. To learn more or to report an issue, go to the WatchGuard Cloud Firebox Management Beta test community.

Resolved Issues

• When you deploy changes to a device, the timeout interval is increased to support large amounts of configuration data. [FCCM-8314]
• You can no longer save a FireCluster configuration when the primary and backup cluster interfaces are on the same subnet. [FCCM-8437]
• Minor updates and bug fixes.

Resolved Issues

• If logging to WatchGuard Cloud is disabled for a locally-managed cluster, a failover or configuration change no longer re-enables logging. [FCCM-7614]
• Minor updates and bug fixes. [FCCM-8410]

Enhancements

When you configure a Cloud Connection Status notification type for a Firebox device, the Alert Details dialog box now shows the IP address and serial number of the device. [FCCM-7985]

Resolved Issues

• BOVPNs between cloud-managed Fireboxes now connect as expected when a remote gateway has a private NAT address and a static external interface address defined with a FQDN. [FCCM-6966]
• Minor updates and bug fixes. [FCCM-8279]

Enhancements

DHCP predefined option codes 43 (text), 66 (text), 67 (text), 120 (ip), 138 (ip), and 150 (ip) can now use alternate types. [FCCM-6964]

Resolved Issues

• When you create an outbound firewall policy and enable Web Traffic and Decrypt HTTPS, if you add the HTTP and HTTPS traffic types and assign the same port numbers as Web Traffic (port 80 and 443), HTTP and HTTPS traffic no longer bypasses content inspection. [FCCM-6812]
• Minor updates and bug fixes.

New Features

Reallocate a Device Between Subscriber Accounts

With this feature, you can reallocate a cloud-managed Firebox from one Subscriber account to another. When you reallocate a cloud-managed Firebox, you can keep the configuration settings. For more information, go to Reallocate a Device to a Different Account.

Resolved Issues

• The Upgrade Firmware page no longer lists the inactive cluster members of a FireCluster device. [FCCM-8302]
• Minor updates and bug fixes. [FCCM-7776]

Resolved Issues

• You can now correctly save Firebox device settings after you subscribe to a template with SNMP enabled. [FCCM-8027]
• Minor updates and bug fixes.

Resolved Issues

• You can now successfully add a prefix advertisement when you configure a Firebox internal or guest network and add an IPv6 address.[FCCM-8201]
• An error no longer occurs intermittently when you attempt to edit an alias in a Firebox template. [FCCM-8015]
• Certificates for a cloud-managed Firebox now import successfully from the Device Configuration page. [FCCM-8016]
• Minor bug fixes and improvements to the onboarding applications for the NinjaOne, N-able N-sight, and N-able N-central plug-ins.
• Minor bug fixes and improvements to the WatchGuard BrightGauge Connector application.
• Minor updates and bug fixes.

New Features

Reallocate a Device Between Subscriber Accounts (Beta)

With this feature, you can reallocate a cloud-managed Firebox from one Subscriber account to another. When you reallocate a cloud-managed Firebox, you can keep the configuration settings. To learn more or to report an issue, go to the WatchGuard Cloud Firebox Management Beta test community.

Resolved Issues

• Audit log details now include information about the Fireware upgrade version. [FCCM-7295]
• In the Log Search page, you can now successfully export search results when the Subscriber account name includes non-ASCII characters. [FCCM-7849]
• In Microsoft Edge, an Unable to Add Account error message no longer appears when you edit an alias in a device template. [FCCM-8015]
• Minor updates and bug fixes. [FCCM-8208]

Resolved Issues

• You can no longer use a reserved traffic type name when you configure a custom traffic type in a firewall policy.[FCCM-8006]

Resolved Issues

• The Firebox Networks drop-down list now sorts alphabetically when you add a Dynamic NAT rule. [FCCM-7961]

Resolved Issues

• From the Live Status > Diagnostic Tools page, operators with the Observer or Auditor role can now successfully download a diagnostic snapshot file (support.tgz). [FCCM-7871]

New Features

Configure DNS Servers in DHCP

You can now configure DNS servers in the DHCP settings of a cloud-managed Firebox. For more information, go to Configure Firebox Network DHCP Settings and Configure a Firebox Internal or Guest Network.

Resolved Issues

• The first character of an authenticated user name is no longer removed from a KCSiE alert notification email when the name contains a backslash. [FCCM-7887]

Enhancements

• The Live Status > Networks page, Networks tab, Name column now shows the status of a network. [FCCM-7926]

Resolved Issues

• In Fireware v12.10 and higher, the Management Server no longer listens for requests on TCP port 4110. Port 4110 was removed from the WG-Mgmt-Server policy for new configurations in WatchGuard Cloud. [FCCM-7738]
• A Gateway ID error no longer occurs when you configure a BOVPN on a Firebox with DHCP on an external interface. [FCCM-7992]
• Minor updates and bug fixes.

New Features

Configure DNS Servers in DHCP (Beta)

With this beta, you can now configure DNS servers in the DHCP settings of a cloud-managed Firebox. To learn more or to report an issue, go to the WatchGuard Cloud Firebox Management Beta test community.

Resolved Issues

• A "No devices have a firmware upgrade available" message no longer appears when you attempt to upgrade a FireCluster in WatchGuard Cloud. [FCCM-7906]
• The Firebox no longer allows traffic to blocked sites added by the Firebox Management API. [FCCM-7888]
• The Network Access Enforcement column of the Configuration Report now shows the correct status for mobile VPN user groups. [FCCM-7412]
• You can no longer delete a policy when a traffic shaping rule references it. [FCCM-7335]
• Minor updates and bug fixes. [FCCM-7580]

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• The Device Summary page no longer shows a Cyclops Blink error message after you cancel a device firmware upgrade from the Select Devices page.[FCCM-7884]

New Features

Configure MTU and Don't Fragment (DF) bit settings for a BOVPN Tunnel

When you create a Branch Office VPN (BOVPN) tunnel between two networks, you can now:

• Select Enable Don't Fragment (DF) Bit Settings to control whether the Firebox uses the original DF bit setting in the header of a packet.
• Select Configure Tunnel MTU to specify a custom MTU.

For more information, go to Manage BOVPNs for Cloud-Managed Fireboxes.

Resolved Issues

• In Content Filtering, when you clear the Allow Traffic for Uncategorized Websites check box, all WebBlocker category actions are no longer set to Block. [FCCM-7854]
• When you allocate a Firebox or access point from your Service Provider account to a delegated account, you no longer receive a registration error. [FCCM-7785]

Resolved Issues

• Minor updates and bug fixes.

New Features

SNMP for Cloud-Managed Fireboxes

You can now configure SNMP polling and SNMP traps for cloud-managed Fireboxes. This enables you to monitor Firebox statistics and receive notifications for system events with an SNMP management station. For more information, go to Configure SNMP Settings for a Cloud-Managed Firebox.

Resolved Issues

• An error no longer occurs when you try to unsubscribe a device from a template inherited from a Service Provider account. [FCCM-7781]
• Minor updates and bug fixes. [FCCM-7719]

Resolved Issues

• The Firmware Upgrades page now correctly shows the devices you selected for a firmware upgrade. [FCCM-7693]

New Features

Add NAT to a BOVPN Tunnel

You can now add NAT to the cloud-managed endpoint or network resource of a Branch Office VPN (BOVPN) tunnel.

For more information, go to Manage BOVPNs for Cloud-Managed Fireboxes.

SNMP for Cloud-Managed Fireboxes (Beta)

You can now configure SNMP polling and SNMP traps for cloud-managed Fireboxes. This enables you to monitor Firebox statistics and receive notifications for system events with an SNMP management station. To learn more or to report an issue, go to the WatchGuard Cloud Firebox Management Beta test community.

Enhancements

• For cloud-managed Fireboxes, WebBlocker now supports new Social Web, Collaboration - Office, and Internet Watch Foundation categories and subcategories. [FCCM-7678]

Resolved Issues

• WebBlocker actions from inherited templates are now successfully applied to policies after deployment. [FCCM-6963]
• The protocol and port now correctly show as TCP 636 when you add the LDAPS traffic type to a policy. [FCCM-7622]
• The Cyclops Blink Detector page now shows all devices from a tier-1 or tier-2 Service Provider built-in Subscriber account. [FCCM-7304]
• Minor updates and bug fixes.

Enhancements

• For cloud-managed Fireboxes, you can now specify the action WebBlocker takes for uncategorized websites. [FCCM-6630]

Resolved Issues

• An error no longer occurs when you add a policy traffic shaping rule that uses an authentication domain user as a source. [FCCM-7187]
• An error no longer occurs when you try to deploy a configuration after you could not deploy a configuration because you enabled Network Access Enforcement and run a Fireware version lower than Fireware v12.9. [FCCM-7601]
• Minor updates and bug fixes.

New Features

Add NAT to a BOVPN Tunnel (Beta)

• With this beta, you can now add NAT to the cloud-managed endpoint or network resource of a Branch Office VPN (BOVPN) tunnel. To learn more or to report an issue, go to the WatchGuard Beta test community.

Resolved Issues

• When you schedule a report to run for one or more devices, an error no longer occurs that states that the report has failed. [FCCM-7479]
• Minor updates and bug fixes.

Resolved Issues

• Log Search and Log Manager no longer return an error when you select Today or Yesterday as a date range. [FCCM-7529]
• Log Search no longer returns an internal error when you search logs at the Subscriber level. [FCCM-7450]

Resolved Issues

• In the Device Settings page, the Reboot Device and Fail Over Master links now appear correctly for FireCluster devices. [FCCM-7347]
• When you export log messages from Log Search or Log Manager, an unknown "_id" field no longer shows in the .CSV file. [FCCM-7307]
• An error no longer occurs when you download the diagnostics file of a Firebox. [FCCM-5118]
• An error no longer occurs when you configure Mobile VPN with SSL for a cloud-managed Firebox and then revert to a previous deployment. [FCCM-7431]

Resolved Issues

• Default Content Filtering actions in Application Control settings no longer block incorrect application categories on Fireboxes that run Fireware v12.5.12. [FCCM-7234]
• Minor updates and bug fixes.

Enhancements

• When you add an internal DNS server, you can now add more than one IP address before you save the configuration. [FCCM-6580]

Resolved Issues

• You can now configure a Mobile VPN with SSL data channel port number to be greater than 32767. [FCCM-7286]

Resolved Issues

• An error no longer occurs when you use the Add Device Wizard to add a FireboxV device to cloud management. This error could occur when the wizard created a payload from a copied configuration that included properties that require Fireware v12.8 or higher. [FCCM-6921]
• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• When you configure dynamic DNS (DDNS) from WatchGuard Cloud, the Provider drop-down list is no longer disabled. [FCCM-7004]
• When you copy some configuration settings from a locally-managed device to a cloud-managed device, the Device Configuration page now correctly reports the copied settings. [FCCM-6849]
• Minor updates and bug fixes.

Resolved Issues

• If you deploy a configuration that allows WebSockets connections to a Firebox that does not run Fireware v12.10 or higher, the deployment now fails with a warning. [FCCM-6892]
• When you use the Firebox Management API to add a large number of exceptions, you no longer receive a timeout error from the API and in WatchGuard Cloud. [FCCM-7022]
• When you configure a VPN with an IPSec Firebox certificate and an IP address configuration of DHCP or PPPoE, you no longer receive an error when you save the settings. [FCCM-6881]
• Minor updates and bug fixes.

New Features

Network Access Enforcement for Cloud-managed Fireboxes

You can now configure network access enforcement for select groups on both Mobile VPN with SSL and Mobile VPN with IKEv2 on cloud-managed Fireboxes. For more information, go to Configure Network Access Enforcement for a Cloud-Managed Firebox

Enhancements

• When you add a device to WatchGuard Cloud, activated devices in the list of devices are now sorted by the last time they were updated. [FCCM-6918]

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• The Top Clients report is now available in the Traffic reports section when there are no proxy policies. [FCCM-7017]
• Minor updates and bug fixes.

New Features

Network Access Enforcement for Cloud-managed Fireboxes (Beta)

With this beta, you can now configure network access enforcement for select groups on both Mobile VPN with SSL and Mobile VPN with IKEv2 on cloud-managed Fireboxes. To learn more or to report an issue, go to the WatchGuard Cloud Firebox Management Beta test community.

Resolved Issues

• Inactive Fireboxes no longer appear in the list of devices to copy a configuration from when you add a device to WatchGuard Cloud. [FCCM-6724]
• A permissions error no longer occurs when you edit aliases in a Service Provider template. [FCCM-6944
• Scheduled firmware upgrades are now canceled automatically if the firmware version is lower than the version the device currently runs. [FCCM-6763]
• The Interface Summary report no longer uses an incorrect timestamp time zone when you export a report as a PDF file. [FCCM-6922]
• Minor updates and bug fixes.

Resolved Issues

• KCSiE notification rules now use an expanded list of keywords for alerts. [FCCM-6644]
• Minor updates and bug fixes.

Resolved Issues

• The Geolocation page no longer freezes when you try to add or edit an action. [FCCM-6978]
• Minor updates and bug fixes.

Resolved Issues

• You can now delete certificates successfully from the Device Certificates page. [FCCM-6776]

Enhancements

• In the DHCP settings for a cloud-managed Firebox, predefined DHCP codes 43 (text) 66 (text), 67 (text), 120 (IP), 138 (IP), and 150 (IP) can now use only their designated types. For predefined codes 2 (int) and 156 (int), you can specify the type. [FCCM-6390]

Resolved Issues

• When you copy settings from another cloud-managed Firebox configuration, the copy process now correctly handles a network MTU value. [FCCM-6910]
• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

New Features

Copy Configuration Settings from a Cloud-Managed Device

When you add a Firebox to WatchGuard Cloud as a cloud-managed device, you can now copy settings from another cloud-managed Firebox configuration. For more information, go to Copy Configuration Settings from a Cloud-Managed Device in Help Center.

Enhancements

• When you copy settings from another cloud-managed Firebox configuration, the copy now warns you if the copy will not succeed. [FCCM-6788]

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

New Features

Copy Configuration Settings from a Cloud-Managed Device (Beta)

With this beta, when you add a Firebox to WatchGuard Cloud as a cloud-managed device, you can now copy settings from another cloud-managed Firebox configuration. To learn more or to report an issue, go to the WatchGuard Beta test community.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Enhancements

• KCSiE alert and email notifications now include search query information. [FCCM-6615]
• When you deploy a Firebox template to a managed account with more than 40 subscribed devices, a progress bar shows the status of the deployment. [FCCM-6629]

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• The Firebox wireless configuration no longer shows 5GHz wireless channels for U-NII-3 Band 4 that are not available in the EU region. [FCCM-6285]
• Log Manager now returns the correct error message when your search results are too large. [FCCM-6399]
• Minor updates and bug fixes. [FCCM-5557]

Resolved Issues

• Minor updates and bug fixes.

New Features

BOVPN Configuration with Certificate Support

This feature is publicly available. You can now use certificates with your BOVPN configuration in WatchGuard Cloud. You can use a certificate for BOVPN configuration between cloud-managed Fireboxes or between a cloud-managed Firebox and a locally-managed or third-party VPN endpoint. [FCCM-5837]

Resolved Issues

• The Search Engine report now only shows for devices with the Total Security Suite, or the Basic Security Suite with a Data Retention license. [FCCM-6417]
• Minor updates and bug fixes.

New Features

Multi-Tier Template Support

Multi-tier template support is now publicly available. With this feature, when Tier-1 Service Providers create a template, it is now available to managed accounts and devices in all tiers below them. Devices allocated to accounts below more than one Service Provider can subscribe to templates at any tier above them.

BOVPN Configuration with Certificate Support (Beta)

This feature enables the use of certificates with your BOVPN configuration in WatchGuard Cloud. You can use a certificate for BOVPN configuration between cloud-managed Fireboxes or between a cloud-managed Firebox and a locally-managed or third-party VPN endpoint. To learn more or to report an issue, go to the WatchGuard Cloud Firebox Management Beta test community. [FCCM-5837]

Enhancements

• Subscription services activity reports now show a View Details link when there is detailed report data. [FCCM-6164]

Resolved Issues

• Minor updates and bug fixes. [FCCM-6147]

Enhancements

• The License Details section in the Device Summary and Device Settings pages now shows the number of days of Log Data Retention and Report Data Retention for the device.

Resolved Issues

• Minor updates and bug fixes.

New Features

Multi-Tier Template Support (Beta)

• With this feature, when Tier-1 Service Providers create a template, it is now available to managed accounts and devices in all tiers below them. Devices allocated to accounts below more than one Service Provider can subscribe to templates at any tier above them. To learn more or to report an issue, go to the WatchGuard Beta test community. [FCCM-4931]

Resolved Issues

• Items in Firebox templates that use the Delete icon (trash can) can now be removed. This includes aliases, Geolocation, and Content Filtering settings. [FCCM-6311]
• Log Search now correctly returns results when you include parentheses in a query that contains multiple operators. [FCCM-6326]
• Minor updates and bug fixes. [FCCM-6269]

Enhancements

• In v1.22.0 of the Firebox Management API, the WebBlocker exception name parameter can now include only letters, numbers, spaces, parentheses "()", asterisks "*", periods ".", hyphens "-", and underscores "_". [FCCM-6280

Resolved Issues

• Cloud-managed Fireboxes with a Standard Support license do not support content scanning services such as Gateway AntiVirus, Application Control, and WebBlocker. When a standard support Firebox is added to WatchGuard Cloud as cloud-managed, you cannot enable these settings. [FCCM-6228]
• Minor updates and bug fixes. [FCCM-6035, FCCM-6210, FCCM-6267, FCCM-6268]

Enhancements

• You can now search for application subcategories in traffic shaping. [FCCM-6148]

Resolved Issues

• Traffic shaping settings are now disabled in an inherited template. [FCCM-6181]
• Blocked categories in content filtering actions no longer cause traffic shaping rules to be unavailable. [FCCM-6100]
• Minor updates and bug fixes. [FCCM-6167, FCCM-6224, FCCM-6236, FCCM-6260]

Resolved Issues

• The Policy Map report no longer opens with an error. [FCCM-5802]
• Minor updates and bug fixes. [FCCM-6192]

New Features

Operator Management API

This new public API enables you to manage and get information about WatchGuard operators. The Operator Management API includes these endpoints:

• POST/{v1}/operators — Create new WatchGuard operators.
• GET/{v1}/Transaction Status — Retrieve the status of a transaction.
• GET/{v1}/OperatorsByAccountId — Retrieve details of the operators for a WatchGuard account.

For more information, go to the Operator Management API documentation.

Resolved Issues

• In the Firebox Management API, name parameters for WebBlocker exceptions now have a maximum length of 58 characters. [FCCM-6089]

Resolved Issues

• In the Firebox Management API, name parameters for WebBlocker exceptions now have a maximum length of 58 characters. [FCCM-6089]
• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes. [FCCM-5499]

Resolved Issues

• Minor updates and bug fixes. [FCCM-5910]

Enhancements

• The WatchGuard Mobile VPN with IKEv2 client profile now includes the domain name suffix you enter in the internal DNS configuration. [FCCM-5875]
• You can now use an IPv6 static address to configure an interface when you have a link-local address as the default gateway. [FCCM-5697]

Resolved Issues

• In Application Control, you can now successfully change the action for an application from Block back to Allow. [FCCM-5965]
• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Users no longer receive an error when they add a custom DHCP option for option code 156. [FCCM-5644]
• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• You can now disable the WatchGuard Cloud and Allow DNS-Forwarding system policies. [FCCM-5792, FCCM-5765]
• To ensure that WatchGuard Cloud can return report data, on the Monitor > Devices > Device_Name > Logs > Log Search page, a Log Type is now selected by default. To refine your results, you can select a different log type from the list. [FCCM-5796]
• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Enhancements

• On the Networks > Add SD-WAN page, when you enable measurement based failover, an error message now shows if link monitoring is not enabled for a network or VPN that you select. [FCCM-5446]

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• A fix was made to filter out default exceptions when you import configuration settings from a locally-managed Firebox to a cloud-managed Firebox. [FCCM-5546]
• Minor updates and bug fixes. [FCCM-5581, FCCM-5582]

New Features

New Firebox NV5 devices with a Standard Support license can now connect to WatchGuard Cloud.

Import Configuration Settings

You can now import aliases and exceptions from a locally-managed Firebox to a cloud-managed Firebox. For more information, see Import Configuration Settings in Help Center.

Resolved Issues

• A fix was made to the Monitor > Devices > Traffic > Packet Filter Traffic graph to correct the Hits and Bytes display information. [FCCM-5551]
• The System Policies list now shows the Allow DNS-Forwarding system policy. This policy allows DNS traffic from internal networks to the Firebox. You can disable the policy on the Allow DNS-Forwarding policy page. [FCCM-5510]
• Minor updates and bug fixes. [FCCM-5456]

Enhancements

• On the Inventory > Endpoints > Allocation page, when you click Allocate Endpoints, the number of available modules (limited or unlimited) shows next to the check box you select to add modules to the account. [WCD-12028]

Resolved Issues

• Minor updates and bug fixes.

New Features

Import Configuration Settings (Beta)

With this beta, you can import aliases and exceptions from a locally-managed Firebox to a cloud-managed Firebox. To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Standard Support for WatchGuard Cloud

You can now add Fireboxes with a Standard Support license to WatchGuard Cloud as locally-managed or cloud-managed through the Add Device Wizard. For more information, see About Firebox WatchGuard Cloud Licenses.

Resolved Issues

• WatchGuard Cloud reports now generate in Chromium browsers when the language is set to Latin American Spanish [FCCM-5341]
• Minor updates and bug fixes. [WCD-11876, WIFI-7736, FCCM-5516]

New Features

Keeping Children Safe in Education (KCSiE)

You can now configure rules to send alerts when users search for keywords in a list published by the Internet Watch Foundation (IWF). For more information, see Safeguarding in Help Center.

Access Point MAC Address Import

You can now import a list of addresses for MAC address access control on an SSID. To support a maximum of 256 MAC addresses, you must upgrade to access point firmware 1.1.24 or higher. Lower firmware versions only allow a maximum of 32 MAC addresses. For more information, see Configure Access Point SSID Settings in Help Center.

Enhancements

• The Add License button on the Inventory > AuthPoint > Allocation page was renamed to Add Users. The Add License button on the Inventory > Endpoints > Allocation page was renamed to Add Endpoints. [WCD-12063]

Resolved Issues

• Minor updates and bug fixes. [WCD-12119, FCCM-5152]

New Features

Standard Support for WatchGuard Cloud (Beta)

With this beta, you can now add Fireboxes with a Standard Support license to WatchGuard Cloud as locally-managed or cloud-managed through the Add Device Wizard. To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Access Point MAC Address Import (Beta)

This feature enables you to import a list of MAC addresses for access control features. To support a maximum of 256 MAC addresses, you must upgrade to access point firmware 1.1.24 or higher. Lower firmware versions only allow a maximum of 32 MAC addresses. To learn more or to report an issue, go to the Wi-Fi in WatchGuard Cloud Beta test community.

Resolved Issues

• Minor updates and bug fixes. [WCD-11876]

Enhancements

• WatchGuard Endpoint Security now shows inside the WatchGuard Cloud user interface, instead of in a separate tab. When you move from account to account in Account Manager, the user interface updates to show endpoint security information for the selected account.

New Features

TCP MTU Probing

You can now enable TCP MTU Probing. With this global option enabled, the Firebox can automatically change the size of its data packets to make sure PMTU discovery succeeds and avoid reduced performance caused by fragmentation. For more information, see Configure Firebox System Settings in Help Center.

Access Point SNMP Monitoring

You can now monitor your access point status with SNMP (Simple Network Management Protocol). SNMP monitoring requires a WatchGuard USP Wi-Fi management license, and an upgrade to access point firmware 1.1.24-0 or higher. For more information, see Configure SNMP for Access Points in Help Center.

Access Point Firmware Update 1.1.24-0.B670120

New firmware is available for Wi-Fi in WatchGuard Cloud access points. This update is required for the SNMP Monitoring feature. For a list of new features, enhancements, and resolved issues in firmware releases, go to Access Point Firmware Releases.

Keeping Children Safe in Education (KCSiE) (Beta)

You can now configure rules to send alerts when users search for keywords in a list published by the Internet Watch Foundation (IWF). To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Resolved Issues

• For Firebox templates with a large number of subscribed devices, when the user selects the Subscribed Devices tab, the list of devices on the tab now populates quickly. [FCCM-5381]
• Minor updates and bug fixes. [WCD-8152, WCD-11493, WCD-12011]

New Features

Device List for Authentication Domains

When you configure directory sync for a WatchGuard Cloud authentication domain, the sync now includes devices that belong to the Active Directory domain.

Access Point Firmware Update 1.1.23-0.B669258 (Beta)

New beta firmware is available for Wi-Fi in WatchGuard Cloud access points. This update replaces the current 1.1.22 beta firmware, and resolves an issue where SSIDs failed to broadcast after the installation of firmware version 1.1.22 on the AP130. For a list of new features, enhancements, and resolved issues in firmware releases, see Access Point Firmware Releases.

Enhancements

• On the Administration > License Details page, the table now includes a License Key column. [WCD-11581]

Resolved Issues

• Minor updates and bug fixes. [WCD-10864]

New Features

TCP MTU Probing (Beta)

You can now enable TCP MTU Probing. With this global option enabled, the Firebox can automatically change the size of its data packets to make sure PMTU discovery succeeds and avoid reduced performance caused by fragmentation. To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Enhancements

• The Firebox Management API device and devices request parameters now accept both integers and strings. For standalone Fireboxes, specify only the numbers from the device ID (12345). For FireClusters, specify the full device ID (FBCL-12345). For more information, see the WatchGuard API documentation. [FCCM-3027]

Resolved Issues

• Minor updates and bug fixes. [FCCM-4982]

New Features

Support Access to WatchGuard Cloud Accounts

Subscriber and Service Provider accounts can now allow WatchGuard Support to connect to their WatchGuard Cloud account to help troubleshoot issues. The permissions given to Support depend on the access role you select when you enable Support Access. You can revoke Support Access at any time. For more information, see Support Access to WatchGuard Cloud Accounts in Help Center.

Resolved Issues

• Minor updates and bug fixes.

Resolved Issues

• Minor updates and bug fixes. [FCCM-5281, WCD-9793]

New Features

Access Point SNMP Monitoring (Beta)

This feature enables you to monitor your access point status with SNMP (Simple Network Management Protocol). SNMP monitoring requires a WatchGuard USP Wi-Fi management license, and an upgrade to access point beta firmware 1.1.22-0. To learn more or to report an issue, go to the Wi-Fi in WatchGuard Cloud Beta test community.

Access Point Firmware Update 1.1.22-0.B667558 (Beta)

New beta firmware is available for Wi-Fi in WatchGuard Cloud access points. This update is required for the SNMP Monitoring beta feature. For a list of new features, enhancements, and resolved issues in firmware releases, go to Access Point Firmware Releases.

Resolved Issues

• A third-party CA selected as the proxy authority certificate now installs correctly after you re-add a device to WatchGuard Cloud. [FCCM-4982]
• The progress bar for device firmware upgrades now appears consistent with other progress bars. [FCCM-5093]
• The access point configuration report shows the correct access point site name after you change the name of the site. [WIFI-7272]
• You can now enter space characters in the device name when you add an access point to WatchGuard Cloud. [WIFI-7578]
• Minor updates and bug fixes. [WCD-11683, WCD-11742]

Resolved Issues

• On the SD-WAN Live Status page, network status indicators for SD-WAN actions or Global Multi-WAN are now gray for networks that are not active because of physical disconnection or failed link monitor probes. [FCCM-5176]

• On the Dashboard page, the AuthPoint License Details tile now shows the number of licenses correctly when a Subscriber account has NFR licenses allocated. [WCD-11658]

• Minor updates and bug fixes.

Resolved Issues

• To improve performance, some audit logs and alerts no longer include the WatchGuard Cloud account ID and account name. The operator ID no longer shows in the User field in the Audit Log Details dialog box. [WCD-10651]
• Minor updates and bug fixes.

Enhancements

• The redesigned Live Status page for SD-WAN and Global Multi-WAN now includes more data visualization and information. You can also save loss, latency, and jitter graphs as .PNG or .SVG files. [FCCM-4663]
• To delete a managed account, the Delete Account dialog box now requires you to type DELETE before you can click the Delete button. [WCD-2464]

Resolved Issues

• Minor updates and bug fixes.

Enhancements

• The Deployment History page now includes a View Pending Changes link that shows the changes in an undeployed configuration compared to the last deployed configuration. The Compare Versions button is now always available to compare the undeployed pending changes to the current deployed configuration. If there are no pending changes, you can compare the last two deployed configurations. [FCCM-5083]
• When you add a device to WatchGuard Cloud, you can now select a device folder where you want to add the Firebox or access point. [WIFI-6569]
• WPA2 Enterprise and WPA3 Enterprise wireless security options now appear for an SSID even if you do not have a RADIUS server configured. To be able to select a RADIUS server for Enterprise authentication, you must add a RADIUS server in Shared Configurations > Authentication Domains. [WIFI-7219]

Resolved Issues

• The Configure Devices page now shows the total number of FireClusters. [FCCM-4945]
• In the FireCluster settings, you can now change the Communication IP addresses to addresses not included in the DHCP pool that you configured in the Firebox DHCP server settings for that network. You can no longer change the Communication IP addresses to addresses included in the DHCP pool. [FCCM-5108]
• Minor updates and bug fixes.

New Features

FireCluster Management

You can now manage a FireCluster in WatchGuard Cloud. To add a cloud-managed FireCluster, you can start with factory-default Fireboxes or an existing locally-managed FireCluster. After you add a cloud-managed FireCluster, you manage the configuration exclusively in WatchGuard Cloud. For more information, see Add a Cloud-Managed FireCluster in Help Center.

Enhancements

• Some audit logs and alerts now include the WatchGuard Cloud account ID and account name. The operator ID also shows in the User field in the Audit Log Details dialog box. [WCD-10646]

Resolved Issues

• Minor updates and bug fixes. [WCD-11411, WCD-11154]

Resolved Issues

• Minor updates and bug fixes.

New Features

Access Point Description

You can now add a description for an access point to help you identify the device in WatchGuard Cloud. You can add a description for existing access points in the Device Settings configuration. You can also add the description when you add a new device to WatchGuard Cloud. This feature requires an upgrade to access point firmware 1.1.18-0.

Access Point Radio Details

Additional radio details are available for an access point on the Device Settings and Device Summary pages that show the current channel and transmit power for each radio. This feature requires an upgrade to access point firmware 1.1.18-0. Radio details do not appear for access points with lower firmware versions, or if an SSID is not configured on the radio.

Resolved Issues

• Minor updates and bug fixes.

New Features

Access Point Firmware Update 1.1.18-0.B665427

New access point firmware is available for Wi-Fi in WatchGuard Cloud access points. For a list of resolved issues, go to Access Point Firmware Releases.

New Features

Certificate Management

Certificate Management in WatchGuard Cloud is now publicly available. For more information, see Manage Certificates in Help Center.

Resolved Issues

• Minor updates and bug fixes.

Enhancements

• On the Administration > Trials page, Subscribers with the Analyst or Helpdesk role can now start, stop, upgrade, or extend a trial. [WCD-11288]
• An alert is generated when an access point cannot communicate with the configured NTP server. [WIFI-7505]

Resolved Issues

• When you change the pagination for the table on the Inventory > Allocation > Endpoints or Administration > Trials page to show more than 25 rows per page, the table now updates to show the selected number of rows per page. [WCD-11268, WCD-11303]
• Minor updates and bug fixes. [FCCM-4924, FCCM-4925]

New Features

FireCluster Management (Beta)

With this beta, you can now manage a FireCluster in WatchGuard Cloud. To add a cloud-managed FireCluster, you can start with factory-default Fireboxes or an existing locally-managed FireCluster. After you add a cloud-managed FireCluster, you manage the configuration exclusively in WatchGuard Cloud. To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Enhancements

• You can now disable these system policies in WatchGuard Cloud:
  • WatchGuard SSLVPN
  • Allow-IKE-to-Firebox
  • BOVPN-Allow-Any.in
  • BOVPN-Allow-Any.out
  • Allow SSLVPN-Users
  • Allow IKEv2-Users
  • Allow RADIUS SSO Service
  • Allow RADIUS SSO Users

For more information, see System Firewall Policies in Help Center.

Resolved Issues

• Details for a report scheduled between midnight and 00:59 AM now show as expected in the Schedule section. [WCD-11229]
• Minor updates and bug fixes. [FCCM-4765]

New Features

Certificate Management (Beta)

With this beta, you can manage account-level certificates and Firebox certificates for cloud-managed devices in WatchGuard Cloud. You can generate Certificate Signing Requests (CSRs) and upload custom certificates for TLS decryption and mobile VPN. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Enhancements

• New icons in the Account Manager (Service Provider accounts) or Device Manager (Subscriber accounts) indicate whether a device is cloud-managed or locally-managed and whether it is online, offline or never connected to WatchGuard Cloud. [FCCM-4341]

Resolved Issues

• You can now correctly schedule an access point report if the account only contains access point devices. [WIFI-7478]
• Access Point Sites no longer display errors when you apply site settings or view a list of sites. [WIFI-7472, WIFI-7474, WIFI-7477]
• Minor updates and bug fixes. [FCCM-4818]

Resolved Issues

• In Dark Web Scan, you can now search for an email address that includes a hyphen (-). [WCD-11120]
• A Service Provider account can see the device firmware information for a delegated account. [FCCM-4559]
• Minor bug fixes and enhancements.

New Features

Tor Exit Node Support

The Tor Exit Node Blocking service for cloud-managed Fireboxes is now publicly available. For more information, see Configure Network Blocking in WatchGuard Cloud in Help Center.

Resolved Issues

• Minor bug fixes and enhancements.

Resolved Issues

• Minor bug fixes and enhancements.

New Features

Firebox Diagnostic Tools and Snapshot

You can now run diagnostic tools (Ping, TCP Dump, and DNS Lookup) for a Firebox in WatchGuard Cloud. You can also download a diagnostic snapshot file from the Firebox. For more information, see Run Network Diagnostic Tasks in Help Center.

SAML SSO for WatchGuard Accounts

You can now configure SAML single sign-on (SSO) to use an external identity provider to authenticate your users when they log in to WatchGuard accounts, including WatchGuard Cloud. This keeps logins secure and enables users to use the same login credentials across multiple platforms.

Resolved Issues

• Minor bug fixes and enhancements.

Resolved Issues

• Minor bug fixes and enhancements. [WCD-10778]

New Features

Endpoint Security Plug-in for N-able N-central

With the new Endpoint Security plug-in for N-able N-central, you can protect devices on your network, review detected security incidents, and develop prevention and remediation plans against unknown and advanced persistent threats. For more information, see About the WatchGuard Endpoint Security Plug-in for N-able N-central in Help Center.

Resolved Issues

• In the BOVPN configuration, you can now add a Class C network resource that overlaps with an unselected Class C network resource. [FCCM-4318]
• Minor bug fixes and enhancements. [WCD-10805]

New Features

Tor Exit Node Support (Beta)

With this beta, you can configure the Tor Exit Node Blocking service for cloud-managed Fireboxes. The service is available to Fireboxes that run Fireware v12.8.1 (Beta) or Fireware v12.5.10 (Beta). To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Enhancements

• On the Administration > Account Groups page, you can now search for an account or account group. [WCD-10041]

Resolved Issues

• You can now correctly deploy an access point configuration with syslog settings. [WIFI-7389]
• The radio settings page now correctly displays the name of the 2.4 and 5 GHz radios. [WIFI-7384]
• Minor bug fixes and enhancements.

New Features

Aliases in Firebox Templates

The Aliases in Firebox Templates feature is now publicly available. For more information, see to Manage Firebox Templates in Help Center.

Log Server Management in Firebox Templates

This feature is now publicly available. You can configure Dimension or Syslog servers in templates for cloud-managed Fireboxes. For more information, see to Manage Firebox Templates in Help Center.

Enhancements

• When tier-1 users log in to WatchGuard.com, they must read and accept a new end-user license agreement (EULA). The EULA appears the first time that partners log in as well as any time the agreement changes. After a user accepts the EULA for a tier-1 account, it does not appear for other account users. The Manage Profile page in Support Center shows the status of the EULA for your company.

Resolved Issues

• Minor bug fixes and enhancements. [DC-3827, WCD-9580, WCD-10718]

Enhancements

• The WatchGuard Cloud user interface is now available in German and Spanish (Spain). The interface automatically reflects the language selected in the browser. [WCD-9206]
• When you create a scheduled report, from the Language drop-down list, you can now select German or Spanish (Spain) for the report. [WCD-10286]

Resolved Issues

• On the Administration > Managed Access page, you can now enter a RESTful API password for readwrite or readonly access that includes the plus (+) sign and minus (-) sign. [WCD-10740]
• In Audit Log and Alert Details, AuthPoint now shows as Multi-Factor Authentication. [WCD-10415]
• Minor bug fixes and enhancements.

New Features

Log Server Management in Firebox Templates (Beta)

With this beta, you can configure Dimension or Syslog servers in templates for cloud-managed Fireboxes. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Resolved Issues

• The default dynamic NAT rules now appear on the dynamic NAT configuration page. An error message no longer appears when you add a dynamic NAT rule. [FCCM-4573]

New Features

Aliases in Firebox Templates (Beta)

With this beta, you can configure aliases in Firebox templates for cloud-managed Fireboxes. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Resolved Issues

• The Zero-Day Malware (APT) and Advanced Malware (APT) reports in Monitor > Devices > Services no longer include a pivot for Malicious Activity. [FCCM-4513]
• In the rare case that a deployed configuration would cause issues if it were restored, an error message now appears if you try to revert the configuration. [FCCM-4561]
• Minor bug fixes and enhancements.

Enhancements

• When you start a trial of a WatchGuard Endpoint Security product or module, the license can now be used for up to 250 endpoints.
• Access point device settings are now separated into general device settings and advanced settings. You can now configure the advanced device settings (Syslog Server) in Access Point Sites.

Resolved Issues

• Minor bug fixes and enhancements.

New Features

Authentication Domains: Active Directory Sync

With the directory sync feature, you can sync users and groups from your Active Directory or LDAP database to a WatchGuard Cloud authentication domain. In WatchGuard Cloud, you can add an authentication domain to the Firebox so that you can specify users and groups from your authentication server in firewall policies, aliases, and mobile VPN settings.

Resolved Issues

• Minor bug fixes and enhancements.

New Features

Change Firebox to Cloud Management

Change Firebox to Cloud Management is now publicly available. With this feature, you can change locally-managed Fireboxes with cloud reporting to cloud management. For more information, see Change a Locally-Managed Firebox to Cloud Management.

Resolved Issues

• If your cloud-managed Firebox does not include a BOVPN configuration, you can now re-apply a previous deployment that includes a BOVPN configuration. [FCCM-3223, FCCM-4397]

Resolved Issues

• Minor bug fixes and enhancements. [FCCM-4398]

New Features

Change Firebox to Cloud Management (Beta)

With this feature, you can change locally-managed Fireboxes with cloud reporting to cloud management. When a Firebox is cloud-managed, you manage the device configuration in WatchGuard Cloud. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Bridged WAN

For increased network design flexibility, you can now configure an external VLAN to have more than one interface member. External VLAN interface members can now be untagged. An interface can now simultaneously belong to both an external and internal VLAN. Intra-VLAN inspection is enabled automatically for external interfaces. With these enhancements, you can now bridge a VLAN between interfaces and create policies that apply to traffic between the interfaces.

SD-WAN Round Robin

With this feature, you can configure SD-WAN actions that use the Round-Robin load balancing method.

Firebox Integration with ConnectWise and Autotask

The ability to integrate a Firebox with ConnectWise and Autotask is now publicly available. This feature enables you to automatically synchronize your Firebox information with these professional service automation tools for more efficient device management and monitoring. For more information, see About Firebox Technology Integrations.

Resolved Issues

• Minor bug fixes and enhancements. [WCD-10463]

Resolved Issues

• Minor bug fixes and enhancements.

New Features

Firebox Integration with ConnectWise and Autotask (Beta)

This feature enables you to integrate a Firebox with ConnectWise and Autotask. You can automatically synchronize your Firebox information with these professional service automation tools for more efficient device management and monitoring. To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Access Point Diagnostic Tools and Support Snapshot

You can now run diagnostic tools (Ping, Traceroute, and DNS Lookup) from an access point to troubleshoot network connectivity. You can also download a support snapshot diagnostic file from the access point. This feature requires an upgrade to access point firmware 1.1.7-0. For more information, go to Access Point Diagnostic Tools.

Access Point Firmware Update 1.1.7-0.B655161

New access point firmware is available for Wi-Fi in WatchGuard Cloud access points. The access point LED indicator status is enhanced to provide more granular status for the device connection to WatchGuard Cloud. This update is also required to use the Diagnostic Tools and Support Snapshot features.

For more information and resolved issues, go to Access Point Firmware Releases.

Resolved Issues

• Minor bug fixes and enhancements. [DC-3838, FCCM-4189]

Resolved Issues

• Undeployed device configuration changes to network interfaces no longer appear when there has been no change to the configuration. [FCCM-4307, WIFI-7161]

New Features

WatchGuard Cloud Cyclops Blink Detector

You can now use the WatchGuard Cloud Cyclops Blink Detector to determine if your Fireboxes are affected by Cyclops Blink. This tool can scan multiple Fireboxes in your account and the accounts you manage. To scan a Firebox, the device must be connected to WatchGuard Cloud. For more information, see WatchGuard Cloud Cyclops Blink Detector in WatchGuard Cloud Help. [FCCM-4181]

WatchGuard also provides Cyclops Blink detection tools online and in WSM. For more information about these tools and Cyclops Blink, see this Knowledge Base article.

On-Demand System Integrity Checks

The local Fireware Web UI for a cloud-managed Firebox now includes an option on the Diagnostics page to run an on-demand system integrity check. For more information, see Run an On-Demand System Integrity Check on a Cloud-Managed Firebox in WatchGuard Cloud Help. [FBX-22660]

Enhancements

• The Activity Trend pivot in the Services > Virus report now includes IntelligentAV statistics. [DC-3037]
• When a device is connected, you can now click Live Status in the upper-right corner of Monitor and Configure pages to open a live feed of Firebox and FireCluster messages in a separate window. [FCCM-4278]

Resolved Issues

• The Access Point VPN configuration no longer allows you to select an SSID that has a VLAN enabled. [WIFI-7022]
• Minor bug fixes and enhancements.

New Features

Authentication Domains: Active Directory Sync (Beta)

With the directory sync feature, you can sync users and groups from your Active Directory or LDAP database to a WatchGuard Cloud authentication domain. In WatchGuard Cloud, you can add an authentication domain to the Firebox so that you can specify users and groups from your authentication server in firewall policies, aliases, and mobile VPN settings. To get started, log in to your WatchGuard Cloud account and enable the Authentication Domains: Active Directory Sync beta feature toggle.

To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Resolved Issues

• Minor bug fixes and enhancements.

Enhancements

• An updated version of the Allocations API includes an updated endpoint to retrieve a list of all assets for managed accounts, and a new endpoint to retrieve a hierarchy of all allocated assets for managed and delegated accounts. For more information, see the WatchGuard API documentation. [WIFI-6849, WIFI-7038]

Resolved Issues

• Minor bug fixes and enhancements. [WCD-9940, FCCM-3334]

New Features

WatchGuard SIEMFeeder

You can now manage WatchGuard SIEMFeeder licenses in WatchGuard Cloud. SIEMFeeder is a endpoint security module available for use with WatchGuard EPDR and WatchGuard EDR. With SIEMFeeder, you can integrate security intelligence and context of processes executed in your workstations and servers into your corporate SIEM. For more information, see About SIEMFeeder.

New Features

Access Point Compare Configuration Versions

You can now compare two consecutive access point configuration deployments in the deployment history to see what changed between versions. For more information, see Compare Configuration Versions.

Enhancements

Access Point Firmware Update 1.1.6-0.B652914 (Beta)

New beta firmware is available for Wi-Fi in WatchGuard Cloud access points that replaces the current 1.1.4 beta firmware. This update contains resolved issues and is required to use the Diagnostic Tools and Support Snapshot beta features. To learn more or to report an issue, go to the Wi-Fi in WatchGuard Cloud Beta test community.

Resolved Issues

• Minor bug fixes and enhancements. [WCD-9627, WCD-10119]

Enhancements

• To improve search performance, Log Search now includes a refined list of searchable fields. [FCCM-4174]

Resolved Issues

• Minor bug fixes and enhancements. [FCCM-4062, FCCM-4177, WCD-2257, WCD-9978, WCD-10085, WCD-10086, WCD-10016, WIFI-6765]

New Features

Access Point Diagnostic Tools and Support Snapshot (Beta)

You can now run diagnostic tools (Ping, Traceroute, and DNS Lookup) from an access point to troubleshoot network connectivity. You can also download a support snapshot diagnostic file from the access point. This feature requires an upgrade to access point beta firmware 1.1.4-0. To learn more or to report an issue, go to the Wi-Fi in WatchGuard Cloud Beta test community.

Access Point Compare Configuration Versions (Beta)

You can now compare two consecutive access point configuration deployments in the deployment history to see what has changed between versions. To learn more or to report an issue, go to the Wi-Fi in WatchGuard Cloud Beta test community.

Access Point Firmware Update 1.1.4-0.B652086 (Beta)

New beta firmware is available for Wi-Fi in WatchGuard Cloud access points. This update is required to use the Diagnostic Tools and Support Snapshot beta features. To learn more or to report an issue, go to the Wi-Fi in WatchGuard Cloud Beta test community.

Upgrade Firmware for Multiple Subscribers

The Upgrade Firmware for Multiple Subscribers feature is now publicly available. With this feature, Service Providers can see the Fireware version installed on their Subscriber devices and upgrade the firmware for selected devices. For more information, see Upgrade Firmware from WatchGuard Cloud.

Resolved Issues

• Minor bug fixes and enhancements. [WCD-9436, WCD-9979, WIFI-7062]

New Features

Bridged WAN (Beta)

For increased network design flexibility, you can now configure an external VLAN to have more than one interface member. External VLAN interface members can now be untagged. An interface can now simultaneously belong to both an external and internal VLAN. Intra-VLAN inspection is enabled automatically for external interfaces. With these enhancements, you can now bridge a VLAN between interfaces and create policies that apply to traffic between the interfaces.

To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Resolved Issues

• Minor bug fixes and enhancements. [FCCM-3979]

New Features

IPv6 Support

IPv6 support is now publicly available. Several features now support IPv6: Networks (internal and external), BOVPN, DHCP, DNS, static routes, policies, SSO, aliases, network blocking (Blocked Sites), and exceptions (Geolocation and Blocked Sites). You can also see IPv6 information for these features in logs and reports, and on monitoring pages. For more information, see About IPv6 Support in WatchGuard Cloud.

Access Points: Use VPN Tunnel for RADIUS Authentication

The Use VPN Tunnel for RADIUS Authentication feature is now publicly available. This feature adds the ability to use the Access Point VPN tunnel for RADIUS authentication traffic to a RADIUS server located behind the Firebox tunnel endpoint. For more information, see Configure an Access Point VPN.

Access Point Firmware Update 1.0.4-0.B650418

New firmware is available for Wi-Fi in WatchGuard Cloud access points that resolves these issues:

• Access Point VPN now correctly connects when the Firebox VPN settings use a domain name of 16 characters or greater. [AP-1105]
• Minor bug fixes and enhancements. [AP-1077, AP-1085, AP-1086]

Enhancements

• New tiles that display information on the endpoint security modules (Patch Management, Full Encryption, and Data Control) are available on the Service Provider and Subscriber dashboards. For more information, see Service Provider Dashboard or About the Dashboard in Help Center. [WCD-9372]
• On 17 December 2021, the WatchGuard Cloud Audit Log message retention policy will change to allow a maximum retention period of 12 months. The change in log message retention policy applies to WatchGuard Cloud Audit Log messages only. Application log messages, such as those generated for Firebox and Access Points, as well as Endpoint and AuthPoint events, maintain their own data retention periods. For more information on audit logs, see Audit Logs in Help Center. [WCD-9870]

Resolved Issues

• Access Portal authentication session information now displays on the Monitor > Devices, Live Status > Authentication page. [FCCM-4099]
• Minor bug fixes and enhancements. [DC-3850, WCD-9888, WCD-9893, WCD-9931]

New Features

IPv6 Support (Beta)

With this beta, several features now support IPv6: Networks (internal and external), BOVPN, DHCP, DNS, static routes, policies, SSO, aliases, network blocking (Blocked Sites), and exceptions (Geolocation and Blocked Sites). You can also see IPv6 information for these features in logs and reports, and on monitoring pages.

To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Upgrade Firmware for Multiple Subscribers (Beta)

With this beta, Service Providers can see the Fireware version installed on their Subscriber devices and upgrade the firmware for selected devices.

To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Enhancements

• An updated version of the Endpoint Security Management API includes new endpoints to retrieve module status for Full Encryption, Patch Management, and Data Control. For more information, see the WatchGuard API documentation.

• An updated version of the Aether Endpoint Security API includes new endpoints to retrieve module status for Full Encryption, Patch Management, and Data Control. For more information, see the WatchGuard API documentation.

Resolved Issues

• An Access Point VPN now successfully connects when Firebox-DB is not the default authentication server in the Firebox Mobile VPN configuration. [WIFI-7033]
• Minor bug fixes and enhancements. [WIFI-7030]

New Features

SD-WAN Round Robin (Beta)

With this beta feature, you can configure SD-WAN actions that use the Round-Robin load balancing method. To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Access Points: Use VPN Tunnel for RADIUS Authentication (Beta)

This feature adds the ability to use the Access Point VPN tunnel for RADIUS authentication traffic to a RADIUS server located behind the Firebox tunnel endpoint. To learn more or to report an issue, go to the Wi-Fi in WatchGuard Cloud Beta test community.

Access Point Firmware Update 1.0.4-0.B650418 (Beta)

New beta firmware is available for Wi-Fi in WatchGuard Cloud access points. To learn more or to report an issue, go to the Wi-Fi in the Wi-Fi in WatchGuard Cloud Beta test community.

Access Point Scheduled Reports

The ability to generate access point reports in the existing scheduled reports feature in WatchGuard Cloud is now publicly available. You can schedule the Connection Issues, Network Usage, Performance Issues, and Top Clients reports for access points. For more information, go to Schedule WatchGuard Cloud Reports in Help Center.

Resolved Issues

• Access Point VPN now correctly connects when the Firebox VPN settings use a domain name of 16 characters or greater. [AP-1044]
• Access Point scheduled report details now display "Access Points" instead of "Fireboxes". [WIFI-6999, WIFI-7006]
• Minor bug fixes and enhancements. [AP-1077, AP-1085, AP-1086, FCCM-4042, FCCM-3140, WIFI-6995]

Resolved Issues

• The Live Status > Traffic Monitor > Live Logs page now includes log messages for both cluster members. [FCCM-3810]
• When you view the deployment history for a Firebox in WatchGuard Cloud, configuration reports now include information about the authentication settings. [FCCM-3201]
• Minor bug fixes and enhancements. [FCCM-3985]

New Features

Access Point Scheduled Reports (Beta)

You can now generate access point reports in the existing scheduled reports feature in WatchGuard Cloud. You can schedule the Connection Issues, Network Usage, Performance Issues, and Top Clients reports for access points. To learn more or to report an issue, go to the Wi-Fi in WatchGuard Cloud Beta test community.

Resolved Issues

• To support access point feature key updates, *.watchguard.io is added to the Blocked Site Exceptions and HTTPS Decryption Exceptions lists. [WIFI-6726]
• In the Administration > Branding page, splash page Landing Page URLs can now include hyphen (-) characters. [WIFI-6972]
• Minor bug fixes and enhancements. [WCD-9592, WCD-9729, WIFI-6960]

New Features

Endpoint Security Modules

You can now manage WatchGuard Endpoint Security modules in WatchGuard Cloud. These modules are available for WatchGuard EPDR, EDR, or EPP:

• WatchGuard Full Encryption
• WatchGuard Patch Management
• WatchGuard Data Control
• WatchGuard Advanced Reporting Tool

For more information, see WatchGuard Endpoint Security Modules.

New Features

Mobile VPN with SSL

Mobile VPN with SSL is now publicly available. You can now enable and configure Mobile VPN with SSL in WatchGuard Cloud. You can also download the WatchGuard Mobile VPN with SSL client in WatchGuard Cloud. For more information, see About Mobile VPN for a Cloud-Managed Firebox.

MFA for WatchGuard Cloud Operators

MFA for WatchGuard Cloud Operators is now publicly available. You can now require multi-factor authentication (MFA) when operators log in to WatchGuard Cloud. You can enable MFA for any operator in your WatchGuard Cloud account or an account that you manage. All operators can also enable MFA for their own WatchGuard Cloud operator account. For more information, see Enable MFA for WatchGuard Cloud Operators.

AuthPoint Integration

AuthPoint Integration is now publicly available. With this feature, you can configure Firebox resources in AuthPoint for cloud-managed Fireboxes.

Resolved Issues

• Minor bug fixes and enhancements.

Release Date: 4 November 2021

Enhancements

• The Accounts API now includes an endpoint to update managed accounts. For more information, see the WatchGuard API documentation. [WCD-3919]

Resolved Issues

• Minor bug fixes and enhancements. [FCCM-3328, FCCM-3696]

New Features

Wi-Fi in WatchGuard Cloud

Wi-Fi in WatchGuard Cloud is now publicly available. You can now manage new WatchGuard Wi-Fi 6 access points in WatchGuard Cloud to monitor and configure your devices. For more information, see About Wi-Fi in WatchGuard Cloud.

New Features

MFA for WatchGuard Cloud Operators (Beta)

You can now require multi-factor authentication (MFA) when operators log in to WatchGuard Cloud. With this beta feature, you can enable MFA for any operator in your WatchGuard Cloud account or an account that you manage. All operators can also enable MFA for their own WatchGuard Cloud operator account. To get started, join the WatchGuard Beta test community.

AuthPoint Integration (Beta)

You can now configure Firebox resources in AuthPoint for cloud-managed Fireboxes. To test this feature, on the Administration > Beta Features page, enable the AuthPoint Integration beta toggle for your WatchGuard Cloud account.

Mobile VPN with SSL (Beta)

With this beta feature, you can enable and configure Mobile VPN with SSL in WatchGuard Cloud. You can also download the WatchGuard Mobile VPN with SSL client in WatchGuard Cloud. To learn more or to report an issue, go to the WatchGuard Cloud Beta test community.

Enhancements

• When you add a new operator email address and click Save, WatchGuard Cloud verifies that the email address does not duplicate an existing address. If the email address is a duplicate, an error message now prompts you to change the address. [WCD-9465]
• You can now see information about FireCluster failover and reboot actions on the Audit Log Detail dialog box. [FCCM-3485]

Resolved Issues

• Minor bug fixes and enhancements. [FCCM-3734, FCCM-3958, WCD-9606]

Resolved Issues

• Minor bug fixes and enhancements.

New Features

spamBlocker for Cloud-Managed Fireboxes

spamBlocker for cloud-managed Fireboxes is now publicly available. You can configure cloud-managed Fireboxes to use the spamBlocker security service to identify and block spam messages before they reach your email server. For more information, see Configure spamBlocker.

Resolved Issues

• Minor bug fixes and enhancements [DC-3821, FCCM-3913].

New Features

Compare Configuration Versions

The Compare Configuration Versions feature is now publicly available. With this feature, you can compare two Firebox configuration versions to see what has changed between them. For more information, see Compare Configuration Versions.

Send Device Feedback to WatchGuard

The Send Device Feedback to WatchGuard feature is now publicly available. With this feature, you can configure options to send device feedback and daily fault reports to WatchGuard. For more information, see Configure Device Feedback Settings.

Live Status for Locally-Managed Fireboxes with Cloud Reporting and FireClusters

The Live Status for Locally-Managed Fireboxes and FireClusters feature is now publicly available. With this feature, you can enable live status and usage monitoring of locally-managed Fireboxes with cloud reporting and FireCluster devices. For more information, see Monitor Live Status for Fireboxes and FireClusters.

Endpoint Security Modules (Beta)

With this beta feature, you can start, extend, upgrade, and cancel trials for these endpoint security modules in WatchGuard Cloud:

• WatchGuard Full Encryption
• WatchGuard Patch Management
• WatchGuard Data Control
• WatchGuard Advanced Reporting Tool

To learn more or to report an issue, go to WatchGuard Endpoint Security Beta test community.

Enhancements

• An updated version of the Endpoint Security Management API includes new endpoints to retrieve security events and to initiate an action on a device. For more information, see the WatchGuard API documentation. [API-551]

Resolved Issues

• Minor bug fixes and enhancements.

New Features

spamBlocker (Beta)

With this beta feature, you can configure cloud-managed Fireboxes to use the spamBlocker security service to identify and block spam messages before they reach your email server. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Enhancements

• When you add a new operator or an account and operators and click Save, WatchGuard Cloud verifies that the new operator does not duplicate an existing operator. If the new name is a duplicate, an error message now prompts you to change the name. [WCD-6869]

Resolved Issues

• Minor bug fixes and enhancements.

New Features

Compare Configuration Versions (Beta)

With this beta feature, you can compare two Firebox configuration versions to see what has changed between them. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Send Device Feedback to WatchGuard (Beta)

With this beta feature, you can configure options to send device feedback and daily fault reports to WatchGuard. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Live Status for Locally-Managed Fireboxes with Cloud Reporting and FireClusters (Beta)

With this beta feature, you can enable live status and usage monitoring of locally-managed Fireboxes with cloud reporting and FireCluster devices. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Resolved Issues

• In the NIC settings for an interface, the Link Speed list now includes only options supported by the hardware model. [FCCM-3745]
• Minor bug fixes and enhancements. [DC-3789, WCD-9306]

Resolved Issues

• Minor bug fixes and enhancements.

New Features

Single Sign-On

Active Directory Single Sign-On and RADIUS Single Sign-On for cloud-managed Fireboxes is now publicly available. For information on how to enable and configure single sign-on, see Enable Active Directory SSO for a Cloud-Managed Firebox and Enable RADIUS SSO for a Cloud-Managed Firebox.

Enhancements

• The Accounts API now includes an endpoint that creates a new managed account and an endpoint that deletes a managed account. For more information, see the WatchGuard API documentation. [WCD-3918, WCD-3921]

• On the Administration > Trials page, you can now extend a trial that has expired. You can only extend the trial once within 60 days of the start date. [WCD-8716]

Resolved Issues

• Minor bug fixes and enhancements. [WCD-9183]

New Features

Log Server Management

Log server management in WatchGuard Cloud is now publicly available. You can now configure a cloud-managed Firebox to send log messages to Dimension or Syslog servers in order to retain log messages longer than the normal data retention period in WatchGuard Cloud. For more information, see Configure Log Server Settings for Cloud-Managed Fireboxes.

Dynamic DNS

Dynamic DNS for cloud-managed Fireboxes is now publicly available. With this feature, you can configure a cloud-managed Firebox to connect to a supported dynamic DNS provider. For more information, see Configure Dynamic DNS.

Resolved Issues

• Minor bug fixes and enhancements. [WCD-9107]

New Features

Cloud Management of Firebox with LTE Modem

Cloud management support for the new Firebox T80 LTE Interface module is now publicly available. The LTE interface module enables you to install a SIM card and use the cellular connection as an external interface on the Firebox T80. For more information, see Configure a Firebox 4G LTE Modem.

Single Sign-On (Beta)

You can now enable and configure Active Directory Single Sign-On and RADIUS Single Sign-On for cloud-managed Fireboxes. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Resolved Issues

• You can now add secondary networks that use the netmasks /31 and /32. [FCCM-3504]
• Minor bug fixes and enhancements. [DC-3726, DC-3735, DC-3753, DC-3755]

New Features

Log Server Management (Beta)

The Log Server Management beta release enables configuration and management of Dimension and Syslog servers for cloud-managed Fireboxes. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Dynamic DNS (Beta)

With this beta, you can now configure a cloud-managed Firebox to connect to a supported dynamic DNS provider. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Resolved Issues

• Minor bug fixes and enhancements.

New Features

Cloud Management of Firebox with LTE Modem (Beta)

Cloud management support for the new Firebox T80 LTE Interface module is now available for beta participants. The LTE interface module enables you to install a SIM card and use the cellular connection as an external interface on the Firebox T80. To learn more or to report an issue, go to the Firebox T80 LTE Module Beta test community.

Resolved Issues

• Minor bug fixes and enhancements. [WCD-7251]

New Features

Cloud Management for Virtual Fireboxes

Cloud Management for Virtual Fireboxes is now publicly available. You can now use WatchGuard Cloud to manage virtual Fireboxes, including FireboxV and Firebox Cloud.

Resolved Issues

• Minor bug fixes and enhancements. [FCCM-3523]

New Features

System Actions for FireCluster

System actions for FireCluster are now publicly available. You can upgrade, reboot, and fail over your locally-managed FireCluster in WatchGuard Cloud. For more information, see About FireCluster in WatchGuard Cloud.

Enhancements

• On the Inventory > Endpoints > Allocation page, to deallocate a license, next to the account you want to deallocate endpoint security licenses from, click the more options button and select Deallocate License. [WCD-8635]

Resolved Issues

• Minor bug fixes and enhancements. [WCD-8527, WCD-8968]

New Features

Cloud Management for Virtual Fireboxes Beta

With this beta, you can now use WatchGuard Cloud to manage virtual Fireboxes, including FireboxV and Firebox Cloud. To learn more or to report an issue, go to WatchGuard Cloud Beta test community.

Enhancements

• On the Administration > Branding page, the toggle was removed. You do not need to enable a toggle to apply custom branding. Custom branding is applied automatically when you click Save. After you save changes to the branding page, you can click Restore Default Settings to restore the settings to the WatchGuard default settings. [WIFI-6448]

Resolved Issues

• You can now successfully delete the default authentication domain associated with the authentication portal when the authentication portal is disabled. [FCCM-3412]
• Minor bug fixes and enhancements.

Resolved Issues

• For cloud-managed Fireboxes, when a Service Provider account applies policies to a Firebox, the Configure > Devices > Device Configuration > Firewall Policies tile lists the applied policies. The Firewall Policies page correctly reflects the same applied policies. [FCCM-3488]
• When you add an operator and assign the operator to an account group, the operator has access to account sub-groups in the account group. [WCD-8443]
• Minor bug fixes and enhancements. [WCD-8581, WCD-8687, WCD-8728, WCD-8888, WESS-1187]

New Features

System Actions for FireCluster (Beta)

With the System Actions for FireCluster beta, you can now upgrade, reboot, and fail over your FireCluster in WatchGuard Cloud. You must first upgrade cluster members to Fireware v12.7.1 Beta or v12.5.8 Beta in Policy Manager or Fireware Web UI. For information on the System Actions for FireCluster Beta, visit the WatchGuard Beta test community. [FCCM-3370]

Resolved Issues

• Minor bug fixes and enhancements. [FCCM-3513, WCD-8579, WCD-8587]

Resolved Issues

• Minor bug fixes and enhancements. [WCD-7908, WCD-8625, WCD-8691]

Resolved Issues

• Minor bug fixes and enhancements. [WCD-8690]

Enhancements

• The Monitor > Devices > Traffic > Top Clients report can help identify the top users or hosts on your network by bandwidth or connections (hits). When there is no value in the User column, the Host column is the first column. The Host column includes a link to the corresponding details page. [WIFI-6381]

Resolved Issues

• Minor bug fixes and enhancements. [WCD-8578]

Resolved Issues

• Minor bug fixes and enhancements. [WCD-7753, WCD-8520, WCD-8590, WCD-8605, WESS-1154]

Enhancements

• On the Inventory > Firebox > Allocation page, you can now specify an expiration date of Never. [WCD-8476]

Resolved Issues

• Minor bug fixes and enhancements. [FCCM-2973, FCCM-3401]

New Features

• WatchGuard Endpoint Security products (WatchGuard EPDR, EDR, and EPP) are publicly available. You can now manage endpoint security licenses in WatchGuard Cloud. For more information on endpoint security licenses and allocation, see About Endpoint Security Licenses in Help Center. [WESS-2, WESS-4, WESS-291, WESS-588]

  You can also start a 30-day trial of these products from the Administration > Trials page. For more information on trials, see Endpoint Security Trials – Service Providers or Manage Endpoint Security Trials – Subscribers in Help Center. [WESS-250]

• For Service Providers, a new Administration > Account Groups page enables you to create and organize groups of accounts. You can use account groups to configure and assign endpoint security settings to a group of accounts and to control account access in WatchGuard Cloud. For more information, see Manage Account Groups in Help Center. [WESS-148]

• Service Providers with an active endpoint security trial, term, or subscription license can use Service Provider Endpoint Manager to configure and assign security settings to the computers and devices on their network. For more information, see About Service Provider Endpoint Manager in Help Center. [WESS-3]

Enhancements

• On the Administration > License Details tabs for Fireboxes, AuthPoint users, and Host Sensors, a new Activate License button directs Tier-1 Subscriber accounts to the Inventory > Allocation page where they can allocate a license or, if there are no licenses available, to Support Center where they can activate a new license. A message prompts Tier-N Subscriber accounts to contact their Service Provider. [WCD-7195, WCD-7197]

Resolved Issues

• In Subscriber view, on the Administration > License Details > Firebox tab, when you select a license name in the table, the License Details page opens. [WCD-8445]
• WatchGuard Cloud now correctly generates audit logs for Dark Web Scan actions. [WCD-8475, WCD-8481]
• Minor bug fixes and enhancements [FCCM-3088, FCCM-3379, FCCM-3392, FCCM-3400, WCD-8464]

Resolved Issues

• The shared secret setting for RADIUS authentication servers in WatchGuard Cloud is now restricted to 64 characters. [FCCM-3164]
• Minor bug fixes and enhancements

Resolved Issues

• Minor bug fixes and enhancements

Resolved Issues

• A fix was included to make sure that only the Fireboxes you select in the Firmware Upgrade wizard are upgraded. [FCCM-3351]
• Minor bug fixes and enhancements [FCCM-3325, FCCM-3333, WCD-8298, WCD-8355]

Enhancements

• For cloud-managed Fireboxes, on the Configure > Devices > Deployment History page, when the configuration version included shared settings, you can now point to the Template label to display the name of the template that was applied. [FCCM-3084]

Resolved Issues

• Minor bug fixes and enhancements

Enhancements

• New public API to manage devices that run WatchGuard endpoint security software. For more information, see the WatchGuard API documentation. [API-548]

Resolved Issues

• Minor bug fixes and enhancements

Resolved Issues

• Minor bug fixes and enhancements

New Features

WatchGuard Endpoint Security (Beta)

With the WatchGuard Endpoint Security Beta, you can now manage endpoint security with these products in WatchGuard Cloud:

• WatchGuard Endpoint Protection Platform (EPP) – Centralized, advanced protection for desktops, laptops, and servers.
• WatchGuard Endpoint Detection and Response (EDR) – EDR capabilities to automate the detection, containment, and response to any advanced threat.
• WatchGuard Endpoint Protection Detection and Response (EPDR) – Combination of the widest range of protection (EPP) technologies with EDR capabilities, as well as Zero-Trust Application and Threat Hunting Services.

This Beta also introduces self-service Endpoint Security Trials and Account Groups in WatchGuard Cloud.

For information on the WatchGuard Endpoint Security Beta, visit the beta management site.

Resolved Issues

• Minor bug fixes and enhancements [FCCM-3312, FCCM-3105, GPD-43521]

Resolved Issues

• When a Subscriber logs in to WatchGuard Cloud, the dashboard now shows an Add Device button when a device is available to add. [WCD-7880]
• Minor bug fixes and enhancements

Resolved Issues

• Minor bug fixes and enhancements [FCCM-3187, FCCM-3211, FCCM-3275]

Resolved Issues

• On the Device Configuration > Authentication Settings page, when you enable the Authentication Portal, the Save button now redirects to the Device Configuration page. [FCCM-3194]
• Minor bug fixes and enhancements [FCCM-2909, FCCM-3169, WCD-7543, WCD-7853]

New Features

Active Directory Authentication Domains (Beta)

• WatchGuard Cloud now supports Active Directory authentication domains. With this feature, you can add an Active Directory authentication server and configure Active Directory users and groups for authentication. To get started, log in to your WatchGuard Cloud account and enable the Authentication Domain With Active Directory beta toggle.

Enhancements

• On Monitor > Devices > Live Status > Geolocation page, the map now includes a color-coded legend to indicate the number of connections. Dark green represents a high number of connections, light green represents a medium number of connections, and gray represents no connections. [FCCM-2778]

Resolved Issues

• If you enabled Mobile VPN, the IKEv2-Users group now appears when you add or edit a user on the Firebox Database page. [FCCM-2699]

• To improve clarity, when you want to restore the configuration settings for a cloud-managed Firebox to a previous configuration version, the Revert Changes link was updated to Revert Undeployed Changes. [FCCM-3259]
• Minor bug fixes and enhancements [FCCM-3192, FCCM-3245, FCCM-3250]

Enhancements

Aether Endpoint Security Management API

• Added an endpoint that retrieves a security overview for the specified time period. For more information, see the WatchGuard Public API documentation. [API-539]

Resolved Issues

• When you add a Firebox to WatchGuard Cloud and configure the external interface to use PPPoE, you can download a connection settings file to configure the device. The connection settings file (rapid_ip.csv) now includes the password to connect to the PPPoE server. [FCCM-3145]
• Minor bug fixes and enhancements [FCCM-2924, FCCM-3113, FCCM-3161, FCCM-3225]

Enhancements

• For Service Providers, on the Configure > Firebox Templates page, information on the lower half of the page now explains how each Firebox can subscribe to multiple templates. A flowchart illustrates how the settings from Template A and Template B are applied to subscribed accounts. [FCCM-3185]
• WatchGuard automatically allocates an RMA replacement device to the same WatchGuard Cloud account as the original cloud-managed device. You can configure the replacement device with the same settings as the original device and add it to the same WatchGuard Cloud account as the original cloud-managed device. [WCD-7215, WCD-7306]
• An updated version of Japanese online help is now available from WatchGuard Help Center. To switch between languages in Help Center, in the top-right of the page, click the language icon and select a language from the drop-down list.

Resolved Issues

• Minor bug fixes and enhancements [FCCM-3207, FCCM-3142]

Resolved Issues

• Minor bug fixes and enhancements [WCD-6569, WCD-7306, WCD-7633, DC-3466]

New Features

WatchGuard Cloud Firebox Management

WatchGuard Cloud Firebox Management is now available publicly. Benefits of cloud management include:

• Single management interface for multiple Fireboxes
• Simplified service and policy settings
• Network configuration is focused on networks instead of interfaces
• Easy VPN configuration between cloud-managed Fireboxes
• Policy templates for easy and repeatable deployment across clients
• Schedule configuration deployments to the Firebox from the cloud

For information about how to get started, see Quick Start — Set Up a Cloud-Managed Firebox in WatchGuard Help Center.

Enhancements

• New public API to manage devices that run Panda endpoint security software. For more information, see the WatchGuard API documentation. [API-533]
• An updated version of Spanish online help is now available from WatchGuard Help Center. To switch between languages in Help Center, in the top-right of the page, click the language icon and select a language from the drop-down list.

Resolved Issues

• WatchGuard Cloud Visibility
  • When there is too much data to display for today or yesterday in the Top Clients or Top Destinations tile on the Executive Dashboard or Security Dashboard, a new message prompts the user to select a shorter time range. [ DC-3475]

  • A fix was included to ensure that when the user changes the date in the Monitor > Devices > Health > Interface Summary report, the report displays correctly. [WCD-7338]

  • On the Monitor > Devices > Log Manager page, the Last Month and This Month shortcuts were removed as options from the date selector. [DC-3465]

Enhancements

• When a newer version of WatchGuard Cloud UI is deployed, active users are prompted to reload the page they are on. [WCD-7347]

• When you generate a verification code to request access to an account, the default expiration date for the delegation is now one year. [WCD-2724]

Resolved Issues

• Minor bug fixes and improvements [WCD-7214, WCD-7470]

Enhancements

• WatchGuard Cloud Visibility

  • In the DHCP Lease Activity report, the Start Time and End Time columns were updated to First Use and Last Use. [DC-3347]
• An updated version of French online help is now available from WatchGuard Help Center. To switch between languages in Help Center, in the top-right of the page, click the language icon and select a language from the drop-down list.

Resolved Issues

• Minor bug fixes and improvements

Resolved Issues

• WatchGuard Cloud Visibility
  • A fix was included so that the CSV download for an Authentication report now includes all of the records. [DC-3455]
  • On the Monitor > Devices > Logs > Log Search page, you can now click the page number at the top of the table to move from page to page. [WCD-7283]

Resolved Issues

• WatchGuard Cloud Visibility
  • A fix was included to ensure that reports with a large amount of data do not time out while they generate. [DC-3399, DC-3428]
  • The Monitor > Devices > Device > Authentication report now includes paging at the bottom of the window. [DC-3438]
• WatchGuard Cloud TDR
  • The TDR General Settings page is now available in WatchGuard Cloud. [GPD-43030]
  • The Migrate TDR page now prevents more than one user from saving and processing multiple items. [GPD-43018]
• Other minor bug fixes and UI improvements [WCD-6350, WCD-7227]

Features

Threat Detection and Response Integration

Threat Detection and Response (TDR) is now available in WatchGuard Cloud in the Asia Pacific, North American and European regions. With TDR integration, you no longer have to maintain two different account structures between WatchGuard Cloud and TDR. For more information on the changes to WatchGuard Cloud with TDR integration, see the TDR Release Notes.

Resolved Issues

• Minor bug fixes and improvements [DC-3269, DC-3445, WCD-7259]