Licencing doesn't allow for cold-standbys?

We need to upgrade our firewall due to the latest vulnerability

I want to minimise downtime and risk so came up with an idea, we have an identical model due to a site being decommissioned.

My idea was to give that the upgrade and our config and swap it in, after a period of "bedding in" I upgrade that firewall too so it becomes a cold-standby.

Whilst WG support agree that's a great way to do it, both units have to be licenced despite one spending its days just sitting turned-off in the cupboard "just in case"

Does anyone else have a cold-standby and have you had to buy a licence for it?

If the existing unit dies, could the licence be moved quickly to our spare or is the licencing really that inflexible?


  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @back_ache

    You could potentially do this via an active/backup cluster, but would need to power the "spare" up every time you want to upgrade the OS on it or make a config change so it can sync over to the other unit. In general I'd suggest that it'd be better to leave the backup unit on, as it can take over in the event of an emergency where the primary fails -- and if it needed to be taken offline to do a situation like what you described, you could do so.

    If you preferred to have a cold spare unit, you could purchase it and simply not activate it.

    We do not have any specific licensing program to license a hot spare unit at this time.

    -James Carson
    WatchGuard Customer Support

  • Note that the only license that you would need for an Active/Passive (backup firewall) FireCluster is a support license (LiveSecurtiy) for the 2nd firewall.
    The cluster shares any additional optional licenses, such as Total Security etc.

    About Feature Keys and FireCluster

    Also, the 2nd firewall does need to be the same model as the 1st one.

    With a support license, you do get advance hardware replacement to minimize downtime in case of a hardware failure.

    About WatchGuard Support

Sign In to comment.