Configuration questions for Cloud-managed fireboxes

  1. If I have a Cloud-managed firebox with an existing configuration and I remove it from Cloud management, the firebox will be locally managed but does it use the default configuration or the configuration from the Cloud?

  2. If I reset and re-add this firebox as Cloud-managed, does the firebox automatically use the last Cloud configuration it had or do I have to re-configure everything again?

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @justanotheruser
    The firebox will have a new default config in both cases -- config was simplified in the cloud managed side, and configs are not portable between the two management types.

    -James Carson
    WatchGuard Customer Support

  • edited May 2022

    Hello @james.carson , is there a way to save the Cloud configuration for Cloud-managed fireboxes just as you would with an XML file for locally managed ones?

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @justanotheruser
    At this current point in time there is no way to import/export configurations via a file in WatchGuard Cloud.

    -James Carson
    WatchGuard Customer Support

  • Supposedly there was going to be a way to convert a cloud managed firebox config to a locally managed config.
    I'm not seeing this listed anywhere at the moment as a current ability or future offering.
    Early on it was stated that there would be no way to take a locally managed config and import it to result in a WatchGuard Cloud managed firebox config.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    @Bruce_Briggs
    It's something that's in progress, but since the policies are designed differently (first run/core/last run vs traditional numbered policies) I'm not sure it'll be nearly as portable as justanotheruser is looking for.

    -James Carson
    WatchGuard Customer Support

  • I understand. Given the differences, I was surprised to see that there was an design expectation to be able to convert a cloud managed firebox config to a locally managed config.

  • @ justanotheruser

    “If I have a Cloud-managed firebox with an existing configuration and I remove it from Cloud management, the firebox will be locally
    managed but does it use the default configuration or the configuration from the Cloud?”

    When you remove the firebox from the Cloud-Management, the device continues to run the configuration from the “cloud” and you can connect to the device with the local web UI.
    Check this video from WG:
    https://www.watchguard.com/help/video-tutorials/Cloud_Firebox_Management_Remove_Add_Loc_Manage/index.html

    “If I reset and re-add this firebox as Cloud-managed, does the firebox automatically use the last Cloud configuration it had or do I have to re-configure everything again?”

    You have to re-configure the device.
    but using templates helps little….
    Check this video from WG:
    https://www.watchguard.com/help/video-tutorials/Cloud_Firebox_Management_config_templates/index.html

  • Why anyone would manage a security device in the MOST UNSECURE thing in the world (the internet) is beyond me.

    The premise aligns with the statement "We are from the government, we are here to help".

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @TestingTester

    There's multiple layers of security baked into management on WatchGuard cloud, including TPM hardware on all of our newer devices.

    For customers that opt to not use cloud management, we still offer management via the System Manager tool, the WebUI, and the command line of the firewall itself.

    If you have any specific security concerns, we'd be happy to address them.

    -James Carson
    WatchGuard Customer Support

  • James - thank you..but, having had worked with Dimension Command (buggy at best) and System Manager and now the cloud for everything from WiFi to 2FA...well, we got rid of most WG WiFi due to the management systems (as well as many other factors) and simply will not rely on someone's server to manage our edge. Like I said - takes a fool to trust security on something so far out of local control. More so in today's world.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @TestingTester
    If you have any feedback on any of WatchGuard's products, I'd suggest taking them to http://www.watchguard.com/support/feedback.asp.

    -James Carson
    WatchGuard Customer Support

This discussion has been closed.