Rapid Deploy from website - reason for version change to match "Manufactured with" version

Recently have been testing a few different ways to do remote/rapid deployment and/or management (including using WatchGuard Cloud for management) and when testing Rapid Deploy using the website, I notice it only works correctly if the XML configuration file is saved as whatever version the Firebox is manufactured with (ie. the version on the Product Details page).

What is the reason behind this?
Is it something to do with the SYSB firmware (which is presumably the same version as the "Manufactured with" one on the product details page)?

I am asking since I am testing with an appliance that is manufactured with a somewhat older version and the XML configuration file I was hoping to use is as close to what I would want the initial configuration to be, in cases where we have to get a remote user to step through the factory reset steps (since Rapid Deploy will in most cases pull the config down).

Would it be fair to say that one would then need to apply any modifications (or restore backups) post a Rapid Deploy configuration as a normal step?

My test setup above is a T35-W that says it is manufactured with 12.3.1
The test configuration (on 12.5.11) had a WebBlocker "warn" action which it says is not supported when saving with 12.3.1 (think that was a 12.4 thing).

If I upload the 12.5.11 configuration to the Product Details page, it uploads and recognises the configuration but the Firebox doesn't appear to download it.
If I remove the "warn" action in WebBlocker then save with version 12.3.1 this file works perfectly.

Comments

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @PhilT_VIT
    The issue is the sysb firmware. That is the firmware the firewall boots into when doing a factory reset (which is part of the rapiddeploy process.)

    If you are running into issues with features that are not supported, I'd suggest getting a baseline config via rapiddeploy, and applying anything else you might need via management server or cloud management once the device is confirmed upgraded to the version you'd like to move.

    -James Carson
    WatchGuard Customer Support

  • I had a feeling that was the case - thanks for confirming my thoughts re the sysb firmware.

    The resulting Firebox still boots with the upgraded firmware (12.5.11 in this case) so seems it's more about having to re-apply changes specific to the newer firmware, which shouldn't be that much as the production units would be newer devices (eg. T85 or M290).

    Might also have to investigate the option of restoring a backup from the USB drive as another strategy for how to get a Firebox up and running remotely when it's on the other side of the country (obviously need to set this up before it fails!).

Sign In to comment.