Is Rapid Deploy from a Management Server Possible ?

I am trying to install an "out of the box" deployment using Rapid Deploy on a Management Server. Running WSM 12.5. The XTM T35 is running 12.3.1.

The instructions are simple enough. Create and upload a csv file with serial no, name, and the Management Server address. This part works fine.

When the Brand new device is powered up It appears under the Management Server as a new device. It reflects the new name I gave it so it's kind of working.

The problem comes in now. Almost anything I try using the management server fails with a communication error using any of the tools in the Management Server. Policy Manager, FSM, whatever. So I can't configure the box.

It does show an IP address that is in the proper range but nothing seems to work.

I also tried connecting to the IP address from outside WSM software directly. This fails as well.

I think this should be working but maybe I am missing a step?

Thank you,

HRM

Answers

  • James_CarsonJames_Carson WatchGuard Representative

    Hi @HRM
    Are you able to open Firebox System Manager from the management server? That will tell us if we can connect to the device directly.

    I'd also make sure that the "WatchGuard" rule has the external IPs of what you're connecting from (your server) so that it can call out to the firewall when needed.

    -James Carson
    WatchGuard Customer Support

  • No, the FSM gave a communication error. Also. I made a mistake. It assigned the new device the IP address which is actually the gateway address. It is in the range of my IP's but obviously shouldn't be the gateway. I am not sure why or even how it assigns an address when using Rapid Deploy in a Management Server.. There is no DHCP so I am not sure how the Rapid Deploy assigns an address.

    Also. I don't understand what you mean about a Watchguard rule. I can't get that far to create any rules as it's a brand new device.

    Thanks.

    HRM

  • James_CarsonJames_Carson WatchGuard Representative

    Hi @HRM

    One of the first template rules you'll want to make to the device will be to have your Management server's IPs in the WatchGuard rule. Most of our partners do this by making a new rule (calling it WG-server-access, or something similar, using the "WG-Firebox-Mgmt" packet filter.)

    If you're just getting stuck at that error, I'd suggest opening a case with WatchGuard support so that they can look into the management server's logs, and help determine what's going wrong. You can do that my using the support center link at the top right of the page.

    Thank you,

    -James Carson
    WatchGuard Customer Support

  • WSC -> Management Server -> Certificate Revocation List.
    This is the IP addr which needs to be your Firewall external interface IP addr.

    Watchguard rule = the default Watchguard policy, which also is a WG-Firebox-Mgmt packet filter.

  • I must be missing something somewhere. I thought all I had to do was register the device and create and upload a csv file with serial no, name, and the Management Server address. This part works fine. When the Brand new device is powered up It appears under the Management Server as a new device. It reflects the new name I gave it.

    See below

    https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/centralized_management/rapiddeploy_about_wsm.html

    So James I can never get to a screen to make ANY policy changes. It will not connect.

    HRM

Sign In to comment.