Overview:
FireCloud is a managed cloud-based firewall-as a-service. FireCloud protects your remote users against Internet-based security threats.
With FireCloud, you can configure these security settings to protect your users:
Content Scanning
Scanning engines protect against spyware, viruses, malicious applications, spam email, and data leakage. With FireCloud, you can enable content scanning with these services:
- Gateway AntiVirus — Protects your users from viruses. You can configure the action Gateway AntiVirus to drop connections when a virus is detected, an error occurs, scanned content exceeds the file size limit (10 MB), or scanned content is encrypted. No information is sent to the source of the connection.
- APT Blocker — Identifies the characteristics and behavior of Advanced Persistent Threat (APT) malware in files and email attachments that enter your network, and you can configure APT Blocker to drop connections for each threat level (High, Medium, Low).
Network Blocking
You can use FireCloud to monitor and block common security threats, such as botnets, spyware, SQL injections, cross-site scripting, and buffer overflows. With FireCloud, you can configure network blocking with these services:
- Botnet Detection — Adds a list of known botnet site IP addresses to the Blocked Sites List, which enables FireCloud to block these sites at the packet level.
- Intrusion Prevention Service — Uses signatures to provide real-time protection against network attacks, including spyware, SQL injections, cross-site scripting, and buffer overflows. You can specify the action IPS takes when it detects a threat, as well as the scan mode to use.
Geolocation
Geolocation is a security service that enables FireCloud to detect the geographic locations of connections to and from your protected devices. In FireCloud, you can enable and configure Geolocation to block access to and from specific locations.
Content Filtering
Content filtering uses the WebBlocker and Application Control security services to block specific content categories and applications.
- WebBlocker — Helps you control the websites that are available to your users. WebBlocker uses a database that groups website addresses into content categories. When a user tries to connect to a website, FireCloud looks up the address in the WebBlocker database and takes the action you specify for the content category.
- Application Control — Enables you to monitor and control the use of applications. Application Control uses over 1800 signatures that can identify and block over 1000 applications. You can use Application Control to block the usage of specific applications. For some applications, you can block specific application behaviors, such as file transfer.
By default, FireCloud has all security services enabled with the default configurations, and a default access rule is in place to handle which security services apply to user traffic. This means that you can deploy and use FireCloud immediately after you set up an identity provider.
You configure FireCloud in the WatchGuard Cloud platform, and end-users connect to the service with the WatchGuard Connection Manager. When end-users are connected to FireCloud, they are protected and can safely use their computer and browse the Internet.
Components and Key Terms:
Before you begin, we recommend that you familiarize yourself with these key terms related to FireCloud:
WatchGuard Connection Manager
The connection manager is an agent that you install on end-user computers. End-users use the connection manager to connect to FireCloud.
WatchGuard Agent
The WatchGuard Agent handles communication between managed computers on the same network and the WatchGuard server. The agent is installed on each endpoint or computer, and is used to deploy WatchGuard software, such as the WatchGuard connection manager and Endpoint Security software. It has low CPU, memory, and bandwidth usage and uses less than 2 MB of data each day.
When you download the connection manager installer from the FireCloud UI, you are downloading the WatchGuard Agent.
Point of Presence
A point of presence (PoP) is a physical location that enables users to connect to the Internet. When you connect to FireCloud, data from your device routes through the nearest WatchGuard PoP.
Identity Provider
An identity provider is an external system that you use to manage and authenticate your FireCloud users and groups. You can use any identity provider that supports SAML, such as AuthPoint, Microsoft Entra ID (Azure Active Directory), or Okta.
WatchGuard Cloud Directory
The WatchGuard Cloud Directory is an authentication domain in Directories and Domain Services where you can add users and groups that are hosted in WatchGuard Cloud. You can then use the users and groups from the WatchGuard Cloud Directgory with products such as FireCloud.
You can use the WatchGuard Cloud Directory instead of an identity provider to authenticate your FireCloud users and groups.
FireCloud Licenses:
To use FireCloud, you must activate a FireCloud license in your WatchGuard account or contact a Service Provider. The FireCloud license determines the number of users that can use the FireCloud service.
When you activate your FireCloud license key, the user licenses are added to your account in WatchGuard Cloud. If you are a Service Provider, the user licenses are added to your WatchGuard Cloud inventory. You can allocate FireCloud user licenses to accounts you manage in WatchGuard Cloud.
FireCloud is a security service that is licensed for each user.
There are four types of licenses:
- Term Licenses
A term license has a set number of users and a set duration, or term. For example, you might purchase a license for 100 users that expires after three years. The license expires the day after the expiration date at 00 UTC.
- Subscription Licenses
A subscription license enables you and your managed accounts to add users with no allocation limits. You can set a limit on the accounts you manage. With a subscription license, WatchGuard bills you monthly based on the number of users you have allocated.
- Trial Licenses
Trial licenses of FireCloud are available to Service Provider and Subscriber accounts in WatchGuard Cloud. Trial licenses expire after 30 days but you can renew them one time for another 30 days.
- NFR Licenses (Service Providers only)
A Not for Resale license includes a set number of users and typically has a three-year term. NFR licenses are available to Service Providers only.
You can activate and manage FireCloud term licenses on the WatchGuard portal in the Support Center. From Support Center, on the FireCloud page, you can review the activated FireCloud licenses for your account. If you click the name of a license, you can review the details and history of that license.
WatchGuard Cloud Subscriber accounts can have only one FireCloud license. When a Subscriber account activates a new license key in the Support Center, it is used to modify the current active FireCloud license. You can use a new license to add users or extend the license expiration.
WatchGuard Cloud Service Providers can have any number of licenses. When a Service Provider activates a new license key, they can use it to modify an active license or add a new, separate license. The users on the license are added to the Service Provider's inventory in WatchGuard Cloud, but the expiration date of the license is tracked separately.
Term License Activation
When you purchase FireCloud users, you are given a license key to activate on the WatchGuard website.
When you activate your FireCloud license key, the users for that license are added to your FireCloud account. If you have a Service Provider account, the users are instead added to your inventory in WatchGuard Cloud. From your inventory, you can allocate users to managed accounts or to your own account.
After you have an active FireCloud license, you have several options when you activate additional FireCloud license keys. Within the activation process, you can:
- Add users to a license
- Extend a license
- Add a new license (Service Providers only)
When you add users or extend a license, the new license is merged with your active FireCloud license and the two licenses are co-termed. When licenses are co-termed, a new expiration date is calculated based on your updated user count and the term length of the license you activated.
License Renewals and Upgrades
To renew a license or modify an existing license, you purchase a new license and activate it. When you activate the new license, you select whether to add users or extend your current license. When you add users to your active license or extend it, the new license merges with your active license and the two licenses are co-termed.
Co-terming consolidates or merges your term licenses to synchronize renewal dates. When you co-term licenses, a new expiration date is calculated based on the updated users count and the term length of the license you activated. If you add users, the number of users you purchased is added to your current inventory. For example, if you have 50 users and purchase a term license for 100 users, your final count after you activate your new license is 150 users.
If you have an active subscription license, when you renew a term license, your subscription usage count reduces automatically so that only the users in excess of your termed license are billed as subscription users.
When you extend your license, if you purchased the same number of users that you currently have, your license is extended for another period (one or three years). If you purchased more users than are in your current inventory, your inventory immediately updates to match the number of users you purchased the license for.
To renew with fewer users, purchase a license for the desired number of users and choose Extend License when you activate your license key.
