Call a Specialist Today! 1300 505 257

WatchGuard Firebox Cloud Large
Features and services of the Firebox to the Amazon Web Services (AWS)

WatchGuard Firebox T10

WatchGuard Firebox Cloud Series
Firebox Cloud Large Series Support Bundles
Standard Support includes 24x7 support with unlimited incidents per year, 4 hour critical/high, 8 hour Large, 24 hour low targeted response times, advanced hardware replacement and software updates and patches.
Firebox Cloud Large with 1-Year Standard Support
#WGCLG001
List Price: $8,730.00
Our Price: $6,984.00
Firebox Cloud Large with 3-Year Standard Support
#WGCLG003
List Price: $11,051.00
Our Price: $8,840.00
Firebox Cloud Large Series Basic Security Suite Bundles
Basic Security Suites include Appliance, Standard Support (24x7), Application Control, WebBlocker, spamBlocker, Gateway Antivirus, Intrusion Prevention Service, Reputation Enabled Defense, and Network Discovery.
Firebox Cloud Large with 1-Year Basic Security Suite
#WGCLG031
List Price: $11,787.00
Our Price: $9,429.00
Firebox Cloud Large with 3-Year Basic Security Suite
#WGCLG033
List Price: $18,865.00
Our Price: $15,092.00
Firebox Cloud Large Series Total Security Suite Bundles
Total Security Suites include Appliance, Gold Support, Basic Security Suite, APT Blocker, Data Loss Prevention, Dimension Command and Threat Detection & Response.
Firebox Cloud Large with 1-Year Total Security Suite
#WGCLG641
List Price: $16,586.00
Our Price: $13,269.00
Firebox Cloud Large with 3-Year Total Security Suite
#WGCLG643
List Price: $30,264.00
Our Price: $24,211.00
Firebox Cloud Large Competitive Trade In Program - More Details
Competitive Trade In to Firebox Cloud Large with 3-Year Basic Security Suite
*Special Pricing for qualifying competitive trade-in products.
#WGCLG083
List Price: $13,893.00
Our Price: $11,114.00
Competitive Trade In to Firebox Cloud Large with 3-Year Total Security Suite
*Special Pricing for qualifying competitive trade-in products.
#WGCLG693
List Price: $26,072.00
Our Price: $20,858.00

More pricing below, click here!

Please Note: All Prices are Inclusive of GST

Overview:

Firebox Cloud brings the proven features and services of the Firebox to the Amazon Web Services (AWS) cloud computing platform. Firebox Cloud uses the same powerful Fireware OS and most of the same subscription services available on other Firebox models. You can use Firebox Cloud to protect servers deployed on your AWS virtual private cloud, and you can use it as a secure VPN endpoint for connections to resources on your virtual network.

For greater visibility into the status of traffic and security on your virtual network, you can use WatchGuard Dimension to monitor Firebox Cloud.

Firebox Cloud License Options

In the AWS Marketplace, you can purchase Firebox Cloud with two different license options.

Bring Your Own License (BYOL)

With this license option, Amazon charges you for the EC2 instance. You then purchase a license for Firebox Cloud separately from an authorized WatchGuard reseller. In your account on the WatchGuard website, you activate the Firebox serial number and specify the AWS instance ID, which enables you to get a feature key. You then apply the feature key to your Firebox Cloud instance, which enables you to configure all the licensed features. This feature key has an expiration date. You can purchase a renewal from an authorized WatchGuard reseller.

You can purchase a Firebox Cloud for one of five models. The models are based on the maximum number of AWS vCPUs that Firebox Cloud uses.

Firebox Cloud Model Maximum AWS vCPUs
Small 2
Medium 4
Large 8
Extra Large 16

If you deploy Firebox Cloud on a VPC that has more vCPUs than the Firebox Cloud model supports, Firebox Cloud uses only the supported number of vCPUs.

Pay As You Go

With this license option, the cost of the license for Fireware Cloud and all security services is included in the price charged by Amazon. Amazon bundles the price of your Firebox Cloud usage with other costs for the VPC. This provides a perpetual license with no fixed expiration date. There is no need to purchase, activate, or renew a separate feature key from WatchGuard.

For either licensing option, the available security features and deployment steps are the same. For the Bring Your Own License licensing model, you activate your license and apply the feature key after you deploy your instance of Firebox Cloud.

About Amazon Web Services

Amazon Web Services (AWS) is a flexible, on-demand, cloud services platform that provides compute power, database storage, and services at a variable cost based on the resources you use. If you are new to AWS, you must understand the AWS terms and concepts in this section before you deploy Firebox Cloud.

  • Amazon Virtual Private Cloud (VPC)
    An Amazon VPC is a logically isolated private virtual network environment in the AWS cloud. Firebox Cloud, and the virtual servers it protects, are all virtual machines that you deploy in a VPC.
  • Amazon Elastic Compute Cloud (EC2)
    Amazon EC2 is a virtual server hosting service that provides scalable computing capacity in the AWS cloud, Amazon Machine Image (.AMI). An .AMI is a virtual machine template that you use to deploy a virtual server in AWS. Firebox Cloud is delivered as an .AMI file that you use to deploy Firebox Cloud in your AWS VPC.
  • EC2 Instance
    To launch one or more EC2 instances, you use an .AMI file. Each instance is a copy of the .AMI that runs as a virtual server. When you launch a new instance, you select the instance type, which determines the amount of CPU, storage, and network capabilities assigned to the instance. Firebox Cloud runs as an EC2 instance in your Amazon VPC. Each instance has a unique Instance ID.
  • Elastic IP Address (EIP)
    An Elastic IP address is a static public IP address that you can assign to an EC2 instance. First, you allocate an Elastic IP address to a VPC, and then you associate it with an EC2 instance in the VPC. For Firebox Cloud, you allocate an Elastic IP address for the external interface.
  • Security Group
    The security group is a virtual firewall that controls which inbound and outbound traffic is allowed to reach the associated instances. In the security group, you define rules that control what traffic to allow. When you launch an instance, you must specify at least one security group.
  • AWS Regions and Availability Zones
    AWS has ten AWS Regions, which are in ten different regions around the world. Each region contains several Availability Zones. A VPC can contain subnets in different Availability Zones.

Feature Differences:

Because Firebox Cloud is optimized to protect servers in an AWS virtual private cloud, some setup requirements, configuration options, and available features are different from other Firebox models. This section summarizes the differences between Firebox Cloud and other Fireboxes.

Administration

You must use Fireware Web UI to administer your instance of Firebox Cloud. You can use WatchGuard Dimension to monitor the traffic and security status of the networks your Firebox protects.

You cannot use a WatchGuard Management Server, Policy Manager, or Dimension to administer your instance of Firebox Cloud.

Licensing and Services

All supported features and services are included with Firebox Cloud. Firebox Cloud supports these WatchGuard subscription services:

  • Application Control
  • WebBlocker
  • Gateway AV
  • Geolocation
  • Intrusion Prevention Service (IPS)
  • Reputation Enabled Defense
  • Botnet Detection
  • Data Loss Prevention
  • APT Blocker
  • Threat Detection

For the Bring Your Own License option, you must activate a license key for Firebox Cloud on the WatchGuard website, and add the feature key to your instance of Firebox Cloud.

For Firebox Cloud with a Pay As You Go license, the Threat Detection and Response service does not include Host Sensor licenses.

Network Interfaces

Firebox Cloud supports two to eight interfaces. It supports one external interface (eth0), and up to seven private interfaces (eth1–eth7). All Firebox Cloud interfaces use DHCP to request an IP address. You assign an Elastic IP (EIP) address to the external interface. The internal IP addresses are assigned based on the private networks assigned to your AWS instance.

Because AWS assigns the network interface IP addresses to the instance of Firebox Cloud, you cannot configure the network interfaces in Fireware Web UI. The Network > Interfaces configuration page is not visible in Fireware Web UI for Firebox Cloud.

Default Firebox Configuration

When you launch an instance of Firebox Cloud, it automatically starts with a default configuration. For Firebox Cloud with a BYOL license, you must get a feature key to enable configuration of all features.

The Firebox Cloud Setup Wizard runs the first time you connect to Fireware Web UI. In the wizard you accept the End User License Agreement and choose new passphrases.

After you run the setup wizard, the default configuration for Firebox Cloud is different from other Firebox models in these ways:

  • All interfaces use DHCP to obtain an IPv4 primary IP addresses
  • Firebox Cloud allows more than one Device Administrator to connect at the same time
  • You can connect to any interface for administration with Fireware Web UI
  • The default policies allow management connections and pings to Firebox Cloud, but do not allow outbound traffic from private subnets through Firebox Cloud
  • Licensed subscription services are not configured by default

Feature Differences

Firebox Cloud supports most policy and security features available on other Firebox models. It supports a subset of networking features appropriate for the AWS environment. For supported features, the available configuration settings are the same as for any other Firebox. Most features and options that are not supported for Firebox Cloud do not appear in Fireware Web UI.

Networking features not supported:

  • Drop-in mode and Bridge mode
  • DHCP server and DHCP relay
  • PPPoE
  • IPv6
  • Multi-WAN (includes sticky connections and policy-based routing)
  • Static ARP entries
  • Link Aggregation
  • VLAN Bridge interface
  • Modem
  • FireCluster
  • Gateway Wireless Controller
  • Mobile VPN with SSL Bridge VPN Traffic option

Policies and Security Services not supported:

  • Explicit-proxy and Proxy Auto-Configuration (PAC) files
  • Quotas
  • spamBlocker and Quarantine Server
  • Network Discovery
  • Mobile Security

Authentication features not supported:

  • Hotspot
  • Single Sign-On (SSO)

System Administration features not supported:

  • Dimension (Dimension for monitoring is supported)
  • Management by WatchGuard Management Server or Policy Manager
  • Logon disclaimer for device management connections
  • USB drive for backup and restore

Features you cannot configure from Fireware Web UI:

  • Change the logging settings for default packet handling options
  • Edit the name of an existing policy
  • Add a custom address to a policy
  • Use a host name (DNS lookup) to add an IP address to a policy
  • Add or edit a secondary PPPoE interface
In Fireware Web UI, it is possible to configure some features, such as IPv6 routes, that are not supported for Firebox Cloud. This does not enable the unsupported feature, and does no harm.

Fireware Web UI Differences

For Firebox Cloud, some pages in Fireware Web UI includes information about the Firebox Cloud EC2 instance.

The Front Panel Dashboard

For Firebox Cloud, Front Panel dashboard includes this information about the Firebox Cloud EC2 instance:

  • Instance ID
  • Instance Type
  • Availability Zone
The VM Information System Status Page

The VM Information System Status page in Fireware Web UI includes more details about the Firebox Cloud EC2 instance. To go to the VM Information page, select System Status > VM Information.

The VM Information page includes this information:

  • Instance ID
  • Instance Type
  • Availability Zone
  • Public Hostname
  • Public IPv4 Address
  • Security Group
  • Public Key

The Interfaces Dashboard

The Interfaces Dashboard page in Fireware Web UI includes information about the AWS virtual network interfaces associated with each Firebox Cloud interface.

Screen shot of the Interfaces dashboard, Detail tab

The Interfaces page includes this information:

  • Interface ID — The elastic network interface (eni) ID
  • Public Hostname — The public DNS host name for the external interface
  • Public IPv4 address — The public IPv4 IP address for the external interface
  • Local Hostname — The private DNS host name for the network interface
  • Device Number — The interface number
  • VPC ID — The ID of the VPC where the instance of Firebox Cloud is deployed
  • Link Status — The link status of each interface (Up or Down)
  • DNS Servers — The list of the DNS servers that generate the IP address for the external interface

Use Cases:

The subsequent use cases describe some of the ways Firebox Cloud can add security to your AWS virtual networks.

Protect Servers Deployed on AWS

To provide protection to one or more virtual servers that are accessible from the Internet, you can install a Firebox Cloud instance. Your instance of Firebox Cloud is then the gateway for inbound connections to your servers from the internet. You configure policies and security services on your instance of Firebox Cloud to control traffic to your virtual servers.

Branch Office VPN Gateway

You can configure your Firebox Cloud as a branch office VPN (BOVPN) gateway endpoint so you can maintain a secure VPN connection between your AWS network resources and other networks protected by a Firebox or compatible VPN gateway endpoint. Firebox Cloud supports all the same VPN features as other Firebox models.

Mobile VPN Gateway

You can also enable Firebox Cloud to accept VPN connections from SSL, IPSec, and L2TP mobile VPN clients, and configure policies to control user and group access to your protected AWS network resources.

Please note: Throughput rates are determined using multiple flows through multiple ports and will vary depending on environment and configuration.

* Firebox T10-D (DSL) is available in Europe & Australia. Supports ADSL2+VDSL2/ ADSL on WAN port with integrated modem.
**Not available on Firebox T10, T10-W, T10-D

Pricing Notes:

WatchGuard Firebox Cloud Series
Firebox Cloud Large Series Support Bundles
Standard Support includes 24x7 support with unlimited incidents per year, 4 hour critical/high, 8 hour Large, 24 hour low targeted response times, advanced hardware replacement and software updates and patches.
Firebox Cloud Large with 1-Year Standard Support
#WGCLG001
List Price: $8,730.00
Our Price: $6,984.00
Firebox Cloud Large with 3-Year Standard Support
#WGCLG003
List Price: $11,051.00
Our Price: $8,840.00
Firebox Cloud Large Series Basic Security Suite Bundles
Basic Security Suites include Appliance, Standard Support (24x7), Application Control, WebBlocker, spamBlocker, Gateway Antivirus, Intrusion Prevention Service, Reputation Enabled Defense, and Network Discovery.
Firebox Cloud Large with 1-Year Basic Security Suite
#WGCLG031
List Price: $11,787.00
Our Price: $9,429.00
Firebox Cloud Large with 3-Year Basic Security Suite
#WGCLG033
List Price: $18,865.00
Our Price: $15,092.00
Firebox Cloud Large Series Total Security Suite Bundles
Total Security Suites include Appliance, Gold Support, Basic Security Suite, APT Blocker, Data Loss Prevention, Dimension Command and Threat Detection & Response.
Firebox Cloud Large with 1-Year Total Security Suite
#WGCLG641
List Price: $16,586.00
Our Price: $13,269.00
Firebox Cloud Large with 3-Year Total Security Suite
#WGCLG643
List Price: $30,264.00
Our Price: $24,211.00
Firebox Cloud Large Competitive Trade In Program - More Details
Competitive Trade In to Firebox Cloud Large with 3-Year Basic Security Suite
*Special Pricing for qualifying competitive trade-in products.
#WGCLG083
List Price: $13,893.00
Our Price: $11,114.00
Competitive Trade In to Firebox Cloud Large with 3-Year Total Security Suite
*Special Pricing for qualifying competitive trade-in products.
#WGCLG693
List Price: $26,072.00
Our Price: $20,858.00
WatchGuard Total Security Software Suite Renewal/Upgrade
Total Security Software Suites include Gold Support, Basic Security Suite, APT Blocker, Data Loss Prevention, Dimension Command and Threat Detection & Response.
Total Security Suite Renewal/Upgrade 1-Year for Firebox Cloud Large
#WGCLG351
List Price: $9,772.00
Our Price: $9,088.00
Total Security Suite Renewal/Upgrade 3-Year for Firebox Cloud Large
#WGCLG353
List Price: $23,465.00
Our Price: $21,823.00
WatchGuard Basic Security Software Suite Renewal/Upgrade
Basic Security Software Suites include Standard Support (24x7), Application Control, WebBlocker, spamBlocker, Gateway Antivirus, Intrusion Prevention Service, Reputation Enabled Defense, and Network Discovery.
Basic Security Suite Renewal/Upgrade 1-Year for Firebox Cloud Large
#WGCLG331
List Price: $5,058.00
Our Price: $4,704.00
Basic Security Suite Renewal/Upgrade 3-Year for Firebox Cloud Large
#WGCLG333
List Price: $12,157.00
Our Price: $11,306.00
WatchGuard Subscription for Firebox Cloud Large Models
WatchGuard APT Blocker 3-yr for Firebox Cloud Large
#WGCLG173
List Price: $6,287.00
Our Price: $5,846.00
WatchGuard APT Blocker 1-yr for Firebox Cloud Large
#WGCLG171
List Price: $2,615.00
Our Price: $2,432.00
WatchGuard Data Loss Prevention 3-yr for Firebox Cloud Large
#WGCLG163
List Price: $3,044.00
Our Price: $2,831.00
WatchGuard Data Loss Prevention 1-yr for Firebox Cloud Large
#WGCLG161
List Price: $1,265.00
Our Price: $1,176.00
WatchGuard WebBlocker 1-yr for Firebox Cloud Large
#WGCLG101
List Price: $2,615.00
Our Price: $2,432.00
WatchGuard Gateway AntiVirus 1-yr for Firebox Cloud Large
#WGCLG121
List Price: $2,615.00
Our Price: $2,432.00
WatchGuard Intrusion Prevention Service 1-yr for Firebox Cloud Large
#WGCLG131
List Price: $2,615.00
Our Price: $2,432.00
WatchGuard Reputation Enabled Defense 1-yr for Firebox Cloud Large
#WGCLG141
List Price: $2,615.00
Our Price: $2,432.00
WatchGuard Application Control 1-yr for Firebox Cloud Large
#WGCLG151
List Price: $2,615.00
Our Price: $2,432.00
WatchGuard Threat Detection & Response 3-yr for Firebox Cloud Large
#WGCLG193
List Price: $6,287.00
Our Price: $5,846.00
WatchGuard Threat Detection & Response 1-yr for Firebox Cloud Large
#WGCLG191
List Price: $2,615.00
Our Price: $2,432.00
Standard Support Services
Standard Support includes 24x7 support with unlimited incidents per year, 4 hour critical/high, 8 hour Large, 24 hour low targeted response times, advanced hardware replacement and software updates and patches.
WatchGuard Standard Support Renewal 3-yr for Firebox Cloud Large
#WGCLG203
List Price: $3,986.00
Our Price: $3,707.00
WatchGuard Standard Support Renewal 1-yr for Firebox Cloud Large
#WGCLG201
List Price: $1,658.00
Our Price: $1,542.00
Trade up to WatchGuard Firebox Cloud Large
Trade up to WatchGuard Firebox Cloud Large with 3-yr Total Security Suite
#WGCLG673
List Price: $27,651.00
Our Price: $22,121.00
Trade up to WatchGuard Firebox Cloud Large with 1-yr Total Security Suite
#WGCLG671
List Price: $13,972.00
Our Price: $11,178.00
Trade up to WatchGuard Firebox Cloud Large with 3-yr Basic Security Suite
#WGCLG063
List Price: $16,250.00
Our Price: $13,000.00
Trade up to WatchGuard Firebox Cloud Large with 1-yr Basic Security Suite
#WGCLG061
List Price: $9,172.00
Our Price: $7,337.00
WatchGuard Upgrade to Gold Support
WatchGuard Upgrade to Gold Support 3-yr for Firebox Cloud Large
#WGCLG263
List Price: $5,872.00
Our Price: $5,461.00
WatchGuard Upgrade to Gold Support 1-yr for Firebox Cloud Large
#WGCLG261
List Price: $2,451.00
Our Price: $2,279.00