WatchGuard FireCloud Total Access

Overview:

Secure Remote Users and Hybrid Access

Today’s hybrid workplace requires more than VPN protection. Employees need secure, reliable access to cloud applications, SaaS, and private resources such as internal apps, databases, and development environments.

FireCloud Total Access is a cloud-delivered security service that combines Firewall as a Service (FWaaS), Secure Web Gateway (SWG), virtual private network (VPN), and Zero Trust Network Access (ZTNA) to protect remote users from Internet-based attacks and enforce secure access to hybrid resources.

As part of WatchGuard’s zero trust framework, FireCloud Total Access enables organizations to deliver enterprise-grade protection to every user, everywhere, whether working remotely, traveling, or inside the office.

Comprehensive Hybrid Security

FireCloud Total Access extends enterprise-grade protections once limited to the corporate perimeter directly to remote workers and private app access. This includes URL filtering, intrusion prevention, DNS security, advanced malware detection, and identity-driven ZTNA controls that grant access only to the right users, devices, and applications.

Core Security Services

Seamless Global Security For Your Workforce

Empower remote workers and safeguard Cloud-hosted applications with FireCloud Total Access. Seamlessly managed through WatchGuard Cloud, it integrates firewall-as-a-service (FWaaS) and secure web gateway (SWG) capabilities, delivering robust enterprisegrade security features. With WatchGuard Cloud, administrators can effortlessly configure global security services and policies, instantly propagated to our worldwide points of presence (PoPs). Users enjoy frictionless access by simply entering their credentials into the FireCloud client on any device, ensuring steadfast security coverage from wherever they connect.

Use Cases

Deployment

Components and Key Terms:

Before you begin, we recommend that you familiarize yourself with these key terms related to FireCloud:

WatchGuard Connection Manager

The connection manager is an agent that you install on end-user computers. End-users use the connection manager to connect to FireCloud.

WatchGuard Agent

The WatchGuard Agent handles communication between managed computers on the same network and the WatchGuard server. The agent is installed on each endpoint or computer, and is used to deploy WatchGuard software, such as the WatchGuard connection manager and Endpoint Security software. It has low CPU, memory, and bandwidth usage and uses less than 2 MB of data each day.

When you download the connection manager installer from the FireCloud UI, you are downloading the WatchGuard Agent.

Point of Presence

A point of presence (PoP) is a physical location that enables users to connect to the Internet. When you connect to FireCloud, data from your device routes through the nearest WatchGuard PoP.

Identity Provider

An identity provider is an external system that you use to manage and authenticate your FireCloud users and groups. You can use any identity provider that supports SAML, such as AuthPoint, Microsoft Entra ID (Azure Active Directory), or Okta.

WatchGuard Cloud Directory

The WatchGuard Cloud Directory is an authentication domain in Directories and Domain Services where you can add users and groups that are hosted in WatchGuard Cloud. You can then use the users and groups from the WatchGuard Cloud Directgory with products such as FireCloud.

You can use the WatchGuard Cloud Directory instead of an identity provider to authenticate your FireCloud users and groups.

FireCloud Licenses:

To use FireCloud, you must activate a FireCloud license in your WatchGuard account or contact a Service Provider. The FireCloud license determines the number of users that can use the FireCloud service.

When you activate your FireCloud license key, the user licenses are added to your account in WatchGuard Cloud. If you are a Service Provider, the user licenses are added to your WatchGuard Cloud inventory. You can allocate FireCloud user licenses to accounts you manage in WatchGuard Cloud.

FireCloud is a security service that is licensed for each user.

There are four types of licenses:

• Term Licenses
  A term license has a set number of users and a set duration, or term. For example, you might purchase a license for 100 users that expires after three years. The license expires the day after the expiration date at 00 UTC.
• Subscription Licenses
  A subscription license enables you and your managed accounts to add users with no allocation limits. You can set a limit on the accounts you manage. With a subscription license, WatchGuard bills you monthly based on the number of users you have allocated.
• Trial Licenses
  Trial licenses of FireCloud are available to Service Provider and Subscriber accounts in WatchGuard Cloud. Trial licenses expire after 30 days but you can renew them one time for another 30 days.
• NFR Licenses (Service Providers only)
  A Not for Resale license includes a set number of users and typically has a three-year term. NFR licenses are available to Service Providers only.

You can activate and manage FireCloud term licenses on the WatchGuard portal in the Support Center. From Support Center, on the FireCloud page, you can review the activated FireCloud licenses for your account. If you click the name of a license, you can review the details and history of that license.

WatchGuard Cloud Subscriber accounts can have only one FireCloud license. When a Subscriber account activates a new license key in the Support Center, it is used to modify the current active FireCloud license. You can use a new license to add users or extend the license expiration.

WatchGuard Cloud Service Providers can have any number of licenses. When a Service Provider activates a new license key, they can use it to modify an active license or add a new, separate license. The users on the license are added to the Service Provider's inventory in WatchGuard Cloud, but the expiration date of the license is tracked separately.

Term License Activation

When you purchase FireCloud users, you are given a license key to activate on the WatchGuard website.

When you activate your FireCloud license key, the users for that license are added to your FireCloud account. If you have a Service Provider account, the users are instead added to your inventory in WatchGuard Cloud. From your inventory, you can allocate users to managed accounts or to your own account.

After you have an active FireCloud license, you have several options when you activate additional FireCloud license keys. Within the activation process, you can:

• Add users to a license
• Extend a license
• Add a new license (Service Providers only)

When you add users or extend a license, the new license is merged with your active FireCloud license and the two licenses are co-termed. When licenses are co-termed, a new expiration date is calculated based on your updated user count and the term length of the license you activated.

License Renewals and Upgrades

To renew a license or modify an existing license, you purchase a new license and activate it. When you activate the new license, you select whether to add users or extend your current license. When you add users to your active license or extend it, the new license merges with your active license and the two licenses are co-termed.

Co-terming consolidates or merges your term licenses to synchronize renewal dates. When you co-term licenses, a new expiration date is calculated based on the updated users count and the term length of the license you activated. If you add users, the number of users you purchased is added to your current inventory. For example, if you have 50 users and purchase a term license for 100 users, your final count after you activate your new license is 150 users.

If you have an active subscription license, when you renew a term license, your subscription usage count reduces automatically so that only the users in excess of your termed license are billed as subscription users.

When you extend your license, if you purchased the same number of users that you currently have, your license is extended for another period (one or three years). If you purchased more users than are in your current inventory, your inventory immediately updates to match the number of users you purchased the license for.

To renew with fewer users, purchase a license for the desired number of users and choose Extend License when you activate your license key.

Documentation:

Download the WatchGuard FireCloud Total Access Datasheet (.PDF)