Overview:
Secure Remote Users and Hybrid Access
Today’s hybrid workplace requires more than VPN protection. Employees need secure, reliable access to cloud applications, SaaS, and private resources such as internal apps, databases, and development environments.
FireCloud Total Access is a cloud-delivered security service that combines Firewall as a Service (FWaaS), Secure Web Gateway (SWG), virtual private network (VPN), and Zero Trust Network Access (ZTNA) to protect remote users from Internet-based attacks and enforce secure access to hybrid resources.
As part of WatchGuard’s zero trust framework, FireCloud Total Access enables organizations to deliver enterprise-grade protection to every user, everywhere, whether working remotely, traveling, or inside the office.
Comprehensive Hybrid Security
FireCloud Total Access extends enterprise-grade protections once limited to the corporate perimeter directly to remote workers and private app access. This includes URL filtering, intrusion prevention, DNS security, advanced malware detection, and identity-driven ZTNA controls that grant access only to the right users, devices, and applications.
Core Security Services
Zero Trust Network Access (ZTNA)
- Application-level controls and per-session access
- Identity- and device-based trust verification
- Eliminates lateral movement risk
Firewall as a Service (FWaaS)
- Intrusion Prevention (IPS)
- Gateway AntiVirus & Botnet Detection
- Cloud Sandboxing (APT Blocker)
- TLS Inspection and DNS Filtering
Secure Web Gateway (SWG)
- URL Filtering (WebBlocker)
- Application Control to block risky apps
VPN Services
- Encrypted tunnels for legacy and custom applications
- Remote worker access where a traditional VPN is required
Unified Security Management
- One cloud console for remote worker protection, VPN, and ZTNA visibility
- Centralized policies, reporting, and threat intelligence
Key Benefits:
- Protect Remote Workers: Shield users from Internet-based threats such as phishing, ransomware, and malicious websites with cloud-delivered security services.
- Zero Trust Access to Private Apps: Provide identity-based, per-session access to internal and SaaS resources without relying on legacy VPN sprawl.
- Unified Security Management: Combine remote worker protection, VPN services, and ZTNA visibility into a single cloud-managed platform, simplifying operations.
- Secure Internet Access: Control remote employee Internet access to enhance compliance and protect against web- based attacks.
- Consistent Global Experience: Ensure secure, seamless access from anywhere through WatchGuard cloud- managed points of presence (PoPs).
Seamless Global Security For Your Workforce
Empower remote workers and safeguard Cloud-hosted applications with FireCloud Total Access. Seamlessly managed through WatchGuard Cloud, it integrates firewall-as-a-service (FWaaS) and secure web gateway (SWG) capabilities, delivering robust enterprisegrade security features. With WatchGuard Cloud, administrators can effortlessly configure global security services and policies, instantly propagated to our worldwide points of presence (PoPs). Users enjoy frictionless access by simply entering their credentials into the FireCloud client on any device, ensuring steadfast security coverage from wherever they connect.
Stateful Firewall
Inspects network traffic, blocks malicious activity, protects sensitive data, and offers advanced features like intrusion prevention, malware detection, and URL filtering to defend against a wide range of threats.
Gateway AntiVirus
Scans incoming and outgoing traffic for viruses, malware, and other threats, providing comprehensive protection against cyberattacks to safeguard sensitive data and ensure business continuity.
Intrusion Prevention Service (IPS)
Provides real-time protection against network attacks like spyware, SQL injections, and cross-site scripting by identifying and blocking malicious traffic to safeguard your network from potential breaches.
APT Blocker
Leverages AI and machine learning to identify and block sophisticated cyber threats, such as advanced persistent threats (APTs), zero-day exploits, and ransomware.
Application Control
Enhances network security by preventing unauthorized software execution and potential breaches through granular control over which applications can run on devices.
DNSWatch
Offers advanced threat intelligence, real-time blocking, and DNS filtering to safeguard networks and users through a Cloud-based DNS security service.
WebBlocker
Safeguards your network by blocking malicious websites and inappropriate content, empowering organizations to maintain a secure and productive online environment.
WatchGuard Cloud
Delivers streamlined visibility, control, real-time threat monitoring, and log and report data retention from a single interface, simplifying network security management, saving time, and empowering informed decision-making via a centralized management platform.
Components and Key Terms:
Before you begin, we recommend that you familiarize yourself with these key terms related to FireCloud:
WatchGuard Connection Manager
The connection manager is an agent that you install on end-user computers. End-users use the connection manager to connect to FireCloud.
WatchGuard Agent
The WatchGuard Agent handles communication between managed computers on the same network and the WatchGuard server. The agent is installed on each endpoint or computer, and is used to deploy WatchGuard software, such as the WatchGuard connection manager and Endpoint Security software. It has low CPU, memory, and bandwidth usage and uses less than 2 MB of data each day.
When you download the connection manager installer from the FireCloud UI, you are downloading the WatchGuard Agent.
Point of Presence
A point of presence (PoP) is a physical location that enables users to connect to the Internet. When you connect to FireCloud, data from your device routes through the nearest WatchGuard PoP.
Identity Provider
An identity provider is an external system that you use to manage and authenticate your FireCloud users and groups. You can use any identity provider that supports SAML, such as AuthPoint, Microsoft Entra ID (Azure Active Directory), or Okta.
WatchGuard Cloud Directory
The WatchGuard Cloud Directory is an authentication domain in Directories and Domain Services where you can add users and groups that are hosted in WatchGuard Cloud. You can then use the users and groups from the WatchGuard Cloud Directgory with products such as FireCloud.
You can use the WatchGuard Cloud Directory instead of an identity provider to authenticate your FireCloud users and groups.
FireCloud Licenses:
To use FireCloud, you must activate a FireCloud license in your WatchGuard account or contact a Service Provider. The FireCloud license determines the number of users that can use the FireCloud service.
When you activate your FireCloud license key, the user licenses are added to your account in WatchGuard Cloud. If you are a Service Provider, the user licenses are added to your WatchGuard Cloud inventory. You can allocate FireCloud user licenses to accounts you manage in WatchGuard Cloud.
FireCloud is a security service that is licensed for each user.
There are four types of licenses:
- Term Licenses
A term license has a set number of users and a set duration, or term. For example, you might purchase a license for 100 users that expires after three years. The license expires the day after the expiration date at 00 UTC.
- Subscription Licenses
A subscription license enables you and your managed accounts to add users with no allocation limits. You can set a limit on the accounts you manage. With a subscription license, WatchGuard bills you monthly based on the number of users you have allocated.
- Trial Licenses
Trial licenses of FireCloud are available to Service Provider and Subscriber accounts in WatchGuard Cloud. Trial licenses expire after 30 days but you can renew them one time for another 30 days.
- NFR Licenses (Service Providers only)
A Not for Resale license includes a set number of users and typically has a three-year term. NFR licenses are available to Service Providers only.
You can activate and manage FireCloud term licenses on the WatchGuard portal in the Support Center. From Support Center, on the FireCloud page, you can review the activated FireCloud licenses for your account. If you click the name of a license, you can review the details and history of that license.
WatchGuard Cloud Subscriber accounts can have only one FireCloud license. When a Subscriber account activates a new license key in the Support Center, it is used to modify the current active FireCloud license. You can use a new license to add users or extend the license expiration.
WatchGuard Cloud Service Providers can have any number of licenses. When a Service Provider activates a new license key, they can use it to modify an active license or add a new, separate license. The users on the license are added to the Service Provider's inventory in WatchGuard Cloud, but the expiration date of the license is tracked separately.
Term License Activation
When you purchase FireCloud users, you are given a license key to activate on the WatchGuard website.
When you activate your FireCloud license key, the users for that license are added to your FireCloud account. If you have a Service Provider account, the users are instead added to your inventory in WatchGuard Cloud. From your inventory, you can allocate users to managed accounts or to your own account.
After you have an active FireCloud license, you have several options when you activate additional FireCloud license keys. Within the activation process, you can:
- Add users to a license
- Extend a license
- Add a new license (Service Providers only)
When you add users or extend a license, the new license is merged with your active FireCloud license and the two licenses are co-termed. When licenses are co-termed, a new expiration date is calculated based on your updated user count and the term length of the license you activated.
License Renewals and Upgrades
To renew a license or modify an existing license, you purchase a new license and activate it. When you activate the new license, you select whether to add users or extend your current license. When you add users to your active license or extend it, the new license merges with your active license and the two licenses are co-termed.
Co-terming consolidates or merges your term licenses to synchronize renewal dates. When you co-term licenses, a new expiration date is calculated based on the updated users count and the term length of the license you activated. If you add users, the number of users you purchased is added to your current inventory. For example, if you have 50 users and purchase a term license for 100 users, your final count after you activate your new license is 150 users.
If you have an active subscription license, when you renew a term license, your subscription usage count reduces automatically so that only the users in excess of your termed license are billed as subscription users.
When you extend your license, if you purchased the same number of users that you currently have, your license is extended for another period (one or three years). If you purchased more users than are in your current inventory, your inventory immediately updates to match the number of users you purchased the license for.
To renew with fewer users, purchase a license for the desired number of users and choose Extend License when you activate your license key.
