All about WatchGuard integration with AWS: features, deployment, and benefits

  • WatchGuard joins the AWS ISV Accelerate program and enters the AWS Marketplace
  • The Firebox Cloud solution enables you to protect networks within AWS environments.
  • A wide range of cybersecurity services are offered through BYOL and hourly models.
  • The integration facilitates direct management from the AWS console and improves the MSP experience.
Mayka Jimenez

8 minutes

WatchGuard on AWS

Corporate cybersecurity continues to evolve, and the cloud plays an increasingly important role for businesses and managed service providers (MSPs). In this regard, WatchGuard Technologies has taken a key step by announcing its availability on Amazon Web Services (AWS), joining the AWS ISV Accelerate program, and launching its Firebox Cloud platform directly on AWS Marketplace.

This important move positions WatchGuard as a leading unified security solution that is fully adaptable to cloud environments, allowing users to easily deploy, manage, and scale their security resources from within AWS infrastructure. If you're considering improving your cloud security or learning more about Firebox Cloud, this article is for you.

WatchGuard and the AWS ISV Accelerate Program

WatchGuard Technologies has been admitted to the prestigious AWS ISV Accelerate program, an initiative created by Amazon to enhance collaboration between its sales teams and independent software vendors (ISVs). This program not only allows you to reach more customers, but also guarantees the highest level of technical validation.

Being part of this ecosystem involves meeting strict requirements, such as architectural and security assessments, and real-world experience with clients across various industrial sectors. WatchGuard successfully passed all of these audits to become part of the program, demonstrating its adaptability and quality in diverse business environments. Furthermore, solutions like these are important for preventing security breaches.

Thanks to this collaboration with the AWS sales team, WatchGuard can offer direct support and assistance throughout the sales process, enabling MSPs and businesses operating on AWS to find and integrate their solutions much more efficiently.

Availability in AWS Marketplace

In addition to joining the ISV program, WatchGuard has officially launched its cybersecurity platform on AWS Marketplace, Amazon's digital catalog with thousands of solutions ready for deployment in the cloud.

With this entry, AWS users can search for, test, purchase, and deploy WatchGuard Firebox Cloud directly into their environments, with just a few clicks and without the need for third-party vendors. This significantly simplifies the procurement and maintenance experience for MSPs and IT departments.

Danny Banks, head of Cloud Marketplaces at WatchGuard, highlighted that this strategy is a response to the sustained growth of users turning to marketplaces to acquire security tools. Now you have the ability to integrate WatchGuard wherever you already manage other cloud services, with complete flexibility, thus avoiding compatibility issues.

What is Firebox Cloud and what is it used for?

Firebox Cloud is a virtual firewall solution which offers the same security capabilities as WatchGuard physical appliances, but designed specifically to run on Amazon Web Services (AWS).

With Firebox Cloud, you can protect infrastructure deployed in an AWS VPC (Virtual Private Cloud), use advanced features such as site-to-site VPN, threat detection, network policies, and much more. All of this is managed from well-known interfaces such as Fireware Web UI or WatchGuard Dimension.

Administrators can leverage Firebox Cloud to extend their security perimeter, protecting web servers, email, databases, and other sensitive workloads in the cloud. Its functionality goes beyond a simple firewall; it includes multiple layers of unified defense, which is crucial for maintaining security in the corporate environment.

Licensing models: BYOL and pay-per-hour

WatchGuard is now on AWS: Details and features-4

Firebox Cloud is available in two versions within the AWS Marketplace, designed to fit different needs and budgets.

  • BYOL License (Bring Your Own License): The user pays AWS directly for the EC2 infrastructure and then purchases a Firebox Cloud license through an authorized reseller. The license must be activated in the WatchGuard portal using the serial number and instance ID. This model is ideal for those who already manage other security systems on their network.
  • Pay Per Use (Hourly): Ideal for businesses that don't want to worry about renewals or activations. Here, the Firebox Cloud license and all its services are included in the hourly rate charged by AWS.

Both options offer full access to Firebox Cloud features, although BYOL may be more cost-effective for long-term infrastructure, while the hourly option is ideal for temporary deployments or pilots.

Deploying Firebox Cloud on AWS step by step

Deploying Firebox Cloud on AWS follows a structured process designed to ensure a secure and efficient setup from the start. Here's a brief summary of the most important steps:

  • Create an AWS account and access the AWS Management Console.
  • Assign an Elastic IP (EIP) to ensure a stable public connection to the firewall.
  • Create a VPC with public and private subnets using the AWS VPC Wizard.
  • Remove Automatic NAT Gateway since Firebox will perform the NAT functions.
  • Launch an EC2 instance with the Firebox Cloud AMI in AWS Marketplace.
  • Configure Eth0 and Eth1 interfaces to connect the instance to both the public network and the private subnet.
  • Assign the EIP IP to the Eth0 interface and disable source/destination checks.
  • Modify the routing table to have the private network use Firebox Cloud as the default gateway.

Once the instance is deployed, you can access it via a browser using the public address and run the Firebox Cloud Setup Wizard for initial configuration.

Firebox activation and license key (in case of BYOL)

Users who opt for BYOL must activate their license to unlock all features. For this it is necessary:

  • Go to the official WatchGuard portal.
  • Log in with your customer or partner account.
  • Enter the Firebox Cloud serial number and EC2 instance ID.
  • Save the generated license key and enter it into Firebox Cloud using the web interface.

After entering the key, the system automatically reboots and becomes fully functional.

Configuring network policies and subscription services

Once the instance is active, you can begin configuring policies, traffic rules, and additional security services from Fireware Web UI or Policy Manager.

Firebox Cloud supports virtually all the security features offered by physical models, including:

  • Site-to-site VPN and mobile VPN.
  • Packet and application inspection firewall.
  • Subscription services such as:
    • Gateway AntiVirus (AV): scans traffic in real time.
    • Intrusion Prevention System (IPS): network attack detection.
    • Data Loss Prevention: prevents leaks of sensitive information.
    • Botnet Detection: Automatic blocking of connections to known botnets.
    • Threat Detection and Response (TDR): cloud forensics for proactive mitigation.
    • Geolocation: restricts access from specific countries.

These features can be enabled individually by configuring specific sensors and integrating custom certificates if HTTPS inspection is desired.

Securing Web Servers Within AWS

One of the most common use cases for Firebox Cloud is to protect a web server operating within the same VPC.

This involves generating SNAT (static NAT) rules to redirect traffic from the firewall's public IP to the server's private IP, setting policies with HTTP and HTTPS proxies to control what type of traffic is allowed.

These policies allow services such as IPS, AV, or DLP to be applied directly to server connections, greatly strengthening the security posture and reducing exposure to attacks.

Advantages for managed service providers (MSPs)

Firebox Cloud's integration with AWS represents a huge advantage for MSPs looking for a centralized, scalable, and effective solution to protect their customers in cloud environments.

These advantages include:

  • Rapid and automated deployment from AWS Marketplace.
  • Centralized management of licenses, policies and configurations.
  • Integrated billing with AWS in the case of hourly licenses.
  • Immediate access to support and technical assistance by WatchGuard and AWS.

All of this makes it easier for MSPs to expand their business, as they can offer more robust and personalized services to their corporate clients.

With WatchGuard's entry into the AWS Marketplace and its integration into the ISV Accelerate program, a range of possibilities opens up for businesses, MSPs, and IT professionals looking for security models tailored to the cloud environment. Its powerful combination of features, scalability, and direct integration with AWS makes Firebox Cloud one of the most robust solutions for securing virtual networks. Its ease of deployment, combined with a wide range of subscription services, provides a comprehensive experience that can scale from small environments to large enterprises.

Windows' register
Related article:
How to Backup and Restore the Windows Registry

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.