WatchGuard® Firebox Cloud

WatchGuard Firebox Cloud


Extend Your Security Perimeter with WatchGuard Firebox Cloud

It’s a fact – businesses are migrating services from on-premises servers into the cloud. Email servers, web servers, customer relationship management systems (CRM), and file storage are migrating to public cloud services. With so much sensitive data moving to the cloud, security is essential. WatchGuard’s Firebox Cloud allows network administrators to extend their security perimeter to the cloud and protect servers running within a public cloud environment.

Icon: Cloud Security
Enhance Your Public Cloud Security

WatchGuard Firebox Cloud brings the protection of WatchGuard’s leading Firebox Unified Threat Management (UTM) appliances to public cloud environments. Firebox Cloud can quickly and easily be deployed to protect a Virtual Private Cloud (VPC) from attacks such as botnets, cross-site scripting, SQL injection attempts, and other intrusion vectors.

Image: Amazon Marketplace and Microsoft Azure
Available for AWS and Microsoft Azure

WatchGuard’s Firebox Cloud was built specifically to run within AWS and Microsoft Azure and provides a streamlined user interface (UI) that removes elements that aren’t relevant to the selected cloud environment. Firebox Cloud also simplifies the process of establishing secure connections to your public cloud environment by enabling WatchGuard-to-WatchGuard VPN tunnels.

Illustration: Purchase Options

Multiple Purchasing Options Available

WatchGuard has made it easy to get your Firebox Cloud instance up and running in the cloud by providing multiple ways to purchase. You can purchase a Bring-Your-Own-License (BYOL) from a WatchGuard Partner to ensure you benefit from the skills and expertise of a Partner you trust.

Icon: WatchGuard Dimension


Big Data Visibility for Public Cloud Security

WatchGuard Firebox Cloud is completely compatible with WatchGuard Dimension, a cloud-ready network security visibility solution that comes standard with WatchGuard’s flagship Unified Threat Management and Next Generation Firewall platform. Dimension provides a suite of big data visibility and reporting tools that instantly identify and distill key security issues and trends, and deliver valuable insights to set meaningful security policies across all your environments.


Quick Facts
  • 71 percent of small and midsize businesses (SMBs) have applications in the public cloud
  • WatchGuard Dimension was selected as Network Computing’s Best New Product of the Year
  • Cloud providers maintain their cloud infrastructure security but they make it clear that securing your assets in the cloud is your responsibility
  • Correlate cloud security events with on-premises & endpoint events for actionable insight no matter where your computing is done


Compare Firebox Cloud

  Firebox Cloud
Firebox Cloud
Firebox Cloud
Firebox Cloud
Throughput and Connections
Firewall throughput¹ 2 Gbps 4 Gbps 8 Gbps Unrestricted
Nodes Supported Unrestricted Unrestricted Unrestricted Unrestricted
VPN and Authentication
Branch Office VPN 50 600 6,000 10,000
Mobile VPN with SSL 50 600 6,000 10,000
Mobile VPN with IPSec 50 600 6,000 10,000
Authenticated Users 500 3,000 6,000 Unrestricted


Management Platform

WatchGuard Web UI

Alarms and Notifications

SNMP v2/v3, Email, Management System Alert

Server Support

Logging, Reporting, Quarantine, WebBlocker, Management

Web UI

Supports Windows, Mac, Linux, and Solaris OS


Includes direct connect and scripting




Stateful packet inspection, deep application inspection, proxy firewall

Application Proxies


Intrusion Protection

Blocks DOS, DDOS, PAD, port scanning, spoofing attacks, address space probes, and more

Security Subscriptions

Application Control, Reputation Enabled Defense, WebBlocker, Gateway AntiVirus, Intrusion Prevention Service, APT Blocker, Data Loss Prevention, Threat Detection & Response


VPN & Authentication


DES, 3DES, AES 128-, 192-, 256-bit


SHA-2, MD5, IKE/IKEv2 pre-shared Key, 3rd party cert import


Thin client


Server & Passthrough

VPN Failover


Single Sign-On

Transparent Active Directory Auth.


Radius, LDAP, Windows Active Directory

Other User Authentication

VASCO, RSA SecurID, web-based, local



Operating System


IP Address Assignment

DHCP Client


Static, dynamic (BGP4, OSPF, RIP v1/v2), policy-based


8 priority queues, diffserv, modified strict queuing


Static, dynamic, 1:1, IPSec NAT traversal, policy-based, virtual IP for server load balancing

Other Networking

Port independence


For more information, please contact to:

Damian Gołuch
Product Manager
tel. +48 664 753 900