Unable to log back in to my Firebox x700 after a successful default policy restore.

Posted on 2011-10-29
Last Modified: 2012-05-12
I'm in the process of trying to utilize a x700 that hasn't been used for some time. It had a External and Default Gateway config that is no longer applicable to our network. I did not have the required passphrase to login so I setup a Management Station and installed WSM 8.2.1. Configured the Mgmt Station for and booted the Firebox into SysB mode. I created a basic policy and successfully flashed the Firebox with the new policy. The indications that it worked are that the External Address and Default Gateway changed on the LCD under SysA mode. The DHCP policy works correctly. However, after booting into SysA, I can no longer ping the Firebox or login to it via WSM. Any ideas?
Question by:jso1965
    LVL 22

    Expert Comment

    Review your configuration and make sure you didn't leave out any policies.

    You can use the console cable (blue color) and use the Watchguard software.  There is the Install Wizard to setup a new box.  It will program it through the console (serial) cable.

    LVL 22

    Expert Comment

    I haven't done that in a long time, but it may require you to enter the license key again.
    Do you have the license key text or the license key file?  If you registered that box at Watchguard then you can access your key via their website.
    LVL 32

    Accepted Solution

    Ensue that you indeed did add Watchguard policy otherwise you have locked yourself out of the box and would need to reset the unit to factory defaults and then load config again [can be new built from scratch or old which does have watchguard policy] to gain access.

    You can open the policy you have loaded on the box from the management station disk disk into the policy manager window.

    Thank you.

    Author Comment

    When I try to run the Quick Setup, I get a window indicating that it is loading and then nothing - The window closes and Quick setup does not start. I am running the WSM on Windows 7. The documentation I have only refers to Windows XP. As a result, the basic policy is very basic. (1) service that open port 84 for the network cameras. At the very least I would think since I'm getting an IP on the Mgmt Station assigned from the Firebox and it is set for "Drop In" mode, I should be able to ping the Trusted Interface.

    External -
    Gateway -
    DHCP assigns to 1.50 through 1.100.

    Pretty straight forward.
    LVL 32

    Expert Comment

    LVL 22

    Expert Comment

    I haven't done this for a while so I am going to through some things out, so my recollection could be off.

    I think when you setup the Watchguard initially you specify a management station IP address.  I always managed the watchguard from the same machine.  But maybe you need to set the IP back to the original on your PC?  I don't know if changing the management station IP would cause a block to your access.

    Your basic policy that you made only had 1 rule in it for the cameras?

    Drop-in is the same as Transparent mode, right?  I never setup any watchguards that way so I can't comment on how they respond.  but I would guess you should be able to ping.

    WSM 8.x is old.  Can you install it on an XP machine and try the quick setup again.

    Featured Post

    How your wiki can always stay up-to-date

    Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
    - Increase transparency
    - Onboard new hires faster
    - Access from mobile/offline

    Join & Write a Comment

    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now