WatchGuard Firebox T85-PoE Network Security Appliance Instruction Manual

1. Introduction

This manual provides essential instructions for the WatchGuard Firebox T85-PoE Network Security Appliance. It covers the physical installation, initial setup, operational guidelines, maintenance procedures, and troubleshooting steps to ensure optimal performance and security for your network environment. The Firebox T85-PoE is designed to deliver advanced, comprehensive security with high performance for small and midsize businesses and distributed enterprises.

2. Product Overview

The WatchGuard Firebox T85-PoE is a powerful unified threat management (UTM) appliance that integrates multiple security functions into a single device. It offers advanced firewall capabilities, VPN, intrusion prevention, and other security services to protect your network from various threats. The device includes Power over Ethernet (PoE+) ports for powering peripheral devices and an expansion bay for customizable port configurations.

Key Features:

High Throughput: Up to 4.96 Gbps firewall throughput for efficient data processing.
Integrated PoE+ Ports: Two Power over Ethernet Plus ports (PoE+) to power compatible devices directly from the appliance, simplifying deployment.
Flexible Connectivity: Eight 1 Gigabit Ethernet ports and an expansion bay for optional SFP+ fiber or 4G/LTE modules.
Comprehensive Security: Supports the Total Security Suite, including Cloud sandboxing, AI-powered anti-malware, threat correlation, and DNS filtering.
Centralized Management: Managed through WatchGuard Cloud for enhanced network visibility and control.

Physical Components:

Front view of the WatchGuard Firebox T85-PoE Network Security Appliance

Figure 2.1: Front view of the WatchGuard Firebox T85-PoE appliance. This image displays the front panel of the WatchGuard Firebox T85-PoE appliance. It features the WatchGuard logo on the left, 'Firebox T85-PoE' branding on the right, and a series of LED indicators for status, attention, module, mode, and port activity (10/100/1000 Mbps and Failover).

Rear view of the WatchGuard Firebox T85-PoE Network Security Appliance

Figure 2.2: Rear view of the WatchGuard Firebox T85-PoE appliance. The rear panel of the WatchGuard Firebox T85-PoE appliance is shown, featuring various ports and controls. From left to right, it includes a console port, two USB 3.0 ports, eight 1 Gigabit Ethernet ports (labeled 0/WAN, 1/LAN, 2-7 PoE), a reset button, a power switch, and a 54V 2.22A power input.

3. Setup

Follow these steps for the initial setup of your WatchGuard Firebox T85-PoE appliance.

3.1 Unpacking and Inspection

Carefully unpack the Firebox T85-PoE appliance and all accessories from the packaging.
Inspect the device for any signs of physical damage. If damage is found, contact your reseller or WatchGuard Support immediately.
Verify that all components listed in the packing slip are present.

3.2 Physical Installation

Placement: Position the appliance on a stable, flat surface or mount it in a rack using appropriate mounting hardware (sold separately). Ensure adequate ventilation around the device.
Power Connection: Connect the provided power adapter to the 54V 2.22A power input on the rear panel of the Firebox and then to a suitable power outlet. Do not power on the device yet.
Network Connections:
- Connect your internet service provider's modem or router to the 0/WAN port.
- Connect your internal network switch or a management computer to the 1/LAN port.
- If using PoE+ devices, connect them to ports 2-7 PoE as needed.
Console Connection (Optional): For direct console access, connect a serial cable from your management computer to the console port on the Firebox.

3.3 Initial Power On and Activation

After all physical connections are made, switch on the power button on the rear panel.
The appliance will begin its boot sequence. Monitor the front panel LEDs for status indications.
Access the WatchGuard Cloud portal (www.watchguard.com/cloud) to activate your Firebox T85-PoE and apply your Total Security Suite license. Follow the on-screen instructions for registration and initial configuration.
If you are participating in a 'Trade Up' program, ensure your previous WatchGuard appliance is retired as per program guidelines before activating the new T85-PoE.

4. Operating Instructions

The WatchGuard Firebox T85-PoE operates as a central point for network security, enforcing policies and protecting against threats. Management and monitoring are primarily performed through WatchGuard Cloud.

4.1 Security Suites Overview

The Firebox T85-PoE supports various security suites, with the Total Security Suite offering the most comprehensive protection.

Figure 4.1: Comparison table of WatchGuard Security Suite features. This image presents a comparison table detailing the features included in WatchGuard's Support, Basic Security, and Total Security Suites. Features listed include Stateful Firewall, VPN, SD-WAN, Access Portal, Intrusion Prevention Service (IPS), Application Control, Webblocker, SpamBlocker, Gateway AntiVirus, Reputation Enabled Defense, Network Discovery, APT Blocker, Threat Detection & Response, DNSWatch, and IntelligentAV. It also shows WatchGuard Cloud Visibility Data Retention periods and support levels for each suite.

Basic Security Suite: Includes traditional network security services such as Intrusion Prevention System (IPS), antivirus, URL filtering, application control, spam blocking, and reputation lookup.

Total Security Suite: Expands upon the Basic Security Suite by adding advanced features like Cloud sandboxing, AI-powered malware protection, DNS filtering, and eXtended Detection and Response (XDR) for unified network and endpoint protection.

4.2 Network Policy Management

Use WatchGuard Cloud to define and manage firewall policies, VPN configurations, and security services.
Configure network zones, user authentication, and content filtering rules to control network access and usage.

4.3 Monitoring and Reporting

WatchGuard Cloud provides real-time monitoring of network traffic, security events, and appliance status.
Generate reports to analyze security posture, identify trends, and ensure compliance.

5. Maintenance

Regular maintenance ensures the continued security and optimal performance of your Firebox T85-PoE appliance.

Firmware Updates: Regularly check for and apply the latest firmware updates through WatchGuard Cloud to benefit from new features, security enhancements, and bug fixes.
Security Service Updates: Ensure that all security services (e.g., antivirus, IPS signatures) are kept up-to-date automatically.
Configuration Backups: Periodically back up your appliance configuration to prevent data loss in case of unforeseen issues.
Physical Inspection: Ensure the appliance is free from dust and that ventilation openings are not obstructed.

6. Troubleshooting

This section provides basic troubleshooting steps for common issues. For more complex problems, refer to the WatchGuard knowledge base or contact support.

6.1 Power Issues

No Power: Verify the power cable is securely connected to both the appliance and the power outlet. Check the power switch position.
Power LED Off: If the power LED is off, try a different power outlet or power adapter.

6.2 Network Connectivity Issues

No Internet Access: Check the cable connection to the 0/WAN port. Verify your internet service provider's status.
Internal Network Access: Ensure cables are properly connected to LAN ports. Check network switch status.
LED Indicators: Observe the port LEDs on the front panel. A solid green or amber light indicates a link, and a blinking light indicates activity. No light suggests a cable or port issue.

6.3 Appliance Not Responding

Status LED: If the status LED indicates an error, consult the WatchGuard documentation for specific error codes.
Soft Reset: Press the reset button on the rear panel briefly to restart the device.
Factory Reset: A factory reset will erase all configurations. Only perform this as a last resort and after backing up your configuration. Refer to WatchGuard documentation for the specific procedure.

7. Specifications

The following table outlines the key technical specifications for the WatchGuard Firebox T85-PoE Network Security Appliance.

Figure 7.1: Detailed technical specifications for WatchGuard Firebox T85. This image provides a comprehensive table of technical specifications for the WatchGuard Firebox T85. It covers performance metrics like firewall and VPN throughput, UTM and HTTPS inspection, capacity details such as interfaces and concurrent connections, security features including firewall and threat protection, site-to-site and remote access VPNs, visibility and logging, certifications, networking capabilities like SD-WAN and dynamic routing, and physical/environmental specifications including dimensions, weight, power, operating temperature, and humidity.

Category	Specification
Product Dimensions	15.1 x 12.1 x 4.2 inches
Item Weight	7 pounds
Model Number	WGT85673-US
Firewall Throughput	Up to 4.96 Gbps
Interfaces	8 x 1Gb ports, 2 x USB 3.0, 1 x Console, 1 x Expansion Bay
PoE+ Ports	2 Integrated PoE+ ports
Operating System	Fireware
Connectivity Technology	Ethernet
Recommended Use	Business
Operating Temperature	32°F to 104°F (0°C to 40°C)
Storage Temperature	-40°F to 158°F (-40°C to 70°C)

8. Warranty and Support

WatchGuard provides comprehensive support for its products. For detailed warranty information, please refer to the official WatchGuard website or your purchase agreement.

8.1 Technical Support

If you encounter issues that cannot be resolved using the troubleshooting steps in this manual, please contact WatchGuard Technical Support. Ensure you have your product serial number and a description of the issue ready.

Visit the WatchGuard Support Center at www.watchguard.com/support for access to documentation, knowledge base articles, and support contact information.

8.2 Trade Up Program Information

This product may be part of a 'Trade Up' program. To activate Trade Up products, the owner must retire an earlier generation WatchGuard appliance. A retired product will no longer appear among your managed products, cannot receive upgrades or add-on activations, and its ownership cannot be transferred. For full details on the Trade Up program, consult WatchGuard's official program terms and conditions.

	WatchGuard Firebox T185 Hardware Guide Detailed hardware specifications, features, management, and compliance information for the WatchGuard Firebox T185 network firewall.
	WatchGuard Firebox T115-W Hardware Guide This hardware guide provides comprehensive details on the WatchGuard Firebox T115-W, a robust network security appliance designed for solo professionals and micro-offices. Learn about its features, specifications, installation, management options via WatchGuard Cloud or Fireware Web UI, and compliance information.
	Firebox T145 Hardware Guide - WatchGuard Comprehensive hardware guide for the WatchGuard Firebox T145 and T145-W network security appliances, covering specifications, installation, management, and compliance information.
	WatchGuard Firebox M295/M395/M495/M595/M695 Hardware Guide Detailed hardware specifications, installation, and safety information for the WatchGuard Firebox M295, M395, M495, M595, and M695 network security appliances.
	WatchGuard Fireware v12.11.3 Release Notes This document provides release notes for WatchGuard Fireware v12.11.3, detailing new features, enhancements, resolved issues, and known issues. It covers supported devices, upgrade procedures, and system requirements.
	WatchGuard Trade Up Program: Upgrade Your Network Security Learn about the WatchGuard Trade Up Program, offering discounts of up to 25% on new WatchGuard appliances by trading in eligible older models. Includes eligibility charts and terms for hardware, virtual, and cloud appliances.