Skip to content

Feature Key Reference.md

Latest commit

 

History

History
115 lines (99 loc) · 10.3 KB

Feature Key Reference.md

File metadata and controls

115 lines (99 loc) · 10.3 KB

WatchGuard Fireware/Firebox Feature Keys – Reference

This document lists common WatchGuard Fireware / Firebox feature keys and what they enable. Use it to quickly understand license capabilities when reading feature keys from your devices.

  • Links: Where possible, each item includes an official documentation link

Security & Threat Protection

  • WEBBLOCKER — URL/content filtering service that categorizes and blocks sites. Docs
  • SPAMBLOCKER — Anti-spam service for SMTP/POP3 proxies to block unsolicited email. Docs
  • AV — Gateway AntiVirus scans traffic at the network edge for malware. Docs
  • INTELLIGENT_AV — Machine-learning antivirus engine (Cylance-based) for zero-day malware. Docs
  • IPS — Intrusion Prevention Service to detect and block network threats. Docs
  • RED — Reputation Enabled Defense to block connections to known bad sites. Docs
  • APT — APT Blocker: sandboxing service for advanced malware/ransomware. Docs
  • APP_CONTROL — Application Control: identify and control app usage in policies. Docs
  • DNSWATCH — DNS filtering & anti-phishing service that monitors DNS requests. Docs
  • MOBILE_SECURITY_USER — Licensed number of Mobile Security users. Docs

VPN & Remote Access

  • IPSEC_VPN — IPSec VPN (BOVPN, Mobile VPN with IPSec). Docs
  • SSLVPN_USER — Licensed capacity for Mobile VPN with SSL users. Docs
  • L2TP_USER — Licensed capacity for Mobile VPN with L2TP users. Docs
  • ACCESS_PORTAL — Clientless VPN portal for web apps, RDP and SSH access via browser. Docs
  • IPSEC_CRYPTO_GOST — Enables GOST cryptographic transforms for IPsec/IKEv2 where required. Docs
  • VPN_CERT — Third‑party VPN certificate support entitlement.

Networking & Routing

  • VLAN — Virtual LAN interfaces and tagging support on the Firebox. Docs
  • QOS — Quality of Service bandwidth and priority controls. Docs
  • POLICY_ROUTING — Policy-based routing to direct traffic based on policy criteria. Docs
  • BGP — Dynamic routing using BGP (FRR) on Fireware. Docs
  • OSPF — Dynamic routing with OSPF. Docs
  • SERVER_LOAD_BALANCING — Distribute traffic among multiple internal servers. Docs
  • WAN_FAILOVER — Multi-WAN failover for resilience when a WAN link goes down. Docs
  • LINK_AGGREGATION — LAG (802.1AX/LACP) to bond interfaces for bandwidth & redundancy. Docs
  • FIRECLUSTER — High availability (active/active or active/passive clustering). Docs
  • MULTI_WAN — Multi‑WAN feature entitlement. Docs
  • LOAD_BALANCE — Multi‑WAN load balancing entitlement.
  • VIP_LOAD_BALANCING — Virtual IP load balancing entitlement.

Visibility & Cloud

  • NETWORK_DISCOVERY — Discovers devices on internal networks and maps them in the UI. Docs
  • DASHBOARD — Enables dashboard/visibility components (Dimension/Cloud). Docs
  • CLOUD_VISIBILITY — WatchGuard Cloud visibility & reporting data retention for Firebox. Docs
  • CLOUD_CONNECT — Allows Standard Support devices to connect to WatchGuard Cloud for cloud-management (no reporting). Docs
  • CLOUD_SUPPORT — Indicates WatchGuard Support entitlement / LiveSecurity on the device. Docs
  • DAAS_BASIC — Dimension-as-a-Service (legacy) – basic tier for hosted Dimension/management. Docs
  • DAAS_TOTAL — Dimension-as-a-Service (legacy) – full/total tier for hosted Dimension/management. Docs
  • DIMENSION_COMMAND — WatchGuard Dimension Command (legacy centralized management).

Licensing & Capacity

  • FW_PRO — Fireware Pro license enabling advanced features (e.g., dynamic routing, PBR, server load balancing). Docs
  • XTM_PRO — Legacy XTM Pro (older platforms) enabling advanced networking. Docs
  • FW_STD — Fireware Standard edition.
  • FW_USERS — Licensed user count (model-dependent limit for authenticated users).
  • MAX_CORES — Indicates maximum CPU cores supported/usable by the license on platform.
  • EDGE_PRO — Alias seen in feature keys for Pro-level capabilities on some models.
  • DTEWS — Uncommon/legacy feature flag seen in keys, no public doc reference.
  • WATCHMODE — Audit-only mode for NFR devices to mirror/inspect traffic (demo). Docs
  • LIVESECURITY — LiveSecurity/Support service entitlement.
  • MODEL — Model upgrade/entitlement field in feature key.
  • FW_RULE — Licensed maximum number of firewall policies.
  • FW_SPEED — Licensed maximum throughput for firewall policies (model/edition dependent).
  • VPN_SPEED — Licensed maximum throughput for VPN policies (model/edition dependent).
  • SESSION — Licensed maximum concurrent sessions.
  • AUTHENTICATED_USER — Licensed maximum authenticated users.
  • AUTH_DOMAIN — Licensed maximum authentication domains.
  • AV_SPEED — Licensed maximum throughput for Gateway AntiVirus.
  • INTERFACE — Licensed maximum number of network interfaces.
  • FIREWARE — Fireware OS entitlement field.
  • FIREWARE_XTM — Legacy Fireware XTM entitlement.
  • 3DES — 3DES encryption entitlement/legacy flag.
  • PROXY_SPEED — Licensed maximum throughput for proxy policies.
  • XTMWARE — Legacy XTMWARE platform flag.
  • IPSEC_CRYPTO — IPsec cryptographic algorithm entitlement (non‑GOST).

End of Life

  • DLP (end-of-life as of 26 February 2025) — Data Loss Prevention: detect and block sensitive data exfiltration. Docs
  • TDR (end-of-life as of 30 September 2025) — Threat Detection and Response: cloud-based threat correlation & host sensors. Docs

Other Keys

  • ACCESS_PORTAL_TRIAL
  • APP_CONTROL_TRIAL
  • APT_TRIAL
  • AV_TRIAL
  • AV_UPDATE
  • BOVPN_TUNNEL
  • DAAS_BASIC_TRIAL
  • DAAS_TOTAL_TRIAL
  • DIMENSION_COMMAND_TRIAL
  • DLP_TRIAL
  • DNSWATCH_TRIAL
  • DTEWS_TRIAL
  • FW
  • HA
  • INTELLIGENT_AV_TRIAL
  • IPSEC_USER
  • IPS_TRIAL
  • IPS_UPDATE
  • MOBILE_SECURITY — Enforce device compliance for iOS/Android before allowing traffic.
  • MOBILE_SECURITY_USER_TRIAL
  • MUVPN_USER
  • NETWORK_DISCOVERY_TRIAL
  • RED_TRIAL
  • SPAMBLOCKER_TRIAL
  • TDR_TRIAL
  • WEBBLOCKER_TRIAL