Cisco ASA to Watchguard

in flag

I have never worked with watchguard firebox firewalls in depth before and we are replacing a Cisco ASA 5515 with a Watchguard M390. I am having a hard time interpreting the configuration settings in the cisco and where they would apply in the Watchguard. I was hoping someone would get me started. For example for these cisco settings, how would i create them in the watchguard? See the cisco config examples below. I have separated the various entries by numbering them and changed some names and x'd out some ip addresses. There are 10 configurations I need to apply to the watchguard. There are many more but if I can see how to apply these 10, I can do the rest. Thank you.

Cisco config examples:

  1. object-group service DM_INLINE_TCP_1 tcp port-object eq www port-object eq https

  2. object-group service TCP_Allowed tcp description guest-network-portal-port port-object eq ftp port-object eq www port-object eq https port-object eq ssh port-object eq telnet port-object eq 1935 port-object eq 2001 port-object eq 2376 port-object eq 465 port-object eq 587 port-object eq 7000 port-object eq 993 port-object eq 995 port-object eq ftp-data port-object eq pop3 port-object eq smtp port-object eq 5222 port-object eq 8080 port-object eq 2002 port-object eq 123

  3. access-list ACL_OUTSIDE_INBOUND extended permit tcp any host 10.10.xx.xx eq www

  4. access-list ACL_INSIDE_OUTBOUND extended permit tcp 172.xx.xx.0 host 192.168.xx.xx object-group FileServerAccess

  5. access-list Inside-SecPan_access_in extended permit icmp 20.xx.xx.xx 172.xx.xx.xx object-group DM_INLINE_ICMP_2

  6. nat (inside,Outside) source static 10.xx.xx.xx 50.201.xx.xx-32 destination static ANY-IPV4 ANY-IPV4

  7. nat (CONF,Outside) after-auto source dynamic any interface

  8. access-group guest_access_in in interface guest

  9. aaa-server AAA (inside) host 10.xx.xx.xx ldap-base-dn dc=aaa,dc=local ldap-scope subtree ldap-naming-attribute sAMAccountname ldap-login-password xxxxxxxxxxxx ldap-login-dn cn=asaservice,cn=users,dc=adg,dc=local server-type microsoft

  10. interface GigabitEthernet0/4.3 vlan 3 nameif AAA-SECURITY security-level 90 ip address 20.xx.xx.xx

cc flag


Have been a huge Watchguard fan for years and have a multitude of their products at many sites, my suggestion to you would be to contact them for support to help you understand their product, just let them know you are trying to configure your first box, I am sure they will help you understand like they did me when I got my first one decades ago!

There are a lot unknowns above in your configuration file and what your goals actually are, best to talk with a pro at Watchguard.

I sit in a Tesla and translated this thread with Ai:


Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.