What is WatchGuard FireClient and how can I use it on my Android device?



WatchGuard FireClient is a mobile app that works with the Mobile Security subscription from WatchGuard to make sure that only mobile devices that meet minimum approved standards can get access to an organization's network through Wi-Fi or a VPN connection. FireClient for Android scans your device for malware, checks for minimum OS level, and confirms that the device has not been rooted before it is allowed to use the network.

Before You Begin

FireClient is supported on Android 4.1 and higher. You must install the FireClient app from the Google Play store before you connect to a network that requires it.

To use FireClient on a network, you must have this information:

    The name or IP address of the server that FireClient connects to

    A user name and password to authenticate to the network.

User Authentication Credentials

If your network supports more than one type of authentication, it might be necessary for you to include the authentication server or domain name as part of your user name in FireClient. If this is required, you must specify your user name in this format: <authentication server>\<username> 

For example, if your username is j_smith:

    To specify a RADIUS server, type: radius\j_smith

    To specify the Active Directory server, type:\j_smith

    To specify the Firebox as the authentication server, type: Firebox-DB\j_smith

Your administrator should tell you the authentication credentials to use for FireClient connections to your network. 


Use FireClient

Use FireClient to scan your device for compliance each time you connect to a network that requires it.

  1.     Use Wi-Fi or a VPN client to connect your device to the network.
  2.     Launch the FireClient app.The Connect page appears.
  3.     Type the server name or IP address, and tap Connect. The Login page appears.
  4.     Type your user name and password for this network.
  5.     Select the Remember username check box if you want FireClient to remember your user name.
  6.     Tap Login.
  7.     If a Device Authorization Agreement appears, review it, and tap Accept.

    FireClient checks your device for compliance and shows the connection and compliance status.

After you log in, FireClient shows the compliance status:

Compliant — Your device complies with the security requirements and is allowed to use this network. For your device to remain compliant, do not close FireClient while you are connected to this network.

Unknown — This status appears while the compliance check is in progress. If you see this status when a compliance check is not in progress, check your Wi-Fi or VPN connection to the network that requires FireClient.

Not Compliant — Your device does not comply with security requirements and cannot use this network.If your device is not compliant, the reason appears in FireClient. Possible reasons include:

            OS version not allowed — This network does not allow the OS version installed on your device. Tap the reason to see the currently installed OS version and the               allowed OS versions. You must upgrade your device to an allowed version to use this network.

            Your device is rooted — Rooted devices are not allowed on this network. You must unroot the device to use this network. 

            Your device allows applications from unknown sources — This network does not allow a device that allows applications from unknown sources. Tap the                   reason in FireClient to go to the Android Settings page where you can disable application installation from unknown sources.

            USB debugging is enabled — This network does not allow an Android device that has USB debugging enabled. Tap the reason in FireClient to go to the Android             Settings page where you can disable USB debugging. 

            An application threat was found — FireClient found an installed application or application installation (APK) file that is categorized as malware, riskware, or                   adware. Tap the reason to see and remove the app or file that is not compliant. 

If the compliance status is not Compliant, your device cannot connect to network resources or the Internet. If your device is not compliant, resolve the reported issue. Then tap Recheck to run the compliance check again.

To end your FireClient session, or to reconnect as a different user, tap Logout.

More about the FireClient App

Tap the icons at the top to move between the four FireClient pages.

The navigation icons, from left to right, go to these pages:


    FireClient — Shows the connection and compliance status

    Information — Shows details about your connection and device

    Diagnostics — Shows FireClient log messages

    About — Shows information about the FireClient app

The FireClient home page is always selected after you authenticate.

FireClient Diagnostics

FireClient saves log messages to a text file in the FireClient folder on your device. You can see the log file in the Diagnostics page in FireClient. If FireClient has an error, your administrator could ask you to send a copy of the log file.  

To see and share the FireClient log file:

  1.     Tap the Diagnostics icon.
  2.     Tap Log.
  3.     To send or share the log file, tap the icon in the upper right corner.
  4.     A list of available options to share the log file appears.
  5.     Tap an option to select it.
  6.     Tap Just once to use this option just once, or tap Always to use this option to share the log file in the future.The selected application opens.
  7.     Use the selected option to send, copy, or share the log file with your administrator.

Device Protection

FireClient continues to protect your device after the initial compliance scan. After FireClient has confirmed your device is compliant it periodically scans your device for new application threats. If an application is found that is not compliant, FireClient asks you to remove it for your device to remain compliant.