What is WatchGuard FireClient and how can I use it on my iOS device?



WatchGuard FireClient is a mobile app that works with the Mobile Security subscription from WatchGuard to make sure that only mobile devices that meet minimum approved standards can get access to an organization's network through Wi-Fi or a VPN connection. FireClient checks your device for minimum OS level and confirms that the device has not been jailbroken before it is allowed to use the network. 

Before You Begin

FireClient is supported on iOS 8.0 and higher. You must install the FireClient app from the Apple app store before you connect to a network that requires it.

To use FireClient on a network, you must have this information:

    The name or IP address of the server that FireClient connects to

    A user name and password to authenticate to the network


User Authentication Credentials

If your network supports more than one type of authentication, it might be necessary for you to include the authentication server or domain name as part of your user name in FireClient. If this is required, you must specify your user name in this format: <authentication server>\<username> 

For example, if your username is j_smith:

    To specify a RADIUS server, type: radius\j_smith

    To specify the Active Directory server, type:\j_smith

    To specify the Firebox as the authentication server, type: Firebox-DB\j_smith

Your administrator should tell you the authentication credentials to use for FireClient connections to your network. 

Use FireClient

Use FireClient to check your device for compliance each time you connect to a network that requires it.

  1.     Use Wi-Fi or a VPN client to connect your device to the network.
  2.     Launch the FireClient app.The Connect page appears.
  3.     Type the server name or IP address, and tap Connect. The Login page appears.
  4.     Type your user name. If required for your network, include the authentication server as part of the user name in the format <authentication server>\<username>. 
  5.     Type your password.
  6.     Move the Remember username slider if you want FireClient to remember your user name.
  7.     Tap Login.
  8.     If a Device Authorization Agreement appears, review it, and tap Accept.

    FireClient checks your device for compliance and shows the connection and compliance status.

After you log in, FireClient shows the compliance status:

 Compliant — Your device complies with the security requirements and is allowed to use this network. For your device to remain compliant, do not close FireClient while you are connected to the network.

Unknown — The compliance status is unknown. If you see this status, check your Wi-Fi or VPN connection to the network that requires FireClient.

Not Compliant — Your device does not comply with security requirements and cannot use this network.

If your device is not compliant, the reason appears in FireClient. Possible reasons include:

      OS version not allowed — This network does not allow the OS version installed on your device. Tap the reason to see the currently installed OS version and the               allowed OS versions. You must upgrade your device to an allowed version to use this network.

      Your device is jailbroken — Jailbroken devices are not allowed on this network. 

If the compliance status is not Compliant, your device cannot connect to network resources or the Internet. If your device is not compliant, resolve the reported issue. Then switch back to the FireClient app to run the compliance check again.

To end your FireClient session, or to reconnect as a different user, tap Logout.

More about the FireClient App

Tap the icons at the bottom to move between the four FireClient pages.

Screen shot of the navigation icons in Fireclient

The navigation icons, from left to right, go to these pages:

    FireClient — Shows the connection and compliance status

    Information — Shows details about your connection and device

    Diagnostics — Shows FireClient log messages

    About — Shows information about the FireClient app

The FireClient home page is always selected after you authenticate.

FireClient Diagnostics

FireClient saves log messages to a text file in the FireClient folder on your device. You can see the log file in the Diagnostics page in FireClient. If FireClient has an error, your administrator could ask you to send a copy of the log file.  

To see and share the FireClient log file:

  1.     Tap the Diagnostics icon.
  2.     Tap View Log.
  3.     To send or share the log file, tap the icon in the upper right corner. An email message with the attached file appears.
  4.     Specify one or more recipients.
  5.     Tap Send.The log file is sent as an attached zip file. 

If you have not configured the email client on your iOS device, you can also use the file sharing feature of iTunes to copy the FireClient log file to your computer.

Device Protection

FireClient continues to protect your device after the initial compliance scan. After FireClient has confirmed your device is compliant it periodically contacts the server to confirm your device is still compliant.