WatchGuard launches FireCloud Total Access for Zero Trust SASE

WatchGuard has introduced FireCloud Total Access, a hybrid SASE service designed to support managed service providers (MSPs) and IT teams with Zero Trust and cloud-based security requirements.

The new platform combines Secure Web Gateway (SWG), Firewall as a Service (FWaaS), Zero Trust Network Access (ZTNA), and identity management under WatchGuard Cloud. The objective is to simplify the security landscape for IT teams while increasing protection for distributed workforces.

Hybrid SASE deployment

FireCloud Total Access provides cloud-delivered Zero Trust security for users working remotely, regardless of their location. It replaces traditional remote-user VPNs and on-premise hardware with cloud-based, identity-focused access. By doing so, the service aims to minimise complexity and improve both the speed and security of connectivity for organisations with an increasingly mobile workforce.

The platform represents an expansion of the FireCloud suite. It reflects WatchGuard's previously outlined strategy to deliver hybrid SASE experiences to a broader range of organisations, not limited to large enterprises.

Unifying security essentials

Historically, hybrid SASE and Zero Trust security models have been primarily available to larger enterprises with significant resources. WatchGuard's new solution seeks to eliminate this barrier by consolidating SWG, FWaaS, and ZTNA into a singular, cloud-managed platform. This allows organisations to gradually transition to a Zero Trust security posture through incremental steps and centralised policy management.

FireCloud Total Access is delivered via a single security agent and integrates with existing WatchGuard solutions such as network defence, endpoint security, and multi-factor authentication. These tools all report into ThreatSync, WatchGuard's AI-powered detection and response engine, which is designed to help prioritise threats and accelerate incident response for security teams.

Zero Trust across environments

With more organisations relying on cloud services and remote work, the need to protect employees regardless of their location has become a standard operational requirement. FireCloud Total Access extends coverage to remote workers while also securing access to on-premises applications, aiming to ensure consistent protection no matter where work occurs.

The service works alongside WatchGuard's Firebox, a network security solution that focuses on offices and branch networks. WatchGuard states that the combination of FireCloud and Firebox enables organisations to maintain security over users, applications, and infrastructure within hybrid work environments.

"Remote work and hybrid networks are now permanent, and organisations need a simpler way to enforce Zero Trust while protecting users everywhere," said Andrew Young, Chief Product Officer at WatchGuard. "FireCloud Total Access enables MSPs and lean IT teams to deploy in hours, apply consistent policies from WatchGuard Cloud and replace traditional, full-network access VPNs with per-application, identity-based access."

Security features

Key components of FireCloud Total Access include session- and device-aware Zero Trust Network Access, which functions as a replacement for remote-user VPNs. The FWaaS module offers intrusion prevention, DNS security, sandboxing and policy enforcement for users who are off the corporate network. AI-driven threat detection is enabled by both APT Blocker and Gateway Antivirus, with the aim of detecting and stopping advanced threats in real-time.

The Secure Web Gateway feature handles URL filtering, application control, and shadow IT management, and includes TLS inspection that is managed in the cloud. This approach is intended to make monitoring encrypted internet traffic more straightforward for security teams, while seeking to minimise the operational overhead typically associated with certificate management.

WatchGuard has emphasised ecosystem integration by enabling connections with AuthPoint (multi-factor authentication and single sign-on), ThreatSync (extended detection and response), and WatchGuard Endpoint Security, all within WatchGuard Cloud. The service is targeted at providing Zero Trust capabilities across identity, endpoint, and network layers.

"Our clients want fewer tools, less friction and better outcomes," said Alex Dumas, Principal Engineer, Ember One, a WatchGuard partner. "With FireCloud Total Access, we can standardise web protection and private-app access across tenants, show value in a single portal and scale recurring services without adding management overhead."

MSP and SME focus

FireCloud Total Access is positioned towards deployment by MSPs and smaller IT teams. WatchGuard highlights that the service can be implemented quickly without additional hardware and is managed through WatchGuard Cloud for policy rollouts. The platform is operationally lightweight, offering support for multi-tenant management and reporting functions as part of its feature set.

Licensing for FireCloud Total Access is managed on a per-user basis, which WatchGuard claims will support the recurring revenue models preferred by MSPs. All functions are designed to integrate with WatchGuard's broader network, endpoint, and identity solutions, with the intent that these layers provide coordinated detection and response with minimal oversight required from security teams.

FireCloud Total Access is available through WatchGuard's network of approximately 17,000 MSPs in over 20 countries. Partners are able to access self-service trials and enablement materials via WatchGuard Cloud.

This launch follows other recent developments from WatchGuard, including the introduction of Firebox Tabletop Series firewall appliances and its Total MDR service. WatchGuard products and services have received industry recognition, including the designation of Major Player in the IDC MarketScape: Worldwide Enterprise Hybrid Firewall 2025 Vendor Assessment and awards for authentication and managed detection and response capabilities.