Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EDR Core, WatchGuard EPP
On medium-sized and large networks we recommend that you use centralized tools to deploy the endpoint software to Windows computers.
For accounts with more than one WatchGuard product license (for example, an Endpoint Security product license and a FireCloud license), the Configure > Agent Deployment page in WatchGuard Cloud is useful to centrally configure product deployment behavior for endpoint groups and endpoints. For more information, go to Configure WatchGuard Agent Deployment in WatchGuard Cloud.
Install the Client with Command Line Tools
You can automate the installation and integration of the WatchGuard Agent into the management UI with these command-line parameters:
- GROUPPATH="group1\group2": Path in the group tree where the computer will reside. The 'All' root node is not specified. If the group does not exist, the computer will be integrated into the 'All' root group.
- PRX_SERVER: Name or IP address of the corporate proxy server.
- PRX_PORT: Port of the corporate proxy server.
- PRX_USER: User of the corporate proxy server.
- PRX_PASS: Password of the corporate proxy server.
This example shows how to use command-line parameters to install the agent:
Msiexec /i "WatchGuard Agent.msi" GROUPPATH="London\AccountingDept"
PRX_SERVER="ProxyCorporative" PRX_PORT="3128" PRX_USER="admin" PRX_PASS="panda"
For a silent installation, you must add the /qn parameter. For example:
Msiexec /i "WatchGuard Agent.msi" /qn GROUPPATH="London\AccountingDept"
PRX_SERVER="ProxyCorporative" PRX_PORT="3128" PRX_USER="admin" PRX_PASS="panda"
Deploy the Agent with Microsoft Active Directory
You can use a Microsoft Active Directory Group Policy Object (GPO) to deploy the endpoint software on a computer for the first time. Active Directory does not support updates of previously installed software.
Caution: The computer where you define the GPO cannot have the WatchGuard Agent installed. You must uninstall the agent before you can create the GPO. You can re-install the agent after you add the GPO. If you try to define the GPO on a computer with the agent installed, this error message displays: The process of adding failed. The deployment information could not be retrieved from the package. Make sure the package is correct.
The steps in this section might not work for your environment. If you encounter any deployment issues that are not related to our MSI package, contact Microsoft Support.
To deploy the agent with an Active Directory GPO:
- Download and share the endpoint software installer. Save the installer file to a shared folder accessible to all the computers that are to receive the software.
- In Active Directory, create a new Organizational Unit called Cloud deployment.
- Open the mmc.
- Add the Group Policy Management snap-in.
- Right-click the domain node, and select New > Organizational Unit.
- Create an Organizational Unit called Cloud deployment.
- Create a new GPO with the installation package.
- Right-click the new organizational unit and select Create a GPO in this Domain.
- Name the GPO (for example, Cloud deployment GPO).
- Edit the new GPO and add the installation package that contains the WatchGuard Endpoint Security software.
- Click Computer configuration, Policies, Software Settings, Software installation.
- Right-click Software installation, and select New > Package.
- Add the WatchGuard Endpoint Security .msi installation package.
- Edit the package properties:
- Right-click the package you added, and select Properties > Deployment tab > Advanced.
- Select the Ignore Language when Deploying this Package and Make this 32- bit X86 Application Available to Win64 Machines check boxes.
- Add all network computers that will receive the agent to the Cloud deployment Organizational Unit.