Download and Install the WatchGuard Agent from WatchGuard Cloud

Applies To: WatchGuard Cloud

The WatchGuard Agent handles communication between managed endpoints on the same network and the WatchGuard Cloud servers. The WatchGuard Agent also deploys WatchGuard software, such as the FireCloud Connection Manager and Endpoint Security product software. To add an endpoint to WatchGuard Cloud, you download and install the WatchGuard Agent on the endpoint.

This topic includes instructions to download the WatchGuard Agent from the Monitor > Endpoints page and manually install it for these platforms:

Windows Endpoints
Mac Endpoints
Linux Endpoints (Endpoint Security Only)
Android Endpoints (Endpoint Security Only)
iOS Endpoints (Endpoint Security Only)

After you install the WatchGuard Agent on an endpoint, the endpoint shows in the Endpoints list in WatchGuard Cloud. You must install the WatchGuard Agent on every endpoint where you want to install supported WatchGuard software (WatchGuard Endpoint Security products, FireCloud).

For information on installation requirements for the WatchGuard Agent, go to Installation Requirements (external link).

You cannot install the WatchGuard Agent on Linux, Android, or iOS endpoints for FireCloud. For information on supported operating systems for FireCloud, go to Operating System Compatibility for FireCloud Components.

Your operator role determines what you can view and do in WatchGuard Cloud. To view or configure this feature, your role must have the Manage Endpoints permission. For more information, go to Manage WatchGuard Cloud Operators and Roles.

To download the WatchGuard Agent installer, from WatchGuard Cloud:

From Account Manager, select the account where you want to add endpoints. The account must have a valid product license (for example, FireCloud or EPDR) and must have users or endpoints allocated to it.
Select Monitor > Endpoints.
The Endpoints page opens. This image shows the Endpoints page for a Service Provider account.

Screen shot of Add Endpoints page

Click Add Endpoint.
Select the operating system for the endpoint where you want to install the agent.
The available operating systems differ by product.

Screen shot of Add Endpoint dialog box, support OS for Endpoint Security
Available operating systems for an account with an Endpoint Security license

Screen shot of Add Endpoints dialog box, supported OS for FireCloud
Available operating systems for an account with a FireCloud license only

Complete the download and installation steps for the operating system you selected:

For FireCloud, you can also download the agent installer from the Configure > FireCloud > Endpoint Installation page. For more information, go to Download and Install the WatchGuard Connection Manager.

For Endpoint Security, you can also download the agent installer from the Endpoint Security management UI (Monitor > Endpoint Security > Computers page). For more information, go to Download the WatchGuard Agent Installer for Endpoint Security Products.

Windows Endpoints

To download and install the WatchGuard Agent for Windows:

In the Add Endpoint dialog box, select Windows.
From the drop-down list, select the group you want to add the endpoint to.
For endpoints with an Endpoint Security license, the security policies assigned to a computer depend on the endpoint group it belongs to. For information about groups for endpoints with an Endpoint Security license, go to Manage Computers and Devices in Groups in Endpoint Security.
- (Endpoint Security only) To add the computer to a group created in the Endpoint Security management UI, select Add Computers to this Group. From the drop-down list, select a folder.
- (Endpoint Security only) To add the computer to an Active Directory group, select Add Computers to their Active Directory Path. Select the network proxy to assign to the computers.
  If the Active Directory administrator moves a computer from one organizational unit to another, the change is reflected in the Endpoint Security management UI as a group change. The security policies assigned to the computer might also change.

Screen shot of Add Endpoints dialog box for Windows OS (Endpoint Security)
Configuration settings available for Endpoint Security

Screen shot of Add Endpoints dialog box for Windows OS FireCloud)
Configuration settings available for FireCloud

To specify an expiration date for the Windows installer, click in the box and select a date from the calendar.
After the expiration date, if users try to run the installer, a message informs them that the installer is expired, and they must download a new one or contact their administrator.
Click Download WatchGuard Agent.
The installer downloads to the downloads folder.
On the endpoint computer, double-click the downloaded installer file and complete the steps in the installation wizard.

The WatchGuard Agent installs the Endpoint Security or FireCloud software based on the deployment behavior configured in the Agent Deployment page in WatchGuard Cloud. For more information, go to Configure WatchGuard Agent Deployment in WatchGuard Cloud.

When installation completes, the WatchGuard Agent sends information from the endpoint computer to WatchGuard Cloud to enable integration with WatchGuard Cloud. If the connection fails, the agent reports the error type:

Agent Installation Console — An error message shows the URLs that the agent could not connect to. To perform a new check, click Retry.
Windows Event Viewer (Event log) — An error message shows the URLs that the agent could not connect to.
Web Console — An error message shows the URLs that the agent could not connect to.

Make sure that the required URLs are accessible. For more information, go to Endpoint Security Required Domains and URLs.

Mac Endpoints

To download and install the WatchGuard Agent for macOS:

In the Add Endpoint dialog box, select macOS.
From the drop-down list, select the group you want to add the computer to. For endpoints with an Endpoint Security license, the security policies assigned to a computer depend on the endpoint group it belongs to. For information about groups for endpoints with an Endpoint Security license, go to Manage Computers and Devices in Groups in Endpoint Security.
- (Endpoint Security only) To add the computer to a group created in the Endpoint Security management UI, select Add Computers to this Group. From the drop-down list, select a folder.
- (Endpoint Security only) To add the computer to an Active Directory group, select Add Computers to their Active Directory Path. Select the network proxy to apply to the computers.
  If the Active Directory administrator moves a computer from one organizational unit to another, the change is reflected in the Endpoint Security management UI as a group change. The security policies assigned to the computer might also change.

Screen shot of Add Endpoints dialog box for Mac OS (Endpoint Security)
Configuration settings available for Endpoint Security

Screen shot of Add Endpoints dialog box for Mac OS (FireCloud)
Configuration settings available for FireCloud

Click Download WatchGuard Agent.
The installer downloads.
On the endpoint, to start the installation, double-click the .DMG file.
Run the .PKG file.
To make sure the agent is installed, and verify that the AgentSvc process is running, run this command:

$ ps ax | grep AgentSvc

(Optional) Verify that the installer created these directories:

/Applications/Management-agent.app/Contents

/Library/Application Support/Management Agent/

The WatchGuard Agent installs the Endpoint Security or FireCloud software. Configure deployment behavior for the computer on the Agent Deployment page. For more information, go to Configure WatchGuard Agent Deployment in WatchGuard Cloud.

Linux Endpoints (Endpoint Security Only)

Before you begin, make sure you have administrator permissions on the Linux device. This section provides the steps to install the WatchGuard Agent on Linux endpoints with an Internet connection. The installer searches the target computer for the libraries it needs. If it cannot find the libraries, it downloads them automatically from the Internet.

To download and install the WatchGuard Agent for Linux:

In the Add Endpoint dialog box, select Linux.
From the drop-down list, select the group you want to add the computer to. For endpoints with an Endpoint Security license, the security policies assigned to a computer depend on the group it belongs to. For information about groups for endpoints with an Endpoint Security license, go to Manage Computers and Devices in Groups in Endpoint Security.
- To add the computer to a group created in the Endpoint Security management UI, select Add Computers to this Group. From the drop-down list, select a folder.
- To add the computer to an Active Directory group, select Add Computers to their Active Directory Path. Select the network proxy to apply to the computers.
  If the Active Directory administrator moves a computer from one organizational unit to another, the change is reflected in the Endpoint Security management UI as a group change. The security policies assigned to the computer might also change.

Screen shot of Add Endpoints dialog box for Linux OS (Endpoint Security)

Click Download WatchGuard Agent.
The installer downloads. Make sure the downloaded package has execute permissions.
Open a terminal in the folder where the downloaded package is located.
Run this command:

$ sudo chmod +x “/<DownloadPath>/WatchGuard Agent.run”

$ sudo “/<DownloadPath>/WatchGuard Agent.run”

If you use a proxy server to connect to the Internet, add this parameter: --proxy. If you want to specify a list of proxy servers, use this parameter: --proxy-list=<proxy-list>. <proxy-list> is a list of proxy servers separated by commas. Users and protocols are indicated with this syntax:

<http|https>://<user1>:<pass1>@<host1>:<port1>

The installation script uses the first proxy server in the list. If the server fails, the script continues through the list of proxy servers until it finds one that works.

To verify that the AgentSvc process is running, run this command:

$ ps ax | grep AgentSvc

Make sure this installation directory was created:

/usr/local/management-agent/*

For information on how to install the WatchGuard Agent on a Linux endpoint with SecureBoot or without an Internet connection, go to Install the Endpoint Security Software on Linux Computers.

The WatchGuard Agent installs the Endpoint Security software. Configure deployment behavior for the computer on the Agent Deployment page. For more information, go to Configure WatchGuard Agent Deployment in WatchGuard Cloud.

Android Endpoints (Endpoint Security Only)

The WatchGuard Agent is available for Android endpoints with an Endpoint Security license only.

You can install the Android app with or without a mobile device management (MDM) solution or enterprise mobility management (EMM) solution. For more information, go to Install the WatchGuard Mobile Security App on Android Devices.

Before you begin, make sure that you have a Google Play account.

To download and install the WatchGuard Agent for Android:

In the Add Endpoint dialog box, select Android.
From the drop-down list, select the group you want to add the endpoint to. For endpoints with an Endpoint Security license, the security policies assigned to a computer depend on the group it belongs to. For information about groups for endpoints with an Endpoint Security license, go to Manage Computers and Devices in Groups in Endpoint Security.

Screen shot of Add Endpoints dialog box for Android OS (Endpoint Security)

Click Send URL by Email.
An email message opens with a link to the installer file.
Paste the link in your browser address bar. Press Enter.
In Google Play, click Install.

For more information, go to Install the WatchGuard Mobile Security App on Android Devices.

The WatchGuard Agent installs the Endpoint Security software. Configure deployment behavior for the device on the Agent Deployment page. For more information, go to Configure WatchGuard Agent Deployment in WatchGuard Cloud.

iOS Endpoints (Endpoint Security Only)

The WatchGuard Agent is available for iOS endpoints with an Endpoint Security license only.

You can install the WatchGuard Mobile Security app on iOS devices with or without a mobile device management (MDM) solution. For information about MDM, go to Mobile Device Management for iOS Devices.

This section describes installation of the WatchGuard Agent on iOS devices with the WatchGuard MDM solution. For additional installation scenarios, go to the appropriate topic:

We recommend enrollment in a third-party MDM solution only if you already use an MDM solution. For information on the benefits of the WatchGuard MDM solution, go to Mobile Device Management for iOS Devices.

The WatchGuard MDM solution requires use of the Apple Push Notification service. Before you begin, configure Endpoint Security to use the Apple Push Notification service. Complete the steps in Manage the Apple Push Certificate.

To download and install the WatchGuard Agent for iOS devices with the WatchGuard MDM solution:

From the Add Computers to this Group drop-down list, select the group you want to add the computer to.
For endpoints with an Endpoint Security license, the security policies assigned to a computer depend on the group it belongs to. For information about groups for endpoints with an Endpoint Security license, go to Manage Computers and Devices in Groups in Endpoint Security.

Screen shot of Add Endpoints dialog box for iOS (Endpoint Security)

Use one of these methods to send the installation profile to the target iOS devices:

QR Code

To use a QR code to send the installation profile, scan the code with the device camera. The device shows the message, This website is trying to download a configuration profile. Do you want to allow this?.

To send an email message with the installation profile download link to the target user, click Send URL by Email. When the device user clicks the link, the device shows the message, This website is trying to download a configuration profile. Do you want to allow this?. The target user clicks Yes to download and install the app.