Installation Requirements

Applies To: WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

WatchGuard Endpoint Security software is compatible with Windows, Linux, Android, iOS, and macOS. Installation requirements differ for different platforms. Detailed requirements information is available from the WatchGuard Endpoint Security Release Notes.

For modules requirements, see the appropriate topic:

Systems Requirements

These are the system requirements for each supported platform.

Windows

Workstations — Windows XP SP3 and higher, Windows Vista, Windows 7, Windows 8 and higher, Windows 10, and Windows 11

Servers — Windows 2003 SP2 and higher, Windows 2008, Windows Small Business Server 2011 and higher, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server Core 2008 and higher, Windows Server Core 2012 R2, Windows Server Core 2016, Windows Server Core 2019, and Windows Server 2022

Versions with an ARM processor — Windows 10 Home and Pro

Minimum free space for installation — 650 MB

Updated root certificates to use the Patch Management module and establish real-time communications with the web UI.

To keep security software up to date, the workstation or server must support SHA-256 driver signing. For more information about affected operating systems and how to update them, see Update Required to Support SHA-256 Signed Drivers.

Compatible with Windows XP Embedded and higher. Windows Embedded systems allow custom installations that could possibly impact the installation and working of WatchGuard Endpoint Security products and modules. After you install WatchGuard Endpoint Security, we recommend that you verify the different protection modules work correctly.

For more information about supported Windows versions, see the Release Notes.

macOS

Operating systems — macOS 10.10 Yosemite and higher

Processor: Intel® Core 2 Duo

RAM: 2 GB

Minimum free space for installation — 400 MB

Ports — 3127, 3128, 3129, and 8310 must be accessible for the web anti-malware and URL filtering to work.

For more information about macOS requirements, see the Release Notes.

Linux

64-bit operating systems — Ubuntu 14.04 LTS and higher, Fedora 23 and higher, Debian 8 and higher, RedHat 7 and higher, CentOS 7 and higher, LinuxMint 18 and higher, SuseLinux Enterprise 11SP2 and higher, Oracle Linux 6.0 and higher. No window manager required. Use the /usr/local/protection-agent/bin/pa_cmd tool from the command line.

32-bit operating systems — RedHat 6 and CentOS 6

Supported kernel — Up to version 5.5.0 64 (64-bit). On 32-bit systems, versions 2.6.32-71 to 2.6.32-754

Any later version of the kernel is not supported. For information about the last Linux kernel version supported, see the Release Notes.

Minimum free space for installation — 500 MB

Ports — 3127, 3128, 3129, and 8310 must be open for the URL filtering and Web malware detection features to work. On computers with no graphical environment installed, the URL filtering and web detection features are disabled.

To install WatchGuard Endpoint Security on Linux platforms, the target computer must remain connected to the Internet during the installation process. The installer connects to the appropriate repositories based on the system (RPM or DEB), and the packages required to finish the installation successfully download.

Android

Operating systems — Android 4.0 or higher

Minimum free space for installation — 10 MB

For more information about Android requirements, see the Release Notes.

iOS

Operating systems — iOS 13 / iPadOS 13, iOS 14 / iPadOS 14, iOS 15 / iPadOS 15

Minimum free space for installation — 12 MB

For more information about iOS requirements, see the Release Notes.

Network Requirements

WatchGuard Endpoint Security requires access to multiple Internet-hosted resources. It requires access to ports 80 and 443.

To implement certain features, the security software installed on the computers on the network uses these listening ports:

  • TCP port 18226: Used by computers with the cache/repository role to serve files.
  • TCP port 21226: Used by computers with the cache/repository role to request the files to download.
  • TCP port 3128: Used by computers with the proxy role.
  • UDP port 21226: Used by computers with the discovery computer role.
  • TCP port 33000: Used by computers that make a VPN connection to the Firebox.

For more information, see Designate a Cache Computer (Windows computers), Designate a Computer as a WatchGuard Proxy , Designate a Discovery Computer, and Configure Secure VPN.

For a complete list of the URLs that WatchGuard Endpoint Security requires access to, see this Knowledge Base article.

Android Devices

For push notifications to work, open ports 5228, 5229, and 5230 to all IP addresses contained in the IP blocks listed in Google’s ASN 15169.

iOS Devices

The application installed on iOS mobile device uses the Apple Push Notification service to communicate with the software. If the device is connected to the network by 2G, 3G, or 4G, there are no specific network requirements. If the device is connected to the network by Wi-Fi, Access Point (AP) or other method, it connects to specific servers. Make sure these ports are available:

  • TCP 5223 to communicate with the Apple Push Notification service
  • TCP 443 or 2197 to send notifications

Servers that make up the Apple Push Notification service use load balancing. This means that the device will not always connect to the same IP address. We recommend that you configure your firewall to allow connections to the entire 17.0.0.0/8 range assigned to Apple.

If this is not possible, allow connections to these ranges for IPv4:

  • 17.249.0.0/16
  • 17.252.0.0/16
  • 17.57.144.0/22
  • 17.188.128.0/18
  • 17.188.20.0/23

Allow connections to these ranges for IPv6:

  • 2620:149:a44::/48
  • 2403:300:a42::/48
  • 2403:300:a51::/48
  • 2a01:b740:a42::/48

See Also

Determine the Software Version

WatchGuard Endpoint Security Release Notes