WatchGuard Endpoint Security software is compatible with Windows, Linux, Android, iOS, and macOS. Installation requirements differ for different platforms. Detailed requirements information is available from the WatchGuard Endpoint Security Release Notes.
For modules requirements, go to the appropriate topic:
- WatchGuard Full Encryption Requirements
- Patch Management Requirements
- Advanced Visualization Tool Requirements
- Data Control Requirements
- SIEMFeeder Requirements
These are the system requirements for each supported platform.
Workstations — Windows XP SP3 and higher, Windows Vista, Windows 7, Windows 8 and higher, Windows 10, and Windows 11
Installation on Windows XP requires a computer with the cache role assigned. For more information, go to this Knowledge Base article (external).
Servers — Windows 2003 SP2 and higher, Windows 2008, Windows Small Business Server 2011 and higher, Windows Server 2012 R2, Windows Server 2016, Windows Server 2019, Windows Server Core 2008 and higher, Windows Server Core 2012 R2, Windows Server Core 2016, Windows Server Core 2019, and Windows Server 2022
Versions with an ARM processor — Windows 10 Home and Pro
Minimum free space for installation — 650 MB
Updated root certificates to use the Patch Management module and establish real-time communications with the Endpoint Security management UI.
To keep security software up to date, the workstation or server must support SHA-256 driver signing. For more information about affected operating systems and how to update them, go to Update Required to Support SHA-256 Signed Drivers.
Compatible with Windows XP Embedded and higher. Windows Embedded systems allow custom installations that could possibly impact the installation and working of WatchGuard Endpoint Security products and modules. After you install WatchGuard Endpoint Security, we recommend that you verify the different protection modules work correctly.
For more information about supported Windows versions, go to the Release Notes.
Operating systems — macOS 10.10 Yosemite and higher (WatchGuard EDR Core requires macOS Catalina 10.15 and higher (Intel and ARM).)
Processor: Intel® Core 2 Duo
RAM: 2 GB
Minimum free space for installation — 400 MB
Ports — 3127, 3128, 3129, and 8310 must be accessible for the web anti-malware and URL filtering to work.
For more information about macOS requirements, go to the Release Notes.
64-bit operating systems — AlmaLinux 8.3 and higher, Ubuntu 14.04 LTS and higher, Fedora 23 and higher, Debian 8 and higher, RedHat 7 and higher, CentOS 7 and higher, LinuxMint 18 and higher, SuseLinux Enterprise 11SP2 and higher, Oracle Linux 6.0 and higher, RHEL 8.6, and Rocky Linux 8.3 and higher. No window manager required. Use the /usr/local/protection-agent/bin/pa_cmd tool from the command line.
32-bit operating systems — RedHat 6 and CentOS 6
For a complete list of the supported kernels, go to this Knowledge Base article: Supported Kernels (external).
Minimum free space for installation — 500 MB
For more information about Linux requirements, go to the Release Notes.
To install WatchGuard Endpoint Security on Linux platforms, the target computer must remain connected to the Internet during the installation process. The installer connects to the appropriate repositories based on the system (RPM or DEB), and the packages required to finish the installation successfully download.
Operating systems — Android 4.0 or higher
Minimum free space for installation — 10 MB
For more information about Android requirements, go to the Release Notes.
Operating systems — iOS 13 / iPadOS 13, iOS 14 / iPadOS 14, iOS 15 / iPadOS 15, iOS 16 / iPadOS
Minimum free space for installation — 12 MB
For more information about iOS requirements, go to the Release Notes.
WatchGuard Endpoint Security requires access to multiple Internet-hosted resources. It requires access to ports 80 and 443.
To implement certain features, the security software installed on the computers on the network uses these listening ports:
- TCP port 18226: Used by computers with the cache role to serve files.
- TCP port 21226: Used by computers with the cache role to request the files to download.
- TCP port 3128: Used by computers with the proxy role.
- UDP port 21226: Used by computers with the discovery computer role.
- TCP port 33000: Used by computers that make a VPN connection to the Firebox.
For more information, go to Designate a Cache Computer (Windows computers), Designate a Computer as a WatchGuard Proxy (Windows Computers), Designate a Discovery Computer, and Configure Network Access Enforcement in WatchGuard Endpoint Security.
For a complete list of the URLs that WatchGuard Endpoint Security requires access to, go to this Knowledge Base article.
For push notifications to work, open ports 5228, 5229, and 5230 to all IP addresses contained in the IP blocks listed in Google’s ASN 15169.
The application installed on iOS mobile device uses the Apple Push Notification service to communicate with the software. If the device is connected to the network by 2G, 3G, or 4G, there are no specific network requirements. If the device is connected to the network by Wi-Fi, Access Point (AP) or other method, it connects to specific servers. Make sure these ports are available:
- TCP 5223 to communicate with the Apple Push Notification service
- TCP 443 or 2197 to send notifications
Servers that make up the Apple Push Notification service use load balancing. This means that the device will not always connect to the same IP address. We recommend that you configure your firewall to allow connections to the entire 220.127.116.11/8 range assigned to Apple.
If this is not possible, allow connections to these ranges for IPv4:
Allow connections to these ranges for IPv6: