Get Started with WatchGuard Endpoint Security

Applies To: WatchGuard Advanced EPDR, WatchGuard EPDR, WatchGuard EDR, WatchGuard EPP

Each WatchGuard Endpoint Security product includes software installed on endpoints and WatchGuard Endpoint Security in WatchGuard Cloud to manage security for the devices and your IT network. To get started with WatchGuard Endpoint Security, complete these high-level steps.

  1. Step 1: Activate an Endpoint Security License
  2. Step 2: Allocate Endpoints (Service Providers Only)
  3. Step 3: Configure Pre-Deployment Settings
  4. Step 4: Deploy the Endpoint Agent

For information on how to get started with WatchGuard EDR Core (Total Security Suite), go to Quick Start — Set Up WatchGuard EDR Core.

Step 1: Activate an Endpoint Security License

  1. If you do not have a WatchGuard account, create one at https://accountmanager.cloud.watchguard.com/create-account.
  2. Activate your WatchGuard Endpoint Security license in the WatchGuard Portal.
    For more information, go to Activate an Endpoint Security License.

Trial licenses are also available in WatchGuard Cloud. On the Administration > Trials page, you can start a trial of an endpoint product or module. Trial product licenses include up to 250 endpoint licenses for WatchGuard EPP, EDR, EPDR, or Advanced EPDR. For more information, go to Start a Trial.

Step 2: Allocate Endpoints (Service Providers Only)

  1. Log in to your WatchGuard Cloud account.
  2. Allocate endpoint licenses to your managed accounts.
    For more information, go to Allocate Endpoints.

Step 3: Configure Pre-Deployment Settings

The WatchGuard Endpoint Security installation process consists of a series of steps that depend on the status of the network at the time of deployment and the number of computers and devices you want to protect. Before you deploy the endpoint agent, we recommend that you complete these steps to plan the installation of WatchGuard Endpoint Security:

  1. Identify Unprotected Devices
  2. Verify Minimum Requirements for Target Devices
  3. Determine Computer Default Settings

Identify Unprotected Devices

Identify the physical and virtual macOS, Android, iOS, Windows, or Linux computers and devices you want to protect with WatchGuard Endpoint Security.

Verify that you have purchased enough licenses for the unprotected devices. WatchGuard Endpoint Security allows you to install the endpoint agent even when you do not have enough licenses for all the computers you want to protect. Computers without a license still show information such as installed software and hardware on the computer details page, but are not protected.

For more information, go to Unmanaged Computers Discovered List .

Verify Minimum Requirements for Target Devices

Make sure that the computers and devices you want to protect meet the minimum installation requirements. For information on requirements, go to Endpoint Security Installation Requirements.

WatchGuard endpoint security products require access to multiple Internet-hosted resources. Make sure these URLs and ports are open to allow communication with the WatchGuard servers.

For more information on URLs and port access, go to this Knowledge Base article.

Determine Computer Default Settings

When the client software is installed on the computer or device, WatchGuard Endpoint Security applies the group security settings to the computer or device. During installation, you select a target group for the computer with the required network settings. If the network settings for the selected group differ from the settings specified during installation, the installation settings apply.

For more information, go to Best Practices — Installation Tips for Groups and Settings.

Configure the group organization and define settings before you deploy the endpoint agent.

For more information about the different types of groups, and specific instructions, go to Manage Computers and Devices in Groups.

To add a group:

  1. In WatchGuard Cloud, select Configure > Endpoints.
  2. Select Computers.
  3. From the left pane, select The My Organization folder icon. My Organization.
  4. Next to the group in which you want to add a group, click .

Screen shot of WatchGuard Endpoint Security, Add Group menu option

  1. Select Add Group.
    The Add Group dialog box opens.

Screen shot of WatchGuard Endpoint Security, Add Group dialog box

  1. Type a Name for the group.
  2. Click Add.

To configure settings from WatchGuard Cloud, you must first create a settings profile. For more information, go to Best Practices — Installation Tips for Groups and Settings.

If you plan to use WatchGuard Endpoint Security with third-party antivirus software, you should add exclusions in both the third-party product and WatchGuard Endpoint Security to make sure that they do not overlap or create false detections. For information on how to create exclusions, go to Create Exclusions in WatchGuard Endpoint Security.

To create a settings profile:

  1. In WatchGuard Cloud, select Configure > Endpoints.
  2. Select Settings.
  3. From the left pane, select the type of security settings you want to create a profile for.
  4. In the upper-right corner, click Add.
    The Add Settings page opens.

The Add Settings page shows different options for WatchGuard Advanced EPDR, EPDR, EDR, EDR Core, and EPP.

  1. In the Name text box, type a new name for the settings profile.
  2. In the Description text box, type a description of the profile.
    For example, you might describe the security needs addressed in the settings.
  3. Expand each section and configure the settings.
  4. Settings vary for WatchGuard Advanced EPDR, EPDR, EDR, EDR Core, and EPP. Throughout this documentation, WatchGuard Endpoint Security refers generally to all products. If you do not have a setting in the Endpoint Security management UI, it is not supported by your product.

    For more information, go to:

  1. When you have configured all the settings, click Save.

Step 4: Deploy the Endpoint Agent

Deploy the WatchGuard Endpoint Agent to computers and devices in your organization with the correct network settings. The deployment strategy depends on the number of devices to protect, the devices with an endpoint agent already installed, and the company network architecture, including whether there is a mobile device management solution in use.

For more information, go to the appropriate installation procedure for your scenario and platform:

Related Topics

Endpoint Security Installation Requirements

Endpoint Security Installation Plan

Install the Endpoint Software

Manage Trials – Service Providers

Manage Trials - Subscribers

Manage Settings

Troubleshooting