Configure the WatchGuard Endpoint Security Plug-in

You must configure the plug-in to access the Endpoint Security Management API in WatchGuard Cloud. This enables you to connect with WatchGuard Cloud and download your managed account data. You can then associate your WatchGuard Cloud managed accounts with your existing ConnectWise Automate client accounts.

Enable API Access in WatchGuard Cloud

WatchGuard public APIs use the Open Authorization (OAuth) 2.0 authorization framework for token-based authentication. To use the Endpoint Security Management API, you must first enable API access in your WatchGuard Cloud account to retrieve the required parameters for your plug-in configuration. For more information, see Enable API Access in WatchGuard Cloud.

To enable API access in Watchguard Cloud:

  1. Log in to WatchGuard Cloud.
    If you are a Service Provider, from Account Manager, select My Account or a managed account.
  2. Select Administration > Managed Access.
  3. Click Enable API Access.

Screen shot of the Enable API Access page in WatchGuard Cloud

  1. Specify the readwrite and readonly passwords to use as your API access credentials.

Screen shot of the Enable API Access password page in WatchGuard Cloud

Passwords must include an uppercase letter, a lowercase letter, a number, and a special character. The Read-write password and the Read-only password must be different.

You must use the Read-write Access ID and password for the plug-in configuration.

  1. Select the I agree to the terms and conditions in the WatchGuard APIs License Agreement check box.
  2. Click Save.

After you enable API access, these parameters appear that you must specify in your plug-in configuration. You can see these parameters on the Administration > Managed Access page in WatchGuard Cloud.

Screen shot of the Administration > Managed Access page with API information in WatchGuard Cloud

The base URL varies by region. This example shows a US-based server.

Configure the Plug-in

To configure the WatchGuard Endpoint Security plug-in:

  1. Select Configuration > Connection.

Screen shot of the plug-in Configuration page

  1. Configure these parameters:
    • Authentication API URL —Type the URL to authenticate API access to WatchGuard Cloud. The base URL varies by region. For example, the US region uses this server: https://api.usa.cloud.watchguard.com/oath/token
    • API URL — Type the URL for API access to WatchGuard Cloud.
      The base URL varies by region. This example uses US-based servers.

      For WatchGuard Endpoint Security product customers, use this URL: https://api.usa.cloud.watchguard.com/rest/endpoint-security/management
      For Panda Aether platform customers, use this URL: https://api.usa.cloud.watchguard.com/rest/aether-endpoint-security/aether-mgmt
    • Account ID — Type the WatchGuard Cloud Account ID of the managed account for which you want to make API requests. This must be the Account ID of a service provider or subscriber account that you manage in WatchGuard Cloud. To view your account ID, select Administration > My Account in WatchGuard Cloud.
    • Access ID — Type the Access ID for Read-write API access to WatchGuard Cloud.
    • Access Password — Type the password for the Read-write Access ID you specified for API access to WatchGuard Cloud.
    • Make sure you specify the Read-write Access ID and password for API access. The Read-only Access ID might cause errors when you use the plug-in.

    • API Key — Type the API key associated with your WatchGuard Cloud account.

Test the Connection

To test the connection for WatchGuard Cloud API access, click Connect.

If the connection is successful, the plug-in saves the configuration and enables you to continue to the client association process. For more information, see Map ConnectWise Automate Clients and WatchGuard Cloud Accounts.

If you configure the plug-in with a WatchGuard Cloud service provider account, the plug-in also retrieves all managed accounts of the partner account. This process might take several seconds to retrieve data about the accounts from WatchGuard Cloud.

If the connection is not successful:

  • Make sure the Access ID for API access is enabled in WatchGuard Cloud.
  • Make sure the Access ID and password are for the correct WatchGuard Cloud Account ID.
  • Verify the API Key.
  • Make sure the Account ID is correct.
  • Check if the WatchGuard Cloud Account ID was removed or merged with another account.

Remove Plug-in Data

You can remove all data from the plug-in, including all client account data and your WatchGuard Cloud API access information. We recommend you remove all data before you remove the plug-in. For more information, see Remove the WatchGuard Endpoint Security Plug-in.

To remove all data from the plug-in:

  1. Click Remove Data.
    A confirmation message appears
  2. To confirm that you want to remove all plug-in data, click Yes.
  3. Close and restart the ConnectWise Automate Control Center if you want to restart and reconfigure the plug-in.