Quick Start — Set Up WatchGuard EDR Core
WatchGuard EDR Core includes the WatchGuard Endpoint Agent and software installed on endpoints, as well as an Endpoint Security management UI in WatchGuard Cloud to manage security for the devices on your IT network.
In preparation for the release of ThreatSync, accounts with TDR Host Sensor licenses in WatchGuard Cloud were duplicated with EDR Core licenses. You may already have an EDR Core license in WatchGuard Cloud.
To get started with WatchGuard EDR Core, complete these high-level steps:
- Step 1: Activate a Total Security Suite License
- Step 2: Allocate Endpoints (Service Providers Only)
- Step 3: Configure Pre-Deployment Settings
- Step 4: Deploy the WatchGuard Endpoint Agent
EDR Core includes EDR and adds XDR capabilities via ThreatSync. For information on ThreatSync, go to About ThreatSync.
Step 1: Activate a Total Security Suite License
To get started with EDR Core, make sure you have an active Total Security Suite license for your Firebox (or TDR Host Sensor licenses) and a WatchGuard Cloud account.
- If you do not have a WatchGuard account, create one at https://accountmanager.cloud.watchguard.com/create-account.
Activate your Total Security Suite subscription in the WatchGuard Portal.
For more information, go to Activate a Device or Service at WatchGuard.com.
Step 2: Allocate Endpoints (Service Providers Only)
When you activate a Total Security Suite license (or if you had TSS or TDR Host Sensor licenses already activated), the EDR Core license and available endpoints appear in the Inventory page in WatchGuard Cloud.
- Log in to your WatchGuard Cloud account.
Allocate endpoint licenses to your managed accounts.
For more information, go to Allocate Endpoints.
Step 3: Configure Pre-Deployment Settings
The WatchGuard EDR Core installation process consists of a series of steps that depend on the status of the network at the time of deployment and the number of computers and devices you want to protect. Before you deploy the endpoint agent, we recommend that you complete these steps to plan the installation of WatchGuard EDR Core:
- <![CDATA[ ]]>Identify Unprotected Devices
- Verify Minimum Requirements for Target Devices
- Determine Computer Default Settings
Identify Unprotected Devices
Identify the physical and virtual macOS, Android, iOS, Windows, or Linux computers and devices you want to protect with WatchGuard Endpoint Security.
Verify that you have purchased enough licenses for the unprotected devices. WatchGuard Endpoint Security allows you to install the endpoint agent even when you do not have enough licenses for all the computers you want to protect. Computers without a license still show information such as installed software and hardware on the computer details page, but are not protected.
For more information, go to Unmanaged Computers Discovered List .
Verify Minimum Requirements for Target Devices
Make sure that the computers and devices you want to protect meet the minimum installation requirements. For information on requirements, go to Endpoint Security Installation Requirements.
WatchGuard endpoint security products require access to multiple Internet-hosted resources. Make sure these URLs and ports are open to allow communication with the WatchGuard servers.
For more information on URLs and port access, go to this Knowledge Base article.
Determine Computer Default Settings
When the client software is installed on the computer or device, WatchGuard Endpoint Security applies the group security settings to the computer or device. During installation, you select a target group for the computer with the required network settings. If the network settings for the selected group differ from the settings specified during installation, the installation settings apply.
Configure the group organization and define settings before you deploy the WatchGuard Endpoint Agent.
For more information about the different types of groups, and specific instructions, go to Manage Computers and Devices in Groups.
To add a group:
- In WatchGuard Cloud, select Configure > Endpoints.
- Select Computers.
- From the left pane, select My Organization.
- Next to the group in which you want to add a group, click .
- Select Add Group.
The Add Group dialog box opens.
- Type a Name for the group.
- Click Add.
To configure settings from WatchGuard Cloud, you must first create a settings profile. For more information, go to Installation Tips for Groups and Settings.
To create a settings profile:
- In WatchGuard Cloud, select Configure > Endpoints.
- Select Settings.
- From the left pane, select the type of security settings you want to create a profile for.
- In the upper-right corner, click Add.
The Add Settings page opens.
- In the Name text box, type a new name for the settings profile.
- In the Description text box, type a description of the profile.
For example, you might describe the security needs addressed in the settings.
- Expand each section and configure the settings.
Settings vary for WatchGuard EPDR, WatchGuard EDR, WatchGuard EDR Core, and WatchGuard EPP. Throughout this documentation, WatchGuard Endpoint Security refers generally to all three products. If you do not see a setting in the Endpoint Security management UI, it is not supported by your product.
For more information, go to:
- Configure Per-Computer Settings
- Configure Network Settings
- Configure Workstation and Server Security Settings
- Configure Indicators of Attack Settings
- Configure Program Blocking Security Settings (Windows computers)
- Configure Authorized Software Settings (Windows computers)
- Configure Mobile Device Security Settings
- Configure Patch Management Security Settings
- Encryption Settings
- When you have configured all the settings, click Save.
Step 4: Deploy the WatchGuard Endpoint Agent
Deploy the WatchGuard Endpoint Agent to computers and devices in your organization with the correct network settings. The deployment strategy depends on the number of devices to protect, the devices with an endpoint agent already installed, and the company network architecture, including whether there is a mobile device management solution in use.
For more information, go to the appropriate installation procedure for your scenario and platform:
- Download the WatchGuard Endpoint Agent Installer
- Install the Endpoint Software
- Install the Endpoint Software Locally
- Install the Endpoint Security Software on Windows Computers and Servers
- Install the Endpoint Security Software on macOS Computers
- Install the Endpoint Security Software on Linux Computers
- Install the WatchGuard Mobile Security App on Android Devices
- Install the WatchGuard Mobile Security App on iOS Devices
- Install the Endpoint Software Remotely (Windows computers)
- Install the Endpoint Software with Centralized Tools (Windows only)
- Install the Endpoint Software from a Gold Image
Endpoint Security Installation Requirements
Endpoint Security Installation Plan