WatchGuard

This document provides the steps required to configure the WatchGuard Inspector.

👍

Quick Details

Recommended Agent: Self-Managed
Supported Agents: Self-Managed
Is Auto-Discovered By: Network Discovery Inspector
Can Auto-Discover: N/A
Parent/Child Type Inspector: No
Inspection via: SSH
Data Summary: Here

Overview

See it in Action

Inspector Setup Preparation

Configure Agent Access

Before starting with the Inspector setup, you will need to configure the WatchGuard device such that a Liongard Agent can access it via SSH and log in with a valid username and password or SSH key.

  • Create a Liongard Service Account with the Device Monitor permission and either a password or SSH key that can be entered into Liongard for authentication purposes.
  • See WatchGuard's documentation for more information on the user creation process and the Device Monitor role.
  • Configure SSH settings on the WatchGuard Firebox so that inspections can be performed by Liongard. See WatchGuard's documentation for more information.
  • Use (or set up) an On-premises Agent inside the firewall or deploy a Self-Hosted Agent and configure the firewall such that the SSH interface can be reached from the Self-Hosted Agent.

Liongard Inspector Setup

Individual Inspector Setup

In Liongard, navigate to Admin > Inspectors > Inspector Types > Navigate to the WatchGuard Inspector > Select Add System.

Fill in the following information:

  • Environment: Select the Environment this System should be associated to
  • Friendly Name: Suggested "WatchGuard [Environment Name]"
  • Agent: Select the On-premises Agent installed for this Environment
  • Inspector Version: Latest
  • IP/Hostname: The IP address or hostname (resolvable from the Agent machine) of the WatchGuard device
  • SSH Port: SSH port reachable from the Agent machine
  • SSH Username: Username on the WatchGuard device for use by the Inspector
  • SSH Password or SSH Private Key: The password or SSH key associated with the above username.
  • SSH Passphrase for Private Key (if configured): SSH key passphrase, if using a private key with a passphrase.
  • Show Access Rules With Errors: Turning this off will exclude any access rules that have errors
  • Scheduling: The Inspector will default to run once a day at the time the Inspector is set up. Here you can adjust the schedule

Select Save. The Inspector will now be triggered to run within the minute.

Optional: Turn on Flexible Asset/Configuration Auto-Updating

If you would like this Inspector's data to be sent to ConnectWise and/or IT Glue, turn on Flexible Assets/Configurations for this Inspector:

  • ConnectWise: Admin > Integrations > ConnectWise > Configuration Types > Confirm the "Configuration Auto-Updating" toggle is enabled
  • IT Glue: Admin > Integrations > IT Glue > Flexible Assets > Confirm the "Flexible Asset Auto-Updating" toggle is enabled

Roll out Inspectors at Mass via CSV Import

For more information, please visit our documentation.

To import WatchGuard Inspectors via CSV Import, navigate to Admin > Inspectors > WatchGuard > Select the down arrow icon in the top right-hand to Download CSV Import Template.

In the CSV Template, each row, starting on row three, will represent an Inspector. Fill in the following information for each Inspector you want to roll out:

  • Agent.Name: This column is case sensitive. Copy and paste the associated Agent name from the Admin > Agents screen
  • Inspector.Name: Enter "watchguard-inspector"
  • Environment.Name: This column is case sensitive. Copy and paste the associated Environment name from the Dashboard screen
  • Alias: Enter the Desired Friendly Name
  • Config.SSH_HOST: Enter the IP address or hostname (resolvable from the Agent machine) of the WatchGuard device
  • SecureConfig.SSH_PORT: Enter the SSH port reachable from the Agent machine
  • SecureConfig.SSH_USER: Enter the Username on the WatchGuard device for use by the Inspector
  • SecureConfig.SSH_PASSWORD: (Unless you created a SSH Private Key and Passphrase) Enter the password associated with the above username
  • SecureConfig.SSH_PRIVATE_KEY: (Unless you are using the username's password) Enter the SSH key
  • SecureConfig.SSH_PASS_PHRASE: (Unless you are using the username's password) Enter the SSH key's passphrase
  • FreqType: Enter "days"
  • FreqInterval: Enter "1"

When ready to Import the CSV Template of Inspectors, navigate to Admin > Inspectors > WatchGuard > Select the up arrow icon in the top right-hand to Import CSV > Select your saved template.

After the successful import notification, reload your browser to find your imported Inspectors.

These Inspectors will automatically trigger themselves to run within a minute.

Activating Auto-Discovered Inspectors

If you have set up a Network Discovery Inspector, it can auto-discover your Watchguard Inspectors. After completing the setup preparation above, follow the steps below:

Navigate to Admin > Inspectors > Select Watchguard Inspector > Select the Discovered Systems tab

Here you can Activate your Discovered Watchguard Inspector(s):

  1. Individually select the three dots Action menu to the left of the Discovered Watchguard Inspector(s)
  2. Edit the Watchguard Inspector(s) to include the following credentials gathered in the Inspector Setup Preparation
  • SSH Username: Username on the WatchGuard device for use by the Inspector
  • SSH Password or SSH Private Key: The password or SSH key associated with the above username.
  • SSH Passphrase for Private Key (if configured): SSH key passphrase, if using a private key with a passphrase.
  • Show Access Rules With Errors: Turning this off will exclude any access rules that have errors
  1. Save the Inspector(s)
  2. Select the checkbox to the left of the Inspector(s) that you would like to Activate
  3. Select the Actions drop-down menu above the Discovered Systems table
  4. Select Activate Launchpoints

🚧

Serverless Environment

We recommend deploying the WatchGuard Inspector using an On-Premises Agent. However, if a client network is serverless, you can deploy and allowlist a Self-Hosted Agent and use that Agent to run the Inspector. Please review this documentation for more information.

This Inspector runs on Port 4118.

WatchGuard Quick Tips/FAQs

Inspector FAQs