Liongard Integration Guide

Liongard is used by Management Service Providers (MSPs) for asset inspection. Liongard agents are installed on MSP customer endpoints to discover and monitor IT assets. Liongard can discover WatchGuard devices and use authentication credentials to access specific device information such as subscription status, renewal date, hardware model, and other device properties.

This document describes how to use Liongard to discover and monitor a WatchGuard Firebox.

Platform and Software

The hardware and software used to complete the steps in this document include:

  • WatchGuard Firebox with Fireware v12.5.5 or higher
  • Liongard Cloud
  • Liongard agent installed on Windows Server 2012

This diagram outlines the topology used for this integration:

Screenshot of test topy

Set Up the Firebox

You must configure SSH settings on the WatchGuard Firebox before you can inspect the Firebox with Liongard.

  1. Log in to Fireware Web UI (https://<your firebox IP address>:8080).
  2. Select Firewall > Firewall Policies.
  3. Click Add Policy.
  4. Select Custom.
  5. Next to the Custom radio button, click Add.

Screenshot of Add Firewall Policy

  1. In the Name and Description text boxes, type the name and description.
  2. In the Protocols section, click Add.

Screenshot of Add Policy Template

  1. From the Type drop-down list, select Single Port.
  2. From the Protocol drop-down list, select TCP.
  3. In the Server Port text box, type 4118.

Screenshot of Protocol

  1. Click OK.

Screenshot of SSH Inspector

  1. Click Save.

Screenshot of Add Policy of ssh

  1. Click Add Policy.
  2. Edit the policy traffic from Any-Trusted to Firebox.

Screenshot of SSH Inspector policy

  1. Click Save. The SSH policy should appear with these properties:

Screenshot of policy list

Set Up Liongard

Install Liongard Agent

For instructions on how to Install Liongard Agent, refer to the install MSI agent guide. In this example, we use On-Premise Agent with Windows Server 2012.

Liongard configure

  1. Log in to Liongard Cloud.
  2. Select Admin > Agents. Your On-Premise Agent should be on the list.

Screenshot of Agent display

  1. Click the installed agent.
  2. From the Environment drop-down list, select an environment. You can use your system default environment.

Screenshot of SELECT Environment

  1. Click Save.
  2. Select Admin > Inspectors. Select WatchGuard Inspector.

Screenshot of WatchGuard Inspectors

  1. Select WatchGuard Inspector.

Screenshot of WatchGuard Inspectors

  1. Click Add System.
  2. From the Environment drop-down list, select your environment.
  3. In the Friendly Name text box, type a name for the device.
  4. From the Agent drop-down list, select your installed agent.
  5. In the IP / Hostname text box, type your WatchGuard Firebox IP address or the host name resolvable from the agent machine.
  6. In the SSH Port text box, type 4118.
  7. In the SSH Username text box, type the user name.
  8. In the SSH Password text box, type the password.

Screenshot of Create Watchguard Launchpoint

  1. To use a private key, type the private key in the OR SSH Private Key text box. Then, type the pass phrase for the private key in the SSH Passphrase for Private Key (if configured) text box.
  2. For the other settings, keep the default values.
  3. Click Save.After a few minutes, inspector status will change to Completed.

Screenshot of inspect done

Test the Firebox and Liongard Integration

  1. Log in to Liongard Cloud.
  2. Select Admin > Inspectors. Select WatchGuard Inspector.
  3. Select the system you previously added.
  4. WatchGuard Firebox information appears.

Screenshot of firebox information display

Screenshot of firebox information display