About Endpoint Security Licenses

The WatchGuard Endpoint Security portfolio includes these products and modules:

  • WatchGuard Endpoint Protection Platform (EPP)
  • WatchGuard Endpoint Detection and Response (EDR)
  • WatchGuard Endpoint Protection Detection and Response (EPDR)
  • WatchGuard Advanced EPDR
  • WatchGuard Full Encryption
  • WatchGuard Patch Management
  • WatchGuard Advanced Reporting Tool
  • WatchGuard Data Control
  • WatchGuard SIEMFeeder
  • WatchGuard MDR

WatchGuard EDR Core is included in the Firebox Total Security Suite. It is available for a limited number of endpoints, based on the Firebox model. With a Total Security Suite subscription license, you will see an EDR Core license in WatchGuard Cloud. You can use WatchGuard Cloud to manage EDR Core endpoint allocation and to access the Endpoint Security management UI. For information on EDR Core features, go to WatchGuard EDR Core Features.

License Types

WatchGuard Endpoint Security products and modules are licensed for each endpoint (for example, computers, laptops, servers, mobile devices, etc.).

There are four types of licenses:

Term Licenses

A term license has a set number of endpoints and a set duration, or term. For example, you might purchase a license for 100 endpoints that expires after three years. The license expires the day after the expiration date at 00 UTC.

Subscription Licenses

A subscription license enables you and your managed accounts to add endpoints with no allocation limits. You can set a limit on the accounts you manage. With a subscription license, WatchGuard bills you monthly based on the number of endpoints you have allocated. For more information, go to About Subscription Licenses.

Trial Licenses

Trial licenses of WatchGuard Advanced EPDR, EPDR, EDR, EPP, and all modules are available to Service Provider and Subscriber accounts in WatchGuard Cloud. Trial licenses expire after 30 days but you can renew them one time for another 30 days. For information, go to Extend a Trial – Service Providers.

NFR Licenses (Service Providers only)

A Not for Resale license includes a set number of endpoints and typically has a three-year term. NFR licenses are available to Service Providers only.

Term License Activation

You can activate licenses on the Activate Licenses page on the WatchGuard website. For more information, go to Activate an Endpoint Security License.

After you activate an endpoint security product or module license, from Support Center, on the Endpoint Security page, you can review the activated licenses for your account. Select WatchGuard EPP, EDR, EPDR, or Advanced EPDR, and then click the name of a license to view the details and history of that license.

Licenses work differently for WatchGuard Cloud Subscriber and Service Provider accounts.

Subscribers

Subscriber accounts can only have one product license. When a Subscriber account activates a new license key in the Support Center, it is used to modify the current active license. You can use a new license to add endpoints or extend the license expiration.

Service Providers

Service Providers can have many product licenses. When a Service Provider activates a new license key, they can use it to modify an active license or add a new, separate license. After activation, the license appears in the Service Provider inventory in WatchGuard Cloud, but the expiration date of the license is tracked separately.

Endpoint Security Module Activation

To activate endpoint security modules, you must have an existing license for an endpoint security product (for example, WatchGuard EPP, EDR, EPDR, or Advanced EPDR). Available endpoint security modules depend on your endpoint security product:

  • WatchGuard Full Encryption — Available for use with WatchGuard EPP, WatchGuard EDR, WatchGuard EPDR, and Advanced EPDR.
  • WatchGuard Patch Management — Available for use with WatchGuard EPP, WatchGuard EDR, WatchGuard EPDR, and Advanced EPDR.
  • WatchGuard Advanced Reporting Tool — Available for use with WatchGuard EDR, WatchGuard EPDR, and Advanced EPDR.
  • WatchGuard Data Control — Available for use with WatchGuard EDR, WatchGuard EPDR, and Advanced EPDR. Only available in select European countries.
  • WatchGuard SIEMFeeder — Available for use with WatchGuard EDR, WatchGuard EPDR, and Advanced EPDR.
  • WatchGuard MDR — For approved Partners, available for use with WatchGuard EDR, WatchGuard EPDR, and Advanced EPDR.

Modules are not available with WatchGuard EDR Core. We recommend you upgrade to WatchGuard EPDR. If you upgrade to WatchGuard EPDR, your EDR Core license becomes inactive.

You cannot allocate more modules than the number of endpoints in the endpoint security product license. The required number of modules varies by product:

  • WatchGuard Full Encryption — Module license should include the same number of endpoints as Windows and Mac devices deployed. If Full Encryption is only used in some specific endpoints, you can set the number of endpoints where the module will be used. For more information, go to WatchGuard Full Encryption Requirements.
  • WatchGuard Patch Management — Module license should include the same number of endpoints as endpoint devices deployed (Windows, Linux, and Mac). For more information, go to Patch Management Requirements.
  • WatchGuard Advanced Reporting Tool (ART) — Module license should include the same number of endpoints as workstations and servers protected (Windows, Linux, and Mac). For more information, go to Advanced Visualization Tool Requirements.
  • WatchGuard Data Control — Module license should include the same number of endpoints as Windows devices deployed. For more information, go to Advanced Visualization Tool Requirements.
  • WatchGuard SIEMFeeder — Module license should include the same number of endpoints for the SIEMFeeder service as you have for WatchGuard EDR, WatchGuard EPDR, or Advanced EPDR. For more information, go to SIEMFeeder Requirements.
  • WatchGuard MDR — Module license must include the same number of endpoints for WatchGuard MDR as you have for WatchGuard EDR, WatchGuard EPDR, or Advanced EPDR. For more information, go to About WatchGuard MDR.

Caution: If WatchGuard detects that any endpoint security module has been used on more computers than allowed, we reserve the right to disable the module on the computers you do not have licenses for.

License Renewals and Upgrades

To renew a license or modify an existing license, you purchase a new license and activate it. When you activate the new license, you select whether to add endpoints or extend your current license. When you add endpoints to your active license or extend it, the new license merges with your active license and the two licenses are co-termed.

Co-terming consolidates or merges your term licenses to synchronize renewal dates. When you co-term licenses, a new expiration date is calculated based on the updated endpoints count and the term length of the license you activated. If you add endpoints, the number of endpoints you purchased is added to your current inventory. For example, if you have 50 endpoints and purchase a term license for 100 endpoints, your final count after you activate your new license is 150 endpoints.

If you have an active subscription license, when you renew a term license, your subscription usage count reduces automatically so that only the endpoints in excess of your termed license are billed as subscription endpoints.

When you extend your license, if you purchased the same number of endpoints that you currently have, your license is extended for another period (one or three years). If you purchased more endpoints than are in your current inventory, your inventory immediately updates to match the number of endpoints you purchased the license for.

To renew with fewer endpoints , purchase a license for the desired number of endpoints and choose Extend License when you activate your license key.

When you renew the license for fewer endpoints, we recommend that you do so close to your expiration date. If you activate the license key before your expiration date, your license count reduces immediately. This could limit the number of endpoints available for your managed accounts and your account could become overallocated.

If you have an active subscription license, when you renew or upgrade a term license your subscription usage is automatically updated so that only the endpoints in excess of your termed licenses are billed as subscription endpoints.

Service Provider accounts can have multiple WatchGuard Endpoint Security licenses on their account. In WatchGuard Cloud, Service Providers can change product allocation to a different product (for example, change WatchGuard EDR to WatchGuard EPDR). For more information, go to Allocate Endpoints.

Tier-1 Service Providers can only upgrade a WatchGuard Endpoint Security license during activation. You cannot downgrade a license during activation. For more information, go to Activate an Endpoint Security License

Current Product Upgrade Available
WatchGuard EDR Core (available with the Firebox Total Security Suite subscription) WatchGuard EDR, WatchGuard EPDR, Advanced EPDR*
WatchGuard EPP WatchGuard EDR, WatchGuard EPDR, Advanced EPDR
WatchGuard EDR WatchGuard EPDR, Advanced EPDR
WatchGuard EPDR Advanced EPDR
WatchGuard Advanced EPDR None

* When you upgrade EDR Core to WatchGuard EDR, EPDR, or Advanced EPDR, the EDR Core license becomes inactive. If the upgraded license expires, the WatchGuard EDR Core license becomes active.

Caution: If you have a Total Security Suite license with EDR Core and then activate Passport or another Endpoint Security product such as WatchGuard EPDR, the EDR Core license becomes inactive in WatchGuard Cloud. Make sure that the new license has the same number or more endpoints available to avoid overallocation in the account.

License Expiration

If you remove a license or a license expires, there is a seven-day grace period during which time devices remain protected. (The license expires the day after the expiration date at 00:00 UTC.) After the grace period, devices with an expired license:

  • Are unprotected, with no antivirus, advanced protection, firewall, device control, and URL filtering.
  • Cannot access the management UI.
  • Do not receive signature file updates.
  • Do not have scheduled tasks. All scheduled scans and patch tasks are disabled.

If the license expires for some devices but not others, computers and devices that have been offline for the longest time lose their license and are unprotected.

To select which computers would lose protection, before the license expires:

  • Remove computers that you do not need to protect from the management UI. These computers might not be currently in use. When you remove them from the management UI, make sure that you uninstall the client software. For more information, go to Uninstall the Endpoint Software.
  • Disable computers you do not want to protect but still want to manage from the management UI. On the Computers page, select the computer you want to disable. To remove assigned licenses, on the Details tab, click the × next to the Licenses you want to remove.

If the license is renewed within 90 days after you cancel it or it expires, device protection is automatically re-enabled and updated on devices connected to the Internet (usually within 4 hours). After 90 days, if you renew the license, you must reinstall the endpoint agent and then create and assign all settings.

Overallocation

As a Service Provider, you can allocate endpoints to your own account or any account you manage. Subscriber accounts can only have one Endpoint Security product allocated to them. You can allocate more than one product to a Service Provider account. For more information on allocation, go to Allocate Endpoints.

Service Provider accounts could become overallocated when an account they manage allocates more endpoints than there are available in the license. Access to all accounts in the management UI is then disabled. If your account becomes overallocated, you cannot manage configurations in the multi-tenant endpoint security management UI and no new installations are permitted.

To identify accounts that are over their limit, review Subscriber dashboards and audit logs. When an account is overallocated, we recommend that you reduce the number of allocated endpoints (deallocate), or increase the number of endpoints in the license.

When an account is overallocated, the product protection layers are maintained to prevent infection. Signature files are still updated.

If an endpoint security module is overallocated, the module is deactivated in affected endpoints and you will not be able to see the module in the management UI.

  • WatchGuard Patch Management — Tasks stop and patches are no longer applied. There is no visibility into available patches or end-of-life software as the module is not available in the management UI.
  • WatchGuard Data Control — Discovery, classification, and monitoring of sensitive information stops.
  • WatchGuard Full Encryption — Endpoints that are already encrypted remain encrypted. You cannot encrypt new endpoints or change the configuration. The module is not available in the management UI.
  • WatchGuard Advanced Reporting Tool — Continues to send telemetry to the cloud. The module is not available in the management UI.

Related Topics

Activate an Endpoint Security License

Manage Trials – Service Providers

Manage Trials – Subscribers

Allocate Endpoints

About Subscription Licenses

WatchGuard EDR Core Features

WatchGuard Endpoint Security Modules