This article guides you through the integration process of WatchGuard Cloud with Lumu for automated response procedures. This is one of our featured Out-of-the-Box Response Integrations.

Requirements

• A WatchGuard Cloud license. It can be any of the following:
  • Total Security Suite
  • Basic Security Suite
  • Standard Support license that includes access to WatchGuard Cloud
• A WatchGuard Firebox Firewall with Fireware v12.9 or higher and a feature key with a valid CLOUD_CONNECT entry.
• An active Lumu Defender subscription.

Preliminary setup - WatchGuard Cloud

You must set up your WatchGuard Cloud console before proceeding to activate the integration. You must complete the following steps:

• Collect the Account ID for the Integration
• Enable RESTful API Access and collect the Access ID.
• Collect the Firebox Firewall ID

Log in to your WatchGuard Cloud Web UI with an admin user and follow the steps described in the following sections to fulfill these requirements.

Collect the Account ID

Go to Administration (1), then select My Account (2). Copy and save the Account ID string for the integration configuration process.

Enable RESTful API Access and collect the Access ID

1. Go to Administration>Managed Access and click on Enable API Access.

2. Set the readwrite and readonly passwords to use as your API access credentials and agree to the terms and conditions. When finished, click Save.

Ensure you store the passwords in a safe place. You must reset them if you forget or lose them.

3. Once you enable API access, you will see the following information

Copy and save the Access ID and the Authentication API URL for later use. Ensure you keep them at hand, as they will not be shown again unless regenerated.

Collect the Firebox Firewall ID

Each Firebox Firewall integration requires a Firewall ID, not the Serial Number. To obtain it, go to the Configure>Devices and select the device. Then, go to Device Settings and extract the string representing the Firewall ID from the browser's URL input section.

Each device has a unique ID in WatchGuard Cloud, which appears in the URL of the Device Summary page. For example, if the Device Summary page URL is https://usa.cloud.watchguard.com/services/fb/device/FB-12345/summary, the device ID is FB-12345.
For standalone Fireboxes, copy only the numbers from the device ID. For example, 12345.
For FireClusters, copy the full device ID. For example, FBCL-12345.

Integration Setup - Lumu portal

This section of the article describes the steps that must be completed on the Lumu portal to properly set up the WatchGuard Cloud integration. To start, log into your Lumu account through the Lumu Portal.

Integrations are also available for Lumu MSP accounts. To access them, log into the Lumu MSP Portal.

1. In the Lumu Portal, head to the panel on the left and open the Integrations drop-down menu. Then, click on Apps. Click on the Response tab on the right to filter the available integrations accordingly.

2. Locate the WatchGuard integration. The list is organized in alphabetical order from A to Z. Click Add.

3. Familiarize yourself with the integration details in the app description and click Activate to start the integration setup process.

4. Select the Cloud in the Activate Integration window. Then, give the integration a distinctive Name, select the Threat Types you want to include, and if it applies, select the Include IP indicators toggle. When done, click Next.

If you leave the Include IP Indicators option unselected, you won’t be able to change it later. You will need to remove the integration and repeat all the steps.

Please note that you cannot modify the information on this screen. Exercise caution when selecting Threat Types, as changes cannot be made later.

5. Fill in the required information, as follows:

a. Under Access ID enter the Access ID collected in the Enable RESTful API Access and collect the Access ID step.

b. Under Password enter the Password you set up in the Enable RESTful API Access and collect the Access ID step.

c. Under Hostname select the API URL collected in the Enable RESTful API Access and collect the Access ID step.

d. Under Account ID enter the Account ID collected in the Collect the Account ID step.

e. Under API Key enter the API Key collected in the Enable RESTful API Access and collect Access ID step.

Once done, click on Next to continue.

6. Add the Integration Firewall Identifier. Enter the Firewall identifier retrieved from the Collect the Firebox Firewall ID step.

If the integration does not update the firewall, verify the Firewall Identifiers' format and availability within the Account ID scope, and use the read-write credentials.

7. The integration is now created and active. The Lumu Portal will display the details of the created integration.