Integration Guide Auvik Revised: 27 February 2017
About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating integration. Guide Details WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product. 2 Auvik Integration Guide
Auvik Integration Overview Auvik is an RMM (Remote Monitoring and Management) tool used by MSPs (Management Service Providers) for asset management. RMM agents are installed on MSP customer endpoints to discover, monitor, and manage IT assets. Auvik can discover WatchGuard devices and use authentication credentials to access specific device information such as subscription status, renewal date, hardware model, and other device properties. This document describes how to use Auvik to discover and monitor a WatchGuard Firebox. Platform and Software The hardware and software used to complete the steps in this document include: Firebox or WatchGuard XTM device with Fireware v11.12 or higher Auvik Cloud Auvik Collector installed on a Windows Server 2012 Standard Edition This diagram outlines the topology used for this integration: Auvik Integration Guide 3
Set Up the Firebox SNMP Settings You must configure SNMP settings on the WatchGuard Firebox before you can use Auvik to discover the Firebox. 1. Log in to Fireware Web UI at https://<ip address of Firebox>:8080. 2. Select System > SNMP. 3. From the Version drop-down list, select v3. 4. In the User Name text box, type WatchGuard. 5. From the Authentication Protocol drop-down list, select SHA1. In the Password and Confirm text boxes, type the authentication password. 6. From the Privacy Protocol drop-down list, select DES. In the Password and Confirm text boxes, type the encryption password. 7. Click Save. 8. From Fireware Web UI, select Firewall > Firewall Policies. 9. Click Add Policy. 4 Auvik Integration Guide
10. Select the Packet Filter check box. 11. From the Packet Filter drop-down list, select SNMP. 12. Click Add Policy. 13. Edit the policy traffic from Any-Trusted to Firebox, then click Save. If you connect to an optional interface, specify Any-Optional instead of Any-Trusted. Auvik Integration Guide 5
14. Click Save. The SNMP policy should appear with these properties: SSH Settings You must configure SSH settings on the WatchGuard Firebox before you can manage the Firebox with Auvik. 1. Select Firewall > Firewall Policies. 2. Click Add Policy. 3. In the Policy Name text box, type the policy name. 6 Auvik Integration Guide
4. Select the Custom check box. 5. From the Custom drop-down list, select a policy type, then click Add. 6. In the Name and Description text box, type name and description, then click Add. 7. From the Type drop-down list, select single port. 8. From the Protocol drop-down list, select TCP. 9. In the Server Port text box, type 4118. 10. Click OK. Auvik Integration Guide 7
11. Edit the policy traffic from Any Trusted to Firebox. If you connect to an optional interface, specify Any-Optional instead of Any-Trusted. 12. Click Save. The SSH policy should appear with these properties: 8 Auvik Integration Guide
Set Up Auvik SNMP Credential Settings 1. Log in to Auvik Cloud. 2. Download and install the Auvik Collector on the probe computer. This computer must be on a LAN that is connected to the WatchGuard Firebox. 3. Select Discovery > Manage Devices. You will see all discovered devices. 4. Select Discovery > Manage Credentials > SNMP Credentials. 5. Click Add SNMP Credentials. Auvik Integration Guide 9
6. In the Description text box, type the description for the SNMP credentials. 7. In the Devices text box, use the default settings. 8. From the Version drop-down list, select Version 3. 9. In the Username text box, type the username WatchGuard. 10. From Auth Protocol drop-down list, select SHA. 11. In the Auth Passphrase text boxes, type the Auth passphrase. 12. From the Privacy Protocol drop-down list, select DES. 13. In the Privacy Passphrase text boxes, type the Privacy passphrase. 14. Click Save. 10 Auvik Integration Guide
15. Auvik will automatically use the new SNMP credentials for all discovered devices. If the credentials succeed, the following status is displayed. Click Retry All SNMP Credentials if you want to test the login credentials again. SSH Global Settings 1. Select Discovery > Discovery Settings > Service Settings >SSH. 2. From the Use Default Ports drop-down list, select No Custom Ports. 3. In the Port text box, type 4118. Auvik Integration Guide 11
SSH Credential Settings 1. Select Discovery > Manage Credentials > Login Credentials. 2. Click Add Login Credentials. 3. In the Description text box, type the description for the SSH credentials. 4. In the Devices text box, use the default settings. 5. From the Connect Using drop-down list, select Telnet or SSH. 6. In the Username text box, type the username admin (This is WatchGuard Firebox default admin username). 7. In the Password text box, type the password. 8. In the CLI Enable Password text box, type the password. 9. Click Save. 12 Auvik Integration Guide
Auvik Integration Guide 13
10. Auvik will automatically attempt to use the new SSH credential for all discovered devices. If the login credentials succeed, the following status is displayed. Click Retry All Login Credentials if you want to test the login credentials again. Add SNMP Monitor 1. Select Discovery > Discovery Settings > Monitor Settings. 2. Click ADD MONITOR SETTING. 3. In the Name text box, type the monitor name. 4. In the Devices text box, use the default settings. 14 Auvik Integration Guide
5. In the OID text box, type 1.3.6.1.4.1.3097.6.3.1.0. This is the WatchGuard Fireware version OID. 6. From the Type drop-down list, select String. 7. From the Poll Period drop-down list, select 1 minute. 8. Click Save. You will see one monitor added. Auvik Integration Guide 15
Test the Firebox and Auvik Integration 1. In Auvik, select Home Dashboard. 2. The topology discovered by Auvik is displayed. 3. Click WatchGuard-XTM in the topology to see detailed information about this device. 16 Auvik Integration Guide
4. In the Debug section, select OID Monitors. Auvik Integration Guide 17
The Firebox Fireware version is displayed. 5. In the Documentation section, select Configurations. 6. You will see all configurations that have been previously backed up. 18 Auvik Integration Guide
7. Choose any configuration, then in the Manage Configuration section, select Export. Click Save File to save the configuration to your local computer. Note: The ability to restore a WatchGuard Firebox configuration is not fully supported by Auvik at this time. Auvik Integration Guide 19
20 Auvik Integration Guide