Integration Guide ManageEngine Network Configuration Manager Revised: 16 August 2017
About This Guide Guide Type Documented Integration WatchGuard or a Technology Partner has provided documentation demonstrating integration. Guide Details WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.
Network Configuration Manager Integration Overview Network Configuration Manager is a web-based, network configuration, change and compliance management (NCCCM) solution for switches, routers, firewalls and other devices from Cisco and other hardware vendors to take total control of the entire life cycle of device configuration management. Platform and Software The hardware and software used to complete the steps outlined in this document include: Firebox with Fireware v11.12.4 installed ManageEngine Network Configuration Manager Version 12.2 Test environment: Windows Server 2012 Standard Edition Test Topology Set Up Firebox 1. Log in to Fireware Web UI at https://<ip address of Firebox>:8080. 2. Select Firewall > Firewall Policies. 3. Click Add Policy. 4. In the Policy Name text box, type the policy name. 5. Select the Custom check box. 6. Select a policy type.
7. Click Add. 8. Type a name and a description. 9. Click Add. 10. From the Type drop-down list, select Single Port. 11. From the Protocol drop-down list, select TCP. 12. In the Server Port text box, type 4118. 13. Click OK. 14. Set policy from Any Trusted to Firebox.
You can also select Any-Optional To Firebox depending on which port is connected. 15. Click Save and review the new policy. Set Up Network Configuration Manager 1. Run the Network Configuration Manager Setup Wizard. 2. The WebServer port can be configured in the wizard. The default port setting is 80.
Test the Integration Add the WatchGuard Firebox to the Network Configuration Manager Add the WatchGuard Firebox to the Network Configuration Manager using one of the following methods: Directly add the Firebox by its IP address, without SNMP credentials Manually add the Firebox by its IP address or IP address range scan, with SNMP credentials Automatically import the Firebox information from a.csv or.txt file, with SNMP credentials In this document, we show you how to directly add the Firebox by its IP address, but wiithout SNMP Credentials (Method 1 in the list above). To learn more about how to add devices, see the ManageEngine Network Configuration Manager documentation. 1. On a computer with Network Configuration Manager installed, open a browser and enter http://localhost:80. 2. Log in with your username and password. 3. Select Inventory.
4. Click the + in the top right of the page. 5. Select the Add Device check box. 6. In the Hostname/IP Address text box, type the Firebox connection IP address. 7. From the Vendor drop-down list, select WatchGuard. 8. Type the series number and model number. 9. Click Add. 10. From the Protocol drop-down list, select SSH-TFTP. 11. Select Primary. 12. In the Login Name and Password text boxes, type the Firebox username and password. 13. In the Prompt text box, type #.
14. Keep all other text boxes empty. 15. Select Additional. 16. Keep the TFTP/SCP Server Public IP text box empty. 17. In the SSH Port text box, type 4118.
18. For the other text boxes accept the default : entry. 19. Click Save &Test.
20. After the credentials have been applied, the Network Configuration Manager will provide a report. 21. Select Dashboard > NCM Devices Summary. 22. Click 10.0.1.83.
23. Go to the 10.0.1.83 Firebox page. 24. Click in the top right of the page. 25. Click Backup. 26. After backup success, device information is displayed on the Firebox page.
27. Click to open the Terminal. Any CLI command can be input. Firebox Sync & Restore Configuration Sync Configuration can get device configurations, and display the difference between different configuration versions. 1. Make any necessary configuration changes in your Firebox configuration. 2. In the Network Configuration Manager, click in the top right of the page. 3. Click Sync Configuration. 4. Wait until the synch configuration action is complete.
5. On the Firebox page, the Compliance Status can display different items between two configurations. Click Added, Modified, and Deleted to view details. 6. To restore the firewall configuration, click Upload Config. 7. Select the version to restore and click Upload.
Firebox Command Configlets Network Configuration Manager can perform a variety of actions using command Configlets (for example, information display, configuration modify, etc.). 1. Select Admin. 2. Select NCM > Configlets. 3. Click Add. 4. In the Name text box, type a name. 5. From the Execution Mode drop-down list, select Advanced Script Execution Mode. 6. In the Description text box, type a description.
7. in the Configlet Content text box, type a command or command group to run for your Firebox. 8. Click Save. 9. The new Configlet is added to the list. 10. Click.
11. Select the running devices. 12. Click Execute. 13. Select Execution History.
14. When the Execution Status displays Completed, click the Configlet name. 15. On the Configlets Execution Details page, click the script running the device Host Name to display the details.
16. Find the interface number and verify the IP address.