Contents ConnectWise Firebox Integration... 2 Get ConnectWise API Keys... 3 Creating a New API Member... 3 Creating API Keys for Your Member... 4 Set Up the Firebox... 6 Set Up the Firebox to Integrate from Fireware Web UI... 6 Set Up the Firebox to Integrate from WatchGuard System Manager... 7 ConnectWise Device Configurations... 8 Configuration Questions... 9 ConnectWise Ticket Management... 11 1
ConnectWise Firebox Integration You can integrate the Firebox with ConnectWise, the leading professional service automation tool. This integration enables service providers to automatically synchronize customer asset information for more efficient device management and monitoring. Auto Synchronization of Asset Information Automatically synchronizes your WatchGuard security appliance asset information and security service subscription statuses, including subscription start and end dates, device serial numbers, and OS versions. Closed-Loop Ticketing of System, Security, and Subscription Events Configure event thresholds on a wide range of parameters, including security services, device statistics, and subscription statuses that automatically trigger the creation and closure of tickets. This feature eliminates ticket flooding and false alarms while automatically closing tickets when issues are resolved. If the event reoccurs, the same ticket is opened up so that you can track repeated occurrences of the same event. For more information, see Configuration Questions. Automated reporting WatchGuard management and reporting solutions integrate data into the ConnectWise Executive Summary Reports, including device statistics, web usage statistics, and intrusion prevention service summaries. For more information on how to integrate reports generated by your Report Server or Dimension server with ConnectWise, see Configure ConnectWise Integration for Reports. Notes: The Firebox communicates one-way to ConnectWise over HTTPS TCP port 443 2
Get ConnectWise API Keys Before you integrate your Firebox with ConnectWise, you need to create a pair of API keys to enable the Firebox to communicate with the ConnectWise server. You can create API keys from your current user account, or you can create a new account specifically for API access (called an API Member account). Creating a New API Member 1. Navigate to System > Members > API Members. 2. Select the New Icon. 3. Fill out required information and set the Member to Admin. 4. Save the API Member. 5. Navigate to the API Keys tab. 6. Create a New API Key. 3
Creating API Keys for Your Member 1. Log in to ConnectWise. 2. Select My Account settings for your user account. 3. Select the API Keys tab. Note: If you do not have an API Keys tab, click the tab settings icon and add the API Keys tab. 4. Click the New icon to add a new pair of API Keys. 5. In the Description text box, type a descriptive name for the key. 6. Click the Save icon. 4
7. Copy down the public and private keys. Note: When the key pair is saved, you will not have another opportunity to view the private key. 5
Set Up the Firebox You can set up ConnectWise integration from the Fireware Web UI or Policy Manager. Note: You can add the ConnectWise integration details to a Device Configuration Template and apply this configuration to multiple Firebox devices with Management Server. For more information, see Create Device Configuration Templates. Set Up the Firebox to Integrate from Fireware Web UI 1. Select System > Technology Integrations. 2. Select Enable ConnectWise. 3. In the Site text box, type the server address for ConnectWise. This can be a host name, an IP address, a hostname:port or IP:port address depending on your ConnectWise deployment (cloud-based or on-premise server). For example: test.connectwise.com or 192.168.0.1:443. 4. In the Login Company text box, type the company name you use to log in to ConnectWise. 5. In the Public API Key text box, type the public API key as generated by ConnectWise. 6. In the Private API Key text box, type the private API key as generated by ConnectWise. For more information on how to obtain API keys, see ConnectWise Firebox Integration. 7. In the Company ID text box, type the company ID of an active company already defined in ConnectWise. You must associate the Firebox with an active company. 8. Click Save. 6
Set Up the Firebox to integrate from WatchGuard System Manager 1. Select Setup > Technology Integrations. Select Enable ConnectWise. In the Site text box, type the server address for ConnectWise. This can be a host name, an IP address, a hostname:port or IP:port address depending on your ConnectWise deployment (cloud-based or on-premise server). For example: test.connectwise.com or 192.168.0.1:443. In the Login Company text box, type the company name you use to log in to ConnectWise. In the Public API Key text box, type the public API key as generated by ConnectWise. In the Private API Key text box, type the private API key as generated by ConnectWise. For more information on how to obtain API keys, see ConnectWise Firebox Integration. 2. In the Company ID text box, type the company ID of an active company already defined in ConnectWise. You must associate the Firebox with an active company. 3. Click OK. 4. Save the configuration to the Firebox. 7
ConnectWise Device Configurations To see your Firebox device in ConnectWise, select Companies > Configurations, then select a Firebox configuration from the list. Firebox device details such as serial number and model number are automatically synchronized when you activate ConnectWise integration on your Firebox. 8
Configuration Questions A new Configuration type is created for WatchGuard devices which includes a unique set of Configuration Questions that relate to appliance monitoring and ticketing. These are thresholds for system events that enable you to customize the events that generate tickets. If a system condition passes a configured threshold, a ticket is created to alert you of the system event. If the event does not persist and passes below the threshold, the ticket is automatically closed. If the event occurs again the same ticket is opened up again so that you can track repeated event occurrences. Certificate Expiration Checks all of your system certificates and alerts you if any certificates will expire based on the number of days you specify. You can select 10, 30, or 60 days prior to expiration. Feature-Key Expiration Checks your feature keys and alerts you if any feature keys will expire based on the number of days you specify. You can select 10, 30, or 60 days prior to expiration. CPU Usage Checks CPU usage over a sustained time period. For example, CPU usage greater than 90% over 10 minutes. 9
Memory Usage Checks memory usage over a sustained time period. For example, memory usage greater than 90% over 10 minutes. Total Connections Checks the total concurrent connections over a sustained time period compared to your system connection limits. For example, total concurrent connections greater than 90% of your system limit for over 10 minutes. Interface Status Checks if any network interfaces have a link down status over a sustained period of time. For example, if an interface is down for over 5, 10, or 30 seconds. Botnet Detection Checks if botnet activity has been detected by Botnet Detection over a sustained period of time. For example, botnet activity detected over 10, 30, or 60 minutes. Flood Detection Checks for DoS flood attacks (such as SYN, ICMP, UDP, IPsec, IKE floods) over a sustained period of time. For example, any flood attacks detected over 10, 30, or 60 minutes. Virus Detection Checks if viruses have been detected by Gateway AntiVirus over a sustained period of time. For example, 50 viruses detected over 10 minutes. Intrusion Prevention Checks if intrusion attempts have been detected by IPS over a sustained period of time. For example, 50 intrusions detected over 10 minutes. Spam Detection Checks if spam email messages have been detected by spamblockers over a sustained period of time. For example, 50 spam messages detected over 10 minutes. APT Detection Checks if APTs have been detected by APT Blocker over a sustained period of time. For example, 50 APTs detected over 10 minutes. 10
DLP Detection Checks for any violations detected by Data Loss Prevention over a sustained period of time. For example, 50 DLP violations detected over 10 minutes. Feature Keys Displays the current feature keys. ConnectWise Ticket Management The Configuration Question thresholds you set automatically trigger the creation and closure of tickets. This prevents ticket flooding and false alarms while automatically closing tickets when issues are resolved. If the event reoccurs, the same ticket is opened up so that you can track repeated occurrences of the same event. To see a summary of tickets associated with this configuration in your ConnectWise account, select the Service tab. In this example, a ticket is generated because of an expired certificate on the Firebox. Click the ticket number or description to see the ticket notes. 11
When the certificate is updated with a new expiry date, the ticket is automatically closed. 12