Coservit ServiceNav Integration Guide

Deployment Overview

ServiceNav from Coservit is an IT service monitoring and reporting solution that delivers fast and accurate insight to support proactive management and preventative maintenance of the IT environment.

This document describes how to use ServiceNav to discover and monitor a WatchGuard Firebox through SNMP.

For information about SNMP OIDs and MIBs, see the Appendix.

Platform and Software

The hardware and software used to complete the steps outlined in this document include:

  • Firebox with Fireware version 12.5.2B608341
  • ServiceNav version 4.7.0
    Before you integrate the ServiceNav device with the Firebox, configure the ServiceNav device to connect to Coservit ServiceNav cloud. For more information, see the ServiceNav documentation.

Test Topology

This diagram shows the test topology for this integration.

The integration topology diagram

Set Up the Firebox

Before you can configure the ServiceNav device to discover the Firebox, you must configure SNMP settings on the Firebox and add an SNMP packet filter policy to allow SNMP polls.

  1. Log in to Fireware Web UI.
  2. Select System > SNMP.
  3. If necessary, click the lock the Lock icon to make changes.
  4. From the Version drop-down list, select v3.
  5. In the User Name text box, type WatchGuard.
  6. From the Authentication Protocol drop-down list, select SHA1.
  7. In the Password and Confirm text boxes, type the authentication password.
  8. From the Privacy Protocol drop-down list, select DES.
  9. In the Password and Confirm text boxes, type the encryption password.

Screen shot of the SNMP settings on the Firebox

  1. Click Save.
  2. Select Firewall > Firewall Policies.
  3. Click Add Policy.
  4. From the Packet Filter drop-down list, select SNMP.

Screen shot of the Add Firewall Policy page on the Firebox

  1. Click Add Policy.
  2. Configure the SNMP packet filter policy to allow traffic from Any-Optional to Firebox.
    If the ServiceNav box is connected to a trusted interface, specify Any-Trusted instead of Any-Optional.

Screen shot of the SNMP policy on the Firebox

  1. Use the default settings for all other options.
  2. Click Save.
    The SNMP policy is added to the Policies list.

Screen shot of the policies list on the Firebox

  1. If necessary, click the lock to prevent further changes.

Set Up Coservit ServiceNav

Create a Monitoring Account

  1. Log in to Coservit ServiceNav cloud with your user credentials.
  2. Select Configuration > General > Monitoring accounts.
  3. Click +Add.
  4. From the Type drop-down list, select SNMP v3.
  5. In the User name text box, type WatchGuard.
  6. In the Password text box, type the password.
  7. In the Port (1 to 65535) text box, type 161.
  8. In the Authentication protocol (MD5, SHA) text box, type SHA.
  9. In the Encryption password text box, type the encryption password.
  10. In the Encryption protocole (DES, AES) text box, type DES.

The screenshot of the Coservit Add a monitoring account page

  1. Click Apply.

Test the Integration

Get Device Information With Default Settings

  1. Select Configuration > Hosts > Discovery.
  2. Click Discover.
  3. In the Network discovery parameters section, in the IP addresses section, select List.
  4. In the text box, type the IP address of the optional or trusted Firebox interface to connect to. In this example, we specify the optional interface IP address.

Screen shot of the Starting a network discovery process page

  1. Click Apply.
    The discovered Firebox appears in the list of devices.

Screen shot of the Discovery page

  1. After the ping and snmp symbols are green, select the Firebox and click Add to monitoring..
  2. From the Category drop-down list, select Router.

Screen shot of the Add to monitoring page

  1. Click Apply.
  2. Select Configuration > General > Loading.
  3. Click Apply.

Screen shot of the Loading page

  1. Wait a few minutes, and then select Monitoring > Monitoring.
    The IT Monitoring page shows the default services automatically created at discovery. The number of services for any host varies based on things such as the number of active network interfaces and the number of separate file systems.

Screen shot of IT Monitoring page

  1. Click the services and scroll down
    The default device information appears.

Screen shot of the IT Monitoring page with services listed

Get the Custom OID Values

Create a service template:

  1. Select Configuration > Services > Templates.
    You can get the service template for SNMP v3 from Coservit support.
  2. Select the template given to you by support and click Duplicate.
  3. Click the template you just duplicated.
  4. In the General information section, in the Name text box, type XTM Device Version.
  5. From the Business Impact drop-down list, select Medium.
  6. From the Category drop-down list, select Other.
  7. From the BI category drop-down list, select Other.
  8. In the Information on availability rate section, in the Availability rate text box, type 100.
  9. In the Check Properties section, from the Verification command drop-down list, select check_snmpv3_oid_wg.
    You can get the command from support, in our example, the verification command is check_snmpv3_oid_wg.
  10. In the OID text box, type 1.3.6.1.4.1.3097.6.3.1.0.
  11. In the Prefix text box, type version:.
  12. In the Warning threshold text box, type 3000.
  13. In the Temperature in Celsius degree text box, type 5000.
  14. In the Username for Datacore text box, type authPriv.
  15. In the User text box, type WatchGuard.
  16. In the Normal check interval text box, type 5.
  17. Use the default settings for all other options.

Screen shot of the Template configuration

Screen shot of the Template configuration

  1. Click Apply.
  2. Repeat steps 1-17 to create other templates with the OID you want to add.

Create a host template:

  1. Select Configuration > Hosts > Templates.
  2. Click +Add.
  3. In the General information section, in the Name text box, type WatchGuard_BOX.
  4. From the Categories drop-down list, select Other and Router.
  5. In the Relations section, from the Service templates drop-down list, select the service templates you just created.

Screen shot of the host template settings

  1. Click Apply.

Get the OID value:

  1. Select Configuration > Hosts > List.

Screen shot of the Host list

  1. Click the host name.
  2. In the General information section, from the Template drop-down list, select WatchGuard_BOX.
  3. Use the default settings for all other options.

Screen shot of the General Information for WatchGuard-XTM

  1. Click Apply.
  2. Select Configuration > General > Loading.

Screen shot of the Loading page

  1. Click Apply.
  2. Wait for a few minutes, and then select Monitoring > Monitoring.

Screen shot of the IT Monitoring page

  1. Click the service and scroll down
    The services you customized appear.

Screen shot of the monitored service in the Monitoring page

The Firebox might identify traffic from ServiceNav as a port scan attack. To avoid this, add the IP address of ServiceNav to the Blocked Sites Exceptions list on the Firebox.

To add a Blocked Site Exception to the Firebox:

  1. Log in to Fireware Web UI.
  2. Select Firewall > Blocked Sites > Blocked Sites Exceptions.
  3. Click Add.
  4. From the Choose Type drop-down list, select Host IPv4.
  5. In the text box, type the IP address of the ServiceNav device.
  6. Click OK.
  7. Click Save.

Appendix

About SNMP OIDs and MIBs

SNMP queries are typically formatted as a numeric expression. This is referred to as an Object Identifier (OID). An OID is a numeric reference to a unique object or piece of data.

A Management Information Base (MIB) is a database of OIDs that maps object names to a specific OID.

There are two types of MIBs: standard and enterprise. Standard MIBs are definitions of network and hardware events used by many different devices. Enterprise MIBs provide information about events that are specific to a single manufacturer.

The Firebox supports eight standard MIBs: IP-MIB, IF-MIB, TCP-MIB, UDP-MIB, SNMPv2-MIB, SNMPv2-SMI, RFC1213-MIB, and RFC1155 SMI-MIB.

For more information about Firebox Enterprise MIBs, see Enterprise MIB File Details.

Find OIDs

To get information through SNMP, you must know the OID of the object. An MIB browser is a good way to see the available MIB and OIDs. There are several free MIB browsers.

As an example, these steps describe how to use the iReasoning MIB browser:

  1. Install and open iReasoning.
  2. In the Address text box, type the IP address of your Firebox.
  3. Click Advanced.

Screen shot of the Advanced settings in the iReasoning MIB browser

  1. To read the MIB information for monitoring, in the Read Community text box, type public.
  2. From the SNMP Version drop-down list, select the SNMP version.
  3. From the Operations drop-down list, select Walk.
    All Firebox MIBs appear in a list.