MAXfocus, formerly GFI MAX, is a Remote Monitoring and Management (RMM) tool from LOGICnow that is commonly used by Managed Service Providers (MSPs). An MSP typically installs RMM agents on customer endpoints to discover IT assets so that the MSP can remotely monitor and manage them.
This document describes how to use MAXfocus to remotely monitor a WatchGuard Firebox.
The hardware and software used to complete the steps outlined in this document include:
- Firebox or WatchGuard XTM device installed with Fireware v11.10.x.
- MAXfocus v6.15.
- Windows Agent v10.0.1 on a Windows Server 2012 R2.
MAXfocus is a cloud-based solution. It is not available as an on-premises product.
The diagram below shows the MAXfocus solution integration. The Windows Server sends SNMP probes to the Firebox.
Configure Your Firebox
You must use Fireware Web UI to configure the SNMP settings on the WatchGuard Firebox before you use MAXfocus to discover it. The URL to connect to the Web UI in your browser is https://<Firebox IP address>:8080.
You must configure the Firebox to accept SNMP polls from an SNMP server. The IP address of the SNMP server is the IP address of the Windows server that will send SNMP probes to the Firebox and report information to the SNMP server.
- Select System > SNMP.
The SNMP Settings page appears.
- From the Version drop-down list, select v1/v2c.
MAXfocus supports only v1 and v2c.
- In the Community String text box, type the Community String on the SNMP server. Usually, public is used.
The Community String is used as a user ID or password that allows access to the statistics of a device
Add an SNMP Policy
To enable the Firebox to receive SNMP polls from the Windows server, you must add an SNMP packet filter policy.
- Select Firewall > Firewall Policies.
- Click Add Policy.
- From the Packet Filter drop-down list, select SNMP.
- In the Policy Name text box, type a meaningful name.
- Click Add Policy.
Now you can edit the policy.
- In the From section, select Any-Trusted and click Remove.
- Click Add.
- From the Member type drop-down list, select Host IPv4.
- Type the IP address of the SNMP server. Click OK.
- In the To section, select Any-External and click Remove.
- Click Add.
- Select the alias Firebox. Click OK.
- Click Save.
Log in to the MAXfocus Web UI with the account credentials provided by LOGICnow.
MAXfocus cannot monitor a Firebox directly as a single device. It must be monitored through an SNMP check sent by a Windows or Linux device that has an RMM agent installed.
Add a Client/Website
In MAXfocus you can add several Clients. For each Client you can add Sites to help you classify your devices easily.
- Select File > Add Client.
- In the Client Name text box, type a meaningful name to identify the client.
- Select File > Add Site.
- From the Client drop-down list, select the Client Name you added earlier.
- In the Name text box, type a meaningful name for this site.
The site appears under the client.
You must install an agent on the device to be managed.
- Select Agent > Download Agent.
- Select the agent required for the OS of the device. In this example we want to install the agent on a Windows Server 2012 device, so we choose the latest released version of the agent for Windows, v9.13.8.
We recommend that you do not install RC (release candidate) versions. For example, some problems related to SNMP checks may exist in v10.0.2 RC.
- Install the downloaded agent on the Windows server.
- Log in to the agent with the same credentials you used to log in to the MAXfocus Web UI.
The agent automatically synchronizes information to the MAXfocus server. Information about the Firebox appears in the Checks tab at the bottom of the MAXfocus server dashboard page after everything is configured.
Enable the SNMP Service
For the Windows server to monitor the Firebox, you must enable the SNMP service.
- On the Windows server, select Start > Run.
- Type services.msc, and start the SNMP service.
- Right-click the SNMP service and select Properties.
- Select the Security tab.
- In the Accepted community names list, add public.
- In the Accept SNMP packets from these hosts list, add the IP address of the Firebox.
Now the agent can use the Windows probe server to detect and monitor devices in the same network.
Add SNMP Checks
In MAXfocus, the information to be monitored on the Firebox is defined by SNMP checks that go through a Windows or Linux server. There are several ways to add checks:
- Predefined SNMP checks
- Checks for a specified server
- Global predefined Monitoring Templates that include checks
- Dedicated Monitoring Templates for a server
This document describes how to add Predefined SNMP Checks.
- In the MAXfocus Web UI, select Settings > Predefined SNMP Checks.
- Click New.
The Predefined SNMP Check dialog box appears.
- In the Vendor text box, type the vendor name.
- In the Monitored Product text box, type the product name.
- In the OID description text box, type a meaningful description of this SNMP check.
- In the OID text box, type the accurate OID for this check. You must exclude the leading period when you type the OID. For example, type 18.104.22.168.22.214.171.124.0 and not .126.96.36.199.188.8.131.52.0.
For more information about Firebox OIDs, see Enterprise MIB File Details.
- Configure the Default operator and Default test value to define the pass condition for this SNMP check.
- Click Save to save this check.
- To add another check, click New and repeat the steps above.
- In the Checks tab on server list page, select Add Check > Add 24x7 Check > SNMP Check.
- In the Predefined Check section, from the Vendor and Check drop-down lists, select the vendor and check from your predefined SNMP check.
The relevant settings automatically appear in the Check Settings section.
- In the Hostname / IP Address text box, type the IP address of the Firebox.
- In the Port text box, type the port used for SNMP on the Firebox. Usually this is the default port, 161.
- In the Community text box, type public. This must match the Community String configured on the Firebox.
Test the Integration
After you add the SNMP checks to the server, the checks are shown in the Checks tab of the MAXfocus dashboard. After an SNMP check is executed, information about that check appears in the More Information column.