N-able N-central Integration Guide

N‑able™ N-central® is a Remote Monitoring and Management (RMM) tool commonly used by Management Service Providers (MSPs). RMM agents are installed on MSP customer endpoints to discover IT assets and remotely monitor and manage them.

This document describes how to use N-central to discover and monitor a WatchGuard Firebox.

Platform and Software

The hardware and software used to complete the procedures in this document include:

  • Firebox with Fireware v12.10 or higher
  • N-central 2023.8.0.11
  • Windows Software Probe 2023.8.0.11 installed on a Windows Server 2019

N-central supports two deployment types: on-premises and hosted. In this document, we use a hosted N-central deployment hosted in the cloud.

This diagram outlines the N-central solution integration:

Screenshot of the N-central topology

Configure the Firebox

SNMP Settings

You must configure the Firebox to accept SNMP polls from an SNMP server. The IP address of the SNMP server is the IP address of the Windows server that sends SNMP probes to the Firebox and reports information to the SNMP server.

  1. Log in to Fireware Web UI (https://<Firebox-IP-address>:8080).
  2. Select System > SNMP.
  3. From the Version drop-down list, select v3.
  4. In the User Name text box, type the username. In our example, we type WatchGuard.
  5. From the Authentication Protocol drop-down list, select SHA1.
  6. In the Password and Confirm text boxes, type the authentication password.
  7. From the Privacy Protocol drop-down list, select DES.
  8. In the Password and Confirm text boxes, type the encryption password.

Screenshot of the SNMP settings on a Firebox

  1. Click Save.

Add an SNMP Policy

To enable the Firebox to receive SNMP polls from the Windows server, you must add an SNMP packet filter policy.

  1. Select Firewall > Firewall Policies.
  2. Click Add Policy.
  3. From the Packet Filter drop-down list, select SNMP.

Screenshot of the packet filter policy settings on a Firebox

  1. Click Add Policy.

Screenshot of the default policy settings on a Firebox

  1. In the From section, select Any-Trusted. Click Remove.
  2. Click Add.
    The Add Member window opens.
  3. From the Member type drop-down list, select Host IPv4.
  4. Type the IP address of the SNMP server.

Screenshot of the Policy settings on a Firebox

  1. Click OK.
  2. In the To section, select Any-External. Click Remove.
  3. Click Add.
  4. Select the alias Firebox. Click OK.

Screenshot of the policy settings on a Firebox

  1. Click Save.

N-central Configuration

Add a Customer

N-central classifies devices by customer to make the devices for a customer easy to manage. In N-central, you must first create a customer and then add devices to this customer.

  1. Log in to the N-able N-central as an administrator.
  2. Select Actions > Add Customer.
  3. In the Customer Name text box, type a name to identify the customer.
  4. Leave other settings as the default settings.

Screenshot of the customer settings in N-central

  1. Click Save and Continue.
    The Add Devices page opens.

Screenshot of the device settings in N-central

From the Add Devices page, you can download the probe installer.

Install a Windows Probe

This procedure starts on the Add Devices page at the end of the previous procedure.

  1. If necessary, go back to the Add Device page, then select Actions > Add/Import Devices.
  2. Select Click here to download the probe.
  3. Install the probe on a Windows server. For information about how to install the probe, go to the N-central documentation.
  4. After you install the probe, select Administration > Probes to view the probe status for that customer.

Screenshot of the agent status in N-central

Enable the SNMP Service

For the Windows server to monitor the Firebox, you must install and enable the SNMP service.

  1. On the Windows server, select Start > Run.
  2. Type services.msc and start the SNMP Service.
  3. Right-click the SNMP Service and select Properties.
  4. Select the Security tab.
  5. In the Accepted community names list, click Add and add public.
  6. In the Accept SNMP packets from these hosts list, click Add and add the IP address of the Firebox.

Screenshot of the SNMP Service settings on Windows Server

  1. Click Apply > OK.

Now the probe can detect and monitor devices in the same network.

Discover the Firebox to Monitor

  1. In N-central, select the customer you added.

Screenshot of the select customer page in N-central

  1. Select Actions > Add/Import Devices.
  2. Click Add a Discovery Job.
  3. From the Probe drop-down list, select the probe server you installed.
  4. In the Discovery Type section, type the IP Range you want the probe to detect. In this example, the probe server is set up to detect devices with IP addresses in the range 10.0.2.1 to 10.0.2.10.
    5. You can also specify the network as an IP address and netmask. To do this, select IP Address and Netmask.

Screenshot of the discovery job page in N-central

  1. Select the Auto Import tab. You can define which types of devices are imported automatically after discovery. In our example, we select Other and Switch/Router.

Screenshot of the Auto Import discovery job settings in N-central

  1. Select the Schedule tab. From the Type drop-down list, select when you want this discovery job to run. In our example, this is set to Now which means it runs immediately after this job is created.

Screenshot of the job schedule in N-central

  1. Click Finish.
    The probe server starts the discovery job.
  2. To view the job status, select Views > Job Status.
    Another way to start a discovery job is to select Actions > Run a Discovery.
  3. After the job is finished, select Views > All Devices.
    The discovered devices open in a list.

Screenshot of the discovered devices in N-central

  1. Find your Firebox in the list and click on its name.
  2. Select the Settings tab, then select Monitoring Options.
  3. Select the Use SNMP check box.
  4. From the SNMP Version drop-down list, select v3.
  5. In the Username text box, type the user name WatchGuard.
  6. From the Authentication Protocol Method drop-down list, select SHA1 and type the password you set on the Firebox.
  7. From the Privacy Protocol Method drop-down list, select DES 56 and type the password you set on the Firebox.

Screenshot of the device settings in N-central

  1. Leave all other settings at the default values.
  2. Click Save.

Self-Define Services

In N-central, you add a service that defines the information to monitor for a device. There are many pre-defined services you can use, but they might not be suitable for your needs.

To define a new or custom service:

  1. Select Administration > Service Management > Custom Services.
  2. Click Add.
  3. Select Service > SNMP.

Screenshot of the SNMP services selection in N-central

  1. In the Name text box, type a descriptive name for this service.
  2. Each service can include one or more queries. To add a query, in the Queries tab, click Add.
  3. In the Query Name text box, type a name for the query.
  4. Click Add OID, and add the OIDs of the items you want to query. Go to the Appendix for a list of OIDs.

Screenshot of the OID query page in N-central

  1. Click Save.
  2. Select the Data and Thresholds tab, then click Add Metric.

If you add several query items, you must add the same number of metrics with corresponding variables.

  1. In the Metric text box, type the metric.
  2. From the Variable to Use drop-down list, select the corresponding variable.
  3. From the Data Type drop-down list, select the data type. In our example, we select String.

Screenshot of the configure metric page in N-central

  1. Click Save.
  2. Repeat steps 9-13 to create another metric.

Screenshot of metric details page in N-central

  1. Click Save.
  2. On the All Devices page, select the device to monitor and click Add Services at the top of the page.
    You can also click the device name to go to the device information page.
  3. Select Monitoring > Status.
  4. Click Add.
  5. From the Monitoring Appliance drop-down list, select the Windows Probe server. All available services are shown, including the SNMP service that you defined earlier (Device Info).
  6. Add one instance to run the monitor. Click Apply to link the service to the Firebox.

Screenshot of monitor appliance page in N-central

Test the Integration

  1. Select the device name to go to the device information page.
  2. Select Monitoring > Status.
  3. Verify that the service you added appears and the SNMP check is ongoing.
  4. When the SNMP check has finished successfully, a green check mark appears in the Status column.

If a custom service returns a status with no data, restart all N-able related services on the computer installed with the probe service. When this is complete, the custom service will detect data.

Screenshot of monitor status page in N-central

  1. Click the service name to view the status details.

Screenshot of status details page oin N-central

Appendix

About SNMP OIDs and MIBs

SNMP queries are typically formatted as a numeric expression. This is referred to as an Object Identifier (OID). An OID is a numeric reference to a unique object or piece of data.

A Management Information Base (MIB) is a database of OIDs that maps object names to a specific OID.

There are two types of MIBs: standard and enterprise. Standard MIBs are definitions of network and hardware events used by many different devices. Enterprise MIBs provide information about events that are specific to a single manufacturer.

The Firebox supports eight standard MIBs: IP-MIB, IF-MIB, TCP-MIB, UDP-MIB, SNMPv2-MIB, SNMPv2-SMI, RFC1213-MIB, and RFC1155 SMI-MIB.

For more information about Firebox Enterprise MIBs, go to Enterprise MIB File Details.

Find OIDs

To get information through SNMP, you must know the OID of the object. An MIB browser is a good way to view the available MIB and OIDs. There are several free MIB browsers.

As an example, these steps describe how to use the iReasoning MIB browser:

  1. Install and open iReasoning.
  2. In the Address text box, type the IP address of your Firebox.
  3. Click Advanced.

    4. Screenshot of a MIB browser

  4. To read the MIB information for monitoring, in the Read Community text box, type public.
  5. From the SNMP Version drop-down list, select the SNMP version. In this example, we select SNMPv3.
  6. From the Operations drop-down list, select Walk.
    All Firebox MIBs open in a list.