N-able N-central Integration Guide

N‑able™ N-central® is a Remote Monitoring and Management (RMM) tool commonly used by Management Service Providers (MSPs). RMM agents are installed on MSP customer endpoints to discover IT assets and remotely monitor and manage them.

This document describes how to use N-central to discover and monitor a WatchGuard Firebox.

Platform and Software

The hardware and software used to complete the procedures in this document include:

  • Firebox with Fireware v12.7.1 or higher
  • N-central 2021.1.5.526
  • Windows Software Probe 2021.1.50526 installed on a Windows Server 2019

N-central supports two deployment types: on-premises and hosted. In this document, we use a hosted N-central deployment hosted in the cloud.

This diagram outlines the N-central solution integration:

topology

Configure the Firebox

SNMP Settings

You must configure the Firebox to accept SNMP polls from an SNMP server. The IP address of the SNMP server is the IP address of the Windows server that will send SNMP probes to the Firebox and report information to the SNMP server.

  1. Log in to Fireware Web UI (https://<Firebox-IP-address>:8080).
  2. Select System > SNMP.
  3. From the Version drop-down list, select v3.
  4. In the User Name text box, type the username. In our example, we type WatchGuard.
  5. From the Authentication Protocol drop-down list, select SHA1.
  6. In the Password and Confirm text boxes, type the authentication password.
  7. From the Privacy Protocol drop-down list, select DES.
  8. In the Password and Confirm text boxes, type the encryption password.

Screenshot of Firebox, picture1

  1. Click Save.

Add an SNMP Policy

To enable the Firebox to receive SNMP polls from the Windows server, you must add an SNMP packet filter policy.

  1. Select Firewall > Firewall Policies.
  2. Click Add Policy.
  3. From the Packet Filter drop-down list, select SNMP.

Screenshot of Firebox, picture2

  1. Click Add Policy.

Screenshot of Firebox, picture3

  1. In the From section, select Any-Trusted. Click Remove.
  2. Click Add.
    The Add Member window opens.
  3. From the Member type drop-down list, select Host IPv4.
  4. Type the IP address of the SNMP server.

Screenshot of Firebox, picture4

  1. Click OK.
  2. In the To section, select Any-External. Click Remove.
  3. Click Add.
  4. Select the alias Firebox. Click OK.

Screenshot of Firebox, picture5

  1. Click Save.

N-central Configuration

Add a Customer

N-central classifies devices by customer to make the devices for a customer easy to manage. In N-central, you must first create a customer and then add devices to this customer.

  1. Log in to the N-able N-central as an administrator.
  2. Select Actions > Add Customer.
  3. In the Customer Name text box, type a meaningful name to identify the customer.

Screenshot of N-central, picture1

  1. Click Save and Continue.
    The Add Devices page opens.

Screenshot of N-central, picture2

From the Add Devices page, you can download the probe installer.

Install a Windows Probe

This procedure starts on the Add Devices page at the end of the previous procedure.

  1. If necessary, get back to the Add Device page, select Actions > Add/Import Devices.
  2. Select Click here to download the probe.
  3. Install the probe on a Windows server. For information about how to install the probe, see the N-central documentation.
  4. After you install the probe, select Administration > Probes to see the probe status for that customer.

Screenshot of N-central, picture3

Enable the SNMP Service

For the Windows server to monitor the Firebox, you must install and enable the SNMP service.

  1. On the Windows server, select Start > Run.
  2. Type services.msc and start the SNMP Service.
  3. Right-click the SNMP Service and select Properties.
  4. Select the Security tab.
  5. In the Accepted community names list, click Add and add public.
  6. In the Accept SNMP packets from these hosts list, click Add and add the IP address of the Firebox.

Screenshot of Windows Server, picture1

  1. Click Apply > OK.

Now the probe can detect and monitor devices in the same network.

Discover the Firebox to Monitor

  1. In N-central, select the customer.

Screenshot of N-central, picture4

  1. Select Actions > Add/Import Devices.
  2. Click Add a Discovery Job.
  3. From the Probe drop-down list, select the probe server you installed.
  4. In the Discovery Type section, type the IP Range you want the probe to detect. In this example, the probe server is set up to detect devices with IP addresses in the range 10.0.1.10 to 10.0.1.20.
  5. You can also specify the network as an IP address and netmask. To do this, select IP Address and Netmask.

Screenshot of N-central, picture5

  1. Select the Auto Import tab, you can define which kinds of devices are imported automatically after discovery. In our example, we select Other and Switch/Router.

Screenshot of N-central, picture6

  1. Select the Schedule tab, from the Type drop-down list, select when you want this discovery job to run. In our example, it is set to Now which means it runs immediately after this job is created.

Screenshot of N-central, picture7

  1. Click Finish.
    The probe server starts the discovery job.
  2. To see the job status, select Views > Job Status.
  3. Another way to start a discovery job is to select Actions > Run a Discovery.
  4. After the job is finished, select Views > All Devices.
    The devices discovered open in a list.

Screenshot of N-central, picture8

  1. Find your Firebox in the list and click on its name.
  2. Select the Settings tab, then select Monitoring Options.
  3. Select the Use SNMP check box.
  4. From the SNMP Version drop-down list, select v3.
  5. In the Username text box, type the user name WatchGuard.
  6. From the Authentication Protocol Method drop-down list, select SHA1 and type the password you set on the Firebox.
  7. From the Privacy Protocol Method drop-down list, select DES 56 and type the password you set on the Firebox.

Screenshot of N-central, picture9

  1. Keep all other settings as the default values.
  2. Click Save.

Self-Define Services

In N-central, you define a service that defines the information to be monitored for a device. There are many pre-defined services you can use, but they might not be suitable for your needs.

To define a new or custom service:

  1. Select Administration > Service Management > Custom Services.
  2. Click Add.
  3. Select Service > SNMP.

Screenshot of N-central, picture10

  1. In the Name text box, type a descriptive name for this service.
  2. Each service can include one or more queries. To add a query, in the Queries tab, click Add.
  3. In the Query Name text box, type a name for the query.
  4. Click Add OID, and add the OIDs of the items you want to query. See the Appendix for a list of OIDs.

Screenshot of N-central, picture11

  1. Click Save.
  2. Select the Data and Thresholds tab, click Add Metric.

If you add several query items, you must add the same number of metrics with corresponding variables.

  1. In the Metric text box, type the metric.
  2. From the Variable to Use drop-down list, select the corresponding variable.
  3. From the Data Type drop-down list, select the data type. In our example, we select String.

Screenshot of N-central, picture12

  1. Click Save.
  2. Repeat steps 9-13 to create another metric.

Screenshot of N-central, picture13

  1. Click Save.
  2. On the All Devices page, select the device to be monitored and click Add Services at the top of the page. Or, click the device name to go to the device information page.
  3. Select Monitoring > Status.
  4. Click Add.
  5. From the Monitoring Appliance drop-down list, select the Window Probe server. All available services are shown, including the SNMP service defined earlier (WatchGuard XTM Info).
  6. Add one instance to run the monitor. Click Apply to link the service to the Firebox.

Screenshot of N-central, picture14

Test the Integration

  1. Select the device name to go to the device information page.
  2. Select Monitoring > Status.
  3. Verify that the added service appears and the SNMP check is ongoing.
  4. When the SNMP check has finished successfully, a green check mark appears in the Status column.

If a custom service returns a status with no data, restart all N-able related services on the computer installed with the probe service. When this is complete, the custom service will detect data.

Screenshot of N-central, picture15

  1. Click the service name to see the status details.

Screenshot of N-central, picture16

Appendix

About SNMP OIDs and MIBs

SNMP queries are typically formatted as a numeric expression. This is referred to as an Object Identifier (OID). An OID is a numeric reference to a unique object or piece of data.

A Management Information Base (MIB) is a database of OIDs that maps object names to a specific OID.

There are two types of MIBs: standard and enterprise. Standard MIBs are definitions of network and hardware events used by many different devices. Enterprise MIBs provide information about events that are specific to a single manufacturer.

The Firebox supports eight standard MIBs: IP-MIB, IF-MIB, TCP-MIB, UDP-MIB, SNMPv2-MIB, SNMPv2-SMI, RFC1213-MIB, and RFC1155 SMI-MIB.

For more information about Firebox Enterprise MIBs, see Enterprise MIB File Details.

Find OIDs

To get information through SNMP, you must know the OID of the object. An MIB browser is a good way to see the available MIB and OIDs. There are several free MIB browsers.

As an example, these steps describe how to use the iReasoning MIB browser:

  1. Install and open iReasoning.
  2. In the Address text box, type the IP address of your Firebox.
  3. Click Advanced.
  4. To read the MIB information for monitoring, in the Read Community text box, type public.
  5. From the SNMP Version drop-down list, select the SNMP version.
  6. From the Operations drop-down list, select Walk.
    All Firebox MIBs open in a list.