RedSeal Integration Guide

The RedSeal® vulnerability and network assessment system is a client/server software application that provides a detailed view of your network infrastructure so you can measure, prioritize, and mitigate security risks and optimize compliance with your organization’s policies.

This document describes the steps to integrate RedSeal with your WatchGuard Firebox so that the RedSeal administrator can make a network assessment for your WatchGuard Firebox.

Platform and Software

The hardware and software used in this document include:

  • Firebox with Fireware v11.11.4
  • RedSeal 8.3.0 Server
  • RedSeal 8.3.0 Client on Windows Server 2012 R2

Configuration

To complete this integration, you must first deploy the RedSeal environment. In our integration tests, we installed RedSeal Server on a virtual appliance and installed the RedSeal Java client on Windows Server 2012 R2.

To set up the RedSeal client/server software environment, see the RedSeal Installation Guide.

Set Up RedSeal

Upload Plugin

  1. Start the RedSeal java client.
  2. To upload a new plugin to the RedSeal server, select Admin > Plugin > Upload Plugin.
    The Upload Plugin dialog box appears.

  1. Click Browse.
  2. Find a supported WatchGuard plugin file. Click Select.

  1. Click Upload.
  2. After you see the message Plugin Upload Complete, click Close.

Import WatchGuard Firebox Configuration

  1. On the Home Page, in the RedSeal Model Status panel, click the Network Devices link. Or, select File > Import.
    The Data Import dialog box appears.

  1. For the Data type, select L2 & L3 Devices.
  2. From the drop-down list, select WatchGuard Fireware OS.
  3. Select one or more configuration files that you want to import. In our example, we import a Firebox.xml configuration file.
  4. Click Import.
  5. Click Close after the import completes.

Update TRL

  1. On the Home Page, in the RedSeal Model Status Panel, click TRL.
    The Data Import dialog box appears.

  1. Adjacent to Data type, select the Other radio button.
  2. From the drop-down list, select Threat Reference Library(TRL).
  3. Select the TRL file that you want to import. In our example, we import RedSeal_TRL_8-3-latest.gz.
  4. Click Upload TRL.

Test the Integration

In our example, we imported a WatchGuard configuration file into RedSeal. RedSeal creates a security model based on that configuration by drawing network resources on a topology map.

RedSeal provides many features that help you determine whether network resources are vulnerable to threats. For more information, see the RedSeal user documentation.

For our integration tests, we tested three features:

  • Threat Sources
  • Analysis
  • Best Practices

Identify Threat Sources

  1. On the Home Page, in the RedSeal Model Status Panel, click Threat Sources. Or, select Tools > Threat Sources.
    The Likely Threat Sources window appears.

  1. To select the subnets that you want to identify, right-click a subnet from the list. In our example, we select one Extranet.
  2. Click Save.

Run the Analyzer

To run an analysis, on the Status panel, click the Analysis. When the analysis is complete, the time stamp in the Last Analysis section updates, and the Analyze button is disabled.

Best Practices Analysis

The Best Practices Analysis section on the Home tab shows the results of all Best Practice checks that were run against your network.

  1. Click the Best Practices tab to view checks. Click Details to view the results.

 

  1. To view the details of a best-practice analysis check, double-click an entry.
    A detail page for the check appears.