Firebox NetFlow and SolarWinds NetFlow Traffic Analyzer Integration Guide

Deployment Overview

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.

Integration Summary

The hardware and software used to complete the steps outlined in this document include:

  • SolarWinds NetFlow Traffic Analyzer (NTA)
    • SolarWinds Orion NTA 4.4
  • WatchGuard Firebox
    • Installed with Fireware v12.3 or higher

Test Topology

This diagram shows a typical NetFlow topology.

Diagram of a typical NetFlow topology

Before You Begin

Make sure all your SolarWinds NTA services are running and your Firebox has Fireware version v12.3 or higher.

Configure Your Firebox for SolarWinds NTA

To configure your Firebox to integrate with SolarWindows NTA, you must enable the Firebox as a NetFlow exporter, configure SNMP settings, and add a policy to allow SNMP traffic. SolarWinds NTA uses the SNMP protocol to discover devices.

To configure your Firebox as a NetFlow exporter, from Fireware Web UI:

  1. Select System > NetFlow.
  2. Select Enable NetFlow .
  3. For the Protocol Version, select V5.
  4. In the Collector Address text box, type the IP address of the NetFlow collector.
  5. In the Port text box, type 2055.
    2055 is the port number used by NTA.
  6. In the Active Flow Timeout text box, type 20.
    The Active Flow Timeout setting segments your flow into small flows based on the value you specify. We recommend that you specify a Active Flow Timeout value that is lower than the Active Flow Timeout value on the collector. This helps to avoid data loss. If the Active Flow Timeout value is lower on the collector, the collector might stop listening while the Firebox is sending data.
  7. Keep the Sampling Mode disabled.
  8. To enable NetFlow for an interface, select the check box adjacent to that interface.
    If you have many interfaces, use the Interface Name search box or select an option from the Type or Zone drop-down lists to find an interface quickly.
  9. To select all interfaces, select the check box adjacent to the Interface Name text box.
  10. To monitor outbound traffic generated by the Firebox itself, select Firebox.
  11. Click Save.

Screen shot of the Firebox NetFlow configuration

To configure SNMP settings, from Fireware Web UI:

  1. Select System > SNMP.
  2. In the Community String text box, type the community string. In our example, we type public, which is the default community string configured in NTA.
    If you change the community string in NTA, you must change it on the Firebox as well.

To add an SNMP policy, from Fireware Web UI:

  1. Select Firewall > Firewall Policies.
  2. Click Add Policy.
  3. From the Packet Filter drop-down list, select SNMP.
  4. Click Add Policy.
  5. In the From section, click Add.
    The Add Member dialog box appears.
  6. From the Member type drop-down list, select Alias.
  7. In the list, select Any.
  8. Click OK.
  9. In the To section, click Add.
    The Add Member dialog box appears.
  10. From the Member type drop-down list, select Alias.
  11. In the list, select Any.
    If you specify a member other than Any, make sure that NTA can discover your device.
  12. Click Save.

For more information about NetFlow on the Firebox, see About NetFlow and Configure NetFlow in Fireware Help.

Configure Your SolarWinds NTA

After you configure the Firebox, you must configure the SolarWinds NTA settings.

  1. Log in to the SolarWinds web console with your administrator account.
    A wizard appears to help you add devices.

Screen shot of the NetFlow Traffic Analyzer Summary page

  1. To add your devices automatically, click Network Discovery. Or, select Settings > Network Discovery.
    The Discover Network page appears.
  1. Click Add New Discovery.

Screen shot of the Network Sonar Discovery

  1. Select one or more options to add devices.

Screen shot of the Network Sonar Wizard

  1. Click Next, and then click Next for each subsequent step.
  1. Click Discover.
    The discovery process starts and results appear.

Screen shot of the Discovering Network page

Screen shot of the Network Sonar Results Wizard

  1. Click Next.
  2. Select the interfaces to monitor.
  3. Click Next.

Screen shot of the Interfaces page

  1. Keep all the default settings or change settings as needed.
  2. Click Next.
  3. Click Import.
  4. Click Finish. The devices are imported.

Test the Integration

To test the integration, in SolarWinds:

  1. Select Settings > Manage Nodesto find your device.

Screen shot of the Manage Nodes page

  1. From the Group by Vendor list, select WatchGuard Technologies Inc.
  2. Select the device and interfaces to see details about your Firebox.

Screen shot of the Interface Details page