Firebox NetFlow and SolarWinds NetFlow Traffic Analyzer Integration Guide

Deployment Overview

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, see the documentation and support resources for that product.

Integration Summary

The hardware and software used to complete the steps outlined in this document include:

  • SolarWinds
    • SolarWinds Orion NetFlow Traffic Analyzer (NTA) 2020.2.5
    • SolarWinds Orion Network Performance Monitor 2020.2.5
  • WatchGuard Firebox
    • Fireware v12.7 or higher

Topology

This diagram shows a typical NetFlow topology.

Diagram of a typical NetFlow topology

Before You Begin

Make sure all your SolarWinds NTA services are running and your Firebox has Fireware v12.7 or higher.

Configure Your Firebox for SolarWinds NTA

To configure your Firebox to integrate with SolarWindows NTA, you must enable the Firebox as a NetFlow exporter, configure SNMP settings, and add a policy to allow SNMP traffic. SolarWinds NTA uses the SNMP protocol to discover devices.

To configure your Firebox as a NetFlow exporter, from Fireware Web UI:

  1. Select System > NetFlow.
  2. Select Enable NetFlow .
  3. For the Protocol Version, select V5.
  4. In the Collector Address text box, type the IP address of the NetFlow collector.
  5. In the Port text box, type 2055.
    2055 is the port number used by NTA.
  6. In the Active Flow Timeout text box, type 20.
    The Active Flow Timeout setting segments your flow into small flows based on the value you specify. We recommend that you specify an Active Flow Timeout value that is lower than the Active Flow Timeout value on the collector. This helps to avoid data loss. If the Active Flow Timeout value is lower on the collector, the collector might stop listening while the Firebox is sending data.
  7. Keep the Sampling Mode disabled.
  8. (Optional) To monitor Firebox traffic, select Monitor Traffic generated by the Firebox or Monitor traffic destined for the Firebox.
  9. To enable NetFlow for an interface, next to the interface name, select Ingress, Egress, or both.
    If you have many interfaces, use the Interface Name search box or select an option from the Type or Zone drop-down lists to find an interface quickly.

Screenshot of Firebox, diagram1

  1. Select Save.

To configure SNMP settings, from Fireware Web UI:

  1. Select System > SNMP.
  2. In the Community String text box, type the community string. In our example, we type public, which is the default community string configured in NTA.
    If you change the community string in NTA, you must change it on the Firebox as well.
  3. Keep the default values for all other settings.

Screenshot of Firebox, diagram2

  1. Click Save.

To add an SNMP policy, from Fireware Web UI:

  1. Select Firewall > Firewall Policies.
  2. Click Add Policy.
  3. From the Packet Filter drop-down list, select SNMP.
  4. Click Add Policy.
  5. In the From section, click Add.
    The Add Member dialog box appears.
  6. From the Member type drop-down list, select Alias.
  7. In the list, select Any.
  8. Click OK.
  9. In the To section, click Add.
    The Add Member dialog box appears.
  10. From the Member type drop-down list, select Alias.
  11. In the list, select Any.
    If you specify a member other than Any, make sure that NTA can discover your device.
  12. Click OK.
  13. Click Save.

For more information about NetFlow on the Firebox, see About NetFlow and Configure NetFlow in Fireware Help.

Configure Your SolarWinds NTA

After you configure the Firebox, you must configure the SolarWinds NTA settings.

  1. Log in to the SolarWinds Orion web console with your admin account.
  2. Select Settings > Network Discovery.

Screenshot of Solarwinds, diagram1

  1. Click Start.

Screenshot of Solarwinds, diagram2

  1. Select one or more options to add devices.
  2. Click Next, and then click Next for each subsequent step.
  3. Click Discover.
    The discovery process starts and results appear.

Screenshot of Solarwinds, diagram3

Screenshot of Solarwinds, diagram5

  1. Click Next.

Screenshot of Solarwinds, diagram6

  1. Click Next.

Screenshot of Solarwinds, diagram7

  1. Ensure the volume types you want to monitor are selected, and click Next.
  2. Click Import.
  3. Click Finish. The devices are imported.
  4. Select Settings > Manage Nodes.
  5. From the Group by drop-down list, select Vendor, and click WatchGuard Technologies Inc.

Screenshot of Solarwinds, diagram8

  1. Select the node, and click List Resources.
  2. For Status & Response Time, select SNMP.

Screenshot of Solarwinds, diagram9

  1. Click Submit.

Test the Integration

To test the integration, in SolarWinds:

  1. Select Settings > Manage Nodes.
  2. From the Group by drop-down list, select Vendor, and click WatchGuard Technologies Inc.
  3. Select the node to see more details about your Firebox.

Screenshot of Solarwinds, diagram10