Contents

Related Topics

Integrate Your Firebox with ConnectWise

You can configure your Firebox to integrate with ConnectWise, a professional service automation tool. This integration enables service providers to automatically synchronize customer asset information for more efficient device management and monitoring.

Fireware Version CompatibilityConnectWise Integration is supported in Fireware v11.12 and higher.

  • Auto Synchronization of Asset Information — Automatically synchronizes your Firebox asset information and the status of your security service subscription, which includes subscription start and end dates, device serial numbers, and OS versions.

Before you configure ConnectWise integration, make sure the Firebox device asset that you want to automatically synchronize with ConnectWise is not already defined in an existing ConnectWise configuration. Asset synchronization occurs only for Firebox device assets added through automatic synchronization. You must remove any existing ConnectWise configuration associated with the Firebox before you configure Firebox integration.

  • Closed-Loop Ticketing of System, Security, and Subscription Events — Configure event thresholds for a wide range of parameters to automatically trigger the creation and closure of tickets, such as security services, device statistics, and subscription statuses. This feature eliminates ticket flooding and false alarms, and automatically closes tickets when issues are resolved. If an event occurs again, the same ticket is reopened so that you can track repeated occurrences of the same event. You can also configure the default priority of tickets. For more information, see Configuration Questions.
  • Automated Reporting — Data from your WatchGuard reports are sent to ConnectWise and included in the ConnectWise Executive Summary Reports. This includes data from the Device Statistics, Web Usage Statistics, and Intrusion Prevention Service summary reports.
    For more information about how to integrate reports generated by your Report Server or Dimension with ConnectWise, see Configure ConnectWise Integration for Reports.

Get ConnectWise API Keys

Before you integrate your Firebox with ConnectWise, you must create a pair of API keys to enable the Firebox to communicate with the ConnectWise server. You can create API keys from your current user account, or you can create a new account specifically for API access (an API Member account).

You can only add an API Member account in the ConnectWise Windows client on the System Modules > Members page. From the Members page, select the API Members tab, and then create a new user account and generate API Keys.

To get your API keys from your current ConnectWise user account:

  1. Log in to ConnectWise.
    Your ConnectWise user account pages appear.
  2. At the top-right of the page, from your user account drop-down list, select  My Account.

Screen shot of ConnectWise My Account settings page

  1. Select the API Keys tab.
    If the API Keys tab does not appear, click the Settings tab to add the API Keys tab.

Screen shot of ConnectWise User Account API Keys tab

  1. To add a new key pair, click the Add Key Pair icon.
  2. In the Description text box, type a descriptive name for the key.
  3. Click the Save icon.

Screen shot of ConnectWise generate API Key page

  1. Make a note of the public and private keys. You must have these keys to configure your Firebox to connect to ConnectWise.
    After the key pair is saved, you cannot see the private key again.

Configure the ConnectWise Settings on Your Firebox

You can configure the ConnectWise integration settings from Fireware Web UI or Policy Manager.

Your Firebox sends traffic to ConnectWise over HTTPS on TCP port 443. If the external link to the Internet is down, communication with ConnectWise, which includes ticket management activity, resumes automatically when external connectivity is restored.

See Device Configuration Details in ConnectWise

To see your Firebox in ConnectWise:

  1. Select Companies > Configurations.
  2. From the configuration list, select a Firebox.

Screen shot of ConnectWise Companies Configurations page

After you enable ConnectWise integration on your Firebox, information from the Firebox such as the serial number, model number, and expiration date are automatically synchronized and appear in the ConnectWise Configuration Details list.

Screen shot of ConnectWise Configuration Details page

Configuration Questions

The Configuration type for WatchGuard Fireboxes includes a unique set of Configuration Questions that relate to device monitoring and ticket management. These are thresholds for system events, and enable you to customize the events that generate tickets.

You can customize the configuration question entries. For more information. see Edit Configuration Questions.

If a system condition passes a configured threshold, a ticket is created to notify you of the system event. If the event does not continue and passes below the threshold, the ticket is automatically closed. If the event occurs again, the same ticket is opened again so that you can track repeated occurrences of the same event.

Screen shot of ConnectWise device configuration questions

Certificate Expiration

Monitors system certificates and generates a ticket if any certificates will expire within the number of days you specify. You can select 10, 30, or 60 days prior to expiration.

Feature-Key Expiration

Monitors feature keys and generates a ticket if any feature keys will expire within the number of days you specify. You can select 10, 30, or 60 days prior to expiration.

CPU Usage

Monitors CPU usage over a specified time period. For example, it can generate a ticket if CPU usage is greater than 90% over 10 minutes.

Memory Usage

Monitors memory usage over a specified time period. For example, it can notify you if memory usage is greater than 90% for over 10 minutes.

Total Connections

Monitors the total number of concurrent connections over a specified time period compared to your system connection limits. For example, it can generate a ticket if the total number of concurrent connections is greater than 90% of your system limit for over 10 minutes.

Total SSLVPN Connections

Monitors the total number of concurrent SSLVPN connections over a specified time period compared to your system connection limits. For example, it can generate a ticket if the total number of concurrent SSLVPN connections is greater than 90% of your system limit for over 10 minutes.

Total MUVPN Connections

Monitors the total number of concurrent Mobile VPN (MUVPN) connections over a specified time period compared to your system connection limits. For example, it can generate a ticket if the total number of concurrent Mobile VPN connections is greater than 90% of your system limit for over 10 minutes.

Total L2TP Connections

Monitors the total number of concurrent L2TP connections over a specified time period compared to your system connection limits. For example, it can generate a ticket if the total number of concurrent L2TP connections is greater than 90% of your system limit for over 10 minutes.

Interface Status

Monitors whether any network interfaces have a link down status over a specified period of time. For example, it can generate a ticket if an interface is down for longer than 5, 10, or 30 seconds.

Botnet Detection

Monitors botnet activity detected by Botnet Detection over a sustained period of time. For example, it can generate a ticket if botnet activity is detected for over 10, 30, or 60 minutes.

Flood Detection

Monitors whether DoS flood attacks (such as SYN, ICMP, UDP, IPsec, IKE floods) have occurred over a specified period of time. For example, it can generate a ticket if any flood attacks are detected over 10, 30, or 60 minutes.

Virus Detection

Notifies you if viruses have been detected by Gateway AntiVirus over a specified period of time. For example, it can generate a ticket if 50 viruses were detected over 10 minutes.

Intrusion Prevention

Monitors whether intrusion attempts have been detected by IPS over a specified period of time. For example, it can notify you if 50 intrusions were detected over 10 minutes.

Spam Detection

Notifies you if spam email messages have been detected by spamBlocker over a specified period of time. For example, it can notify you if 50 spam messages were detected over 10 minutes.

APT Detection

Monitors APTs detected by APT Blocker over a specified period of time. For example, it can notify you if 50 APTs were detected over 10 minutes.

DLP Detection

Monitors violations detected by Data Loss Prevention over a specified period of time. For example, it can generate a ticket if 50 DLP violations were detected over 10 minutes.

Cluster Failover

Notifies you if a FireCluster failover has occurred. After a failover occurs, the new FireCluster master generates a ticket. The ticket information includes the member IDs of the new cluster master and the previous master. The ticket is closed after five minutes of cluster stability.

Feature Keys

Shows the current feature keys.

Edit Configuration Questions

You can customize the values in your configuration questions from the ConnectWise UI in System > Setup Tables > Company (Category) > Configuration (Table) > WatchGuard Security Appliance (Configuration Type).

Screen shot of configuration question editing page in ConnectWise

For example, you can add another time period (such as 5 days prior) for Feature Key expiration notification.

  1. Click Feature-Key Expiration.
  2. Click Enter/Edit Values.
  3. In the Value text box, type 5 days prior, then click the save icon.

Screen shot of editing Configuration Question answers in ConnectWise

You must follow the same answer syntax as other entries. You can also clone entries from other configuration questions with the Answer Cloning drop-down list. If you create an answer with invalid syntax, the ConnectWise UI does not warn you. However, errors appear in the Firebox logs.

ConnectWise Ticket Management

The Configuration Question thresholds you specify automatically trigger the creation and closure of tickets. This prevents ticket flooding and false alarms, and enables tickets to be automatically closed when issues are resolved. If an event occurs again, the same ticket is reopened so that you can track repeated occurrences of the same event.

To see a summary of tickets associated with this configuration in your ConnectWise account:

  1. Select the Service tab.
    In this example, a ticket was generated because of an expired certificate on the Firebox.

Screen shot of ConnectWise ticket main page

  1. To see the ticket notes, click the ticket number or description.

Screen shot of ConnectWise ticket details

After the certificate is updated with a new expiration date, the ticket is automatically closed.

Screen shot of ConnectWise ticket closed page

Service Ticket Priority Levels and Service Boards

You can customize your ConnectWise service ticket priority levels from the ConnectWise UI in System > Setup Tables > Service (Category) > Priority (Table).

Screen shot of ConnectWise Setup tables > Priority levels

Similarly, you can customize your ConnectWise service boards from the ConnectWise UI in System > Setup Tables > Service (Category) > Service Board (Table).

Screen shot of service board customization in ConnectWise

See Also

Configure ConnectWise Integration for Reports

Create Device Configuration Templates

Give Us Feedback     Get Support     All Product Documentation     Technical Search