Firebox NetFlow and SolarWinds NetFlow Traffic Analyzer Integration Guide

WatchGuard provides integration instructions to help our customers configure WatchGuard products to work with products created by other organizations. If you need more information or technical support about how to configure a third-party product, go to the documentation and support resources for that product.

SolarWinds NetFlow Traffic Analyzer (NTA) collects flow data, processes it, and together with performance data collected by SolarWinds Network Performance Monitor (NPM), presents this data in graphs and reports to show which part of your network drives bandwidth utilization. SolarWinds NPM and SolarWinds NTA are built on the Orion® Platform, which offers you the ability to extend your monitoring in a fully integrated platform with shared alerting and reporting as well as a customizable web console.

This document describes how to use SolarWinds to discover and monitor the WatchGuard Firebox and analyze device bandwidth usage.

Contents

• Firebox NetFlow and SolarWinds NetFlow Traffic Analyzer Integration Guide
• • Contents
  • Integration Summary
  • Topology
  • Before You Begin
  • Configure Your Firebox for SolarWinds NTA
  • Configure Your SolarWinds NTA
  • • Add an SNMPv3 Credential
    • Configure Network Discovery in SolarWinds
  • Test the Integration

Topology

This diagram shows a typical NetFlow topology.

Before You Begin

Make sure all your SolarWinds NTA services are running and your Firebox has Fireware v12.10.4 or higher.

Configure Your Firebox for SolarWinds NTA

To enable your Firebox to integrate with SolarWinds NTA, you must configure the Firebox as a NetFlow exporter, configure SNMP settings, and add a policy to allow SNMP traffic. SolarWinds NTA uses the SNMP protocol to discover devices.

To configure your Firebox as a NetFlow exporter, from Fireware Web UI:

1. Select System > NetFlow.
2. Select Enable NetFlow.
3. For the Protocol Version, select V9.
4. In the Collector Address text box, type the IP address of the NetFlow collector.
5. In the Port text box, type 2055.
   2055 is the port number used by SolarWinds NTA.
6. In the Active Flow Timeout text box, type 20.
   The Active Flow Timeout setting segments your flow into small flows based on the value you specify. We recommend that you specify an Active Flow Timeout value that is lower than the Active Flow Timeout value on the collector. This helps to avoid data loss. If the Active Flow Timeout value is lower on the collector, the collector might stop listening while the Firebox is sending data.
7. Keep the Sampling Mode disabled.
8. (Optional) To monitor Firebox traffic, select the Monitor Traffic Generated by the Firebox or Monitor Traffic Destined for the Firebox check box, or select both.
9. To enable NetFlow for an interface, next to the interface name, select the Ingressor Egress check box, or select both.
   If you have many interfaces, use the Interface Name search box or select an option from the Type or Zone drop-down lists to find an interface quickly.

10. Select Save.

For more information about NetFlow on the Firebox, go to About NetFlow and Configure NetFlow in Fireware Help.

To configure SNMP settings, from Fireware Web UI:

1. Select System > SNMP.
2. From the Version drop-down list, select v3.
3. In the User Name text box, type a user name the SNMP server uses when it contacts the device. In this example, we type snmpv3.
4. From the Authentication Protocol drop-down list, select SHA1.
5. In the adjacent Password and Confirm text boxes, type the authentication password.
6. From the Privacy Protocol drop-down list, select DES.
7. In the adjacent Password and Confirm text boxes, type the encryption password.
8. To enable NAT for all SNMP connections through your Firebox, select the Use NAT for Connections through the SNMP Application Layer Gateway check box.

10. Click Save.

To enable your Firebox to receive SNMP polls, you must also add an SNMP packet filter policy. To add an SNMP policy, from Fireware Web UI:

1. Select Firewall > Firewall Policies.
2. Click Add Policy.
3. From the Packet Filter drop-down list, select SNMP.
4. Click Add Policy.
5. In the From section, click Add.
   The Add Member dialog box opens.
6. From the Member Type drop-down list, select Host IPv4.
7. In the Member Type text box, type the IP address of your SolarWinds NTA SNMP server.
8. Click OK.
   The IP address of the SNMP server appears in the From list.
9. In the From list, remove the Any-Trusted item.
10. In the To section, click Add.
    The Add Member dialog box opens.
11. From the Member Type drop-down list, select Alias.
12. From the list, select Firebox.
13. Click OK.
    Firebox appears in the To list.
14. In the To list, remove the Any-External item.

15. Click Save.

Configure Your SolarWinds NTA

Add an SNMPv3 Credential

SNMPv3 is a secure version of the SNMP protocol that adds authentication and encryption. SNMPv3 credentials are used in the Discovery Wizard.

To add an SNMPv3 credential:

1. Log in to the SolarWinds Platform Web Console with your administrator account.
2. Select Settings > All Settings.
3. In the Credentials section, click Manage SNMPv3 Credentials.
4. Click Add SNMPv3 Credential.
   The Enter SNMPv3 Credential page opens.
5. In the Credential Name text box, type a credential name. In this example, we type snmpv3.
6. In the User Name text box, type the user name that matches the user name configured in Configure Your Firebox for SolarWinds NTA.
7. Leave the SNMPv3 Context text box blank.
8. From the Authentication Method drop-down list, select SHA1.
9. In the adjacent Password text box, type the authentication password.
10. From the Privacy / Encryption Method drop-down list, select DES56.
11. In the adjacent Password text box, type the encryption password.

12. Click Save.

Configure Network Discovery in SolarWinds

After you add the snmpv3 credentials for the SolarWinds Platform, you must configure Network Discovery in SolarWinds.

To configure Network Discovery:

1. Log in to the SolarWinds Platform Web Console with your administrator account.
2. Select Settings > Network Discovery.
   

3. Click Start.
4. In the IP Addresses text box, type the IP address of the Firebox.
   You can also use other options to add the Firebox. For more information, go to Discover Your Network for the SolarWinds Platform with the Discovery Wizard in the SolarWinds Platform documentation.

5. Click Next until the SNMP Credentials page opens.
6. To make the discovery faster, click next to the SNMPv3 credential until the credential is at the top of the list.

7. Click Next until the Discovery Scheduling page opens.

8. Click Discover.
   The discovery process starts, and the results wizard opens.

9. Click Next.

10. Click Next.

11. Make sure the volume types you want to monitor are selected, and click Next.
12. Click Import.
13. Click Finish.
    The devices are imported.
14. Select Settings > Manage Nodes.
15. From the Group by drop-down list, select Vendor, and click WatchGuard Technologies Inc.

16. Select the WatchGuard Firebox node, and click List Resources.
17. For Status & Response Time, select SNMP.

18. Click Submit.

Test the Integration

To test the integration, in the SolarWinds Platform Web Console:

1. Select Settings > Manage Nodes.
2. From the Group by drop-down list, select Vendor, and click WatchGuard Technologies Inc.
3. Click the WatchGuard Firebox node name.
   The Node Details page opens.
4. From the navigation menu, select Vital Stats.

To view the Netflow Traffic Analyzer Summary, in the SolarWinds Platform Web Console:

Select My Dashboards > NetFlow > NetFlow > NTA Summary.

To view the NetFlow Countries Summary, in the SolarWinds Platform Web Console:

Select My Dashboards > NetFlow > NetFlow > Countries.