Integrate Your Firebox with Tigerpaw

You can configure your Firebox to integrate with Tigerpaw, a professional service automation tool. This integration enables service providers to automatically synchronize customer asset information for more efficient device management and monitoring.

Fireware Version Compatibility

  • Auto Synchronization of Asset Information — Automatically synchronizes your Firebox asset information and the status of your security service subscription, including subscription start and end dates, device serial numbers, and OS versions.
  • Closed-Loop Service Order System, Security, and Subscription Events — Configure event thresholds for a wide range of parameters to automatically trigger the creation and closure of service orders, such as security services, device statistics, and subscription statuses. This feature eliminates service order flooding and false alarms, and automatically closes service orders when issues are resolved. If an event occurs again, the same service order is reopened so that you can track repeated occurrences of the same event. You can also configure the default priority of service orders. For more information, see Event Monitoring.

Before You Begin

You can use a Tigerpaw One Hosted server, or a local on-premise Tigerpaw One server with the Firebox integration.

To use a local on-premise Tigerpaw server for Firebox integration, you must install a required API package to facilitate communications between the Tigerpaw server and the Firebox. For detailed information on how to install this API package, see the Tigerpaw API Installation Checklist.

For support issues with the Tigerpaw API installation, you must contact Tigerpaw support.

Define an External Product in Tigerpaw

Before you configure your Firebox integration settings, you must create an External Product entry for your Tigerpaw account. The External Product entry indicates that Firebox assets are managed by an external product (the Tigerpaw integration on the Firebox). You will define an External Account ID that you will use in the integration configuration settings on the Firebox.

To create an External Product and configure an External Account ID:

  1. Open the Tigerpaw Windows client.
    You can download the client from www.tigerpaw.com.
  2. Type the username and password for your Tigerpaw account.
  3. Select Status and Setup > Master Tables.
    The Table Maintenance Window appears.
  4. From the Table Maintenance window, select Account > External Products.
  5. Select File > New, or click New entry icon.

Screen shot of the Master Tables maintenance window adding an External Product

  1. In the External Product text box, type the name of the External Product. For example, WatchGuard.
  2. Make sure the Active check box is selected, then click OK.

Add the External Product to an Account

To add the External Product to an account and define an External Account ID:

  1. Select the Tigerpaw account that will contain the Firebox assets.
  2. Select the Service Defaults tab.
  3. In the Associated External Products section, click the New entry icon button to create a new entry.
    The Add External ID window appears.

Screen shot of the External Product ID dialog box in the Tigerpaw account settings

  1. From the External Product drop-down list, select the External Product you created. For example, WatchGuard.
  2. In the External Account ID text box, type an account ID value to associate with this external product. For example, WatchGuard-1.
    You will use this account ID in your Firebox settings for Tigerpaw integration.
  3. Leave the External System ID text box blank.
  4. Click OK.

For more information on how to manage and configure your Tigerpaw account, see Tigerpaw Management.

Configure the Tigerpaw Settings on Your Firebox

You can configure the Tigerpaw integration settings from Fireware Web UI or Policy Manager.

Your Firebox sends traffic to Tigerpaw over HTTPS on TCP port 443. If the external link to the Internet is down, communication with Tigerpaw, including service order management activity, resumes automatically when external connectivity is restored.

Tigerpaw Management

To manage your Tigerpaw account, you must downloaded and install the Tigerpaw Windows client from www.tigerpaw.com.

View Firebox Asset Details in Tigerpaw

To see your Firebox in Tigerpaw:

  1. Open the Tigerpaw client.
  2. Type the username and password for your Tigerpaw account.
  3. From Accounts in the left sidebar, select the account to which you added the Firebox assets.
  4. Click the Assets icon icon to see a list of assets for the account.
  5. There are two types of assets: Customer Assets and Managed Assets.

A Customer Asset is an asset that was added manually to an account in Tigerpaw. A Managed Asset is an asset that was added automatically as part of the Firebox integration with Tigerpaw. A Firebox asset can appear in both lists if there was a service order created for the Firebox.

Screen shot of the Customer Assets page in Tigerpaw

  1. Click a Firebox to see its details.
    Information from the Firebox such as the serial number and feature key expiration date are automatically synchronized and appear in the list.

Screen shot of a Firebox asset in Tigerpaw

Event Monitoring

You can perform monitoring of events on your Firebox. You can configure thresholds for system events, and customize the events that generate service orders in Tigerpaw. The default Service Order Type, Service Order Board, and Service Order Priority are configured in your Tigerpaw integration.

If a system condition passes a configured threshold, a service order is created to notify you of the system event. If the event does not continue and passes below the threshold, the service order is automatically closed. If the event occurs again, the same service order is opened again so that you can track repeated occurrences of the same event.

Certificate Expiration

Monitors system certificates and generates a service order if any certificates will expire within the number of days you specify. You can select 10, 30, or 60 days prior to expiration.

Feature-Key Expiration

Monitors feature keys and generates a service order if any feature keys will expire within the number of days you specify. You can select 10, 30, or 60 days prior to expiration.

CPU Usage

Monitors CPU usage over a specified time period. For example, it can generate a service order if CPU usage is greater than 90% over 10 minutes.

Memory Usage

Monitors memory usage over a specified time period. For example, it can generate a service order if memory usage is greater than 90% for over 10 minutes.

Total Connections

Monitors the total number of concurrent connections over a specified time period compared to your system connection limits. For example, it can generate a service order if the total number of concurrent connections is greater than 90% of your system limit for over 10 minutes.

Total SSLVPN Connections

Monitors the total number of concurrent SSLVPN connections over a specified time period compared to your system connection limits. For example, it can generate a service order if the total number of concurrent SSLVPN connections is greater than 90% of your system limit for over 10 minutes.

Total IPSec Connections

Monitors the total number of concurrent IPSec connections over a specified time period compared to your system connection limits. For example, it can generate a service order if the total number of concurrent IPSec connections is greater than 90% of your system limit for over 10 minutes.

Total L2TP Connections

Monitors the total number of concurrent L2TP connections over a specified time period compared to your system connection limits. For example, it can generate a service order if the total number of concurrent L2TP connections is greater than 90% of your system limit for over 10 minutes.

Interface Status

Monitors whether any network interfaces have a link down status over a specified period of time. For example, it can generate a service order if an interface is down for longer than 5, 10, or 30 seconds.

Botnet Detection

Monitors botnet activity detected by Botnet Detection over a sustained period of time. For example, it can generate a service order if botnet activity is detected for over 10, 30, or 60 minutes.

Flood Detection

Monitors whether DoS flood attacks (such as SYN, ICMP, UDP, IPsec, IKE floods) have occurred over a specified period of time. For example, it can generate a service order if any flood attacks are detected over 10, 30, or 60 minutes.

Virus Detection

Notifies you if viruses have been detected by Gateway AntiVirus over a specified period of time. For example, it can generate a service order if 50 viruses were detected over 10 minutes.

Intrusion Detection

Monitors whether intrusion attempts have been detected by IPS over a specified period of time. For example, it can notify you if 50 intrusions were detected over 10 minutes.

Spam Detection

Notifies you if spam email messages have been detected by spamBlocker over a specified period of time. For example, it can notify you if 50 spam messages were detected over 10 minutes.

APT Detection

Monitors APTs detected by APT Blocker over a specified period of time. For example, it can notify you if 50 APTs were detected over 10 minutes.

DLP Detection

Monitors violations detected by Data Loss Prevention over a specified period of time. For example, it can generate a service order if 50 DLP violations were detected over 10 minutes.

Cluster Failover

Notifies you if a FireCluster failover has occurred. After a failover occurs, the new FireCluster master generates a service order. The service order information includes the member IDs of the new cluster master and the previous master. The service order is closed after five minutes of cluster stability.

Tigerpaw Service Order Management

The event monitoring thresholds you specify automatically trigger the creation and closure of service orders. This prevents service order flooding and false alarms, and enables service orders to be automatically closed when issues are resolved. If an event occurs again, the same service order is reopened so that you can track repeated occurrences of the same event.

To see a summary of service orders associated with an account:

  1. From Accounts, select a specific account.
  2. Select the View Service Order icon icon to view the service orders for the account.
    A list of service orders appears.

Screen shot of the Service Orders for Account page in Tigerpaw

Service Boards and Service Order Priority Settings

You can customize your Tigerpaw service board and service types from the Tigerpaw client in Status and Setup > Master Tables in the Service > Service Boards folder or the Service > Types folder.

Screen shot of the Tigerpaw Master Tables page with Service Types

Similarly, you can customize your service order priority levels from the Tigerpaw client in Status and Setup > Master Tables in the Service > Priorities folder.

Screen shot of the Tigerpaw Master Tables page with Service Priorities