Device Management
When using the Firewall MC, all managed devices are members of a group named Global. You also can group your firewalls into subgroups that share similar properties (such as configuration settings or geographic location). Grouping similar devices facilitates management of those devices. You can also import existing configurations into Firewall MC. These activities are accessed through the Devices configuration tab. The tasks in this section include the following:
Managing groups
Importing devices
Managing devices
Managing Groups
Select Devices > Managing Groups to add new groups to the system, modify existing groups, and delete existing groups (see Figure 14-5). When defining group names, it is helpful to use descriptive names that clearly identify the different groups. For example, you may identify your groups based on geographic region or department within the company.
NOTE
Subgroup names must be unique within an enclosing group.
)
Figure
14-5 Managing Groups
When managing groups, you can perform the following operations:
Add—Add new groups
Edit—Rename existing groups
View—View the description for a group
Move—Move the group to a new location in the hierarchy
Delete—Remove an existing group
Importing Devices
After defining your device groups, you can then import devices into those groups using the Devices > Import Devices option. When importing devices, you perform the following four basic steps:
Select the target group.
Select the import type.
Define firewall device basic information.
Review summary details.
You have several options when importing devices into Firewall MC (see Figure 14-6). Table 14-5 explains the various import options that are available.
Table 14.5 Device Import Options
|
Import Option |
Description |
|
Create Firewall Device |
Allows you to add a single device manually. |
|
Import configuration from device |
Allows you to provide device credentials manually that enable the Firewall MC server to communicate directly with the device to retrieve the configuration. |
|
Import configuration file for a device |
Allows you to import configuration information for a single device from a configuration file. |
|
Import multiple firewall configurations from a CSV file |
Allows the Firewall MC server to communicate directly with multiple firewalls (specified in a comma-separated value [CSV] file) to retrieve configuration information. |
|
Import configuration files for multiple devices |
Allows you to import multiple configuration files from a single directory. Each file contains configuration information for a single device. |
NOTE
You can import from a device only once. To reimport a device’s configuration, you must first delete the device and then import it again.
)
Figure
14-6 Select Import Type
If you select the Import configuration from device option as the import type, you must provide the following parameters that Firewall MC needs to communicate with the device being imported (see Figure 14-7):
Contact User Name—(Optional) The username used when connecting to the firewall
Contact IP Address—The IP address used to connect to the firewall
Password—The firewall enable password
)
Figure
14-7 Firewall Contact Information
After specifying all of the characteristics for the device being imported, you will see an Import Status window (see Figure 14-8). This window displays the progress of the actual import process, and it automatically updates itself every 60 seconds. You can also force the window to update by clicking the Refresh button.
)
Figure
14-8 Import Status Window
When the import is complete, you can view the configuration of the device by clicking the View Config link located in the Details section of the Import Status window (see Figure 14-8).
Managing Devices
Sometimes you need to remove devices or move them from one group to another. To perform these types of device operations, select Devices > Managing Devices. The Managing Devices window enables you to move a device from one group to another and remove existing devices (see Figure 14-9).
)
Figure
14-9 Managing Devices