1. Firewalls, Routers, Switches

You are here:
< All Topics

Supported Devices

Manufacturer Type/Model Configuration files needed
Alcatel Lucent Omniswitch save [filename]
Amazon Web Service EC2 aws ec2 describe-security-groups
aws ec2 describe-instances
Azure Cloud Azure Cloud Shell (PowerShell 2.1.0): Export-AzResourceGroup
Check Point R77 /etc/fw/conf/objects_5_0.C
/etc/fw/conf/rulebases_5_0.fws
R80 Use the NP CheckPoint R80 Exporter (PDF documentation, video)
Cisco IOS, ASA, FirePower show running-config
Dell PowerConnect console#copy running-config startup-config (instructions)
Enterasys save config
Extreme Switch save configuration [primary , secondary , existing-config , new-config] (check which config is running with use configuration)
FreeBSD (PF) ruleset: cat /etc/pf.conf
interfaces: ifconfig -a
Fortinet show full-configuration
Hirschmann Eagle One copy config running-config nv [profile_name]
HP Switch show running-config
IPTables ruleset: iptables-save
interfaces: cat /etc/network/interfaces
Juniper JunOS show configuration
NetScreen get config all
NetGear Switch CLI: show running-config all. Web UI: Maintenance > Download Configuration
Palo Alto Device > Setup > Operations > Export named config. snapshot
For Panorama: see instructions below this table
pfSense Diagnostics > Backup & Restore > Download configuration as XML
RuggedCom ROS config.csv
ROX admin > save-fullconfiguration. Choose format “cli” and indicate file name
Scalance X300-400 cfgsave
SEL-3620 From “Diagnostics”, click on “Update Diagnostics” and copy the text
Sonic Wall “Export Settings, then Export (default file name: sonicwall.exp)”
Sophos v16 Admin console: System > Backup & Firmware > Import Export
VMware NSX GET https://{nsxmgr-ip}/api/4.0/edges/ (XML format)
Learn more about vCenter and VSX
WatchGuard Select Manage System > Import/Export Configuration

Instructions for Panorama

  1. Follow the 4 steps of generating the tech support file from Panorama: https://live.paloaltonetworks.com/t5/Featured-Articles/How-to-generate-and-Upload-a-Tech-Support-File-Using-the-WebGUI/ta-p/60757
  2. Import the tarball directly into NP-View

For version of NP-View older than 6.1.4, expand the tarball and import the file from: opt/pancfg/mgmt/saved-configs/.merged-running-config.xml. It is a hidden (dot) file so it may not show up in your file explorer but you can find it via terminal or by changing the file explorer or finder settings.

Instructions for Check Point

Version R77 or earlier

With version R77 or earlier, Check Point has been storing the information needed by NP-View into two flat files named: objects_5_0.C and rulebases_5_0.fws. Those two files can usually be found in the folder /etc/fw/conf of the Check Point Management Server. In the case of a multi-domain environment, the following command can help locate the correct set of files: find / -name "rulebases_5_0.fws" -ls. Usually each domain is a subdirectory under $MDSDIR/customers/ on the Checkpoint Multi-Domain Management Server (MDS) management station.
Once the files have been identified, they can transferred to the NP-View workstation using scp or WinSCP.

Optionally, from each CheckPoint host, one can extract firewall specific route information using netstat:

 netstat -rn > /root/`hostname`.txt

To create a NP-View project, import:

  • objects_5_0.C
  • rulebases_5_0.fws or multiple .W policy files
  • (optional) hostname.txt
  • (optional) identity_roles.C

Version R80 or later

Starting with version R80, Check Point is replacing flat files with a database. NP-View is now supporting the new database system through the NP CheckPoint R80 Exporter (PDF documentation, video).

Instructions for FirePower

For Cisco devices running FirePower, please run show running-config on the command line terminal of each device you’d like to import into NP-View or NP-Live.

Table of Contents