1. Firewalls, Routers, Switches

You are here:
< All Topics

Supported Devices

Manufacturer Type/Model Configuration files needed
Alcatel-Lucent / Nokia Service Router (SR)
Service Aggregation Router (SAR)
save [filename]
Amazon Web Service Security Groups & Network Access Control Lists aws ec2 describe-security-groups
aws ec2 describe-instances
Azure Cloud Resource Groups (e.g., VM, VNets, Subnets, NICs, NSGs, etc.) Azure Cloud Shell (PowerShell 2.1.0): Export-AzResourceGroup
Check Point R77 Security Management Server /etc/fw/conf/objects_5_0.C
R80 Security Management Server Use the NP CheckPoint R80 Exporter (PDF documentation, video)
Cisco IOS, ASA, FirePower Firewall show running-config
Dell PowerConnect Switch console#copy running-config startup-config (instructions)
Enterasys Switch save config
Extreme Switch save configuration [primary , secondary , existing-config , new-config] (check which config is running with use configuration)
FreeBSD (PF) Firewall ruleset: cat /etc/pf.conf
interfaces: ifconfig -a
Fortinet Firewall and NGFW show full-configuration
Hirschmann Eagle One Firewall copy config running-config nv [profile_name]
HP / Aruba Switch show running-config
IPTables Firewall ruleset: iptables-save
interfaces: cat /etc/network/interfaces
Juniper JunOS Firewall show configuration
NetScreen Firewall get config all
NetGear Switch CLI: show running-config all. Web UI: Maintenance > Download Configuration
Nokia Service Aggregation Router (SAR) save [filename]
Palo Alto Next Gen Firewall Device > Setup > Operations > Export named config. snapshot
or Device > Support > Generate Tech Support File
(Additional instructions below this table)
pfSense Firewall Diagnostics > Backup & Restore > Download configuration as XML
RuggedCom / Siemens ROS Switch config.csv
ROX Firewall admin > save-fullconfiguration. Choose format “cli” and indicate file name
Scalance / Siemens X300-400 Switch cfgsave
SEL-3620 Firewall From “Diagnostics”, click on “Update Diagnostics” and copy the text
SonicWall / Dell Firewall “Export Settings, then Export (default file name: sonicwall.exp)”
Sophos Firewall v16 Admin console: System > Backup & Firmware > Import Export
VMware NSX Firewall GET https://{nsxmgr-ip}/api/4.0/edges/ (XML format)
Learn more about vCenter and VSX
WatchGuard Firewall Select Manage System > Import/Export Configuration

Instructions for Palo Alto & Panorama

If Panorama is used to centrally manage policies, then security rules may not be stored in the snapshot running configuration file. Instead, one has to import the merged running configuration file from each managed devices. The step to do so are:

  1. Connect to the Web user interface of your managed Palo Alto device
  2. Go to Device > Support > Generate Tech Support File
  3. It may take a few minutes to generate the Tech Support file. Once ready, select Download Tech Support File and save the tarball file on your local workstation where NP-View is running
  4. Import the tarball (.tgz extension) directly into NP-View

For version of NP-View older than 6.1.4, expand the tarball and import the file from: opt/pancfg/mgmt/saved-configs/.merged-running-config.xml. It is a hidden (dot) file so it may not show up in your file explorer but you can find it via terminal or by changing the file explorer or finder settings.

You can also try to export the Tech Support File directly from Panorama instead of exporting it from each managed device. Depending on your use of template and device groups, the rules may not always be stored in the merged running configuration of the Panorama Tech Support file.

Instructions for Check Point

Version R77 or earlier

With version R77 or earlier, Check Point has been storing the information needed by NP-View into two flat files named: objects_5_0.C and rulebases_5_0.fws. Those two files can usually be found in the folder /etc/fw/conf of the Check Point Management Server. In the case of a multi-domain environment, the following command can help locate the correct set of files: find / -name "rulebases_5_0.fws" -ls. Usually each domain is a subdirectory under $MDSDIR/customers/ on the Checkpoint Multi-Domain Management Server (MDS) management station.
Once the files have been identified, they can transferred to the NP-View workstation using scp or WinSCP.

Optionally, from each CheckPoint host, one can extract firewall specific route information using netstat:

 netstat -rn > /root/`hostname`.txt

To create a NP-View project, import:

  • objects_5_0.C
  • rulebases_5_0.fws or multiple .W policy files
  • (optional) hostname.txt
  • (optional) identity_roles.C

Version R80 or later

Starting with version R80, Check Point is replacing flat files with a database. NP-View is now supporting the new database system through the NP CheckPoint R80 Exporter (PDF documentation, video).

Instructions for FirePower

For Cisco devices running FirePower, please run show running-config on the command line terminal of each device you’d like to import into NP-View or NP-Live.

Requesting Support for New Devices

We are continuously developing parsers and adding support for new devices. If you have a firewall, router, or switch that you’d like to import into NP-View or NP-Live but that is not currently supported, please let us know by contacting support@network-perception.com.

The easiest way for us to develop a new parser is to have access to a sample configuration file. You can securely send configuration file to the support team using the Portal File Vault. The File Vault includes a config sanitizer to automatically remove sensitive information and replace confidential IP addresses with random values.

Table of Contents