Firewall and Web Application Firewall (WAF) Prerequisite
General prerequisites
- Confirm that communication between AppViewX and the firewall is active.
- Provide an internet or proxy connection for AppViewX to interact with the firewall via REST API.
- Ensure that valid firewall account details, such as API tokens/keys and user credentials, are available.
- Grant the API admin permissions to read and modify SSL certificates.
| Supported Vendors | Cisco ASA | Juniper | PaloAlto | Panorama | Checkpoint CMA |
|---|---|---|---|---|---|
| IP Address/FQDN | IP address /FQDN | IP address /FQDN | IP address /FQDN | IP address /FQDN | IP address /FQDN |
| User Privilege |
|
|
|
|
|
| Enable Password | Required | Not Required | Not Required | Not Required | Required |
| License Check | Not Required | Not Required | Not Required | Not Required | Not Required |
| Services and Prot for AppViewX communication | Port number: 22 (SSH) | Port number: 22 (SSH) | Port number: 443 (API) | Port number: 443 (API) | Port number: 22 (SSH, till R77) and 443 (API, from R80) |
| Internet Access/Proxy if required | Not Required | Not Required | Not Required | Not Required | Not Required |
| Location from which the certificates are discovered if Certificate Managed. | Certificates are fetched by issuing a direct command to the device through SSH. | Not supported | Certificates are fetched by issuing a direct API call to the device. | Certificates are fetched by issuing a direct API call to the device. |
Certificates are fetched by issuing a direct command to the device through SSH. Directory in the device are /web/conf/server.crt /web/conf/server.key |
| Note | For VW action items, you need credentials with write privilege. | For VW action items, you need credentials with write privilege. | For VW action items, you need credentials with write privilege. | For VW action items, you need credentials with write privilege. | For VW action items, you need credentials with write privilege. |
| Supported Vendors | Checkpoint MDS | Fortigate | Fortimanager | Big-IP AFM | Big-IP ASM |
|---|---|---|---|---|---|
| IP Address/FQDN | IP address /FQDN | IP address /FQDN | IP address /FQDN | IP address /FQDN | IP address /FQDN |
| User Privilege |
|
|
|
|
|
| Enable Password | Required | Not Required | Not Required | Not Required | Not Required |
| License Check | Not Required | Not Required | Not Required | Not Required | Not Required |
| Services and Prot for AppViewX communication | Port number: 22 (SSH, till R77) and 443 (API, from R80) | Port number: 22 (SSH) | Port number: 443 (API) | Port number: 443 (API) | Port number: 22 (SSH) and 443 (API) |
| Internet Access/Proxy if required | Not Required | Not Required | Not Required | Not Required | Not Required |
| Location from which the certificates are discovered if Certificate Managed. | Certificates are fetched by issuing a direct command to the device through
SSH. Directory in the device are /web/conf/server.crt /web/conf/server.key |
Certificates are fetched by issuing a direct command to device through SSH. | Not supported |
/config/filestore/files_d/<partition>_d/certificate_d/ /etc/httpd/conf/ssl.crt/ /etc/pki/tls/certs/ V10 /config/ssl/ssl.crt/ /etc/httpd/conf/ssl.crt/ /etc/pki/tls/certs/ |
/config/filestore/files_d/<partition>_d/certificate_d/ /etc/httpd/conf/ssl.crt/ /etc/pki/tls/certs/ V10 /config/ssl/ssl.crt/ /etc/httpd/conf/ssl.crt/ /etc/pki/tls/certs/ |
| Note | For VW action items, you need credentials with write privilege. | For VW action items, you need credentials with write privilege. | For VW action items, you need credentials with write privilege. | For VW action items, you need credentials with write privilege. | For VW action items, you need credentials with write privilege. |
