Using SecureTrack Tools to Add Transparent Firewall Connections

Because firewalls that are configured in transparent mode do not have routing information, these firewall connections are not shown in the Interactive Map by default. After you enter the interface information for the firewall and the two devices that the firewall is connected to, the firewall is included in TOS features that are based on topology calculations.

Firewalls can be entered using the browser-based SecureTrack tool, or directly in the Interactive Map

The transparent firewall connections are defined as:

m/g,<L3_device_id>-<output_interface_name>,<interface_ip>,<L2_device_id>-<input_interface_name>,<L2_device_id>-<output_interface_name>,m/g,<L3_device_id>-<input_interface_name>,<interface_ip>

Where:

  • m/g - Either enter:

    • m - the adjacent device is monitored by SecureTrack
    • g - the adjacent device is added to the Interactive Map as a generic device.

    This reference identifies the type of the first L3 device.

  • <L3_device_id>-<output_interface_name> - The SecureTrack ID of the adjacent device and the name of the interface on the adjacent device that is connected to the transparent firewall

  • <interface_ip> - The IP address of the immediately prior L3 interface

    This argument is not required.

  • <L2_device_id>-<input_interface_name> - The SecureTrack ID of the transparent firewall and the name of the input interface on the transparent firewall that is connected to the adjacent device
  • <L2_device_id>-<output_interface_name> - The SecureTrack ID of the transparent firewall and the name of the output interface on the transparent firewall that is connected to the adjacent device

  • m/g - Either enter:

    • m - the adjacent device is monitored by SecureTrack
    • g - the adjacent device is added to the Interactive Map as a generic device.

    This reference identifies the type of the second L3 device.

  • <L3_device_id>-<input_interface_name> - The SecureTrack ID of the adjacent device and the name of the interface on the adjacent device that is connected to the transparent firewall

  • <interface_ip> - The IP address of the immediately prior L3 interface

    This argument is not required.

For example, for a transparent firewall (ID: 5) that has "eth0" interface that is connected to the "eth3" interface of a monitored router (ID: 14) and has "eth1" interface that is connected to the "eth2" interface of a generic device (ID:11):

m,14-eth3,1.2.3.4,5-eth0,5-eth1,g,11-eth2,2.3.4.5

The same example, without specifying the <interface_ip>:

m,14-eth3,,5-eth0,5-eth1,g,11-eth2,

To add device connections for firewalls in transparent mode:

  1. In the browser address bar, enter the following:

    <IP Address>/tools/add_transparent_firewall_connections.htm

  2. To enter the connection information for the device, either:

    • Prepare a file in which each line defines the connections for a single firewall in transparent mode, as described above.
    • Enter the connection definitions into the "Device Configuration" field.

  3. Click Submit.

To remove device connections for firewalls in transparent mode:

  1. In the browser address bar, enter the following:

    <IP Address>/tools/remove_transparent_firewall_connections.htm

  2. Enter the device ID of the transparent firewall.

  3. Click Submit.