SolarWinds Firewall Security Manager (FSM) is a powerful tool for analyzing firewall configurations and logs to isolate redundant, covered, and unused rules and objects. Without touching production devices, FSM can also model how a new rule, or change to an existing rule, will affect your firewall policy.  FSM simplifies firewall troubleshooting for your multivendor, Layer 3 network devices, and helps fill gaps in your security rules.

Importing Configurations from Network Configuration Manager

After you set up Network Configuration Manager (NCM) to monitor your device configuration changes, and have installed FSM, you can import the device configuration files from NCM into FSM.

To import the device configuration files from NCM into FSM:

In the menu bar, click Add Firewall.

addfirewall.png

 

The Import New Firewall window opens.

fsmncm1.png

 

Choose Import from NCM Repository, then click Next.
The NCM Repository Connection Parameters window opens.

fsmncm2.png

Enter the NCM Server URL, your Username and Password, then click Next.

Choose the device configurations to import into FSM.

After you choose device configurations to import, click Finish.
FSM begins the import process.

When the import process is complete, the imported device configurations are available on the FSM Firewall Inventory tab.

fsmncm4.png

You can now start analyzing the configurations you imported from NCM.

Generating Change Scripts to Run from NCM

To make changes to these configurations in FSM, start a change modeling session.

To start a change modeling session:

In the Firewall Inventory, chose the device.

In the menu bar, click Analyze Change > New Change Modeling Session.

A new Change Modeling Session opens.

fsmncm6.png

You are ready to make changes to the configuration, and test the changes offline. Testing offline enables you to see the effect of your changes before you put them into production.

After you make changes to your configuration, click Generate Change Scripts.
FSM generates a new Change Script. This script includes all the actions required to implement the changes you made to the specified device configuration.

Use NCM to load the change script. Choose the target device, and click Execute.

fsmncm8.PNG

 

Together NCM and FSM make a great team to efficiently manage your device configurations!

For more details on Change Modeling, Virtual Packet Tracing, and other Firewall Security Manager functionality, visit our other resources on Thwack, the SolarWinds community.